as admin you now can't delete your own account

2022-09-22 18:09:50 +02:00
parent dc4d28cd91
commit c1ffddfdb2
2 changed files with 17 additions and 2 deletions
--- a/app/public/delete_user.php
+++ b/app/public/delete_user.php
@@ -6,8 +6,11 @@

    if($_SERVER['REQUEST_METHOD'] == "POST") {
        try {
+            $selected_user_id  = get_id_user_by_user_id($con, $_SESSION['user_id']);
+            if($selected_user_id != $_POST['id']) {
                $stmt = $con->prepare("DELETE FROM users WHERE id = :id");
                $stmt->execute(['id' => $_POST['id']]);
+            }
        } catch(PDOException $e) {
            handle_pdo_exception($e);
        }
--- a/app/scripts/database_queries.php
+++ b/app/scripts/database_queries.php
@@ -530,3 +530,15 @@ function get_result_team_station($con, $s_id, $m_id) {
        handle_pdo_exception($e);
    }
 }
+
+function get_id_user_by_user_id($con, $user_id) {
+    try {
+        $stmt = $con->prepare("SELECT * FROM users WHERE user_id = ?");
+        $stmt->bindParam(1, $user_id, PDO::PARAM_STR);
+        $stmt->execute();
+        $stmt->setFetchMode(PDO::FETCH_ASSOC);
+        return $stmt->fetch()['id'];
+    } catch( PDOException $e) {
+        handle_pdo_exception($e);
+    }
+}