I'm doing a portal, and to do the registration you need cpf and email. Then I send a confirmation email, he clicks on the link and his situation on my bd changes. So the user can access the portal. It will only have one page, and all users will use the same page, except that the data that will come from the api will be different from each one. How do I know that the user who logged in (need to know from cpf) is such a person to put the data, and such.
Page index.php
<?php session_start(); include 'config/conexao.php';
?>
<!DOCTYPE html>
<html lang="pt-br">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- As 3 meta tags acima *devem* vir em primeiro lugar dentro do 'head'; qualquer outro conteúdo deve vir *após* essas tags -->
<title>Lojas Guido | Portal do Cliente - Login</title>
<link href="https://fonts.googleapis.com/css?family=Lato:300,400,700" rel="stylesheet">
<!-- Bootstrap -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" media="all">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="icon" href="img/icon/guido.ico" type="image/x-icon">
<link href="css/style.css" rel="stylesheet" media="all">
<script src="js/jquery-3.2.1.min.js"></script>
<script>
$(function(){
$("#footer").load("footer.php");
});
</script>
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top fot" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#elementoCollapse1">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="http://lojasguido.com.br/" target="_blank" class="navbar-brand links nome">Lojas Guido</a>
<a href="https://www.facebook.com/lojasguido/" target="_blank" class="navbar-brand links nome"></span><span class="fa fa-facebook-square" style="font-size:24px"></span></a>
<a href="https://www.google.com.br/search?q=lojas+guido&npsic=0&rflfq=1&rlha=0&rllag=-9663965,-35738591,201&tbm=lcl&ved=0ahUKEwi4-pKZsoLYAhXJkOAKHexfD34QtgMIKw&tbs=lrf:!2m1!1e2!2m1!1e3!3sIAE,lf:1,lf_ui:10&rldoc=1#rlfi=hd:;si:;mv:!1m3!1d9280.090187594818!2d-35.724626199999996!3d-9.6568108!2m3!1f0!2f0!3f0!3m2!1i791!2i453!4f13.1;tbs:lrf:!2m1!1e2!2m1!1e3!3sIAE,lf:1,lf_ui:10" target="_blank" class="navbar-brand links nome"></span><span class="fa fa-map-marker" style="font-size:24px"></span></a>
</div>
<div class="collapse navbar-collapse" id="elementoCollapse1">
<div class="navbar-form navbar-right">
<a class="btn btn-default" href="cadastro.php" role="button">Cadastrar</a>
</div>
</div>
</div>
</nav>
</div>
<div class="container">
<div class="row-fluid">
<div class="col-xs-12 ok">
<h1 class="portal">Portal do Cliente</h1>
<div class="form-login">
<h2>Entrar</h2>
<form name="formulario" id="formEnvia" method="POST">
<?php
include "config/valida.php";
?>
<label >CPF*</label>
<span>Apenas números</span>
<input type="text" id="cpf" name="cpf" class="form-control input-lg" placeholder="000.000.000-00" maxlength="14"
title="Digite apenas números" required />
<br>
<label inputemail>E-mail*:</label>
<input type="email" id="email" name="email" class="form-control input-lg " placeholder="[email protected]" maxlength="50" required/>
<br>
<button type="submit" name="valida" id="valida" value="valida" onclick="valida_envio()" class="btn btn-primary btn-lg btn-block">
<span class="glyphicon glyphicon-ok"></span>
<span id="cpf"></span>Acessar</button>
<br>
<span>Não possui cadastro?</span> <a class="btn btn-default bot" href="cadastro.php" role="button">Cadastre-se</a>
</form>
</div>
</div>
</div>
</div>
<br>
<br><br>
<!-- RODAPÉ -->
<div id="footer"></div>
<!-- FIM RODAPÉ -->
<script src="js/jquery-3.2.1.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script><scriptsrc="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" ></script>
<script src="js/ValidaCpf.js"></script>
<script src="js/jquery.maskedinput.js" type="text/javascript"></script>
</body>
</html>
Page valida.php
<?php
require_once "config/conexao.php";
if(isset($_REQUEST['valida'])){
$var1 = $_REQUEST['cpf'];
$var2 = $_REQUEST['email'];
$query = "SELECT 'leados'.'email', 'leados'.'cpf', 'links_emaos'.'situacao' from 'leados' INNER JOIN 'links_emaos' ON 'leados'.'id' = 'links_emaos'.'leado_id' WHERE situacao = '2' AND cpf='$var1' AND email= '$var2'";
$querySelect = mysqli_query($conn,$query);
if ($received_token === token()) {
if(mysqli_num_rows($querySelect) == 0){
$mensagem = "<div class='alert alert-danger'>CPF ou E-mail incorreto!</div>";
printf ($mensagem);
}else {
$_SESSION['cpf'] = $var1;
$_SESSION['email'] = $var2;
header("Location:postagem.php");
}
}else {
$mensagem = "<div class='alert alert-danger'>Você não tem autorização para entrar!</div>";
printf ($mensagem);
}
}
Note: I deleted the token codes