4
I am developing a login system with permission levels, however, at the time of logging in as administrator, on a page that Adm would be allowed to enter, permission is denied.
It’s like my SESSION is null, instead of the Adm being redirected to index.html, an echo appears with PERMISSION DENIED.
I followed the following tutorial, but the result did not come out as expected, which was: when logging in as Adm, be redirected to index.html. Yes, I’m getting the right data from the html form. What’s the possible error?
<?php
// The session must be started on each different page
if (!isset($_SESSION)) session_start();
$nivel_necessario = 1;
// Checks if there is a session variable that identifies the user
if (!isset($_SESSION['usuario']) OR ($_SESSION['tipo'] < $nivel_necessario)){
// Destroys session per security
session_destroy();
// Redirects the visitor back pro login
echo "PERMISSÃO NEGADA";
//header("Location: login.html"); exit;
}else{
header("Location: ../../index.html"); exit;
}
?>
<h1>Restricted page</h1>
Hello, <?php echo $_SESSION['usuario']; ?>!
Query code that returns the user and type
$query = "SELECT usuario, senha, tipo FROM usuario WHERE usuario='".$usuario."' AND senha='".$codificada."'";
$rs = mysqli_query($db, $query);
print_r($rs);
if($rs->num_rows!=0){
$resultado = mysqli_fetch_assoc($query);
// Se a sessão não existir, inicia uma
if (!isset($_SESSION)) session_start();
// Salva os dados encontrados na sessão
$_SESSION['usuario'] = $resultado['usuario'];
echo "string";
$_SESSION['senha'] = $resultado['senha'];
$_SESSION['tipo'] = $resultado['tipo'];
// Redireciona o visitante
header("Location: restrito.php"); exit;
//header("Location: ../../index.html");
}else{
echo "Usuário/senha não encontrado";
}
Code of the table that the data is saved
CREATE TABLE `usuario` (
`id_usuario` int(11) NOT NULL,
`senha` varchar(40) CHARACTER SET utf8 NOT NULL,
`nome` varchar(30) CHARACTER SET utf8 NOT NULL,
`email` varchar(30) NOT NULL,
`cpf` varchar(16) NOT NULL,
`instituicao` varchar(50) CHARACTER SET utf8 DEFAULT NULL,
`usuario` varchar(30) NOT NULL,
`tipo` int(11) NOT NULL
)