I have a file that retrieves the IDs and performs a role login like so:
validate.php :
<?php
//Fichero que usara para mandar los datos recibidos más abajo para pasarlos por el controlador.
include '../controlador/usuariosControlador.php';
//Recoge los datos de index.php introducidos en el login, verifica que en ambos campos existan datos.
if (isset($_POST['usuario']) || isset($_POST['pass'])) {
if (trim($_POST['usuario']) == '' || trim($_POST['pass']) == '') {
echo 'false';
} else {
$usuariosCon = new usuariosControlador();
$usuario = $usuariosCon->validar($_POST['usuario'], $_POST['pass']);
if (count($usuario) > 0) {
//Una vez detecta que el usuario existe le indicaremos los datos que debe seguir la SESSION para calificar los roles, es decir, hacia donde debe de dirigir todo el tráfico del log según su rol.
session_start();
$_SESSION['id'] = $usuario['id'];
$_SESSION['usuario'] = $usuario['usuario'];
$_SESSION['privilegio'] = $usuario['privilegio'];
echo 'true';
echo $validacion;
if ($_SESSION['privilegio'] == 0) {
header('location: userinv.php');
} elseif ($_SESSION['privilegio'] == 1) {
header('location: user.php');
} elseif ($_SESSION['privilegio'] == 2) {
header('location: jefe.php');
} elseif ($_SESSION['privilegio'] == 3) {
header('location: administrador.php');
} elseif ($_SESSION['privilegio'] == 4) {
header('location: superadmin.php');
} else {
echo 'false';
}
}
}
}
?>
As we can see, it redirects to the websites that I tell it to, and within this it has options to move.
Well, if you enter one of these, enter like this:
Menuadmin.php :
session_start();
//Iniciaremos la variable SESSION y con ello le indicaremos QUIÉN NO tiene permisos para acceder aquí
if (!isset($_SESSION["privilegio"]) || $_SESSION["privilegio"] == 0) {
print "<script>alert(\"Acceso invalido!\");window.location='../../index.php';</script>";
}
if (!isset($_SESSION["privilegio"]) || $_SESSION["privilegio"] == 1) {
print "<script>alert(\"Acceso invalido!\");window.location='../../index.php';</script>";
}
if (!isset($_SESSION["privilegio"]) || $_SESSION["privilegio"] == 2) {
print "<script>alert(\"Acceso invalido!\");window.location='../../index.php';</script>";
}
To verify that you have permissions, allow access or not. Well, once you access it, you want to go to your main menu but I can't, since your session data is as if you had already lost it.
For example, I tell it to return to the validar.php file so that it redirects it to its predefined index, but the page remains blank:
<?php echo '<a href="../../validar.php">Menu</a>'; ?></li>
When you are returning to Validar.php you check the POST data that is null when you return by pressing the Menu link, add an else so that it checks in case the Post data is null if there is session data. Here is an example of what I mean:
Good, review the documentation
session
so you can see how it works.http://php.net/manual/es/function.session-start.php
Also, keep in mind that in your code, if I return to "validar.php" without values in POST (as you do in it,
<?php echo '<a href="../../validar.php">Menu</a>'; ?></li>
it will always give you false, because you yourself force the existence of aPOST['usuario']
yPOST['pass']
You comment that the page remains blank, have you checked with right click "View page source code" that it is really blank? You may be printing the
echo "false";
.Does the error log give you any errors? Can we see the controller?