Search the Community

I am using a barebones script listed as a members area but all it does is give me login and secure pages using the auth.php (code listed below) since I got the script I have added a new column 'Rank' to the database table 'members' with this rank there are 4 ranks: Guest Blocked/Banned Helpers Administration The new page I am creating I want it to use this rank system I added, ranks 3 and 4 get access, rank 2 I want to redirect to my 403 Access Forbidden located at my main site 'bullwebhost.co.uk/error.php?cmd=403' , rank 1 gets a message shown saying 'Welcome Guest print '$_SERVER["REMOTE_ADDR"]; , You have tried accessing a Restricted Area Your IP print '$_SERVER["REMOTE_ADDR"]; has been logged and Webmaster Informed (if possible via phpmail as i cant use smtp) of your accessing this area. Now For the code auth.php //Start session session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) { header("location: access-denied.php"); exit(); } Database Structure CREATE TABLE IF NOT EXISTS `members` ( `member_id` int(11) unsigned NOT NULL AUTO_INCREMENT, `Rank` int(11) NOT NULL DEFAULT '1', `firstname` varchar(100) DEFAULT NULL, `lastname` varchar(100) DEFAULT NULL, `login` varchar(100) NOT NULL DEFAULT '', `passwd` varchar(32) NOT NULL DEFAULT '', PRIMARY KEY (`member_id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ; config.php <?php define('DB_HOST', '****'); define('DB_USER', '****'); define('DB_PASSWORD', '****'); define('DB_DATABASE', '***'); ?> Restricted File require_once('auth.php'); include 'config.php'; $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(! $conn ) { die('Could not connect: ' . mysql_error()); } $sql = 'SELECT Rank FROM members WHERE Rank="3" or Rank="4"'; mysql_select_db(DB_DATABASE); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not get data: ' . mysql_error()); } while($row = mysql_fetch_array($retval, MYSQL_ASSOC)) { print ' <!DOCTYPE html PUBLIC "-//W3C//DTD(I have code for this part) XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>My Profile</title> <link href="loginmodule.css" rel="stylesheet" type="text/css" /> </head> <body> <h1>My Profile </h1> <a href="member-index.php">Home</a> | <a href="logout.php">Logout</a> <p>This is another secure page. </p> </body> </html>'; } Attempts Okay I did a more detailed (I think) search and came across something but it didn't work my edited code is below $sql = mysql_query("SELECT * FROM members WHERE Rank ='3 or 4' AND member_id ='".$_SESSION['SESS_MEMBER_ID']); Code Removed else { (redirect to error document) mysql_close($conn); } That is all I changed in the Restricted File code above. I still am not getting errors printed I have php errors in htaccess and using the trigger but still blank white screen Trying to get my question across (not very easy for me), I am trying to make a page (not giving name of file) that using the auth and config files to do a check for the users rank is either 3 or 4 user gets access, 1 print message 2 redirect to 403 document (easiest way possible) so that even if someone tries to bypass any security in place they still need to be rank 3 or 4 to even see the page contents. Also possible long shot but what would be the best way to block IP addresses would php and mysql/mysqli (don't know PDO, willing to learn mysqli) or would it be better to use .htaccess for the reason being I wanting to block Loads of IPS but want adding them to be easy and also using my new pages was looking at building forms to add entries, remove entries Viewing the list, (I have code for this part). What I asking is would I be better of using php and mysql/i or .htaccess because some of the ips are wildcard ips to be banned and redirected to my error document. Kind regards Harry Smith