How to define access levels

Asked

Viewed 165 times

1

I have a system that has a pv_user table and a pv_position. I would like to make a check according to the position the user will be redirected to different page.
I have the code below: 

$result = "select * from pv_usuario where login = '$login' and senha = '$senha' and ativo = 1";
$sql_execute = mysql_query($result);
$sql_verifica = mysql_num_rows($sql_execute);

    if($sql_verifica > 0)
    {
        if($senha == 'giga123' )
          {
            session_start();
            $_SESSION['login'] = $login;
            $_SESSION['senha'] = $senha;
            header('location:../../mpv/Login/reset.php');
          }
          else {
            session_start();
            $_SESSION['login'] = $login;
            $_SESSION['senha'] = $senha;
            header('location:../../mpv/index.php');
            exit;
        }

    }else 
        {
           session_destroy();
           unset($_SESSION['login']);
           unset($_SESSION['senha']);
           session_destroy();
           header('location:../../mpv/acesso_negado.php');
            exit;
        }

I thought I’d do something like that and put inside the first if above: 

$query = $con->query("select * from pv_usuario where login = '$login' and ativo = 1");
while($reg = $query->fetch_array()) 
{
if( $reg["cod_usuario"] == 1 ) 
  {
      header('location:../../mpv/Atendimento/index.php');
  }
  else if($reg["cod_usuario"] == 2)
  {
      header('location:../../mpv/Tecnico/index.php');
  }
}

Only it’s not working. What should I do?

php

  • I’m pretty sure the problem is here: $reg["cod_usuario"] try to change into this: $reg["COD_USUARIO"]

  • Some remarks: 1- What kind of error are you giving? 2- The "cod_usuario" field belongs to the "pv_usuario" table itself, right? 3- In the codes does not mention "pv_cargo" anywhere, I believe you are testing with specific users, right? 4- If the second code block is within the first IF (if($sql_checks > 0)), there is no need for the second query, this can save you some code :)

  • A, and I also believe it will be necessary to use a line identifier in your case $reg[0]["COD_USUARIO"]

  • you didn’t forget to give a exit after the header('Location: ...') ?

2 answers

2


For starters I advise you to change the mysql_ for mysqli_ once the version mysql_ will be discontinued.

If you want to keep the version with the name of the field $reg["cod_usuario"] instead of using the $query->fetch_array() you can use $query->fetch_assoc() that solves your problem.

Or so if you want to continue with the $query->fetch_array() you can pass as parameter the type of data you want to receive as in this example:

$query = "SELECT Name, CountryCode FROM City ORDER by ID LIMIT 3";
$result = $mysqli->query($query);

/* ARRAY NÚMERICO */
$row = $result->fetch_array(MYSQLI_NUM);
printf ("%s (%s)\n", $row[0], $row[1]);  

/* ARRAY ASSOCIATIVO */
$row = $result->fetch_array(MYSQLI_ASSOC);
printf ("%s (%s)\n", $row["Name"], $row["CountryCode"]);  

/* ARRAY NÚMERICO E ASSOCIATIVO */
$row = $result->fetch_array(MYSQLI_BOTH);
printf ("%s (%s)\n", $row[0], $row["CountryCode"]);

Example source.

1

I recommend PDO for numerous advantages. You decide, but like @Jorge B. spoke, avoid mysql_. I am giving an example with PDO.

// Exemplo de conexão com PDO:
$pdo = new \PDO( 'mysql:host=localhost;dbname=suaTabela' , 'usuario' , 'senha' );
$stmt = $pdo-> prepare( "select * from pv_usuario where login = '$login' and ativo = 1" );
$stmt-> execute();
$row = $stmt-> fetch( \PDO::FETCH_ASSOC );

// Validando o tipo de cadastro:
if( $row["cod_usuario"] == 1 )
{
    // redirecionamento com caminho absoluto.
    header("location: http://www.example.com/mpv/Atendimento/index.php");
}
elseif($row["cod_usuario"] == 2 )
{
    // redirecionamento com caminho absoluto.
    header("location: http://www.example.com/mpv/Tecnico/index.php");
}

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.