How to insert roles in php and mysql?
-
Hello good, I have a query, what happens is that I want to enter user roles in my code but I don't know how to do it, I have the registration and login form already created, I just need to add the reference that I already mentioned above: register_user_be.php:
- {
echo '
alert("Este correo ya está registrado");
window.location = "../index.php";
';
exit();
}
//Verificar que el nombre de usuario no se repita en la bd
$verificar_usuario = mysqli_query($conexion, "SELECT * FROM usuarios WHERE usuario='$usuario' ");
if (mysqli_num_rows($verificar_usuario) > 0) {
echo '
alert("Este usuario ya está registrado");
window.location = "../index.php";
';
exit();
}$ejecutar = mysqli_query($conexion, $query);
if ($ejecutar) {
echo '
alert("Usuario registrado correctamente");
window.location = "../index.php";
';
}else{
echo '
alert("Inténtalo de nuevo, usuario no registrado");
window.location = "../index.php";
';
}mysqli_close($conexion);
?>
login_usuario_be.php:
- {
$_SESSION['usuario'] = $correo;
header("location: ../inicio.php");
exit;
}else{
echo '
alert("El usuario no existe, por favor verifique los datos introducidos");
window.location = "../index.php";
';
exit;
}
?>
index.php:
- {
-
Hello good, I have a query, what happens is that I want to enter user roles in my code but I don't know how to do it, I have the registration and login form already created, I just need to add the reference that I already mentioned above: register_user_be.php:
- {
echo '
alert("Este correo ya está registrado");
window.location = "../index.php";
';
exit();
}
//Verificar que el nombre de usuario no se repita en la bd
$verificar_usuario = mysqli_query($conexion, "SELECT * FROM usuarios WHERE usuario='$usuario' ");
if (mysqli_num_rows($verificar_usuario) > 0) {
echo '
alert("Este usuario ya está registrado");
window.location = "../index.php";
';
exit();
}$ejecutar = mysqli_query($conexion, $query);
if ($ejecutar) {
echo '
alert("Usuario registrado correctamente");
window.location = "../index.php";
';
}else{
echo '
alert("Inténtalo de nuevo, usuario no registrado");
window.location = "../index.php";
';
}mysqli_close($conexion);
?>
login_usuario_be.php:
- {
$_SESSION['usuario'] = $correo;
header("location: ../inicio.php");
exit;
}else{
echo '
alert("El usuario no existe, por favor verifique los datos introducidos");
window.location = "../index.php";
';
exit;
}
?>
index.php:
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query. PHP: SQL Injection - Manual[^] PHP: Prepared statements and stored procedures - Manual[^] You are also storing an unsalted hash of the user's password. That's not secure enough - your database will be vulnerable to a "rainbow table" attack. Rainbow table - Wikipedia[^] Use PHP's built-in functions for storing and validating passwords: PHP: password_hash[^] PHP: password_verify[^] These will automatically take care of generating and storing a random salt for you.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
- {
-
Hello good, I have a query, what happens is that I want to enter user roles in my code but I don't know how to do it, I have the registration and login form already created, I just need to add the reference that I already mentioned above: register_user_be.php:
- {
echo '
alert("Este correo ya está registrado");
window.location = "../index.php";
';
exit();
}
//Verificar que el nombre de usuario no se repita en la bd
$verificar_usuario = mysqli_query($conexion, "SELECT * FROM usuarios WHERE usuario='$usuario' ");
if (mysqli_num_rows($verificar_usuario) > 0) {
echo '
alert("Este usuario ya está registrado");
window.location = "../index.php";
';
exit();
}$ejecutar = mysqli_query($conexion, $query);
if ($ejecutar) {
echo '
alert("Usuario registrado correctamente");
window.location = "../index.php";
';
}else{
echo '
alert("Inténtalo de nuevo, usuario no registrado");
window.location = "../index.php";
';
}mysqli_close($conexion);
?>
login_usuario_be.php:
- {
$_SESSION['usuario'] = $correo;
header("location: ../inicio.php");
exit;
}else{
echo '
alert("El usuario no existe, por favor verifique los datos introducidos");
window.location = "../index.php";
';
exit;
}
?>
index.php:
- {
