Jump to content

[SOLVED] Make users delete their OWN posts ONLY

3raser

By 3raser
in PHP Coding Help

Recommended Posts

3raser Advanced Member

3raser

Posted
Posted

When ever they click the red X on index.php, it deletes their posts and the X only shows up on their own posts. But when they enter index.php?id=50 in their address bar, it deletes post ID 50 even if it's not their own post. How do I stop this from happening?

 

<?php require "global_navigation.php"; ?>
<?php

if ($_SESSION['username']) {
echo ' <a href="logout.php"><img src="images/logout.png"></img></a> <a href="member_list.php"><img src="images/members.png"</a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a> <a href="ucp.php"><img src="images/UCP.png"></a></b> <a href="acp.php"><img src="images/acp.png"></a> <a href="modcp.php"><img src="images/modcp.png"></a>';
}
else
{
echo '<a href="register.php"><img src="images/register.png"></img></a> <a href="login.php"><img src="images/log-in.png"></img></a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a>';
echo "<br />";
echo $gmessage;
}

?>
<br />
<?php  

//connecting to the database
$connect = mysql_connect("$dbhost","$dbuser","$dbpassword") or die("Connection failed!");
mysql_select_db("$db") or die("Database fail!");

$delete = $_GET['id'];
$usernamesession = $_SESSION['username'];
$filename = 'install.php';

if (!$delete)
   {
   }
   else
   {

//delete
mysql_query("DELETE FROM posts WHERE id=''") 
or die(mysql_error());
}

if (file_exists($filename)) {
    echo "<div class='box'>If you haven't yet installed commentBB, do so here: <a href='install.php'><b>Install</b></a> - If you already have, then delete install.php and/or installed.php for MAJOR security reasons!</div>";
}
else
{

if ($_SESSION['username']) 
{
echo "<br />Logged in as <b> ".$_SESSION['username']."</b>!<br />";
}
else
   exit
?>

<?php



?>
<?php 

if ($disabled==0) {
echo '<form action="post.php" method="POST">
Message <br><br><textarea name="message" rows="10" cols="100">

</textarea><br>
<input type="submit" value="Post it!">
</form></center></span><hr>
<br>';
}
else {
   echo "<div class='box'>Posting disabled!</div>";
}

//max displayed per page
$per_page = 8;

//get start variable
$start = $_GET['start'];

//count records
$record_count = mysql_num_rows(mysql_query("SELECT * FROM posts"));

//count max pages
$max_pages = $record_count / $per_page; //may come out as decimal

if (!$start)
   $start = 0;

//staff CHECK
$get2 = mysql_query("SELECT * FROM users WHERE username='$name'");
while ($row2 = mysql_fetch_assoc($get2))

{
// get data
$staffcheck = $row2['staff'];
}
   
//display data
$get = mysql_query("SELECT * FROM posts ORDER BY id DESC LIMIT $start, $per_page");
while ($row = mysql_fetch_assoc($get))

{
// get data
$id = $row['id'];
$name = $row['name'];
$message = $row['message'];

if ($staffcheck ==2) {
    $name = " <img src='$acrown'></img><b> $owner</b></a>";
}


//smileys
$before = array('', '', '', '');
$after   = array('<img src="smileys/happy.png">', '<img src="smileys/sad.png">', '<img src="smileys/wide.png">', '<img src="smileys/tounge.png">');
$output  = str_replace($before, $after, $message);

if ($name=="$usernamesession")
   {
   $name = "<a href='index.php?id=$id'><span style='color:red'>X</span></a> $name";
   }

echo "<center><b><a href='report.php?id=$id'><img src='images/report.png' alt='Report'></img></a> ($id)Posted by:</b> ".$name."</a><br /><b>".$output."<hr></b>";

}

//setup prev and next variables
$prev = $start - $per_page;
$next = $start + $per_page;

//show prev button
if (!($start<=0))
       echo "<a href='index.php?start=$prev'>Prev</a> ";

//show page numbers

//set variable for first page
$i=1;

for ($x=0;$x<$record_count;$x=$x+$per_page)
{
if ($start!=$x)
    echo " <a href='index.php?start=$x'>$i</a> ";
else
    echo " <a href='index.php?start=$x'><b>$i</b></a> ";
$i++;
}

//show next button
if (!($start>=$record_count-$per_page))
       echo " <a href='index.php?start=$next'>Next</a>";
   }

