added session verification and admin check

This commit is contained in:
Underemployed 2024-03-29 12:06:56 +05:30
parent 78f117e7d7
commit a834ee565c
13 changed files with 68 additions and 38 deletions

View file

@ -1,7 +1,11 @@
<?php <?php
require 'config/database.php'; require 'config/database.php';
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
if(isset($_POST['submit'])){ if(isset($_POST['submit'])){
//get form data //get form data
$title =filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS); $title =filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);

View file

@ -1,5 +1,10 @@
<?php <?php
include "partials/header.php"; include "partials/header.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
$title = $_SESSION["add-category-data"]['title'] ?? null; $title = $_SESSION["add-category-data"]['title'] ?? null;
$description = $_SESSION["add-category-data"]['description'] ?? null; $description = $_SESSION["add-category-data"]['description'] ?? null;

View file

@ -1,7 +1,10 @@
<?php <?php
require "config/database.php"; require "config/database.php";
session_start(); if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
//get add-user form data if sbmit button is clicked //get add-user form data if sbmit button is clicked
if(isset($_POST["submit"])){ if(isset($_POST["submit"])){

View file

@ -1,6 +1,10 @@
<?php <?php
include "partials/header.php"; include "partials/header.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
//get beck form DATA IF THERE IS A REGISTRATION ERROR //get beck form DATA IF THERE IS A REGISTRATION ERROR
$firstname=$_SESSION['add-user-data']['firstname'] ?? null; $firstname=$_SESSION['add-user-data']['firstname'] ?? null;
$lastname=$_SESSION['add-user-data']['lastname'] ?? null; $lastname=$_SESSION['add-user-data']['lastname'] ?? null;

View file

@ -5,3 +5,10 @@ define('DB_HOST', 'localhost');
define('DB_USER', 'underemployed'); define('DB_USER', 'underemployed');
define('DB_PASS', 'admin1234'); define('DB_PASS', 'admin1234');
define('DB_NAME', 'blog'); define('DB_NAME', 'blog');
if (!isset($_SESSION['user-id'])) {
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
die();
header("location: " . ROOT_URL . "signin.php");
}

View file

@ -1,5 +1,10 @@
<?php <?php
include "config/database.php"; include "config/database.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
if(isset($_GET['id'])){ if(isset($_GET['id'])){
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT); $id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);

View file

@ -1,6 +1,10 @@
<?php <?php
require "config/database.php"; require "config/database.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
if(isset($_POST['submit'])){ if(isset($_POST['submit'])){
$id = filter_var($_POST['id'], FILTER_SANITIZE_NUMBER_INT); $id = filter_var($_POST['id'], FILTER_SANITIZE_NUMBER_INT);
$title=filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS); $title=filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);

View file

@ -1,5 +1,10 @@
<?php <?php
include "partials/header.php"; include "partials/header.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
if(isset($_GET['id'])){ if(isset($_GET['id'])){
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT); $id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);

View file

@ -1,5 +1,6 @@
<?php <?php
require 'config/database.php'; require 'config/database.php';
if(isset($_POST['submit'])){ if(isset($_POST['submit'])){
$id=filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT); $id=filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
$is_featured=filter_var($_POST['is_featured'],FILTER_SANITIZE_NUMBER_INT); $is_featured=filter_var($_POST['is_featured'],FILTER_SANITIZE_NUMBER_INT);

View file

@ -1,6 +1,10 @@
<?php <?php
include "partials/header.php"; include "partials/header.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
//fetch categories from database //fetch categories from database
$query = "SELECT * FROM categories ORDER BY title"; $query = "SELECT * FROM categories ORDER BY title";
$categories=mysqli_query($connection,$query) $categories=mysqli_query($connection,$query)

View file

@ -3,7 +3,11 @@ include "partials/header.php";
$current_admin_id = $_SESSION['user-id']; $current_admin_id = $_SESSION['user-id'];
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
$query="SELECT id,firstname,lastname,username,is_admin FROM users WHERE NOT id='$current_admin_id'"; $query="SELECT id,firstname,lastname,username,is_admin FROM users WHERE NOT id='$current_admin_id'";
$users=mysqli_query($connection,$query); $users=mysqli_query($connection,$query);
?> ?>

View file

@ -60,3 +60,4 @@ if(isset($_POST['submit'])){
header('location: ' . ROOT_URL . "signin.php"); header('location: ' . ROOT_URL . "signin.php");
die(); die();
} }
// error_log();

View file

@ -5,7 +5,6 @@ $username_email = $_SESSION['signin-data']['username_email'] ??null ;
$password = $_SESSION['signin-data']['password'] ?? null; $password = $_SESSION['signin-data']['password'] ?? null;
unset($_SESSION['signin-data']); unset($_SESSION['signin-data']);
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
@ -22,10 +21,7 @@ unset($_SESSION['signin-data']);
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,800;1,700&display=swap" rel="stylesheet"> <link href="https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,800;1,700&display=swap" rel="stylesheet">
</head> </head>
<body> <body>
<section class="form__section"> <section class="form__section">
<div class="container form__section-container"> <div class="container form__section-container">
<h2>Sign In</h2> <h2>Sign In</h2>
<?php <?php
@ -37,13 +33,8 @@ unset($_SESSION['signin-data']);
unset($_SESSION['signup-success']); unset($_SESSION['signup-success']);
?> ?>
</p> </p>
</div> </div>
<?php elseif(isset($_SESSION['signin'])): ?> <?php elseif(isset($_SESSION['signin'])): ?>
<div class="alert__message error"> <div class="alert__message error">
<p> <p>
<?=$_SESSION['signin']; <?=$_SESSION['signin'];
@ -51,22 +42,14 @@ unset($_SESSION['signin-data']);
?> ?>
</p> </p>
</div> </div>
<?php endif; ?>
<?php endif ?>
<form action="<?= ROOT_URL ?>signin-logic.php" method="POST"> <form action="<?= ROOT_URL ?>signin-logic.php" method="POST">
<input type="text" name="username_email" value='<?= $username_email ?>' placeholder="Username or Email"> <input type="text" name="username_email" value='<?= $username_email ?>' placeholder="Username or Email">
<input type="password" name="password" value='<?= $password ?>' placeholder=" Password"> <input type="password" name="password" value='<?= $password ?>' placeholder=" Password">
<button type="submit" class="btn" name="submit">Sign in</button> <button type="submit" class="btn" name="submit">Sign in</button>
<small>Don't have an account? <a href="signup.php">Sign up</a></small> <small>Don't have an account? <a href="signup.php">Sign up</a></small>
</form> </form>
</div> </div>
</section> </section>
</body> </body>
</html> </html>