Login system with permission levels

Asked

Viewed 717 times

4

I am developing a login system with permission levels, however, at the time of logging in as administrator, on a page that Adm would be allowed to enter, permission is denied.

It’s like my SESSION is null, instead of the Adm being redirected to index.html, an echo appears with PERMISSION DENIED.
I followed the following tutorial, but the result did not come out as expected, which was: when logging in as Adm, be redirected to index.html. Yes, I’m getting the right data from the html form. What’s the possible error?

<?php
// The session must be started on each different page
if (!isset($_SESSION)) session_start();

$nivel_necessario = 1;

// Checks if there is a session variable that identifies the user
if (!isset($_SESSION['usuario']) OR ($_SESSION['tipo'] < $nivel_necessario)){

// Destroys session per security
session_destroy();

// Redirects the visitor back pro login
echo "PERMISSÃO NEGADA";
//header("Location: login.html"); exit;

}else{
    header("Location: ../../index.html"); exit;
}
?>

<h1>Restricted page</h1>
Hello, <?php echo $_SESSION['usuario']; ?>!

Query code that returns the user and type

$query = "SELECT usuario, senha, tipo FROM usuario WHERE usuario='".$usuario."' AND senha='".$codificada."'";
$rs = mysqli_query($db, $query);
print_r($rs);
if($rs->num_rows!=0){

    $resultado = mysqli_fetch_assoc($query);
    // Se a sessão não existir, inicia uma
    if (!isset($_SESSION)) session_start();

    // Salva os dados encontrados na sessão
    $_SESSION['usuario'] = $resultado['usuario'];
    echo "string";
    $_SESSION['senha'] = $resultado['senha'];
    $_SESSION['tipo'] = $resultado['tipo'];

    // Redireciona o visitante
    header("Location: restrito.php"); exit;
    //header("Location: ../../index.html");

}else{
   echo "Usuário/senha não encontrado";
}

Code of the table that the data is saved

CREATE TABLE `usuario` (
  `id_usuario` int(11) NOT NULL,
  `senha` varchar(40) CHARACTER SET utf8 NOT NULL,
  `nome` varchar(30) CHARACTER SET utf8 NOT NULL,
  `email` varchar(30) NOT NULL,
  `cpf` varchar(16) NOT NULL,
  `instituicao` varchar(50) CHARACTER SET utf8 DEFAULT NULL,
  `usuario` varchar(30) NOT NULL,
  `tipo` int(11) NOT NULL
)
php session

1 answer

1

Try:

<?php
session_start();

$nivel_necessario = 1;

// Checks if there is a session variable that identifies the user
if (!isset($_SESSION['usuario']) OR ($_SESSION['tipo'] < $nivel_necessario)){

// Destroys session per security
unset($_SESSION['usuario']);
unset($_SESSION['tipo']);

// Redirects the visitor back pro login
echo "PERMISSÃO NEGADA";
//header("Location: login.html"); exit;

}else{
    header("Location: ../../index.html"); exit;
}
?>

<h1>Restricted page</h1>
Hello, <?php echo $_SESSION['usuario']; ?>!

Another code

<?php
session_start();
$query = "SELECT usuario, senha, tipo FROM usuario WHERE usuario='".$usuario."' AND senha='".$codificada."'";
$rs = mysqli_query($db, $query);
print_r($rs);
if($rs->num_rows!=0){

    $resultado = mysqli_fetch_assoc($query);


    // Salva os dados encontrados na sessão
    $_SESSION['usuario'] = $resultado['usuario'];
    echo "string";
    $_SESSION['senha'] = $resultado['senha'];
    $_SESSION['tipo'] = $resultado['tipo'];

    // Redireciona o visitante
    header("Location: restrito.php"); exit;
    //header("Location: ../../index.html");

}else{
   echo "Usuário/senha não encontrado";
}

Browser other questions tagged php session

You are not signed in. Login or sign up in order to post.