2
I’m learning php however (I don’t know if it’s the custom of a beginner) the code is getting messy as I try new things. I took some lessons on youtube channel Celke however despite being very didactic sometimes seems to me some things unnecessary when comparing with other codes.. And in the following code I’m having trouble organizing, someone could help me explain it?
The following code validates login valida.php
<?php
session_start();
//Incluindo a conexão com banco de dados
include_once("conexao.php");
//O campo usuário e senha preenchido entra no if para validar
if((isset($_POST['email'])) && (isset($_POST['senha']))){
$usuario = mysqli_real_escape_string($conn, $_POST['email']); //Escapar de caracteres especiais, como aspas, prevenindo SQL injection
$senha = mysqli_real_escape_string($conn, $_POST['senha']);
$senha = md5($senha);
//Buscar na tabela usuario o usuário que corresponde com os dados digitado no formulário
$result_usuario = "SELECT * FROM usuarios WHERE email = '$usuario' && senha = '$senha' LIMIT 1";
$resultado_usuario = mysqli_query($conn, $result_usuario);
$resultado = mysqli_fetch_assoc($resultado_usuario);
//Encontrado um usuario na tabela usuário com os mesmos dados digitado no formulário
if(isset($resultado)){
$_SESSION['usuarioId'] = $resultado['id'];
$_SESSION['usuarioNome'] = $resultado['nome'];
$_SESSION['usuarioNiveisAcessoId'] = $resultado['niveis_acesso_id'];
$_SESSION['usuarioEmail'] = $resultado['email'];
$_SESSION['usuarioEndereco'] = $resultado['endereco'];
if($_SESSION['usuarioNiveisAcessoId'] == "1"){
header("Location: administrativo.php");
}elseif($_SESSION['usuarioNiveisAcessoId'] == "2"){
header("Location: colaborador.php");
}else{
header("Location: cliente.php");
}
//Não foi encontrado um usuario na tabela usuário com os mesmos dados digitado no formulário
//redireciona o usuario para a página de login
}else{
//Váriavel global recebendo a mensagem de erro
$_SESSION['loginErro'] = "Usuário ou senha Inválido";
header("Location: index.php");
}
//O campo usuário e senha não preenchido entra no else e redireciona o usuário para a página de login
}else{
$_SESSION['loginErro'] = "Usuário ou senha inválido";
header("Location: index.php");
}?>
And the user page php client.
<?php
include_once("conexao.php");
session_start();
if (isset($_SESSION['usuarioId'])) {
$usuarioid = $_SESSION['usuarioId'];
$nome_perfil = $_SESSION['usuarioNome'];
}
?>
I don’t know if it’s too much to ask, however someone could wipe this valida.php code and help me with the.php client page so I can enter db information in it, i want to dispose of the registrations performed by users however do not know how to get the user id along with session_start. *I think the explanation of my problem was as confusing as the same.
Throw away this code, and search the site for something based on password_hash and password_verify. This whole select-password thing doesn’t make sense. In addition, concatenating string to mount SQL is another bizarre thing, searching for SQL Injection and the function mysqli_bind_param to merge in a slightly safer way. Other than that, I don’t usually recommend using this technique to keep redirecting, but if it is to do, always remember to die(); after redirecting to have no side effects (at least until you have a real reason to leave the script running).
– Bacco
That one
md5($senha)
summarizes your code, this has been broken since 1994, if you are learning then use recent and currently safe technologies like Bcrypt and Argon2, the first is supported bypassword_hash()
. UseSELECT *
tends to be slower, moreover it is not clear what you get if you do something likeSELECT id, nome FROM ...
It is clear that you get these two columns, without having to navigate the rest of the code. Another problem is not having minimum number of characters in the password, including empty passwords will be valid. About the organization, I don’t see many problems.– Inkeliz