From 5d979b1c992eb1ca94866db63bc63491f07a942b Mon Sep 17 00:00:00 2001
From: Grim0o5 <you@example.com>
Date: Mon, 13 Jan 2025 09:25:02 +0545
Subject: [PATCH] validating employer_id to allow only the post owner to remove
 the jobs

---
 job_details.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/job_details.php b/job_details.php
index 99a4b1a..60e4dd9 100644
--- a/job_details.php
+++ b/job_details.php
@@ -1,13 +1,15 @@
 <?php
 session_start();
 
+
 // Check if the user is logged in
 if (!isset($_SESSION['email'])) {
     header("Location: login");
     exit();
 }
-// Check if seeker_id exists in the session
+// Check if seeker_id and employer id exists in the session
 $seeker_id = isset($_SESSION['seeker_id']);
+$employer_id = isset($_SESSION['employer_id']);
 
 include 'connect.php';
 
@@ -25,6 +27,9 @@ if ($job_id > 0) {
     // Check if the job exists
     if ($result->num_rows > 0) {
         $job = $result->fetch_assoc();
+        $is_employer = ($_SESSION['user_type'] === 'Employer');
+        $is_job_owner = ($is_employer && isset($_SESSION['employer_id']) && $_SESSION['employer_id'] == $job['employer_id']);
+
     } else {
         echo "Job not found.";
         exit();
@@ -34,10 +39,10 @@ if ($job_id > 0) {
     exit();
 }
 
-// Check if the logged-in user is a job seeker
+// Check if the logged-in user is a job seeker,employer and is the one who posted the job
 $is_job_seeker = ($_SESSION['user_type'] === 'Job seeker');
 $is_employer = ($_SESSION['user_type'] === 'Employer');
-
+$_isemployer_id = ($_SESSION['employer_id'] ==='employer_id');
 // Handle job application
 if (isset($_POST['apply']) && $is_job_seeker) {
     // Get seeker_id from session
@@ -57,7 +62,7 @@ if (isset($_POST['apply']) && $is_job_seeker) {
     }
 }
 // Handle job deletion (for employers only)
-if (isset($_POST['remove']) && $is_employer) {
+if (isset($_POST['remove']) && $is_employer && $is_job_owner ) {
     $conn->begin_transaction(); // Start a transaction
 
     try {
@@ -222,7 +227,7 @@ if (isset($_POST['remove']) && $is_employer) {
                         </button>
                     <?php endif; ?>
 
-                    <?php if ($is_employer): ?>
+                    <?php if ($is_employer && $is_job_owner): ?>
                         <form method="POST">
                             <button type="submit" name="remove" class="btn btn-error">
                                 <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 mr-2" fill="none" viewBox="0 0 24 24"
@@ -240,7 +245,7 @@ if (isset($_POST['remove']) && $is_employer) {
                                 <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
                                     d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
                             </svg>
-                            You must be a Employer to remove
+                            You must be a Employer and be the one who posted the job to remove
                         </button>
                     <?php endif; ?>