Permission system

Asked

Viewed 66 times

1

I have a system with login required.

What should happen: If the "active" column is = 1 redirects to a given page, if = 0 redirects to another.

<?php
if (!empty($_POST) AND (empty($_POST['id']) OR empty($_POST['senha']) AND (`ativo` = 1)) {
  header("Location: principal.php"); exit;
} else {
    if (!empty($_POST) AND (empty($_POST['id']) OR empty($_POST['senha']) AND (`ativo` = 0){
        header("Location: principalUSU.php"); exit;
}
}
mysql_connect('localhost', 'root', '', 'db_formacao') or trigger_error(mysql_error());
$identifiant = mysql_real_escape_string($_POST['id']);
$senha = mysql_real_escape_string($_POST['senha']);
$ativo = mysql_real_escape_string($_POST['ativo']);

$sql = "SELECT `id`, `id`, `senha`, `ativo`  FROM `usuarios` WHERE (`id` = '". $id ."') AND (`senha` = '". $senha ."') AND (`ativo` = '". $ativo ."')";
$query = mysql_query($sql);
if (mysql_num_rows($query) != 1) {
  echo "Login inválido!"; exit;
} else {
  $resultado = mysql_fetch_assoc($query);
}

Only on both occasions it redirects to the page principal.php.

php mysql permissions

  • I believe there is some error in the verification of $_POST. To solve this I would try to give one print_r($_POST) after the form is submitted to see what I’m getting in this array and try to find the error.

  • You’re checking to see if any string is one. I think the right one would be _POST['ativo'] == 1

  • I tried that, but it still redirects directly to the main.php

2 answers

1

I suggest switching operators AND and OR for && and ||, respectively. The reason is the priority in the execution of operators. This can be confusing in some languages, but in PHP this subject is especially tricky. View on your own by running the following snippets:

<?php
$foo = true && false;
var_dump($foo);

$bar = true AND false;
var_dump(bar);
?>

$foo will be false, as expected in any language, but $bar will be true. The only reason I can imagine to justify this is that the authors of PHP use different drugs than other language designers use.

So in your case, I think if for right after seeing if the POST is empty or not. The exchange of operators must resolve.

  • Ah, got it, it was good to know that! I made the changes but still the same thing. :/

0

Try it this way:

<?php
    if (!empty($_POST) AND (empty($_POST['id']) OR empty($_POST['senha']) {
        if (`ativo` === 1)) {
            header("Location: principal.php");
            exit;
            // Praque esse "exit" aqui, fiquei sem compreender;
        if (`ativo` === 0) {
            header("Location: principalUSU.php"); 
            exit;
            // fiquei boiando
         }
    }
    // ...
?>

[EDIT 1]:

<?php
    $locat = "";
    if (!empty($_POST) AND (empty($_POST['id']) OR empty($_POST['senha']) {
        if (`ativo` === 1)) {
            $locat = "Location: principal.php";
            // exit;
            // comentei essa linha pois não sei pra que serve;
        if (`ativo` === 0) {
            $local = "Location: principalUSU.php"; 
            // exit;
            // o mesmo do comentario anterior
         }
         header($locat);
    }
    // ...
?>

as in the comment still continues to direct to the first case: column 'ativo' === 1, Voce needs to print out the value of this to know if it is being passed correctly

  • So it also redirects to the main.php

  • @Marianaferreira I suggest you print the value of each variable you check in the if’s. So you can more easily identify what causes the problem.

  • So when I try to open the page responsible for validating the login, it appears that it is not working. However, I can log in normally. and not log in if I am typing an invalid login.

Browser other questions tagged php mysql permissions

You are not signed in. Login or sign up in order to post.