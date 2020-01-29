I’m working on trying to build an attendance application using PHP, PDO and MySQL. I currently have a table called users that just shows a list of users that can log into the application. The table structure is shown below.

I have an action column that shows two links: One to edit the user and one to delete the user.

The way my code is structured, I have it set to where any admin can delete users (as only admins can see this page), but I also have a problem. The code is written to where the admin can delete the account they are logged into and I don’t want that to happen by accident.

Based on this code:

<?php include('nav/head.php'); if($role_id != '1') { header('Location: error.php'); exit(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content=""> <meta name="author" content=""> <title>CCRP | Users</title> <?php include('nav/header.php') ?> <!-- Page Heading --> <h1 class="h3 mb-2 text-gray-800">Users List</h1><br> <!-- <p class="mb-4">DataTables is a third party plugin that is used to generate the demo table below. For more information about DataTables, please visit the <a target="_blank" href="https://datatables.net">official DataTables documentation</a>.</p> --> <!-- DataTables Example --> <div class="card shadow mb-4"> <div class="card-header py-3"> <h6 class="m-0 font-weight-bold text-primary">Add, Edit or Remove User Accounts</h6> </div> <div class="card-body"> <a class="btn btn-success" href="user_new.php"><i class="fa fa-user-plus"></i> Add New User</a> <br><br> <div class="table-responsive"> <table class="table table-bordered" id="dataTable" width="100%" cellspacing="0"> <thead> <tr> <th>User ID</th> <th>User Role</th> <th>First Name</th> <th>Last Name</th> <th>Email Address</th> <th>Username</th> <th>Status</th> <th>Action</th> </tr> </thead> <?php $stmt = $pdo->prepare("SELECT id, role_id, first_name, last_name, email, username, status FROM users"); $stmt->execute(); while($row = $stmt->fetch(PDO::FETCH_ASSOC)) { ?> <tr> <td><?php print($row['id']) ?></td> <td> <?php if ($row['role_id'] === '1') { echo 'Administrator'; } elseif ($row['role_id'] === '2') { echo 'Operator'; } ?> </td> <td><?php print($row['first_name']) ?></td> <td><?php print($row['last_name']) ?></td> <td><?php print($row['email']) ?></td> <td><?php print($row['username']) ?></td> <td> <?php if ($row['status'] === '1') { echo '<strong style="color: #009900;">Active</strong>'; } elseif ($row['status'] === '0') { echo '<strong style="color: #a40000;">Inactive</strong>'; } ?> </td> <td> <a href="user_edit.php?edit_id=<?php print($row['id']); ?>"><i class="fa fa-user-edit"></i></a> <a href="#" data-toggle="modal" data-target="#deleteModal_<?php echo $row['id'];?>"> <i style="color: #a40000;"class="fas fa-trash fa-sm fa-fw mr-2"></i> </a> <!-- Delete Modal --> <div class="modal fade" id="deleteModal_<?php echo $row['id'];?>" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true"> <div class="modal-dialog" role="document"> <div class="modal-content"> <div class="modal-header"> <h5 class="modal-title" id="exampleModalLabel">Delete User</h5> <button class="close" type="button" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">×</span> </button> </div> <div class="modal-body">Are you sure you want to delete <?php print($row['first_name'] . ' ' . $row['last_name']);?> from the users list?</div> <div class="modal-footer"> <button class="btn btn-secondary" type="button" data-dismiss="modal">Cancel</button> <form action="api/users/delete.php" method="post"> <input type="submit" class="btn btn-danger" name="Delete_User[<?php echo $row['id'];?>]" value="Delete" /> </form> </div> </div> </div> </div> </td> </tr> <?php } ?> </table> </div> </div> </div> </div> <!-- /.container-fluid --> </div> <!-- End of Main Content --> <?php include('nav/footer.php'); ?> </html>

what is the best way to say if the current session user is logged in, you cannot delete the user. I prefer the delete icon stay in the column unless it would be silly to keep it there.