added session verification and admin check
This commit is contained in:
parent
78f117e7d7
commit
a834ee565c
13 changed files with 68 additions and 38 deletions
|
@ -1,7 +1,11 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require 'config/database.php';
|
require 'config/database.php';
|
||||||
|
if(!isset($_SESSION['user_is_admin'])){
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
}
|
||||||
if(isset($_POST['submit'])){
|
if(isset($_POST['submit'])){
|
||||||
//get form data
|
//get form data
|
||||||
$title =filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
$title =filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
include "partials/header.php";
|
include "partials/header.php";
|
||||||
|
if(!isset($_SESSION['user_is_admin'])){
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
}
|
||||||
$title = $_SESSION["add-category-data"]['title'] ?? null;
|
$title = $_SESSION["add-category-data"]['title'] ?? null;
|
||||||
$description = $_SESSION["add-category-data"]['description'] ?? null;
|
$description = $_SESSION["add-category-data"]['description'] ?? null;
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
require "config/database.php";
|
require "config/database.php";
|
||||||
session_start();
|
if(!isset($_SESSION['user_is_admin'])){
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
}
|
||||||
//get add-user form data if sbmit button is clicked
|
//get add-user form data if sbmit button is clicked
|
||||||
|
|
||||||
if(isset($_POST["submit"])){
|
if(isset($_POST["submit"])){
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
include "partials/header.php";
|
include "partials/header.php";
|
||||||
|
if(!isset($_SESSION['user_is_admin'])){
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
}
|
||||||
//get beck form DATA IF THERE IS A REGISTRATION ERROR
|
//get beck form DATA IF THERE IS A REGISTRATION ERROR
|
||||||
$firstname=$_SESSION['add-user-data']['firstname'] ?? null;
|
$firstname=$_SESSION['add-user-data']['firstname'] ?? null;
|
||||||
$lastname=$_SESSION['add-user-data']['lastname'] ?? null;
|
$lastname=$_SESSION['add-user-data']['lastname'] ?? null;
|
||||||
|
|
|
@ -5,3 +5,10 @@ define('DB_HOST', 'localhost');
|
||||||
define('DB_USER', 'underemployed');
|
define('DB_USER', 'underemployed');
|
||||||
define('DB_PASS', 'admin1234');
|
define('DB_PASS', 'admin1234');
|
||||||
define('DB_NAME', 'blog');
|
define('DB_NAME', 'blog');
|
||||||
|
if (!isset($_SESSION['user-id'])) {
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
die();
|
||||||
|
header("location: " . ROOT_URL . "signin.php");
|
||||||
|
}
|
|
@ -1,5 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
include "config/database.php";
|
include "config/database.php";
|
||||||
|
if(!isset($_SESSION['user_is_admin'])){
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
}
|
||||||
if(isset($_GET['id'])){
|
if(isset($_GET['id'])){
|
||||||
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
|
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
require "config/database.php";
|
require "config/database.php";
|
||||||
|
if(!isset($_SESSION['user_is_admin'])){
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
}
|
||||||
if(isset($_POST['submit'])){
|
if(isset($_POST['submit'])){
|
||||||
$id = filter_var($_POST['id'], FILTER_SANITIZE_NUMBER_INT);
|
$id = filter_var($_POST['id'], FILTER_SANITIZE_NUMBER_INT);
|
||||||
$title=filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
$title=filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
include "partials/header.php";
|
include "partials/header.php";
|
||||||
|
if(!isset($_SESSION['user_is_admin'])){
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
}
|
||||||
if(isset($_GET['id'])){
|
if(isset($_GET['id'])){
|
||||||
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
|
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
require 'config/database.php';
|
require 'config/database.php';
|
||||||
|
|
||||||
if(isset($_POST['submit'])){
|
if(isset($_POST['submit'])){
|
||||||
$id=filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
|
$id=filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
|
||||||
$is_featured=filter_var($_POST['is_featured'],FILTER_SANITIZE_NUMBER_INT);
