Add access level to this php code

0
<?PHP
include('config.php');
# Validar os dados do usuário

function anti_sql_injection($string)
    {
        include('config.php');
        $string = stripslashes($string);
        $string = strip_tags($string);
        $string = mysqli_real_escape_string($conexao,$string);
        return $string;
    }

$sql = mysqli_query($conexao,"select * from sec_iden where login_sec='".anti_sql_injection($_POST['login_sec'])."' and senha_sec='".anti_sql_injection($_POST['senha_sec'])."' limit 1") or die("Erro");
$linhas = mysqli_num_rows($sql);
if($linhas == '')
    {
        ?>
        <div class="msg2 padding20">Usuário não encontrado ou usuário e senha inválidos.</div>
        <?PHP
    }
else
    {
        while($dados=mysqli_fetch_assoc($sql))
            {
                session_start();
                $_SESSION['login_sec_sessao'] = $dados['login_sec'];
                header("Location: conteudo.php");
            }
    }
?>

Well I wanted it when the field I created in called db (adm was = 1) it redirected to administrative.php and when it was = 0 for conteudo.php but I'm not able to do this, an if would solve this and where would I put this if?

    
asked by anonymous 25.09.2018 / 18:34

1 answer

1

Yes, in this case a if would suffice.

It would look like this:

<?PHP
include('config.php');
# Validar os dados do usuário

function anti_sql_injection($string)
    {
        include('config.php');
        $string = stripslashes($string);
        $string = strip_tags($string);
        $string = mysqli_real_escape_string($conexao,$string);
        return $string;
    }

$sql = mysqli_query($conexao,"select * from sec_iden where login_sec='".anti_sql_injection($_POST['login_sec'])."' and senha_sec='".anti_sql_injection($_POST['senha_sec'])."' limit 1") or die("Erro");
$linhas = mysqli_num_rows($sql);
if($linhas == '')
    {
        ?>
        <div class="msg2 padding20">Usuário não encontrado ou usuário e senha inválidos.</div>
        <?PHP
    }
else
    {
        while($dados=mysqli_fetch_assoc($sql))
            {
                session_start();
                $_SESSION['login_sec_sessao'] = $dados['login_sec'];
                if($dados['adm'] == '1') header("Location: administrativo.php"); 
                else header("Location: conteudo.php");
            }
    }
?>

Note that this example is valid only in case of two login situations as you passed, that is, whether it is an administrator or not.

OBS: This way you're not doing access control, you're just redirecting the user to a particular page.

    
25.09.2018 / 18:39