added session verification and admin check

This commit is contained in:
Underemployed 2024-03-29 12:06:56 +05:30
parent 78f117e7d7
commit a834ee565c
13 changed files with 68 additions and 38 deletions

View file

@ -1,7 +1,11 @@
<?php
require 'config/database.php';
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
if(isset($_POST['submit'])){
//get form data
$title =filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);

View file

@ -1,5 +1,10 @@
<?php
include "partials/header.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
$title = $_SESSION["add-category-data"]['title'] ?? null;
$description = $_SESSION["add-category-data"]['description'] ?? null;

View file

@ -1,7 +1,10 @@
<?php
require "config/database.php";
session_start();
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
//get add-user form data if sbmit button is clicked
if(isset($_POST["submit"])){

View file

@ -1,6 +1,10 @@
<?php
include "partials/header.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
//get beck form DATA IF THERE IS A REGISTRATION ERROR
$firstname=$_SESSION['add-user-data']['firstname'] ?? null;
$lastname=$_SESSION['add-user-data']['lastname'] ?? null;

View file

@ -5,3 +5,10 @@ define('DB_HOST', 'localhost');
define('DB_USER', 'underemployed');
define('DB_PASS', 'admin1234');
define('DB_NAME', 'blog');
if (!isset($_SESSION['user-id'])) {
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
die();
header("location: " . ROOT_URL . "signin.php");
}

View file

@ -1,5 +1,10 @@
<?php
include "config/database.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
if(isset($_GET['id'])){
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);

View file

@ -1,6 +1,10 @@
<?php
require "config/database.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
if(isset($_POST['submit'])){
$id = filter_var($_POST['id'], FILTER_SANITIZE_NUMBER_INT);
$title=filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);

View file

@ -1,5 +1,10 @@
<?php
include "partials/header.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
if(isset($_GET['id'])){
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);

View file

@ -1,5 +1,6 @@
<?php
require 'config/database.php';
if(isset($_POST['submit'])){
$id=filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
$is_featured=filter_var($_POST['is_featured'],FILTER_SANITIZE_NUMBER_INT);

View file

@ -1,6 +1,10 @@
<?php
include "partials/header.php";
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
//fetch categories from database
$query = "SELECT * FROM categories ORDER BY title";
$categories=mysqli_query($connection,$query)

View file

@ -3,7 +3,11 @@ include "partials/header.php";
$current_admin_id = $_SESSION['user-id'];
if(!isset($_SESSION['user_is_admin'])){
header("location: " . ROOT_URL . "logout.php");
//destroy all sessions and redirect user to login page
session_destroy();
}
$query="SELECT id,firstname,lastname,username,is_admin FROM users WHERE NOT id='$current_admin_id'";
$users=mysqli_query($connection,$query);
?>

View file

@ -60,3 +60,4 @@ if(isset($_POST['submit'])){
header('location: ' . ROOT_URL . "signin.php");
die();
}
// error_log();

View file

@ -1,11 +1,10 @@
<?php
include 'config/constants.php';
$username_email = $_SESSION['signin-data']['username_email'] ??null ;
$username_email = $_SESSION['signin-data']['username_email'] ?? null;
$password = $_SESSION['signin-data']['password'] ?? null;
unset($_SESSION['signin-data']);
?>
<!DOCTYPE html>
<html lang="en">
@ -22,10 +21,7 @@ unset($_SESSION['signin-data']);
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,800;1,700&display=swap" rel="stylesheet">
</head>
<body>
<section class="form__section">
<div class="container form__section-container">
<h2>Sign In</h2>
<?php
@ -37,13 +33,8 @@ unset($_SESSION['signin-data']);
unset($_SESSION['signup-success']);
?>
</p>
</div>
<?php elseif(isset($_SESSION['signin'])): ?>
<div class="alert__message error">
<p>
<?=$_SESSION['signin'];
@ -51,22 +42,14 @@ unset($_SESSION['signin-data']);
?>
</p>
</div>
<?php endif ?>
<?php endif; ?>
<form action="<?= ROOT_URL ?>signin-logic.php" method="POST">
<input type="text" name="username_email" value = '<?= $username_email ?>' placeholder="Username or Email">
<input type="password" name="password" value = '<?= $password ?>' placeholder=" Password">
<button type="submit" class="btn" name ="submit" >Sign in</button>
<input type="text" name="username_email" value='<?= $username_email ?>' placeholder="Username or Email">
<input type="password" name="password" value='<?= $password ?>' placeholder=" Password">
<button type="submit" class="btn" name="submit">Sign in</button>
<small>Don't have an account? <a href="signup.php">Sign up</a></small>
</form>
</div>
</section>
</body>
</html>