3raser Posted November 8, 2009 Share Posted November 8, 2009 When ever they click the red X on index.php, it deletes their posts and the X only shows up on their own posts. But when they enter index.php?id=50 in their address bar, it deletes post ID 50 even if it's not their own post. How do I stop this from happening? <?php require "global_navigation.php"; ?> <?php if ($_SESSION['username']) { echo ' <a href="logout.php"><img src="images/logout.png"></img></a> <a href="member_list.php"><img src="images/members.png"</a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a> <a href="ucp.php"><img src="images/UCP.png"></a></b> <a href="acp.php"><img src="images/acp.png"></a> <a href="modcp.php"><img src="images/modcp.png"></a>'; } else { echo '<a href="register.php"><img src="images/register.png"></img></a> <a href="login.php"><img src="images/log-in.png"></img></a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a>'; echo "<br />"; echo $gmessage; } ?> <br /> <?php //connecting to the database $connect = mysql_connect("$dbhost","$dbuser","$dbpassword") or die("Connection failed!"); mysql_select_db("$db") or die("Database fail!"); $delete = $_GET['id']; $usernamesession = $_SESSION['username']; $filename = 'install.php'; if (!$delete) { } else { //delete mysql_query("DELETE FROM posts WHERE id=''") or die(mysql_error()); } if (file_exists($filename)) { echo "<div class='box'>If you haven't yet installed commentBB, do so here: <a href='install.php'><b>Install</b></a> - If you already have, then delete install.php and/or installed.php for MAJOR security reasons!</div>"; } else { if ($_SESSION['username']) { echo "<br />Logged in as <b> ".$_SESSION['username']."</b>!<br />"; } else exit ?> <?php ?> <?php if ($disabled==0) { echo '<form action="post.php" method="POST"> Message <br><br><textarea name="message" rows="10" cols="100"> </textarea><br> <input type="submit" value="Post it!"> </form></center></span><hr> <br>'; } else { echo "<div class='box'>Posting disabled!</div>"; } //max displayed per page $per_page = 8; //get start variable $start = $_GET['start']; //count records $record_count = mysql_num_rows(mysql_query("SELECT * FROM posts")); //count max pages $max_pages = $record_count / $per_page; //may come out as decimal if (!$start) $start = 0; //staff CHECK $get2 = mysql_query("SELECT * FROM users WHERE username='$name'"); while ($row2 = mysql_fetch_assoc($get2)) { // get data $staffcheck = $row2['staff']; } //display data $get = mysql_query("SELECT * FROM posts ORDER BY id DESC LIMIT $start, $per_page"); while ($row = mysql_fetch_assoc($get)) { // get data $id = $row['id']; $name = $row['name']; $message = $row['message']; if ($staffcheck ==2) { $name = " <img src='$acrown'></img><b> $owner</b></a>"; } //smileys $before = array('', '', '', ''); $after = array('<img src="smileys/happy.png">', '<img src="smileys/sad.png">', '<img src="smileys/wide.png">', '<img src="smileys/tounge.png">'); $output = str_replace($before, $after, $message); if ($name=="$usernamesession") { $name = "<a href='index.php?id=$id'><span style='color:red'>X</span></a> $name"; } echo "<center><b><a href='report.php?id=$id'><img src='images/report.png' alt='Report'></img></a> ($id)Posted by:</b> ".$name."</a><br /><b>".$output."<hr></b>"; } //setup prev and next variables $prev = $start - $per_page; $next = $start + $per_page; //show prev button if (!($start<=0)) echo "<a href='index.php?start=$prev'>Prev</a> "; //show page numbers //set variable for first page $i=1; for ($x=0;$x<$record_count;$x=$x+$per_page) { if ($start!=$x) echo " <a href='index.php?start=$x'>$i</a> "; else echo " <a href='index.php?start=$x'><b>$i</b></a> "; $i++; } //show next button if (!($start>=$record_count-$per_page)) echo " <a href='index.php?start=$next'>Next</a>"; } //prosses of getting the numbers $construct = "SELECT * FROM posts"; $run = mysql_query($construct); $foundnum = (mysql_num_rows($run)); //prosses of getting the numbers for users $construct2 = "SELECT * FROM users"; $run2 = mysql_query($construct2); $foundnum2 = (mysql_num_rows($run2)); echo "<br /><br />Total comments: "; echo $foundnum; echo " ||"; echo " Total members: "; echo $foundnum2; ?> </font></td> </tr> </tbody> </table></td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </center> <table class="tborder" cellpadding="4" cellspacing="1" width="67%"> <tbody> <tr> <td class="thead"><font face="Trebuchet MS"><strong> Copyright</strong></font></td> </tr> <tr> <td class="trow1"> <table border="0" cellpadding="4" width="100%"> <tbody> <tr> <td class="trow1"> <p align="center"> <span class="smalltext" style="display: inline; visibility: visible; font-family: Trebuchet MS; font-weight: 700"> <a title="Simple Machines Forum" target="_blank" class="new_win" href="http://commentbb.com"> <font size="2">Powered by CommentBB 1.0 BETA</font></a><font size="2"> | </font><a href="http://commentbb.com"><font size="2">CBB is © 2009, CommentBB INC</font></a></span></td> </tr> </tbody> </table></td> </tr> </tbody> </table> </div> <font face="Trebuchet MS"> <!-- end: footer --> <!-- end: portal --></font></body></html> Quote Link to comment https://forums.phpfreaks.com/topic/180731-solved-make-users-delete-their-own-posts-only/ Share on other sites More sharing options...
