Block Page with Login

Asked

Viewed 38 times

0

How to make so that if the person is not logged in, he will not be able to use this function below, because I’ve been testing and if the person for example uses the link. The code redirects it to the login screen, yet it still deletes the contents of the ID

https://######/###/adm_tabela_delete.php? id=45

She can delete, even if she is not logged in as an admin, just by changing the values of the id’s, she can delete all items from my table.

The adm_tabela_delete function, below:

<?php
include_once("conexao.php");
if (!isset($_SESSION['id']) || $_SESSION['id'] == ''){
$_SESSION['msg'] = "Área restrita";
header("Location: login.php");
}

$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);


    if(!empty($id)){
    $result_usuario = "DELETE FROM itenspreco WHERE id='$id'";
    $resultado_usuario = mysqli_query($conn, $result_usuario);
    if(mysqli_affected_rows($conn)){
        $_SESSION['msg'] = "<p style='color:green;'>Item apagado com sucesso</p>";
        header("Location: adm_tabela.php");
    }else{
        $_SESSION['msg'] = "<p style='color:red;'>Erro o usuário não foi apagado com sucesso</p>";
        header("Location: adm_tabela.php");
    }

}else{  
    $_SESSION['msg'] = "<p style='color:red;'>Necessário selecionar um usuário</p>";
    header("Location: adm_tabela.php");
}
php

  • When you start the session?

  • On a previous page, that makes the connection with this one

  • You can post the session code?

2 answers

2


Have you tried adding an Exit()? it will terminate the execution of the script, it might solve...

A safer way to do this would be to log the user’s session into a database and for each page check the session id (store the id in something like $_SESSION['id']), if the query return is positive processes the page if not, falls into the header()..

if (1 == 0) {
    echo 'ok!';
}

else {
    header ('Location: http://www.google.com');
    exit();
}

echo 'não sera impresso';

0

From what I understand is past.php file? id=45 has how to do this validation.

if(isset($_GET['id']) && !empty($_GET['id'])){
         //Código de execução
}else{
    //Stop
}

  • I don’t think you understand the question.

  • He informed this in his question https://####/#####/adm_tabela_delete.php? id=45

  • Read a little more calmly the whole problem.

  • If I gave this solution I read the question, his problem is not even Session is form of exclusion, ta certinho his session if there is no back.

  • 1

    His problem is if the ID does not exist as he gives a stop on this? Exactly that I showed ah it.

  • Hehehehehe, I will not deny your answer, it does not solve the problem. It seems to me that you read and reread the problem, now it remains to make a reflection to serve you better.

  • I believe he’s already solved

Show 2 more comments

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.