I am performing a validation on my page, in such a way that when they copy the URL it sends them directly to the login, the problem is that if I enter the usernames and passwords correctly it sends me to the login, I don't know what I am validating wrongly.
<?php
session_start();
require("conexion.php");
$usu = $_POST["txtusuario"];
$pass = $_POST["txtpassword"];
$queryusuario = mysqli_query($con,"SELECT * FROM login WHERE usuario ='$usu' and pass = '$pass'");
$fila = mysqli_fetch_assoc($queryusuario);
$encontrados = mysqli_num_rows($queryusuario);
if ($encontrados >= 1){
$_SESSION['usuario'] = $fila['usuario'];
$_SESSION['pass'] = $fila['pass'];
$_SESSION['nivel'] = $fila['nivel'];
if ($_SESSION['nivel']==1){
header('Location:pag_admin.php');
}
else if ($_SESSION['nivel']==2){
header('Location:pag_user.php');
}
else if ($_SESSION['nivel']==3){
header('Location:panel_usuario.php');
}
}
else{
header('Location:login.php');
}
?>
Apart from the comments, and based only on what appears in your question, once the query is valid, you do this:
therefore, if the user is level 1 they will be redirected to the
pag_admin.php
.But the funny thing is what you do later inside that pag_admin.php file (which corresponds to the screenshot):
That is, a user with level 1 of admin manages to identify himself correctly and is redirected to pag_admin.php , but within
pag_admin.php
the code he verifies his level again, and since this is different from 3 , he sends it back to index.php . In this way the admin never gets to load the page of his panel.I understand that what you want to do is this instead to avoid this inconsistency:
That is the only thing that I have been able to deduce from the code that you have put, therefore I do not know what happens in the other levels and the other pages because their codes are not in the question, but I imagine that perhaps they also have the same problem.
First check the value returned by the variable.
$encontrado
This can be easily done by adding the following line of code below the declaration and assignment.If the value that is printed is
0
You have a problem with the queryif the value is
> 1
the user found then you have a problem in the files where you redirect.If the level is
1
, you redirect it topag_admin.php
but on that page you have the following validation.Which prevents the user with a different level from
3
accessing. Change this validationpag_admin.php
to:Advice you haven't asked for
1 .To make your code more readable and shorter without so much nesting
if
else
you can change the code a bit to the followingYou should sanitize the values of the
$_POST
or, failing that, usesenetencias prepardas