Users and Sessions

Question

Users and Sessions

Navigation

#1 by (0 votes)
#2 by (0 votes)

0

I'm doing a simple stock control system, I want to give my users privacy with a login, but I have two doubts, I already made the login and create a table in mysql called usuarios , I can register users and if you are registered, you can log in.

My first problem starts in that I can skip the login by placing the address bar instead of index.php that is the login, put adminStock.php that you already enter the system. How can I avoid that?

My second problem is that I can register the number of users I want but they all enter the same stock inventory, how can I have different sesiones and that each user access their own stock inventory.

mysql html php

asked by mariano1424 06.04.2018 в 20:32

source

2 answers

WARN - JmsConsumer JMS Consumer did not receive a valid message validate that you have typed numbers and points

score 0 · Answer 1

You can make use of the php sessions, this when making the query with the data of the login form.

session_start();
                        $_SESSION["sesion_activa"] = $usuario_bd;
                        $_SESSION["tipo_usuario"] = $tipo_usuario;

In this case I occupy $ user_bd; to store the id of the user, and $ user_type to store its type and thus use it in all my system views and to know what permissions it has. You can also check this on the following page link

score 0 · Answer 2

You can use session_start() and create the session variables ( $_SESSION ) with which you will verify that if this session variable is defined you will let it access the page, in your case it is adminStock.php .

Example:

<?php
    require('conexion.php');

    session_start();

    if(isset($_SESSION["id_usuario"])){
        header("Location: adminStock.php");
    }

    if(!empty($_POST))
    {
        $usuario = mysqli_real_escape_string($mysqli,$_POST['usuario']);
        $password = mysqli_real_escape_string($mysqli,$_POST['password']);
        $error = '';

        $sha1_pass = sha1($password);

        $sql = "SELECT id, id_tipo FROM usuarios WHERE usuario = '$usuario' AND password = '$sha1_pass'";
        $result=$mysqli->query($sql);
        $rows = $result->num_rows;

        if($rows > 0) {
            $row = $result->fetch_assoc();
            $_SESSION['id_usuario'] = $row['id'];
            $_SESSION['tipo_usuario'] = $row['id_tipo'];

            header("location: adminStock.php");
            } else {
            $error = "El nombre o contraseña son incorrectos";
        }
    }
?>
<html>
    <head>
        <title>Login</title>
    </head>

    <body>
        <form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST" > 
            <div><label>Usuario:</label><input id="usuario" name="usuario" type="text" ></div>
            <br />
            <div><label>Password:</label><input id="password" name="password" type="password"></div>
            <br />
            <div><input name="login" type="submit" value="login"></div> 
        </form> 

        <br />

        <div style = "font-size:16px; color:#cc0000;"><?php echo isset($error) ? utf8_decode($error) : '' ; ?></div>
    </body>
</html>

And within adminStock.php before DOCTYPE of html you should verify that there is said session variable otherwise you will return it to the user's login.

Code:

<?php
session_start();

if (!isset($_SESSION['id_usuario'])) {
   header("Location: index.php");
}
?>

To handle different Stocks first of all you must have a structure in your database to be able to handle all that information and that the table where you manage the stock has a llave foránea pointing to the id del usuario so that at the moment the user enters you can make a select of all the stock information of that user with a clause where .