added session verification and admin check
This commit is contained in:
parent
78f117e7d7
commit
a834ee565c
13 changed files with 68 additions and 38 deletions
|
@ -1,7 +1,11 @@
|
|||
<?php
|
||||
|
||||
require 'config/database.php';
|
||||
|
||||
if(!isset($_SESSION['user_is_admin'])){
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
}
|
||||
if(isset($_POST['submit'])){
|
||||
//get form data
|
||||
$title =filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
<?php
|
||||
include "partials/header.php";
|
||||
if(!isset($_SESSION['user_is_admin'])){
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
}
|
||||
$title = $_SESSION["add-category-data"]['title'] ?? null;
|
||||
$description = $_SESSION["add-category-data"]['description'] ?? null;
|
||||
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
<?php
|
||||
require "config/database.php";
|
||||
session_start();
|
||||
|
||||
if(!isset($_SESSION['user_is_admin'])){
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
}
|
||||
//get add-user form data if sbmit button is clicked
|
||||
|
||||
if(isset($_POST["submit"])){
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
<?php
|
||||
include "partials/header.php";
|
||||
|
||||
if(!isset($_SESSION['user_is_admin'])){
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
}
|
||||
//get beck form DATA IF THERE IS A REGISTRATION ERROR
|
||||
$firstname=$_SESSION['add-user-data']['firstname'] ?? null;
|
||||
$lastname=$_SESSION['add-user-data']['lastname'] ?? null;
|
||||
|
|
|
@ -5,3 +5,10 @@ define('DB_HOST', 'localhost');
|
|||
define('DB_USER', 'underemployed');
|
||||
define('DB_PASS', 'admin1234');
|
||||
define('DB_NAME', 'blog');
|
||||
if (!isset($_SESSION['user-id'])) {
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
die();
|
||||
header("location: " . ROOT_URL . "signin.php");
|
||||
}
|
|
@ -1,5 +1,10 @@
|
|||
<?php
|
||||
include "config/database.php";
|
||||
if(!isset($_SESSION['user_is_admin'])){
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
}
|
||||
if(isset($_GET['id'])){
|
||||
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
<?php
|
||||
require "config/database.php";
|
||||
|
||||
if(!isset($_SESSION['user_is_admin'])){
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
}
|
||||
if(isset($_POST['submit'])){
|
||||
$id = filter_var($_POST['id'], FILTER_SANITIZE_NUMBER_INT);
|
||||
$title=filter_var($_POST['title'],FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
<?php
|
||||
include "partials/header.php";
|
||||
if(!isset($_SESSION['user_is_admin'])){
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
}
|
||||
if(isset($_GET['id'])){
|
||||
$id=filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
<?php
|
||||
require 'config/database.php';
|
||||
|
||||
if(isset($_POST['submit'])){
|
||||
$id=filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
|
||||
$is_featured=filter_var($_POST['is_featured'],FILTER_SANITIZE_NUMBER_INT);
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
<?php
|
||||
include "partials/header.php";
|
||||
|
||||
if(!isset($_SESSION['user_is_admin'])){
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
}
|
||||
//fetch categories from database
|
||||
$query = "SELECT * FROM categories ORDER BY title";
|
||||
$categories=mysqli_query($connection,$query)
|
||||
|
|
|
@ -3,7 +3,11 @@ include "partials/header.php";
|
|||
|
||||
|
||||
$current_admin_id = $_SESSION['user-id'];
|
||||
|
||||
if(!isset($_SESSION['user_is_admin'])){
|
||||
header("location: " . ROOT_URL . "logout.php");
|
||||
//destroy all sessions and redirect user to login page
|
||||
session_destroy();
|
||||
}
|
||||
$query="SELECT id,firstname,lastname,username,is_admin FROM users WHERE NOT id='$current_admin_id'";
|
||||
$users=mysqli_query($connection,$query);
|
||||
?>
|
||||
|
|
|
@ -59,4 +59,5 @@ if(isset($_POST['submit'])){
|
|||
}else{
|
||||
header('location: ' . ROOT_URL . "signin.php");
|
||||
die();
|
||||
}
|
||||
}
|
||||
// error_log();
|
43
signin.php
43
signin.php
|
@ -1,11 +1,10 @@
|
|||
<?php
|
||||
include 'config/constants.php';
|
||||
|
||||
$username_email = $_SESSION['signin-data']['username_email'] ??null ;
|
||||
$password = $_SESSION['signin-data']['password'] ?? null;
|
||||
$username_email = $_SESSION['signin-data']['username_email'] ?? null;
|
||||
$password = $_SESSION['signin-data']['password'] ?? null;
|
||||
|
||||
unset($_SESSION['signin-data']);
|
||||
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
|
@ -22,10 +21,7 @@ unset($_SESSION['signin-data']);
|
|||
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,800;1,700&display=swap" rel="stylesheet">
|
||||
</head>
|
||||
<body>
|
||||
|
||||
|
||||
<section class="form__section">
|
||||
|
||||
<div class="container form__section-container">
|
||||
<h2>Sign In</h2>
|
||||
<?php
|
||||
|
@ -37,36 +33,23 @@ unset($_SESSION['signin-data']);
|
|||
unset($_SESSION['signup-success']);
|
||||
?>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
<?php elseif(isset($_SESSION['signin'])): ?>
|
||||
|
||||
<div class="alert__message error">
|
||||
<p>
|
||||
<?=$_SESSION['signin'];
|
||||
unset($_SESSION['signin']);
|
||||
?>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<?php endif ?>
|
||||
|
||||
|
||||
|
||||
<div class="alert__message error">
|
||||
<p>
|
||||
<?=$_SESSION['signin'];
|
||||
unset($_SESSION['signin']);
|
||||
?>
|
||||
</p>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<form action="<?= ROOT_URL ?>signin-logic.php" method="POST">
|
||||
<input type="text" name="username_email" value = '<?= $username_email ?>' placeholder="Username or Email">
|
||||
<input type="password" name="password" value = '<?= $password ?>' placeholder=" Password">
|
||||
|
||||
<button type="submit" class="btn" name ="submit" >Sign in</button>
|
||||
<input type="text" name="username_email" value='<?= $username_email ?>' placeholder="Username or Email">
|
||||
<input type="password" name="password" value='<?= $password ?>' placeholder=" Password">
|
||||
<button type="submit" class="btn" name="submit">Sign in</button>
|
||||
<small>Don't have an account? <a href="signup.php">Sign up</a></small>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
</section>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in a new issue