Login check does not start Session

Asked

Viewed 56 times

0

I have a login system that checks according to the level of access of the user that worked until recently but I did something that stopped.

Form

    <form class="text-center" style="padding-left: 30%; padding-right: 30%" method="POST" action="<?php $_SERVER['PHP_SELF']; ?>">
            <p class="h4 mb-4">Service Desk Embaré</p>
            <label>Usuário</label>
            <input class="form-control mb-4" placeholder="E-mail" type="text" name="usuario"><br>
            <label>Senha</label>
            <input class="form-control mb-4" placeholder="Senha" type="password" name="senha">
            <button class="btn btn-info btn-block my-4" type="submit" name="submeter">Entrar</button>

<?php
    if(!empty($erros)):
        foreach ($erros as $erro):                  
            echo $erro;
        endforeach;
    endif;
?>
</form>

The login page is as follows:: 

if (isset($_POST['submeter'])):
        $usuario = $_POST['usuario'];
        $senha = $_POST['senha'];
        $erros = array();
            if(empty($usuario) or empty($senha)):
                $erros[] = "<li>Campo usuário ou senha não podem ficar em branco</li>";

            else:
                $query = "SELECT nome_login FROM usuarios WHERE nome_login = '$usuario'";
                $resultado = mysqli_query($conexao, $query);

                if(mysqli_num_rows($resultado) > 0):
                    $query = "SELECT * FROM usuarios WHERE nome_login = '$usuario' AND senha = '$senha'";
                    $resultado = mysqli_query($conexao, $query);

                    if(mysqli_num_rows($resultado) == 1):
                        $query = "SELECT * FROM usuarios WHERE nivel_acesso = 1 AND nome_login = '$usuario' AND senha = '$senha'";
                        $resultado = mysqli_query($conexao, $query);

                        if(mysqli_num_rows($resultado) == 1):
                            $dados = mysqli_fetch_array($resultado);
                            mysqli_close($conexao);
                            $_SESSION['logado'] = true;
                            $_SESSION['id_usuario'] = $dados['id_usuario'];
                            header('Location: self_service/teste.php');                 
                        else:
                            header('Location: configuracoes.php');
                        endif;
                    else:
                        $erros[] = "<li>Nome de usuário ou senha incorretos</li>";
                    endif;
                else:
                    $erros[] = "<li>Nome de usuário ou senha incorretos</li>";
                endif;
            endif;
        endif;
        ?>

And on the self_service/test.php page, I start as follows:

// Sessão
session_start();

    <?php include 'conexao.php'; 

        // Verificação
        if(!isset($_SESSION['logado'])):
          header('Location: ../login.php');
        endif;

        // Dados
        $id = $_SESSION['id_usuario'];
        $sql = "SELECT * FROM usuarios WHERE id_usuario = '$id'";
        $resultado = mysqli_query($conexao, $sql);
        $dados = mysqli_fetch_array($resultado);
        mysqli_close($conexao);    
    ?>

It turns out that in the check, only Else works, IE, only users with leve_access other than 1 can log in. Users who have level access == 1 are always on the login screen, when submitting the form nothing happens.

Example of the comic book:

inserir a descrição da imagem aqui

php mysql

1 answer

0

I’m putting as an answer because I don’t have enough points to comment on. Anything I take back.

I believe the solution is just to add simple quotes in the search of the database, so:

$query = "SELECT * FROM usuarios WHERE nivel_acesso = '1' AND nome_login = '$usuario' AND senha = '$senha'";

  • I did what you suggested, but it didn’t work. It’s still the same, when you click on login and has level_access = 1 nothing happens.

  • Are only two access levels? 0 and 1? The problem only occurs with access levels 1?

  • Access levels = 1 and different levels of 1. If I put in my bd that the user is not level 1, the access usually occurs according to the 'Else'.

  • I did a test by placing the print_r($data) on the login page and returned the values correctly. I believe the problem lies beyond, something related to Ssion.

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.