check user type for php access

Question

check user type for php access

Navigation

#1 by (1 votes)
#2 by (0 votes)

2

I'm trying to create an admin panel. Ba table of the bank already created the field type, where if it is 1 is normal user and 2 administrator. What is the best method to find the type of user in the bank?

Follow the code that I have already done, but any type of user has access to the admin panel.

<body>


    <div class ="container">
    <div class="row"></div>
        <div class="row">
            <div class="col-md-4">
            </div>
            <div class="col-md-5">
                <form action="painel.php" method="POST" >
                    <div class="input-group">
                        <label for="email">E:mail</label>
                        <input type="text" class="form-control" name="email" placeholder="email"><br><br>
                        <label for="Senha">Senha:</label>
                        <input type="password" class="form-control" name="senha" placeholder="**********"><br><br><br>
                        <button type="submit" class="btn btn-lg btn-default">Entrar</button><p><p><p><p>
                        <input type= "hidden" name="entrar" value="login">


                    </div>
                </form>
            </div>
        </div>
        <div class="row"></div>
    </div>

<?php

    if (isset($_POST['entrar']) && $_POST['entrar'] == "login"){
        $email = $_POST['email'];
        $senha = $_POST['senha'];

            if(empty($email) || empty($senha)){
                ?>
                <script type="text/javascript"> alert ('preencha todos os campos');
                </script>
                <?php
            }else{
                    $query = "SELECT nome, email, senha, tipo FROM usuarios WHERE email = '$email' AND senha = '$senha' ";
                    $result = mysqli_query($conn, $query);
                    $busca = mysqli_num_rows($result);
                    $linha = mysqli_fetch_assoc($result);

                while($percorrer = mysql_fetch_array($result) ){
                        $tipo = $percorrer['tipo'];

                        if($tipo == 2){

                    $_SESSION['nome'] = $linha['nome'];
                    $_SESSION['email'] = $linha['email'];
                    header('location: painel.php');
                    }


                }
            }

            }


?>

</body>
</html>
</html>

EDIT: in case the user type 2 (administrator) is being redirected to login too, I am passing the TYPE right?

$query = "SELECT nome, email, senha, tipo FROM usuarios WHERE email = '$email' AND senha = '$senha' ";
                $result = mysqli_query($conn, $query);
                $busca = mysqli_num_rows($result);
                $linha = mysqli_fetch_assoc($result);

            if($busca > 0){
                $_SESSION['nome'] = $linha['nome'];
                $_SESSION['email'] = $linha['email'];
                header('location: painel.php');

php mysql html

asked by anonymous 27.08.2017 / 18:22

2 answers

PHP - Scandir does not work [closed] Is it possible to edit an http response? [closed]

score 1 · Answer 1

Create a $_SESSION['tipo'] = $linha['tipo']; also in login and panel pages, <header> , for example, you check the type:

<?php
    if($_SESSION['tipo'] != 2){
       // redireciona pra fora do painel, pois não é tipo 2
    }
?>

Update:

Create an include (ex ver_tipo.php ) and enter before <html> of each page of the panel:

<?php
include_once "ver_tipo.php";
?>
<html>
<head>
...

And in the ver_tipo.php file the PHP script quoted at the beginning of this answer.

score 0 · Answer 2

I would do it this way, because then it would already be checking if the user exists / is or is not an administrator. For if there is no date in mysql_fetch_array($result) it will automatically report that the user does not exist, if it exists and the tipo == 2 is false it reports that the user does not exist or is not an administrator. There are other ways to make it clear, but with your code I managed to think about it only.

alert ('fill in all fields'); alert ('User does not exist / is not administrator');