HackXlbef
/
YOLO
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

validating employer_id to allow only the post owner to remove the jobs

Browse Source
main
Grim0o5 6 months ago
parent 222bb7c6ba
commit 5d979b1c99
1 changed files with 11 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 17
      job_details.php

17
job_details.php
Unescape View File

@ -1,13 +1,15 @@
<?php <?php
session_start(); session_start();
// Check if the user is logged in // Check if the user is logged in
if (!isset($_SESSION['email'])) { if (!isset($_SESSION['email'])) {
header("Location: login"); header("Location: login");
exit(); exit();
} }
// Check if seeker_id exists in the session // Check if seeker_id and employer id exists in the session
$seeker_id = isset($_SESSION['seeker_id']); $seeker_id = isset($_SESSION['seeker_id']);
$employer_id = isset($_SESSION['employer_id']);
include 'connect.php'; include 'connect.php';
@ -25,6 +27,9 @@ if ($job_id > 0) {
// Check if the job exists // Check if the job exists
if ($result->num_rows > 0) { if ($result->num_rows > 0) {
$job = $result->fetch_assoc(); $job = $result->fetch_assoc();
$is_employer = ($_SESSION['user_type'] === 'Employer');
$is_job_owner = ($is_employer && isset($_SESSION['employer_id']) && $_SESSION['employer_id'] == $job['employer_id']);
} else { } else {
echo "Job not found."; echo "Job not found.";
exit(); exit();
@ -34,10 +39,10 @@ if ($job_id > 0) {
exit(); exit();
} }
// Check if the logged-in user is a job seeker // Check if the logged-in user is a job seeker,employer and is the one who posted the job
$is_job_seeker = ($_SESSION['user_type'] === 'Job seeker'); $is_job_seeker = ($_SESSION['user_type'] === 'Job seeker');
$is_employer = ($_SESSION['user_type'] === 'Employer'); $is_employer = ($_SESSION['user_type'] === 'Employer');
$_isemployer_id = ($_SESSION['employer_id'] ==='employer_id');
// Handle job application // Handle job application
if (isset($_POST['apply']) && $is_job_seeker) { if (isset($_POST['apply']) && $is_job_seeker) {
// Get seeker_id from session // Get seeker_id from session
@ -57,7 +62,7 @@ if (isset($_POST['apply']) && $is_job_seeker) {
} }
} }
// Handle job deletion (for employers only) // Handle job deletion (for employers only)
if (isset($_POST['remove']) && $is_employer) { if (isset($_POST['remove']) && $is_employer && $is_job_owner ) {
$conn->begin_transaction(); // Start a transaction $conn->begin_transaction(); // Start a transaction
try { try {
@ -222,7 +227,7 @@ if (isset($_POST['remove']) && $is_employer) {
</button> </button>
<?php endif; ?> <?php endif; ?>
<?php if ($is_employer): ?> <?php if ($is_employer && $is_job_owner): ?>
<form method="POST"> <form method="POST">
<button type="submit" name="remove" class="btn btn-error"> <button type="submit" name="remove" class="btn btn-error">
<svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 mr-2" fill="none" viewBox="0 0 24 24" <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5 mr-2" fill="none" viewBox="0 0 24 24"
@ -240,7 +245,7 @@ if (isset($_POST['remove']) && $is_employer) {
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" /> d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
</svg> </svg>
You must be a Employer to remove You must be a Employer and be the one who posted the job to remove
</button> </button>
<?php endif; ?> <?php endif; ?>

Write Preview
Loading…
Cancel
Save