I am a login system and register with 2 levels (1 corresponds to the common user and I want it to be redirected and level 2 is ADM, ADM has no problems). Can get the regular user to redirect to the site, but still has a failure to access the site through the URL.
I tried to resolve it by doing the sessions, but I can still open the page through the URL without being logged in, the structure appears and everything, but it has this error:
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /srv/disk4/2609189/www/grupodeestudos.atwebpages.com/site/index.php:1) in /srv/disk4/2609189/www/grupodeestudos.atwebpages.com/site/index.php on line 3
Login.php code
<?php
if($startaction == 1 && $acao == "logar"){
//Dados
$email=addslashes($_POST["email"]);
$senha=addslashes(sha1($_POST["senha"]."hxtutors"));
if(empty($email) || empty($senha)){
$msg="Preencha todos os campos!";
}else{
if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
$msg="Digite seu e-mail corretamente!";
}else{
//Executa a busca pelo usuário
$login=new Login;
echo "<div class=\"flash\">";
$login=$login->logar($email, $senha);
echo"</div>";
}
}
}
?>Login.class.php code
<?php
session_start();
$con=mysqli_connect("xxxx","xxxx","xxxxx","xxxxx") or die(mysqli_connect_error());
// verifica conexão
if (mysqli_connect_errno())
{
echo "Falha ao conectar com MySQL: " . mysqli_connect_error();
}
class Login{
public function logar($email, $senha){
global $con;
$buscar = mysqli_query($con,"SELECT * FROM usuarios WHERE email='$email' AND senha='$senha' LIMIT 1");
if(mysqli_num_rows($buscar) == 1){
$dados=mysqli_fetch_array($buscar);
if($dados["status"] == 1){
$_SESSION["email"]=$dados["email"];
$_SESSION["senha"]=$dados["senha"];
$_SESSION["nivel"]=$dados["nivel"];
setcookie("logado",1);
$log=1;
}else{
$flash="Aguarde a nossa aprovação!";
}
}
if(isset($log)){
$flash="Você foi logado com sucesso";
$_SESSION['emailSession'] = $email;
$_SESSION['senhaSession'] = $senha;
$_SESSION['nivelSession'] = $nivel;
}else{
if(empty($flash)){
$flash="Ops! Digite seu e-mail e sua senha corretamente!";
}
}
echo $flash;
}
}Page code to be restricted to logged-in users:
<?php
ob_start();
session_start();
if(!isset($_SESSION['emailSession']) AND !isset($_SESSION['senhaSession']) AND !isset($_SESSION['nivelSession'])){
header("Location: http://grupodeestudos.atwebpages.com");
exit;
}
require_once("admin/conexao/conecta.php");
require("admin/functions/limita-texto.php");
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Grupo de Estudos 2018</title>
<link rel="stylesheet" type="text/css" href="css/reset.css" media="all">
<link rel="stylesheet" type="text/css" href="css/estilo.css" media="all">
</head>
<body>
<div id="cadastrar"><a href="../index.php?acao=logout" title="Fazer logout!">Logout »</a></div>
<div class="divcenter">
<ul class="boxposts">
<?php
if(empty($_GET['pg'])){}
else{
$pg =$_GET['pg'];
if(!is_numeric($pg)){
echo '<script language= "JavaScript">
location.href="index.php";
</script>';
}
}
if(isset($pg)){ $pg = $_GET['pg'];}else{ $pg = 1;}
$quantidade = 3;
$inicio = ($pg*$quantidade) - $quantidade;
$sql = "SELECT * from tb_postagens WHERE exibir='Sim' ORDER BY id DESC LIMIT $inicio, $quantidade";
try{
$resultado = $conexao->prepare($sql);
$resultado->execute();
$contar = $resultado->rowCount();
if($contar > 0 ){
while($exibe = $resultado->fetch(PDO::FETCH_OBJ)){
?>
<li>
<span class="thumb">
<img src="upload/postagens/<?php echo $exibe->imagem;?>" alt="<?php echo $exibe->titulo;?>" title="<?php echo $exibe->titulo;?>" width="166" height="166">
</span>
<span class="content">
<h1><?php echo $exibe->titulo;?></h1>
<p><?php echo limitarTexto($exibe->descricao, $limite=380)?></p>
<div class="footer_post">
<a href="post.php?id=<?php echo $exibe->id;?>">Leia o artigo completo</a>
<span class="datapost">Data de Publicação: <strong><?php echo $exibe->data;?></strong></span>
</div><!-- footer post -->
</span>
</li>
<?php
}//while
}else{
echo '<li>Não existe post cadastrados no sistema</li>';
}
}catch(PDOException $erro){ echo $erro;}
?>
</ul>
<!-- inicio botoes -->
<style>
/* paginacao */
.paginas{width:100%;padding:10px 0;text-align:center;background:#fff;height:auto;margin:10px auto;}
.paginas a{width:auto;padding:4px 10px;background:#eee;color:#333;margin:0px 2.5px;text-decoration:none;font-family:tahoma, "Trebuchet Ms", arial;font-size:13px; }
.paginas a:hover{text-decoration:none;background:#00BA8B; color:#fff;}
<?php
if(isset($_GET['pg'])){
$num_pg = $_GET['pg'];
}else{$num_pg = 1;}
?>
.paginas a.ativo<?php echo $num_pg;?>{background:#00BA8B; color:#fff;}
#cadastrar{
border-bottom-left-radius:8px;
border-bottom-right-radius:15px;
-webkit-border-bottom-left-radius:8px;
-webkit-border-bottom-right-radius:15px;
-moz-border-radius-bottomleft:8px;
-moz-border-radius-bottomright:15px;
height:40px;
width:120px;
background:#f1f1f1;
text-align:center;
position:absolute;
right:0;
top:0;
z-index:2;
}
#cadastrar a{
padding-top:5px;
display:block;
color:#999;
font:400 18px Oswald;
}
#cadastrar:hover a{
color:#fff;
}
#cadastrar:hover{
background:#FF8C00;
color:#fff;
}
</style>
<?php
$sql = "SELECT * from tb_postagens";
try{
$result = $conexao->prepare($sql);
$result->execute();
$totalRegistros = $result->rowCount();
}catch(PDOException $e){
echo $e;
}
if($totalRegistros <=$quantidade){}
else{
$paginas = ceil($totalRegistros/$quantidade);
if($pg > $paginas){
echo '<script language= "JavaScript">
location.href="index.php";
</script>';}
$links = 5;
if(isset($i)){}
else{$i = '1';}
?>
<div class="paginas">
<a href="index.php?pg=1">Primeira Página</a>
<?php
if(isset($_GET['pg'])){
$num_pg = $_GET['pg'];
}
for($i = $pg-$links; $i <= $pg-1; $i++){
if($i<=0){}
else{
?>
<a href="index.php?pg=<?php echo $i;?>" class="ativo<?php echo $i;?>"><?php echo $i;?></a>
<?php }} ?>
<a href="index.php?pg=<?php echo $pg;?>" class="ativo<?php echo $i;?>"><?php echo $pg;?></a>
<?php
for($i = $pg+1; $i <= $pg+$links; $i++){
if($i>$paginas){}
else{
?>
<a href="index.php?pg=<?php echo $i;?>" class="ativo<?php echo $i;?>"><?php echo $i;?></a>
<?php
}
}
?>
<a href="index.php?pg=<?php echo $paginas;?>">Última página</a>
</div><!-- paginas -->
<?php
}
?>
<!-- fim botoes paginacao -->
</div><!-- div center -->
</body>
</html>Help me solve this goal: Restrict the page to users logged in to Level 1 so that there is no direct URL access.