//prosses of getting the numbers

        $construct = "SELECT * FROM posts";
        $run = mysql_query($construct);

        $foundnum = (mysql_num_rows($run));

//prosses of getting the numbers for users

        $construct2 = "SELECT * FROM users";
        $run2 = mysql_query($construct2);

        $foundnum2 = (mysql_num_rows($run2));

   
echo "<br /><br />Total comments: ";
echo $foundnum;
echo " ||";
echo " Total members: ";
echo $foundnum2;
?>
</font></td>
										</tr>
									</tbody>
								</table></td>
							</tr>
						</tbody>
					</table>
					</td>
				</tr>
			</tbody>
		</table>
		</center>
		<table class="tborder" cellpadding="4" cellspacing="1" width="67%">
			<tbody>
				<tr>
					<td class="thead"><font face="Trebuchet MS"><strong>  
					Copyright</strong></font></td>
				</tr>
				<tr>
					<td class="trow1">
					<table border="0" cellpadding="4" width="100%">
						<tbody>
							<tr>
								<td class="trow1">
								<p align="center">
<span class="smalltext" style="display: inline; visibility: visible; font-family: Trebuchet MS; font-weight: 700">
<a title="Simple Machines Forum" target="_blank" class="new_win" href="http://commentbb.com">
<font size="2">Powered by CommentBB 1.0 BETA</font></a><font size="2"> |
</font><a href="http://commentbb.com"><font size="2">CBB is © 2009, CommentBB 
INC</font></a></span></td>
							</tr>
						</tbody>
					</table></td>
				</tr>
			</tbody>
		</table> </div>
<font face="Trebuchet MS">
<!-- end: footer -->
<!-- end: portal --></font></body></html>

3raser Advanced Member

3raser

Posted
  • Author
Posted

Doesn't seem to be working for me.

 

<?php require "global_navigation.php"; ?>
<?php

if ($_SESSION['username']) {
echo ' <a href="logout.php"><img src="images/logout.png"></img></a> <a href="member_list.php"><img src="images/members.png"</a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a> <a href="ucp.php"><img src="images/UCP.png"></a></b> <a href="acp.php"><img src="images/acp.png"></a> <a href="modcp.php"><img src="images/modcp.png"></a>';
}
else
{
echo '<a href="register.php"><img src="images/register.png"></img></a> <a href="login.php"><img src="images/log-in.png"></img></a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a>';
echo "<br />";
echo $gmessage;
}

?>
<br />
<?php  

//connecting to the database
$connect = mysql_connect("$dbhost","$dbuser","$dbpassword") or die("Connection failed!");
mysql_select_db("$db") or die("Database fail!");

$delete = $_GET['id'];
$usernamesession = $_SESSION['username'];
$filename = 'install.php';

if($_SESSION['username'] == $_GET['id']){
     mysql_query("DELETE FROM posts WHERE id='$delete'");
}

if (file_exists($filename)) {
    echo "<div class='box'>If you haven't yet installed commentBB, do so here: <a href='install.php'><b>Install</b></a> - If you already have, then delete install.php and/or installed.php for MAJOR security reasons!</div>";
}
else
{

if ($_SESSION['username']) 
{
echo "<br />Logged in as <b> ".$_SESSION['username']."</b>!<br />";
}
else
   exit
?>

<?php



?>
<?php 

if ($disabled==0) {
echo '<form action="post.php" method="POST">
Message <br><br><textarea name="message" rows="10" cols="100">

</textarea><br>
<input type="submit" value="Post it!">
</form></center></span><hr>
<br>';
}
else {
   echo "<div class='box'>Posting disabled!</div>";
}

//max displayed per page
$per_page = 8;

//get start variable
$start = $_GET['start'];

//count records
$record_count = mysql_num_rows(mysql_query("SELECT * FROM posts"));

//count max pages
$max_pages = $record_count / $per_page; //may come out as decimal

if (!$start)
   $start = 0;

//staff CHECK
$get2 = mysql_query("SELECT * FROM users WHERE username='$name'");
while ($row2 = mysql_fetch_assoc($get2))

{
// get data
$staffcheck = $row2['staff'];
}
   
//display data
$get = mysql_query("SELECT * FROM posts ORDER BY id DESC LIMIT $start, $per_page");
while ($row = mysql_fetch_assoc($get))

{
// get data
$id = $row['id'];
$name = $row['name'];
$message = $row['message'];

if ($staffcheck ==2) {
    $name = " <img src='$acrown'></img><b> $owner</b></a>";
}


