Permission system

1

I have a system with a required login.

What should happen: If the "active" column is = 1 redirects to a certain page, if it is = 0 redirects to another page.

<?php
if (!empty($_POST) AND (empty($_POST['id']) OR empty($_POST['senha']) AND ('ativo' = 1)) {
  header("Location: principal.php"); exit;
} else {
    if (!empty($_POST) AND (empty($_POST['id']) OR empty($_POST['senha']) AND ('ativo' = 0){
        header("Location: principalUSU.php"); exit;
}
}
mysql_connect('localhost', 'root', '', 'db_formacao') or trigger_error(mysql_error());
$identifiant = mysql_real_escape_string($_POST['id']);
$senha = mysql_real_escape_string($_POST['senha']);
$ativo = mysql_real_escape_string($_POST['ativo']);

$sql = "SELECT 'id', 'id', 'senha', 'ativo'  FROM 'usuarios' WHERE ('id' = '". $id ."') AND ('senha' = '". $senha ."') AND ('ativo' = '". $ativo ."')";
$query = mysql_query($sql);
if (mysql_num_rows($query) != 1) {
  echo "Login inválido!"; exit;
} else {
  $resultado = mysql_fetch_assoc($query);
}

Only on both occasions it redirects to page principal.php .

    
asked by anonymous 21.09.2017 / 14:17

2 answers

1

I suggest changing the AND and OR operators by && and || , respectively. The reason is the priority in executing operators. This may be confusing in some languages, but in PHP this subject is especially treacherous. See for yourself by running the following excerpts:

<?php
$foo = true && false;
var_dump($foo);

$bar = true AND false;
var_dump(bar);
?>

$foo will be false, as expected in any language, but $bar will be true. The only reason I can imagine to justify this is that PHP authors use drugs different from the ones that other language designers use.

Then, in your case, I think the if to soon after seeing whether the POST is empty or not. The exchange of operators must resolve.

    
21.09.2017 / 14:35
0

Try this:

<?php
    if (!empty($_POST) AND (empty($_POST['id']) OR empty($_POST['senha']) {
        if ('ativo' === 1)) {
            header("Location: principal.php");
            exit;
            // Praque esse "exit" aqui, fiquei sem compreender;
        if ('ativo' === 0) {
            header("Location: principalUSU.php"); 
            exit;
            // fiquei boiando
         }
    }
    // ...
?>

[EDIT 1]:

<?php
    $locat = "";
    if (!empty($_POST) AND (empty($_POST['id']) OR empty($_POST['senha']) {
        if ('ativo' === 1)) {
            $locat = "Location: principal.php";
            // exit;
            // comentei essa linha pois não sei pra que serve;
        if ('ativo' === 0) {
            $local = "Location: principalUSU.php"; 
            // exit;
            // o mesmo do comentario anterior
         }
         header($locat);
    }
    // ...
?>

As in the comment, it still continues to point to the first case: column 'ativo' === 1 , you need to print a value of this to see if it is being passed correctly

    
21.09.2017 / 14:49