0

this is not help to me PHP check session, checking multiple variables to allow access to specific pages

php condition on button

PHP if condition number issue [duplicate]

PHP if condition strange

i try simple php CRUD with session user.php if login usercan only access ore its print error but this is user.php top lines

<?php include('server.php') ?>
<?php

if(!isset($_SESSION['name'])){
// header("Location:login.php");
echo "nee to login to access this page" ;

exit;
session_destroy();
}
?>

and this my delete button code 

<a href="server.php?delete=<?php echo $row['id'];?>" class ="btn btn-danger" > delete </a>

when this button gt clicked ip/user.php?delete=id (id get from data base) when with out login when type this ip/user.php?delete=20 its delete from data base how can i stop that?

its my server.php for delete 

if (isset($_GET['delete'])) {
    $id = $_GET['delete'];
    $qry = "DELETE FROM crud WHERE id=$id" ;
    mysqli_query($conn, $qry);

    $_SESSION['message'] = "recoard deleted success";
$_SESSION['msg_type'] = "danger";
header('location: user.php');
}

1 Answers1

1
//on the top of page check session is set or not
session_start();
if(isset($_SESSION) && isset($_SESSION['name']))
{
   if (isset($_GET['delete'])) 
  {
    $id = $_GET['delete'];
    $qry = "DELETE FROM crud WHERE id=$id" ;
    mysqli_query($conn, $qry);

    $_SESSION['message'] = "recoard deleted success";
    $_SESSION['msg_type'] = "danger";
    header('location: user.php');
  }
}
else
{
  echo 'cant access this page you need to login first';
}

if you still face issue try to print $_SESSION array and check does sesison really gets destroy?

If not then on logout.php

unset($_SESSION['name']);
session_destroy();
Bits Please
  • 877
  • 6
  • 23
  • So on that page try to print_r($_SESSION) and check if yoy really get those values? If not then you might have issue for logout as session is not destroying... – Bits Please Nov 30 '18 at 08:06