check user type for php access

Asked

Viewed 348 times

2

I am trying to create an administrator panel. Ba database table has already created the type field, where if it is 1 is normal user and 2 administrator. What is the best method to search for the user type in the database?

Follows the code I have already done however any type of user has access to the Adm panel.

<body>


    <div class ="container">
    <div class="row"></div>
        <div class="row">
            <div class="col-md-4">
            </div>
            <div class="col-md-5">
                <form action="painel.php" method="POST" >
                    <div class="input-group">
                        <label for="email">E:mail</label>
                        <input type="text" class="form-control" name="email" placeholder="email"><br><br>
                        <label for="Senha">Senha:</label>
                        <input type="password" class="form-control" name="senha" placeholder="**********"><br><br><br>
                        <button type="submit" class="btn btn-lg btn-default">Entrar</button><p><p><p><p>
                        <input type= "hidden" name="entrar" value="login">


                    </div>
                </form>
            </div>
        </div>
        <div class="row"></div>
    </div>

<?php

    if (isset($_POST['entrar']) && $_POST['entrar'] == "login"){
        $email = $_POST['email'];
        $senha = $_POST['senha'];

            if(empty($email) || empty($senha)){
                ?>
                <script type="text/javascript"> alert ('preencha todos os campos');
                </script>
                <?php
            }else{
                    $query = "SELECT nome, email, senha, tipo FROM usuarios WHERE email = '$email' AND senha = '$senha' ";
                    $result = mysqli_query($conn, $query);
                    $busca = mysqli_num_rows($result);
                    $linha = mysqli_fetch_assoc($result);

                while($percorrer = mysql_fetch_array($result) ){
                        $tipo = $percorrer['tipo'];

                        if($tipo == 2){

                    $_SESSION['nome'] = $linha['nome'];
                    $_SESSION['email'] = $linha['email'];
                    header('location: painel.php');
                    }


                }
            }

            }


?>

</body>
</html>
</html>

EDIT: in case the user type 2 (administrator) is being redirected to the login too, I am passing the TYPE?

$query = "SELECT nome, email, senha, tipo FROM usuarios WHERE email = '$email' AND senha = '$senha' ";
                $result = mysqli_query($conn, $query);
                $busca = mysqli_num_rows($result);
                $linha = mysqli_fetch_assoc($result);

            if($busca > 0){
                $_SESSION['nome'] = $linha['nome'];
                $_SESSION['email'] = $linha['email'];
                header('location: painel.php');
php html mysql

2 answers

1

Create a $_SESSION['tipo'] = $linha['tipo']; also in the login and in the panel pages, <header>, for example, you check the type:

<?php
    if($_SESSION['tipo'] != 2){
       // redireciona pra fora do painel, pois não é tipo 2
    }
?>

Updating:

Create a include (e.g.. ver_tipo.php) and insert before the <html> of each panel page:

<?php
include_once "ver_tipo.php";
?>
<html>
<head>
...

And in the archive ver_tipo.php the PHP script quoted at the beginning of this reply.

  • in case this code is logged in to the administrative area, I create this Session['type'] ! = 2 at the beginning of the.php panel?

  • Yes. Put before the <head>, ON EACH of the pages you want to restrict access to. I suggest creating a include with the code and put before the <head>. With include, if later you need to change the code, you will not have to modify page by page of the panel.

0

I would do so, because then it would already be checking whether the user exists/is or not administrator. Because if there is no date on mysql_fetch_array($result) automatically it will report that the user does not exist, if it exists and the tipo == 2 is false it reports that the user does not exist or is not an administrator. There are other ways of making it clear, but with your code I could only think of it.

Alert ('fill in all fields'); Alert ('User does not exist/is not administrator');

Browser other questions tagged php html mysql

You are not signed in. Login or sign up in order to post.