//smileys
$before = array('', '', '', '');
$after   = array('<img src="smileys/happy.png">', '<img src="smileys/sad.png">', '<img src="smileys/wide.png">', '<img src="smileys/tounge.png">');
$output  = str_replace($before, $after, $message);

if ($name=="$usernamesession")
   {
   $name = "<a href='index.php?id=$id'><span style='color:red'>X</span></a> $name";
   }

echo "<center><b><a href='report.php?id=$id'><img src='images/report.png' alt='Report'></img></a> ($id)Posted by:</b> ".$name."</a><br /><b>".$output."<hr></b>";

}

//setup prev and next variables
$prev = $start - $per_page;
$next = $start + $per_page;

//show prev button
if (!($start<=0))
       echo "<a href='index.php?start=$prev'>Prev</a> ";

//show page numbers

//set variable for first page
$i=1;

for ($x=0;$x<$record_count;$x=$x+$per_page)
{
if ($start!=$x)
    echo " <a href='index.php?start=$x'>$i</a> ";
else
    echo " <a href='index.php?start=$x'><b>$i</b></a> ";
$i++;
}

//show next button
if (!($start>=$record_count-$per_page))
       echo " <a href='index.php?start=$next'>Next</a>";
   }

//prosses of getting the numbers

        $construct = "SELECT * FROM posts";
        $run = mysql_query($construct);

        $foundnum = (mysql_num_rows($run));

//prosses of getting the numbers for users

        $construct2 = "SELECT * FROM users";
        $run2 = mysql_query($construct2);

        $foundnum2 = (mysql_num_rows($run2));

   
echo "<br /><br />Total comments: ";
echo $foundnum;
echo " ||";
echo " Total members: ";
echo $foundnum2;
?>
</font></td>
										</tr>
									</tbody>
								</table></td>
							</tr>
						</tbody>
					</table>
					</td>
				</tr>
			</tbody>
		</table>
		</center>
		<table class="tborder" cellpadding="4" cellspacing="1" width="67%">
			<tbody>
				<tr>
					<td class="thead"><font face="Trebuchet MS"><strong>  
					Copyright</strong></font></td>
				</tr>
				<tr>
					<td class="trow1">
					<table border="0" cellpadding="4" width="100%">
						<tbody>
							<tr>
								<td class="trow1">
								<p align="center">
<span class="smalltext" style="display: inline; visibility: visible; font-family: Trebuchet MS; font-weight: 700">
<a title="Simple Machines Forum" target="_blank" class="new_win" href="http://commentbb.com">
<font size="2">Powered by CommentBB 1.0 BETA</font></a><font size="2"> |
</font><a href="http://commentbb.com"><font size="2">CBB is © 2009, CommentBB 
INC</font></a></span></td>
							</tr>
						</tbody>
					</table></td>
				</tr>
			</tbody>
		</table> </div>
<font face="Trebuchet MS">
<!-- end: footer -->
<!-- end: portal --></font></body></html>

3raser Advanced Member

3raser

Posted
  • Author
Posted

I've added that, but it doesn't even delete the posts. http://www.commentbb.com/demo/

 

Code

 

<?php require "global_navigation.php"; ?>
<?php

if ($_SESSION['username']) {
echo ' <a href="logout.php"><img src="images/logout.png"></img></a> <a href="member_list.php"><img src="images/members.png"</a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a> <a href="ucp.php"><img src="images/UCP.png"></a></b> <a href="acp.php"><img src="images/acp.png"></a> <a href="modcp.php"><img src="images/modcp.png"></a>';
}
else
{
echo '<a href="register.php"><img src="images/register.png"></img></a> <a href="login.php"><img src="images/log-in.png"></img></a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a>';
echo "<br />";
echo $gmessage;
}

?>
<br />
<?php  

//connecting to the database
$connect = mysql_connect("$dbhost","$dbuser","$dbpassword") or die("Connection failed!");
mysql_select_db("$db") or die("Database fail!");

$delete = $_GET['id'];
$usernamesession = $_SESSION['username'];
$filename = 'install.php';

if (!$delete)
   {
   } else {
mysql_query("DELETE FROM posts WHERE id='$delete' AND owner='".$_SESSION['id']."'"); }

if (file_exists($filename)) {
    echo "<div class='box'>If you haven't yet installed commentBB, do so here: <a href='install.php'><b>Install</b></a> - If you already have, then delete install.php and/or installed.php for MAJOR security reasons!</div>";
}
else
{

if ($_SESSION['username']) 
{
echo "<br />Logged in as <b> ".$_SESSION['username']."</b>!<br />";
}
else
   exit
?>

