Login SOAP Web Service

Question

Login SOAP Web Service

Asked 8 years, 2 months ago

Viewed 99 times

0

Follow my login code to the webservice Soap

   if (isset($_POST["action"]) && $_POST["action"] == "login") {
$soapClient = new SoapClient(WEST_SOAP_WSDL,
    array("trace" => WEST_SOAP_TRACE, "login" => WEST_SOAP_LOGIN, "password" => WEST_SOAP_PASS));

try {
    $clienteId = $soapClient->loginAuth($_POST["username"]);
} catch (Exception $e) {
     print_r($e);
}

if ($clienteId) {
    session_regenerate_id(TRUE);

    $_SESSION["auth"]["id"] = $clienteId;
    $_SESSION["auth"]["username"] = $_POST["username"]; 

    try {
        $_SESSION['cliente'] =   serialize($soapClient->getClientDataById($clienteId));
    } catch (Exception $e) {
     print_r($e);
    }

How Could I Restrict Access to My Subscriber Panel in php in the status below ? :

        inativo
        cancelado
        serasa

you would like to restrict when the status is these?

– Marcos Henrique

2016/07/19 at 19:18
yes, that’s exactly right

– user22753

2016/07/19 at 19:19
its status is set by Soapconnection.call()? for example: 200 => ok; 500=> error server; 305 => inactive?

– Marcos Henrique

2016/07/19 at 19:33
not , thus : select name="status" id="status" style="width: auto;" disabled="disabled"> <option value="S"> asset</option> <option value="N"> inactive</option>

– user22753

2016/07/19 at 19:46
then it is set in the database, correct?

– Marcos Henrique

2016/07/19 at 20:01
correct, in the database

– user22753

2016/07/19 at 20:09

Show 1 more comment

1 answer

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.

by Marcos Henrique • **1,445** points · Answer 1 · 2016-07-19T20:22:05+00:00

From what I understand of your question, you would need a query to the database with the user passed by Session, so checking whether this user first it is registered, and soon after if it has the status other than the 3 listed for example:

 $myusername = mysqli_real_escape_string($db,$_POST['username']);
 $mypassword = mysqli_real_escape_string($db,$_POST['password']); 

  $sql = "SELECT id FROM admin WHERE username = '$myusername' and passcode = '$mypassword'";

 $status "SELECT status FROM admin WHERE username = '$myusername' and passcode = '$mypassword'";

  $result = mysqli_query($db,$sql);
  $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
  $active = $row['active'];

  $count = mysqli_num_rows($result);
  if($count == 1){
     if($status != 'inativo' && $status != 'cancelado' && $status != 'serasa')
     {
        header("location: welcome.php");
     }
     else
      {
        echo"erro";
      }
  }
  else {
    echo"erro";
  }

I added the select of the status in a variable to serve as a check, so it assesses whether or not it is meeting the same.