0
Good morning guys, a problem that I have not been able to solve so far consists of a login system, where if, for example, the user has already logged in and has not clicked on "QUIT" (logout), if it closes and re-accesses the site, it would be redirected to the user page. When I do not use the condition of checking if the person is classified as "ADMIN", apparently everything goes well. However, by adding the additional condition of making this check, it is not working.
<?php
require_once 'classes/db_connect.php';
session_start();
if(isset($_SESSION['login']) && $_REQUEST['admin'] == '0') {
header('Location: areaUsuario.php');
} else if (isset($_SESSION['login']) && $_REQUEST['admin'] == '1') {
header('Location: areaAdm.php');
}
if(isset($_POST['submit'])):
$erros = array();
$username = mysqli_escape_string($connect, $_POST['email']);
$password = mysqli_escape_string($connect, $_POST['senha']);
$admin = $_REQUEST['admin'];
if(empty($username) or empty($password)):
$erros[] = "<li>Todos os campos devem ser preenchidos.</li>";
else:
$sql = "SELECT username FROM user WHERE username = '$username'";
$resultado = mysqli_query($connect, $sql);
if(mysqli_num_rows($resultado) > 0):
$password = md5($password);
$sql = "SELECT * FROM user WHERE username = '$username' AND password = '$password'";
$resultado = mysqli_query($connect, $sql);
if(mysqli_num_rows($resultado) == 1):
$dados = mysqli_fetch_assoc($resultado);
if ($dados['admin'] == '1'):
mysqli_close($connect);
$_SESSION['login'] = $username;
$_SESSION['senha'] = $password;
$_SESSION['admin'] = $admin;
header('Location: areaAdm.php');
else:
mysqli_close($connect);
$_SESSION['login'] = $username;
$_SESSION['senha'] = $password;
$_SESSION['admin'] = $admin;
header('Location: areaUsuario.php');
endif;
else:
$erros[]="<li>Usuário e senha não conferem</li>";
endif;
else:
$erros[]="<li>Usuário não cadastrado</li>";
endif;
endif;
endif;
?>
?>
this variable 'admin' is coming as? via post? has the superglobal _POST as well. Who knows it must be around that this information is coming... Another idea is since the superglobal _Session is also storing login information, why not store information whether it is admin or not? finally just an idea.
– Jonathan CR
Admin is coming from the database, like 1 or 0. The request does not work in this sense?
– Gustavo S. Rocha
The attempt to perform with SESSION to "admin" also did not go well.
– Gustavo S. Rocha
Looking at the php documentation, I saw a comment below showing the difference between methods _GET, _POST and _REQUEST... from a look -> https://www.php.net/manual/en/reserved.variables.request.php
– Jonathan CR
This answers your question? Use of $_REQUEST instead of $_GET, $_POST and $_COOKIE
– rbz