0

I have a 'users' table which have two columns/attributes i-e username and password. this table holds admins of the website. now i have created a form that's used to delete one or more admins from the table mentioned above, but if currently logged in user tries to delete itself, it must not happen. the problem i'm facing is: i have received the username and password of the currently logged in user from the session, but when i enters another admin details, still it gives me the error that currently logged in user is trying to delete itself.

FORM:

<form action="delete_user.php" method="post">
<fieldset><legend style="text-align:center; font-size:18px">Enter Details of the User You want to Delete</legend><br>
<label for="username">Username : </label><input type="text" name="username" placeholder = "Username"><br>
<label for="password">Password :</label><input type="password" name="password" placeholder = "Password"><br>
</fieldset>
<p id="btn">
<input type="submit" value="Delete" name="submit_delete_user" style="font-size:16px"><input type="reset" value="Reset" style="font-size:16px"><br>
<center>
<a href="admin.php">Admin Home</a><br>
<a href="logout.php">Logout</a>
</center>
</p>
</form>

PHP file/CODE:

<?php session_start();
$server="localhost";
$user="root";
$password="";
$database="camouflage_studio";

$con = mysqli_connect($server,$user,$password,$database);
if (mysqli_connect_errno())
  {
  echo "Connection Error: " . mysqli_connect_error();
  }
//reiving values from form
$username = mysqli_real_escape_string($con,$_POST['username']);
$password = mysqli_real_escape_string($con,$_POST['password']);
if(isset($_POST['submit_delete_user'])){
      if(!empty($_POST['username']) && !empty($_POST['password'])){
            if($username == $_SESSION['username'] && $password == $_SESSION['password']){
                $sql_delete = "DELETE FROM 'users' WHERE username = '$username' AND password = '$password'";
                    if($result = mysqli_query($con, $sql)){
                        echo '<script language="javascript" type="text/javascript"> 
                alert("Record Deleted Successfully!");
                window.location = "admin.php";
            </script>';

                    }else { echo '<script language="javascript" type="text/javascript"> 
                alert("SQL Error!");
                window.location = "delete_user_form.php";
            </script>'; }

            }else { echo '<script language="javascript" type="text/javascript"> 
                alert("Sorry! You can not delete currently Logged in User");

            </script>'; }

      }else { echo '<script language="javascript" type="text/javascript"> 
                alert("Please Fill the Form Completly");
                window.location = "delete_user_form.php";
            </script>'; }
}
?>

LOGIN (from where i'm getting currently logged in user details)

<?php session_start();
error_reporting();
$server="localhost";
$user="root";
$password="";
$database="camouflage_studio";
$con = mysqli_connect($server,$user,$password,$database);
if (mysqli_connect_errno()){
  echo "Connection Error: " . mysqli_connect_error();
  }
  mysqli_select_db($con,"camouflage_studio");
if(isset($_POST['submit_login']))
{ 
  if(!empty($_POST['username']) && !empty($_POST['password']))
  {
    $get_user_name = mysqli_real_escape_string($con,$_POST['username']);
    $get_password = mysqli_real_escape_string($con,$_POST['password']);   
    $sql = "SELECT * FROM `users` WHERE username='$get_user_name' and password='$get_password'";
    if($result = mysqli_query($con, $sql))
    {
        if(mysqli_num_rows($result) == 1)
        {
            $_SESSION['username'] = $get_user_name;
            $_SESSION['password'] = $get_password;
            header('Location:admin.php');
        }
            else{
                header('Location:login_form.html');             
                }
    }
        else{
            header('Location:login_form.html');         
            }
 }

 else   {
    header('Location:login_form.html');
        }
}
?>
Jan Sršeň
  • 1,045
  • 3
  • 23
  • 46
Muhammad Aatif
  • 27
  • 1
  • 9
  • `DELETE FROM 'users' WHERE` singlequotes are for strings, not for table and columns. And you shouldn't store passwords in the session! And clearly NOT plaintext passwords! – Qirel Jul 19 '17 at 18:29
  • To prevent current user from being able to delete it self, add WHERE-condition, something like `WHERE username != '$username'`. – Qirel Jul 19 '17 at 18:31
  • You're already using an API that supports **prepared statements** with bounded variable input, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against [SQL-injection](http://stackoverflow.com/q/60174/)! Get started with [`mysqli::prepare()`](http://php.net/mysqli.prepare) and [`mysqli_stmt::bind_param()`](http://php.net/mysqli-stmt.bind-param). – Qirel Jul 19 '17 at 18:31
  • single quotes with USERS working fine in another place. also if there's a query problem i've echod it which's doesn't prompt any error, so i think it's fine. and i'll use only username of the currently logged in user from the session, will remove password. thanks, – Muhammad Aatif Jul 19 '17 at 18:33
  • Not with MySQL its not, I can guarantee it ;-) See this: [When to use single quotes, double quotes, and backticks in MySQL](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks-in-mysql). – Qirel Jul 19 '17 at 18:34
  • @Qirel how can I get the username of the Currently logged in user? to me your remaining concept seems accurate. – Muhammad Aatif Jul 19 '17 at 18:35
  • I have deleted the single quotes from table name, but still facing the same problem. – Muhammad Aatif Jul 19 '17 at 18:38

1 Answers1

0

I think your if condition is opposite :

Try this : 

if($username != $_SESSION['username']){

   // delete user 
} else {
  // can not delete 
}
Ahmad Mobaraki
  • 7,426
  • 5
  • 48
  • 69