i have a login system to backoffice, but user verification don't work.
My code to login is:
$userName = isset($_POST["user-name"]) ? $_POST["user-name"]: '';
$userPass = isset($_POST["user-pass"]) ? $_POST["user-pass"]: '';
if ($userName != '0' && $userPass != '0'){
$criptSen = hash("whirlpool", $userPass);
$rediURL = isset($_GET["url"]) ? $_GET["url"]: '';
$SQL = "SELECT Usuario, Senha, Rank FROM utilizadores WHERE Usuario='$userName' AND Senha='$criptSen' limit 1";
$query = mysql_query($SQL);
if (mysql_num_rows($query)>0)
{
$row = mysql_fetch_array($query);
$_SESSION['Usuario'] = $row['Usuario'];
$_SESSION['Rank'] = $row['Rank'];
mysql_free_result($query);
if($row['Rank'] == 0){
header("Location: membro.php");
} else {
if($row['Rank'] == 1) {
header("Location: admin/index1.php");
}
}
} else {
if (isset($query)){
mysql_free_result($query);
}
header('location: index.php');
}
} else {
header('location: index.php');
}
?>
My code to verify session is true is: When i login he doens't work fine, i think this code is wrong and i need your help to build it correctly.
<?php
@$Usuario = $_SESSION["Usuario"];
@$Rank = $_SESSION['Rank']
if(!(isset($Usuario) && isset($Senha))){
$url = explode("/", $_SERVER["REQUEST_URI"]);
header("Location: index1.php?url=$url[3]");
} else if(isset($Usuario) && isset($Senha)){
$SQL = mysql_query("SELECT Usuario, Senha FROM utilizadores WHERE Usuario='$Usuario' AND Senha='$Senha' AND Rank=1");
if(mysql_num_rows($SQL) == 0){
echo "<script>alert(\"Area Restrita\");</scrpit>";
header("Location: ../index.php");
}
}
?>