The Little Guy Posted November 8, 2009 Share Posted November 8, 2009 if($_SESSION['id'] == $_GET['id']){ mysql_query("DELETE..."); } Quote Link to comment https://forums.phpfreaks.com/topic/180731-solved-make-users-delete-their-own-posts-only/#findComment-953516 Share on other sites More sharing options...
3raser Posted November 8, 2009 Author Share Posted November 8, 2009 Doesn't seem to be working for me. <?php require "global_navigation.php"; ?> <?php if ($_SESSION['username']) { echo ' <a href="logout.php"><img src="images/logout.png"></img></a> <a href="member_list.php"><img src="images/members.png"</a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a> <a href="ucp.php"><img src="images/UCP.png"></a></b> <a href="acp.php"><img src="images/acp.png"></a> <a href="modcp.php"><img src="images/modcp.png"></a>'; } else { echo '<a href="register.php"><img src="images/register.png"></img></a> <a href="login.php"><img src="images/log-in.png"></img></a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a>'; echo "<br />"; echo $gmessage; } ?> <br /> <?php //connecting to the database $connect = mysql_connect("$dbhost","$dbuser","$dbpassword") or die("Connection failed!"); mysql_select_db("$db") or die("Database fail!"); $delete = $_GET['id']; $usernamesession = $_SESSION['username']; $filename = 'install.php'; if($_SESSION['username'] == $_GET['id']){ mysql_query("DELETE FROM posts WHERE id='$delete'"); } if (file_exists($filename)) { echo "<div class='box'>If you haven't yet installed commentBB, do so here: <a href='install.php'><b>Install</b></a> - If you already have, then delete install.php and/or installed.php for MAJOR security reasons!</div>"; } else { if ($_SESSION['username']) { echo "<br />Logged in as <b> ".$_SESSION['username']."</b>!<br />"; } else exit ?> <?php ?> <?php if ($disabled==0) { echo '<form action="post.php" method="POST"> Message <br><br><textarea name="message" rows="10" cols="100"> </textarea><br> <input type="submit" value="Post it!"> </form></center></span><hr> <br>'; } else { echo "<div class='box'>Posting disabled!</div>"; } //max displayed per page $per_page = 8; //get start variable $start = $_GET['start']; //count records $record_count = mysql_num_rows(mysql_query("SELECT * FROM posts")); //count max pages $max_pages = $record_count / $per_page; //may come out as decimal if (!$start) $start = 0; //staff CHECK $get2 = mysql_query("SELECT * FROM users WHERE username='$name'"); while ($row2 = mysql_fetch_assoc($get2)) { // get data $staffcheck = $row2['staff']; } //display data $get = mysql_query("SELECT * FROM posts ORDER BY id DESC LIMIT $start, $per_page"); while ($row = mysql_fetch_assoc($get)) { // get data $id = $row['id']; $name = $row['name']; $message = $row['message']; if ($staffcheck ==2) { $name = " <img src='$acrown'></img><b> $owner</b></a>"; } //smileys $before = array('', '', '', ''); $after = array('<img src="smileys/happy.png">', '<img src="smileys/sad.png">', '<img src="smileys/wide.png">', '<img src="smileys/tounge.png">'); $output = str_replace($before, $after, $message); if ($name=="$usernamesession") { $name = "<a href='index.php?id=$id'><span style='color:red'>X</span></a> $name"; } echo "<center><b><a href='report.php?id=$id'><img src='images/report.png' alt='Report'></img></a> ($id)Posted by:</b> ".$name."</a><br /><b>".$output."<hr></b>"; } //setup prev and next variables $prev = $start - $per_page; $next = $start + $per_page; //show prev button if (!($start<=0)) echo "<a href='index.php?start=$prev'>Prev</a> "; //show page numbers //set variable for first page $i=1; for ($x=0;$x<$record_count;$x=$x+$per_page) { if ($start!=$x) echo " <a href='index.php?start=$x'>$i</a> "; else echo " <a href='index.php?start=$x'><b>$i</b></a> "; $i++; } //show next button if (!