0
I have a login system that checks according to the level of access of the user that worked until recently but I did something that stopped.
Form
<form class="text-center" style="padding-left: 30%; padding-right: 30%" method="POST" action="<?php $_SERVER['PHP_SELF']; ?>">
<p class="h4 mb-4">Service Desk Embaré</p>
<label>Usuário</label>
<input class="form-control mb-4" placeholder="E-mail" type="text" name="usuario"><br>
<label>Senha</label>
<input class="form-control mb-4" placeholder="Senha" type="password" name="senha">
<button class="btn btn-info btn-block my-4" type="submit" name="submeter">Entrar</button>
<?php
if(!empty($erros)):
foreach ($erros as $erro):
echo $erro;
endforeach;
endif;
?>
</form>
The login page is as follows::
if (isset($_POST['submeter'])):
$usuario = $_POST['usuario'];
$senha = $_POST['senha'];
$erros = array();
if(empty($usuario) or empty($senha)):
$erros[] = "<li>Campo usuário ou senha não podem ficar em branco</li>";
else:
$query = "SELECT nome_login FROM usuarios WHERE nome_login = '$usuario'";
$resultado = mysqli_query($conexao, $query);
if(mysqli_num_rows($resultado) > 0):
$query = "SELECT * FROM usuarios WHERE nome_login = '$usuario' AND senha = '$senha'";
$resultado = mysqli_query($conexao, $query);
if(mysqli_num_rows($resultado) == 1):
$query = "SELECT * FROM usuarios WHERE nivel_acesso = 1 AND nome_login = '$usuario' AND senha = '$senha'";
$resultado = mysqli_query($conexao, $query);
if(mysqli_num_rows($resultado) == 1):
$dados = mysqli_fetch_array($resultado);
mysqli_close($conexao);
$_SESSION['logado'] = true;
$_SESSION['id_usuario'] = $dados['id_usuario'];
header('Location: self_service/teste.php');
else:
header('Location: configuracoes.php');
endif;
else:
$erros[] = "<li>Nome de usuário ou senha incorretos</li>";
endif;
else:
$erros[] = "<li>Nome de usuário ou senha incorretos</li>";
endif;
endif;
endif;
?>
And on the self_service/test.php page, I start as follows:
// Sessão
session_start();
<?php include 'conexao.php';
// Verificação
if(!isset($_SESSION['logado'])):
header('Location: ../login.php');
endif;
// Dados
$id = $_SESSION['id_usuario'];
$sql = "SELECT * FROM usuarios WHERE id_usuario = '$id'";
$resultado = mysqli_query($conexao, $sql);
$dados = mysqli_fetch_array($resultado);
mysqli_close($conexao);
?>
It turns out that in the check, only Else works, IE, only users with leve_access other than 1 can log in. Users who have level access == 1 are always on the login screen, when submitting the form nothing happens.
Example of the comic book:
I did what you suggested, but it didn’t work. It’s still the same, when you click on login and has level_access = 1 nothing happens.
– Gabriel Melo
Are only two access levels? 0 and 1? The problem only occurs with access levels 1?
– Pedro Paulo
Access levels = 1 and different levels of 1. If I put in my bd that the user is not level 1, the access usually occurs according to the 'Else'.
– Gabriel Melo
I did a test by placing the print_r($data) on the login page and returned the values correctly. I believe the problem lies beyond, something related to Ssion.
– Gabriel Melo