Does not recognize the profile of the user who enters the system

Question

Does not recognize the profile of the user who enters the system

Navigation

#1 by (0 votes)
#2 by (0 votes)

0

I have the following code:

<?php

session_start();

if (isset($_POST['token']) && $_POST['token'] !== '') {

    //Contiene las variables de configuracion para conectar a la base de datos
    include "../config/config.php";

    $email = mysqli_real_escape_string($con, (strip_tags($_POST["email"], ENT_QUOTES)));
    $password = sha1(md5(mysqli_real_escape_string($con, (strip_tags($_POST["password"], ENT_QUOTES)))));

    $query = mysqli_query($con, "SELECT * FROM user WHERE email =\"$email\" OR username=\"$email\" AND password = \"$password\";");

    if ($row = mysqli_fetch_array($query)) {

        $_SESSION['user_id'] = $row['id'];
        $_SESSION['profile_id'] = ($row['profile_id']==1);
        header("location: ../dashboard.php");
    } else {
        $invalid = sha1(md5("contrasena y email invalido"));
        header("location: ../index.php?invalid=$invalid");
    }
} else {
    header("location: ../dashboardGeneral.php");
}
?>

But it does not matter if it's an administrator, it always loads the same, you can help me

php login cuenta-usuario

asked by 28.09.2017 в 19:21

source

2 answers

0

$_SESSION['profile_id'] = ($row['profile_id']==1);
    header("location: ../dashboard.php");

Change it to

$_SESSION['profile_id'] = $row['profile_id'];
  if ($_SESSION['profile_id'] == 1){
    header("location: ../dashboard.php");
 }

answered by 28.09.2017 в 21:44

UTF8-Excel PHP report MySQL Select Query

score 0 · Accepted Answer

Here is an example, where I assume that profile_id is a role type and 1 responds to the administrator.

Redirection for administrator page header ("location: ../ dashboard.php") ;

Redirection for the page of the rest of the users: header ("location: ../ dashboard_pagina2.php");

  session_start();

if (isset($_POST['token']) && $_POST['token'] !== '') {

    //Contiene las variables de configuracion para conectar a la base de datos
    include "../config/config.php";

    $email = mysqli_real_escape_string($con, (strip_tags($_POST["email"], ENT_QUOTES)));
    $password = sha1(md5(mysqli_real_escape_string($con, (strip_tags($_POST["password"], ENT_QUOTES)))));

    $query = mysqli_query($con, "SELECT * FROM user WHERE (email ='".$email."' OR username= '".$email."') AND password = '".$password."'");

    if ($row = mysqli_fetch_array($query)) {
            $_SESSION['user_id'] = $row['id'];
            $_SESSION['profile_id'] = $row['profile_id'];

            if($_SESSION['profile_id'] == 1){

                 header("location: ../dashboard.php");  

            }else{ 

               header("location: ../dashboard_pagina2.php");  

            }
        } else {
            $invalid = sha1(md5("contrasena y email invalido"));
            header("location: ../index.php?invalid=$invalid");
        }
    } else {
        header("location: ../dashboardGeneral.php");
    }