($start>=$record_count-$per_page)) echo " <a href='index.php?start=$next'>Next</a>"; } //prosses of getting the numbers $construct = "SELECT * FROM posts"; $run = mysql_query($construct); $foundnum = (mysql_num_rows($run)); //prosses of getting the numbers for users $construct2 = "SELECT * FROM users"; $run2 = mysql_query($construct2); $foundnum2 = (mysql_num_rows($run2)); echo "<br /><br />Total comments: "; echo $foundnum; echo " ||"; echo " Total members: "; echo $foundnum2; ?> </font></td> </tr> </tbody> </table></td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </center> <table class="tborder" cellpadding="4" cellspacing="1" width="67%"> <tbody> <tr> <td class="thead"><font face="Trebuchet MS"><strong> Copyright</strong></font></td> </tr> <tr> <td class="trow1"> <table border="0" cellpadding="4" width="100%"> <tbody> <tr> <td class="trow1"> <p align="center"> <span class="smalltext" style="display: inline; visibility: visible; font-family: Trebuchet MS; font-weight: 700"> <a title="Simple Machines Forum" target="_blank" class="new_win" href="http://commentbb.com"> <font size="2">Powered by CommentBB 1.0 BETA</font></a><font size="2"> | </font><a href="http://commentbb.com"><font size="2">CBB is © 2009, CommentBB INC</font></a></span></td> </tr> </tbody> </table></td> </tr> </tbody> </table> </div> <font face="Trebuchet MS"> <!-- end: footer --> <!-- end: portal --></font></body></html> Quote Link to comment https://forums.phpfreaks.com/topic/180731-solved-make-users-delete-their-own-posts-only/#findComment-953527 Share on other sites More sharing options...
The Little Guy Posted November 8, 2009 Share Posted November 8, 2009 If you store the users id in posts (which you probably should), you can do this instead: mysql_query("DELETE FROM posts WHERE id='$delete' AND owner='".$_SESSION['id']."'"); Quote Link to comment https://forums.phpfreaks.com/topic/180731-solved-make-users-delete-their-own-posts-only/#findComment-953529 Share on other sites More sharing options...
3raser Posted November 8, 2009 Author Share Posted November 8, 2009 I've added that, but it doesn't even delete the posts. http://www.commentbb.com/demo/ Code <?php require "global_navigation.php"; ?> <?php if ($_SESSION['username']) { echo ' <a href="logout.php"><img src="images/logout.png"></img></a> <a href="member_list.php"><img src="images/members.png"</a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a> <a href="ucp.php"><img src="images/UCP.png"></a></b> <a href="acp.php"><img src="images/acp.png"></a> <a href="modcp.php"><img src="images/modcp.png"></a>'; } else { echo '<a href="register.php"><img src="images/register.png"></img></a> <a href="login.php"><img src="images/log-in.png"></img></a> <a href="search_input.php"><img src="images/search.png"></a> <a href="profiles.php"><img src="images/profile.png"></a>'; echo "<br />"; echo $gmessage; } ?> <br /> <?php //connecting to the database $connect = mysql_connect("$dbhost","$dbuser","$dbpassword") or die("Connection failed!"); mysql_select_db("$db") or die("Database fail!"); $delete = $_GET['id']; $usernamesession = $_SESSION['username']; $filename = 'install.php'; if (!$delete) { } else { mysql_query("DELETE FROM posts WHERE id='$delete' AND owner='".$_SESSION['id']."'"); } if (file_exists($filename)) { echo "<div class='box'>If you haven't yet installed commentBB, do so here: <a href='install.php'><b>Install</b></a> - If you already have, then delete install.php and/or installed.php for MAJOR security reasons!</div>"; } else { if ($_SESSION['username']) { echo "<br />Logged in as <b> ".$_SESSION['username']."</b>!<br />"; } else exit ?> <?php ?> <?php if ($disabled==0) { echo '<form action="post.php" method="POST"> Message <br><br><textarea name="message" rows="10" cols="100"> </textarea><br> <input type="submit" value="Post it!"> </form></center></span><hr> <br>'; } else { echo "<div class='box'>Posting disabled!</div>"; } //max displayed per page $per_page = 8; //get start variable $start = $_GET['start']; //count records $record_count = mysql_num_rows(mysql_query("SELECT * FROM posts")); //count max pages $max_pages = $record_count / $per_page; //may come out as decimal if (!