<?php



?>
<?php 

if ($disabled==0) {
echo '<form action="post.php" method="POST">
Message <br><br><textarea name="message" rows="10" cols="100">

</textarea><br>
<input type="submit" value="Post it!">
</form></center></span><hr>
<br>';
}
else {
   echo "<div class='box'>Posting disabled!</div>";
}

//max displayed per page
$per_page = 8;

//get start variable
$start = $_GET['start'];

//count records
$record_count = mysql_num_rows(mysql_query("SELECT * FROM posts"));

//count max pages
$max_pages = $record_count / $per_page; //may come out as decimal

if (!$start)
   $start = 0;

//staff CHECK
$get2 = mysql_query("SELECT * FROM users WHERE username='$name'");
while ($row2 = mysql_fetch_assoc($get2))

{
// get data
$staffcheck = $row2['staff'];
}
   
//display data
$get = mysql_query("SELECT * FROM posts ORDER BY id DESC LIMIT $start, $per_page");
while ($row = mysql_fetch_assoc($get))

{
// get data
$id = $row['id'];
$name = $row['name'];
$message = $row['message'];

if ($staffcheck ==2) {
    $name = " <img src='$acrown'></img><b> $owner</b></a>";
}


//smileys
$before = array('', '', '', '');
$after   = array('<img src="smileys/happy.png">', '<img src="smileys/sad.png">', '<img src="smileys/wide.png">', '<img src="smileys/tounge.png">');
$output  = str_replace($before, $after, $message);

if ($name=="$usernamesession")
   {
   $name = "<a href='index.php?id=$id'><span style='color:red'>X</span></a> $name";
   }

echo "<center><b><a href='report.php?id=$id'><img src='images/report.png' alt='Report'></img></a> ($id)Posted by:</b> ".$name."</a><br /><b>".$output."<hr></b>";

}

//setup prev and next variables
$prev = $start - $per_page;
$next = $start + $per_page;

//show prev button
if (!($start<=0))
       echo "<a href='index.php?start=$prev'>Prev</a> ";

//show page numbers

//set variable for first page
$i=1;

for ($x=0;$x<$record_count;$x=$x+$per_page)
{
if ($start!=$x)
    echo " <a href='index.php?start=$x'>$i</a> ";
else
    echo " <a href='index.php?start=$x'><b>$i</b></a> ";
$i++;
}

//show next button
if (!($start>=$record_count-$per_page))
       echo " <a href='index.php?start=$next'>Next</a>";
   }

//prosses of getting the numbers

        $construct = "SELECT * FROM posts";
        $run = mysql_query($construct);

        $foundnum = (mysql_num_rows($run));

//prosses of getting the numbers for users

        $construct2 = "SELECT * FROM users";
        $run2 = mysql_query($construct2);

        $foundnum2 = (mysql_num_rows($run2));

   
echo "<br /><br />Total comments: ";
echo $foundnum;
echo " ||";
echo " Total members: ";
echo $foundnum2;
?>
</font></td>
										</tr>
									</tbody>
								</table></td>
							</tr>
						</tbody>
					</table>
					</td>
				</tr>
			</tbody>
		</table>
		</center>
		<table class="tborder" cellpadding="4" cellspacing="1" width="67%">
			<tbody>
				<tr>
					<td class="thead"><font face="Trebuchet MS"><strong>  
					Copyright</strong></font></td>
				</tr>
				<tr>
					<td class="trow1">
					<table border="0" cellpadding="4" width="100%">
						<tbody>
							<tr>
								<td class="trow1">
								<p align="center">
<span class="smalltext" style="display: inline; visibility: visible; font-family: Trebuchet MS; font-weight: 700">
<a title="Simple Machines Forum" target="_blank" class="new_win" href="http://commentbb.com">
<font size="2">Powered by CommentBB 1.0 BETA</font></a><font size="2"> |
</font><a href="http://commentbb.com"><font size="2">CBB is © 2009, CommentBB 
INC</font></a></span></td>
							</tr>
						</tbody>
					</table></td>
				</tr>
			</tbody>
		</table> </div>
<font face="Trebuchet MS">
<!-- end: footer -->
<!-- end: portal --></font></body></html>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.