0
How to make so that if the person is not logged in, he will not be able to use this function below, because I’ve been testing and if the person for example uses the link. The code redirects it to the login screen, yet it still deletes the contents of the ID
https://######/###/adm_tabela_delete.php? id=45
She can delete, even if she is not logged in as an admin, just by changing the values of the id’s, she can delete all items from my table.
The adm_tabela_delete function, below:
<?php
include_once("conexao.php");
if (!isset($_SESSION['id']) || $_SESSION['id'] == ''){
$_SESSION['msg'] = "Área restrita";
header("Location: login.php");
}
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
if(!empty($id)){
$result_usuario = "DELETE FROM itenspreco WHERE id='$id'";
$resultado_usuario = mysqli_query($conn, $result_usuario);
if(mysqli_affected_rows($conn)){
$_SESSION['msg'] = "<p style='color:green;'>Item apagado com sucesso</p>";
header("Location: adm_tabela.php");
}else{
$_SESSION['msg'] = "<p style='color:red;'>Erro o usuário não foi apagado com sucesso</p>";
header("Location: adm_tabela.php");
}
}else{
$_SESSION['msg'] = "<p style='color:red;'>Necessário selecionar um usuário</p>";
header("Location: adm_tabela.php");
}
When you start the session?
– MagicHat
On a previous page, that makes the connection with this one
– LucasRodz
You can post the session code?
– MagicHat