ACCESS LEVELS - PHP + SQL SERVER

Asked

Viewed 445 times

1

I have a table in my DB with the following columns : User , Password , Level and I need to make each level related to the person be redirected to different pages . How can I accomplish that ?

Follow my line of code :


conexão.login.php

  <?php 
session_start();
            $serverName = "";
            $connectionInfo = array( "Database"=>"", "UID"=>"", "PWD"=>"" );
            $conn = sqlsrv_connect($serverName, $connectionInfo);
                 if ($conn === false) {
                  die(print_r(sqlsrv_errors(), true));
}

 $user = $_POST['email'];
 $password = $_POST['password'];

 $query = ("SELECT * FROM COLUNA WHERE LOGIN LIKE '$user' AND SENHA LIKE '$password'");
 $params = array(); 
 $options = array('Scrollable' => SQLSRV_CURSOR_KEYSET);
  $stmt = sqlsrv_query($conn, $query, $params, $options);
  $row_count = sqlsrv_num_rows($stmt);
       if ($row_count > 0) {

   $dados = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC);
   $_SESSION['email'] = $user;
   $_SESSION['password'] = $password;
   $_SESSION['nivel'] = $dados["NIVEL"];

                if( $_SESSION['nivel'] = 11){
                  header('location:x.php');
       }
       else{
       header('location:y.php');
       }}
        else {
    //Destrói
    session_destroy();

    //Limpa
    unset ($_SESSION['email']);
    unset ($_SESSION['password']);
        unset ($_SESSION['nivel']);


    //Redireciona para a página de autenticação
    header('location:index.php');

}
?>
php sql-server access-control

1 answer

2


Easiest way in this case is to use your session to redirect when the user logs in the same way you did in $_SESSION['nivel'] == 11

makes a separate page these settings and use a require_once

and on the page of these settings do something like 

session_start();
$nivel = $_SESSION['nivel'];
//Inicio de redirecionamento por niveis de acesso
if ($nivel == 1)
 { header("Location: pagina_do_nivel_1.php") }
elseif ($nivel == 2)
 { header("Location: pagina_do_nivel_2.php") }

....

else { header("Location: nivel_nao_especificado.php") }

And inside each page put a checker tbm to prevent the user access manually

  • Thank you very much :) It worked perfectly.

Browser other questions tagged php sql-server access-control

You are not signed in. Login or sign up in order to post.