as admin you now can't delete your own account

2022-09-22 18:09:50 +02:00
parent dc4d28cd91
commit c1ffddfdb2
2 changed files with 17 additions and 2 deletions
--- a/app/public/delete_user.php
+++ b/app/public/delete_user.php
@@ -6,8 +6,11 @@

    if($_SERVER['REQUEST_METHOD'] == "POST") {
        try {
-            $stmt = $con->prepare("DELETE FROM users WHERE id = :id");
-            $stmt->execute(['id' => $_POST['id']]);
+            $selected_user_id  = get_id_user_by_user_id($con, $_SESSION['user_id']);
+            if($selected_user_id != $_POST['id']) {
+                $stmt = $con->prepare("DELETE FROM users WHERE id = :id");
+                $stmt->execute(['id' => $_POST['id']]);
+            }
        } catch(PDOException $e) {
            handle_pdo_exception($e);
        }