$start) $start = 0; //staff CHECK $get2 = mysql_query("SELECT * FROM users WHERE username='$name'"); while ($row2 = mysql_fetch_assoc($get2)) { // get data $staffcheck = $row2['staff']; } //display data $get = mysql_query("SELECT * FROM posts ORDER BY id DESC LIMIT $start, $per_page"); while ($row = mysql_fetch_assoc($get)) { // get data $id = $row['id']; $name = $row['name']; $message = $row['message']; if ($staffcheck ==2) { $name = " <img src='$acrown'></img><b> $owner</b></a>"; } //smileys $before = array('', '', '', ''); $after = array('<img src="smileys/happy.png">', '<img src="smileys/sad.png">', '<img src="smileys/wide.png">', '<img src="smileys/tounge.png">'); $output = str_replace($before, $after, $message); if ($name=="$usernamesession") { $name = "<a href='index.php?id=$id'><span style='color:red'>X</span></a> $name"; } echo "<center><b><a href='report.php?id=$id'><img src='images/report.png' alt='Report'></img></a> ($id)Posted by:</b> ".$name."</a><br /><b>".$output."<hr></b>"; } //setup prev and next variables $prev = $start - $per_page; $next = $start + $per_page; //show prev button if (!($start<=0)) echo "<a href='index.php?start=$prev'>Prev</a> "; //show page numbers //set variable for first page $i=1; for ($x=0;$x<$record_count;$x=$x+$per_page) { if ($start!=$x) echo " <a href='index.php?start=$x'>$i</a> "; else echo " <a href='index.php?start=$x'><b>$i</b></a> "; $i++; } //show next button if (!($start>=$record_count-$per_page)) echo " <a href='index.php?start=$next'>Next</a>"; } //prosses of getting the numbers $construct = "SELECT * FROM posts"; $run = mysql_query($construct); $foundnum = (mysql_num_rows($run)); //prosses of getting the numbers for users $construct2 = "SELECT * FROM users"; $run2 = mysql_query($construct2); $foundnum2 = (mysql_num_rows($run2)); echo "<br /><br />Total comments: "; echo $foundnum; echo " ||"; echo " Total members: "; echo $foundnum2; ?> </font></td> </tr> </tbody> </table></td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </center> <table class="tborder" cellpadding="4" cellspacing="1" width="67%"> <tbody> <tr> <td class="thead"><font face="Trebuchet MS"><strong> Copyright</strong></font></td> </tr> <tr> <td class="trow1"> <table border="0" cellpadding="4" width="100%"> <tbody> <tr> <td class="trow1"> <p align="center"> <span class="smalltext" style="display: inline; visibility: visible; font-family: Trebuchet MS; font-weight: 700"> <a title="Simple Machines Forum" target="_blank" class="new_win" href="http://commentbb.com"> <font size="2">Powered by CommentBB 1.0 BETA</font></a><font size="2"> | </font><a href="http://commentbb.com"><font size="2">CBB is © 2009, CommentBB INC</font></a></span></td> </tr> </tbody> </table></td> </tr> </tbody> </table> </div> <font face="Trebuchet MS"> <!-- end: footer --> <!-- end: portal --></font></body></html> Quote Link to comment https://forums.phpfreaks.com/topic/180731-solved-make-users-delete-their-own-posts-only/#findComment-953535 Share on other sites More sharing options...
mikesta707 Posted November 8, 2009 Share Posted November 8, 2009 do you ever create a $_SESSION['id'] variable? and is owner the correct column you should be referencing? Quote Link to comment https://forums.phpfreaks.com/topic/180731-solved-make-users-delete-their-own-posts-only/#findComment-953536 Share on other sites More sharing options...
3raser Posted November 8, 2009 Author Share Posted November 8, 2009 do you ever create a $_SESSION['id'] variable? and is owner the correct column you should be referencing? $_SESSION['id'] should be ['username'], I've changed that. And I thought owner was some command. - It's suppose to be name. Quote Link to comment https://forums.phpfreaks.com/topic/180731-solved-make-users-delete-their-own-posts-only/#findComment-953541 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.