0

this is not help to me PHP check session, checking multiple variables to allow access to specific pages

php condition on button

PHP if condition number issue [duplicate]

PHP if condition strange

i try simple php CRUD with session user.php if login usercan only access ore its print error but this is user.php top lines

<?php include('server.php') ?>
<?php

if(!isset($_SESSION['name'])){
// header("Location:login.php");
echo "nee to login to access this page" ;

exit;
session_destroy();
}
?>

and this my delete button code 

<a href="server.php?delete=<?php echo $row['id'];?>" class ="btn btn-danger" > delete </a>

when this button gt clicked ip/user.php?delete=id (id get from data base) when with out login when type this ip/user.php?delete=20 its delete from data base how can i stop that?

its my server.php for delete 

if (isset($_GET['delete'])) {
    $id = $_GET['delete'];
    $qry = "DELETE FROM crud WHERE id=$id" ;
    mysqli_query($conn, $qry);

    $_SESSION['message'] = "recoard deleted success";
$_SESSION['msg_type'] = "danger";
header('location: user.php');
}
Improve this question
4
  • So its like without login if you try to hit the URL then it gets deleted right? Commented Nov 30, 2018 at 7:51
  • no i just type url ip.user.php?delete=20 its day error but its delete from data bases Commented Nov 30, 2018 at 7:58
  • Sorry didnt get you? Commented Nov 30, 2018 at 7:59
  • if user not login theycat access user.php but itf the directy type user.php?delete=10 its delete Commented Nov 30, 2018 at 8:07

1 Answer 1

Reset to default
1 
//on the top of page check session is set or not
session_start();
if(isset($_SESSION) && isset($_SESSION['name']))
{
   if (isset($_GET['delete'])) 
  {
    $id = $_GET['delete'];
    $qry = "DELETE FROM crud WHERE id=$id" ;
    mysqli_query($conn, $qry);

    $_SESSION['message'] = "recoard deleted success";
    $_SESSION['msg_type'] = "danger";
    header('location: user.php');
  }
}
else
{
  echo 'cant access this page you need to login first';
}

if you still face issue try to print $_SESSION array and check does sesison really gets destroy?

If not then on logout.php

unset($_SESSION['name']);
session_destroy();
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

So on that page try to print_r($_SESSION) and check if yoy really get those values? If not then you might have issue for logout as session is not destroying...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.