Login system with permission levels

By Posted on

Question :

I’m developing a login system with permission levels, however, at the time of logging in as administrator, on a page adm would be allowed to enter, the permission is denied.

It’s as if my SESSION was null, instead of adm being redirected to index.html, an echo with PERMISSION DENIED appears.
I followed the following tutorial , but the result did not go according to the expected, which was: when logging as adm, be redirected to index.html. Yes, I’m getting the right html form data. What is the possible error? 

<?php
// The session must be started on each different page
if (!isset($_SESSION)) session_start();

$nivel_necessario = 1;

// Checks if there is a session variable that identifies the user
if (!isset($_SESSION['usuario']) OR ($_SESSION['tipo'] < $nivel_necessario)){

// Destroys session per security
session_destroy();

// Redirects the visitor back pro login
echo "PERMISSÃO NEGADA";
//header("Location: login.html"); exit;

}else{
    header("Location: ../../index.html"); exit;
}
?>

<h1>Restricted page</h1>
Hello, <?php echo $_SESSION['usuario']; ?>!

Query code that returns the user and type 

$query = "SELECT usuario, senha, tipo FROM usuario WHERE usuario='".$usuario."' AND senha='".$codificada."'";
$rs = mysqli_query($db, $query);
print_r($rs);
if($rs->num_rows!=0){

    $resultado = mysqli_fetch_assoc($query);
    // Se a sessão não existir, inicia uma
    if (!isset($_SESSION)) session_start();

    // Salva os dados encontrados na sessão
    $_SESSION['usuario'] = $resultado['usuario'];
    echo "string";
    $_SESSION['senha'] = $resultado['senha'];
    $_SESSION['tipo'] = $resultado['tipo'];

    // Redireciona o visitante
    header("Location: restrito.php"); exit;
    //header("Location: ../../index.html");

}else{
   echo "Usuário/senha não encontrado";
}

Table code that data is saved 

CREATE TABLE 'usuario' (
  'id_usuario' int(11) NOT NULL,
  'senha' varchar(40) CHARACTER SET utf8 NOT NULL,
  'nome' varchar(30) CHARACTER SET utf8 NOT NULL,
  'email' varchar(30) NOT NULL,
  'cpf' varchar(16) NOT NULL,
  'instituicao' varchar(50) CHARACTER SET utf8 DEFAULT NULL,
  'usuario' varchar(30) NOT NULL,
  'tipo' int(11) NOT NULL
)

    

Answer :

Try: 

<?php
session_start();

$nivel_necessario = 1;

// Checks if there is a session variable that identifies the user
if (!isset($_SESSION['usuario']) OR ($_SESSION['tipo'] < $nivel_necessario)){

// Destroys session per security
unset($_SESSION['usuario']);
unset($_SESSION['tipo']);

// Redirects the visitor back pro login
echo "PERMISSÃO NEGADA";
//header("Location: login.html"); exit;

}else{
    header("Location: ../../index.html"); exit;
}
?>

<h1>Restricted page</h1>
Hello, <?php echo $_SESSION['usuario']; ?>!

Another code 

<?php
session_start();
$query = "SELECT usuario, senha, tipo FROM usuario WHERE usuario='".$usuario."' AND senha='".$codificada."'";
$rs = mysqli_query($db, $query);
print_r($rs);
if($rs->num_rows!=0){

    $resultado = mysqli_fetch_assoc($query);


    // Salva os dados encontrados na sessão
    $_SESSION['usuario'] = $resultado['usuario'];
    echo "string";
    $_SESSION['senha'] = $resultado['senha'];
    $_SESSION['tipo'] = $resultado['tipo'];

    // Redireciona o visitante
    header("Location: restrito.php"); exit;
    //header("Location: ../../index.html");

}else{
   echo "Usuário/senha não encontrado";
}

    

Leave a Reply

Your email address will not be published. Required fields are marked *