CODEWITHSUNDEEP
php
user8337986
user8337986

Reputation:

php button session check and allow access

this is not help to me PHP check session, checking multiple variables to allow access to specific pages

php condition on button

PHP if condition number issue [duplicate]

PHP if condition strange

i try simple php CRUD with session user.php if login usercan only access ore its print error but this is user.php top lines

<?php include('server.php') ?>
<?php

if(!isset($_SESSION['name'])){
// header("Location:login.php");
echo "nee to login to access this page" ;

exit;
session_destroy();
}
?>

and this my delete button code 

<a href="server.php?delete=<?php echo $row['id'];?>" class ="btn btn-danger" > delete </a>

when this button gt clicked ip/user.php?delete=id (id get from data base) when with out login when type this ip/user.php?delete=20 its delete from data base how can i stop that?

its my server.php for delete 

if (isset($_GET['delete'])) {
    $id = $_GET['delete'];
    $qry = "DELETE FROM crud WHERE id=$id" ;
    mysqli_query($conn, $qry);

    $_SESSION['message'] = "recoard deleted success";
$_SESSION['msg_type'] = "danger";
header('location: user.php');
}

Upvotes: 0

Views: 205

Answers (1)

Bits Please
Bits Please

Reputation: 897

//on the top of page check session is set or not
session_start();
if(isset($_SESSION) && isset($_SESSION['name']))
{
   if (isset($_GET['delete'])) 
  {
    $id = $_GET['delete'];
    $qry = "DELETE FROM crud WHERE id=$id" ;
    mysqli_query($conn, $qry);

    $_SESSION['message'] = "recoard deleted success";
    $_SESSION['msg_type'] = "danger";
    header('location: user.php');
  }
}
else
{
  echo 'cant access this page you need to login first';
}

if you still face issue try to print $_SESSION array and check does sesison really gets destroy?

If not then on logout.php

unset($_SESSION['name']);
session_destroy();

Upvotes: 1

Related Questions