Error in deleting a user using $_SESSION['']. It continues in the system even after its deletion

Question

Error in deleting a user using $_SESSION['']. It continues in the system even after its deletion

Asked 3 years, 8 months ago

Viewed 20 times

-1

I just logged in user, deleted the user himself logged in to the system, it turns out that instead of being redirected out of it I’m still in it.

What I did?

1 - I went to the Delete Employee page.

2 - I chose myself, the form redirected me to another page that made the exclusion

3 - On this exclusion operation page redirects me to the page listing all employees

4 - I was supposed to be redirected outside, but I’m still in the system

This is the excerpt from my code $_SESSION that controls the permanence of the user on the system, if there is any way to improve it would be great (this excerpt is on all pages of my system.

<?php

    require(__DIR__ . '/conexao/conexao.php');
    require(__DIR__ . '/classe/classe_usuario.php');

    session_start();

    if((isset($_SESSION['id_usuario'])) && (!empty($_SESSION['id_usuario']))){
        echo "Olá " . $_SESSION['nome_usuario'] . "!";
    } else {
        echo "<script> alert('Ação inválida, entre no sistema da maneira correta.'); location.href='/web/index.php' </script>";
        die;
    }
?>

// Page that deletes and redirects to the user listing page

<?php
    require_once '../conexao/conexao.php'; 
    require_once '../classe/classe_usuario.php';
    session_start();
    if(isset($_SESSION['id_usuario']) && isset($_SESSION['nome_usuario'])){
        echo "Olá " . $_SESSION['nome_usuario'] . "!";
    } else {
        echo "<script> alert('Ação inválida, entre no sistema da maneira correta.'); location.href='/web/index.php' </script>";
        die;
    }
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title> DELETE | FUNCIONÁRIO </title>
    <link rel="stylesheet" href="/web/css/css.css">
</head>
<body>
    <?php
        if(isset($_POST['Deletar'])){
            $cd_funcionario = $_POST['cd_funcionario'];
            try {
                $remove = "DELETE FROM funcionario WHERE cd_funcionario = :cd_funcionario";
                $remocao = $conexao->prepare($remove);
                $remocao->bindValue(':cd_funcionario',$cd_funcionario);
                $remocao->execute();
                // Retorna para a pagina de formulario de listagem
                header('Location: ../form_crud/form_select_funcionario.php');
            } catch (PDOException $falha_remocao) {
                echo "A remoção não foi feita".$falha_remocao->getMessage();
                die;
            } catch (Exception $falha) {
                echo "Erro não característico do PDO".$falha->getMessage();
                die;
            }
        } else {
            echo "Ocorreu algum erro ao finalizar a operação, refaça novamente a operação.";
            echo '<p><a href="../form_crud/form_delete_funcionario.php" title="Refazer operação"><button>Refazer operação</button></a></p>';
            exit;
        }   
    ?>
</body>
</html>

This excerpt is on every page of my system, I need to do something in my file that makes deleting the employee to work?

– Milaanos

2021/02/21 at 13:15

1 answer

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.

by Franklin Barreto • **301** points · Answer 1 · 2021-02-21T13:54:01+00:00

0

You are deleting the user but have not deleted the session

  $remove = "DELETE FROM funcionario WHERE cd_funcionario = :cd_funcionario";
            $remocao = $conexao->prepare($remove);
            $remocao->bindValue(':cd_funcionario',$cd_funcionario);
            $remocao->execute();
            // antes de redirecionar destrua a sessão
            session_destroy();
            // Retorna para a pagina de formulario de listagem
            header('Location: ../form_crud/form_select_funcionario.php');

Strange, I logged as ADM to delete another user, deleted the user I wanted, but I as ADM leaves the system.

– Milaanos

2021/02/21 at 14:02
But it worked out.

– Milaanos

2021/02/21 at 14:06
If you destroy the session you are dropped from the system once it checks active session. The code was the way it was because it doesn’t make sense to log in with a user and delete itself.

– Franklin Barreto

2021/02/21 at 14:07
Depending on your rule, you can check is Adm and if it is not destroy the session. And if you’ve solved your problem, it would be nice to mark it as the correct answer (:

– Franklin Barreto

2021/02/21 at 14:09
I will make an if that identifies that the user is ADM or manager he does not leave the system, just return to the listing page with the session intact.

– Milaanos

2021/02/21 at 14:10