Doubt with login validation

Question

Doubt with login validation

Asked 4 years, 6 months ago

Viewed 48 times

0

Good morning, I am developing a site for my TCC, and in it I try to make a login system with validation of user by levels.

Let’s assume if the user is administrator, when logging in he will check in the bd if the logged in user will have the field "type" != 2; if not it will go to normal user screen.

Below is the code I developed in php, but is showing error after trying to validate, it goes to a blank page;

    <?php
include("conexao.php");

$email = $_POST['email'];
$senha = $_POST['senha'];
/* Verifica se existe usuario, o segredo ta aqui quando ele procupa uma 
linha q contenha o login e a senha digitada */
$sql_logar = "SELECT * FROM aluno WHERE email = '$email' && senha = '$senha'";
$exe_logar = mysqli_query($conection, $sql_logar) or die (mysqli_error());
$fet_logar = mysqli_fetch_assoc($exe_logar);
$num_logar = mysqli_num_rows($exe_logar);

//Verifica se n existe uma linha com o login e a senha digitado
if ($num_logar == 0){
    session_start();
    $_SESSION['msg'] = "<div class='alert alert-danger'>Login ou senha incorreto!</div>";
    header("Location: index.php?login");
} 
else{
   //Cria a sessão e verifica tipo de login
    session_start();

    while($percorrer = mysqli_fetch_array($exe_logar) ){
    $tipo = $percorrer['tipo'];

    if($_SESSION['tipo'] != 2){
    $_SESSION['email'] = $email;
    $_SESSION['senha'] = $senha;
     header("Location: aluno.php");
    }
    }
}
?>

What can I do to make level validation work as planned?

Worse than not, it goes to valida.php which is the code above

– Matheus

2020/03/14 at 13:33
The session_start(); has to come first, before HTML even, if you have.

– Sam

2020/03/14 at 13:33
I separated valida.php from the html form with an action="valida.php", but I also need to put Session start before in php?

– Matheus

2020/03/14 at 13:36
1

You’re gonna put the sessiont_start(); only once after opening <?php. And also don’t use &&. Use AND.

– Sam

2020/03/14 at 13:38
I did what you asked, but it still didn’t work, returned to valida.php, I think the problem is in while.

– Matheus

2020/03/14 at 13:50
But not anymore? Buguei kkkkkkk

– Matheus

2020/03/14 at 13:54
It worked, but when it is equal to 2 it does not go to the administrator.php, I would use Else there?

– Matheus

2020/03/14 at 13:58

Show 2 more comments

1 answer

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.

by Sam • **79,597** points · Answer 1 · 2020-03-14T14:04:18+00:00

Put the session_start(); only once at the beginning of the block:

<?php
session_start();
// resto do código

Do not use the operator && in Mysql, and yes the AND (see documentation).

Problem:

Put the if after the while, only that in the if you’re comparing a SESSION which apparently does not exist. You should compare the variable $tipo who had just declared, and needs a else if the if don’t get answered:

while($percorrer = mysqli_fetch_array($exe_logar) ){
   $tipo = $percorrer['tipo'];
}

$_SESSION['tipo'] = $tipo;

if($tipo != 2){
   $_SESSION['email'] = $email;
   $_SESSION['senha'] = $senha;
   header("Location: aluno.php");
}else{
   header("Location: administrador.php");
}

As SESSIONS email and senha will be created only for $tipo different than 2? Have to check this. If it is for any case, would have to stay like this:

while($percorrer = mysqli_fetch_array($exe_logar) ){
   $tipo = $percorrer['tipo'];
}

$_SESSION['tipo'] = $tipo;
$_SESSION['email'] = $email;
$_SESSION['senha'] = $senha;

if($tipo != 2){
   header("Location: aluno.php");
}else{
   header("Location: administrador.php");
}

Another thing, remove the line $fet_logar = mysqli_fetch_assoc($exe_logar); other than the $percorrer = mysqli_fetch_array($exe_logar) of while will be empty and the $tipo will have no value.