|
$is_featured=filter_var($_POST['is_featured'],FILTER_SANITIZE_NUMBER_INT);
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
include "partials/header.php";
|
include "partials/header.php";
|
||||||
|
if(!isset($_SESSION['user_is_admin'])){
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
}
|
||||||
//fetch categories from database
|
//fetch categories from database
|
||||||
$query = "SELECT * FROM categories ORDER BY title";
|
$query = "SELECT * FROM categories ORDER BY title";
|
||||||
$categories=mysqli_query($connection,$query)
|
$categories=mysqli_query($connection,$query)
|
||||||
|
|
|
@ -3,7 +3,11 @@ include "partials/header.php";
|
||||||
|
|
||||||
|
|
||||||
$current_admin_id = $_SESSION['user-id'];
|
$current_admin_id = $_SESSION['user-id'];
|
||||||
|
if(!isset($_SESSION['user_is_admin'])){
|
||||||
|
header("location: " . ROOT_URL . "logout.php");
|
||||||
|
//destroy all sessions and redirect user to login page
|
||||||
|
session_destroy();
|
||||||
|
}
|
||||||
$query="SELECT id,firstname,lastname,username,is_admin FROM users WHERE NOT id='$current_admin_id'";
|
$query="SELECT id,firstname,lastname,username,is_admin FROM users WHERE NOT id='$current_admin_id'";
|
||||||
$users=mysqli_query($connection,$query);
|
$users=mysqli_query($connection,$query);
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -60,3 +60,4 @@ if(isset($_POST['submit'])){
|
||||||
header('location: ' . ROOT_URL . "signin.php");
|
header('location: ' . ROOT_URL . "signin.php");
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
// error_log();
|
19
signin.php
19
signin.php
|
@ -5,7 +5,6 @@ $username_email = $_SESSION['signin-data']['username_email'] ??null ;
|
||||||
$password = $_SESSION['signin-data']['password'] ?? null;
|
$password = $_SESSION['signin-data']['password'] ?? null;
|
||||||
|
|
||||||
unset($_SESSION['signin-data']);
|
unset($_SESSION['signin-data']);
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html lang="en">
|
<html lang="en">
|
||||||
|
@ -22,10 +21,7 @@ unset($_SESSION['signin-data']);
|
||||||
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,800;1,700&display=swap" rel="stylesheet">
|
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,800;1,700&display=swap" rel="stylesheet">
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
|
||||||
|
|
||||||
<section class="form__section">
|
<section class="form__section">
|
||||||
|
|
||||||
<div class="container form__section-container">
|
<div class="container form__section-container">
|
||||||
<h2>Sign In</h2>
|
<h2>Sign In</h2>
|
||||||
<?php
|
<?php
|
||||||
|
@ -37,13 +33,8 @@ unset($_SESSION['signin-data']);
|
||||||
unset($_SESSION['signup-success']);
|
unset($_SESSION['signup-success']);
|
||||||
?>
|
?>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<?php elseif(isset($_SESSION['signin'])): ?>
|
<?php elseif(isset($_SESSION['signin'])): ?>
|
||||||
|
|
||||||
<div class="alert__message error">
|
<div class="alert__message error">
|
||||||
<p>
|
<p>
|
||||||
<?=$_SESSION['signin'];
|
<?=$_SESSION['signin'];
|
||||||
|
@ -51,22 +42,14 @@ unset($_SESSION['signin-data']);
|
||||||
?>
|
?>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
|
<?php endif; ?>
|
||||||
<?php endif ?>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<form action="<?= ROOT_URL ?>signin-logic.php" method="POST">
|
<form action="<?= ROOT_URL ?>signin-logic.php" method="POST">
|
||||||
<input type="text" name="username_email" value='<?= $username_email ?>' placeholder="Username or Email">
|
<input type="text" name="username_email" value='<?= $username_email ?>' placeholder="Username or Email">
|
||||||
<input type="password" name="password" value='<?= $password ?>' placeholder=" Password">
|
<input type="password" name="password" value='<?= $password ?>' placeholder=" Password">
|
||||||
|
|
||||||
<button type="submit" class="btn" name="submit">Sign in</button>
|
<button type="submit" class="btn" name="submit">Sign in</button>
|
||||||
<small>Don't have an account? <a href="signup.php">Sign up</a></small>
|
<small>Don't have an account? <a href="signup.php">Sign up</a></small>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
Loading…
Reference in a new issue