assignment to make some page where only people who log in can leave a message

[aleX2]

Hello everyone...

I would be really happy if someone can help me. I'm begginer in all of this and I'm stuck. I have assignment to make some page where only people who log in can leave a message, and I done all that and it works.

My problem is that I need to make a delete button so that users can delete their own comment. Whatever I tried nothing works or I get delete button but in that case user can delete all posts. Can someone PLEASE help me with that...

THANK YOU! I attached my code 

OMG.txt

Edited April 29, 2022 by requinix
adding useful title

[ginerjm]

People usually POST their code to show us what they are having problems with.  Use the <> icon to place the code in and indicate the error messages you are getting and the line number that we s/b looking at.  You don't need to to show us everything -- just enough for us to make sense of your true code (not the css/js or tons of html), just the php you are having a problem with.

What kind of process is your delete button doing?  Is it a submit that calls your php script and passes in the key of the record to be deleted?  Do you do a confirm of the submit to ensure the user means to do this?

[aleX2]

if(login()) {
    $id = $_SESSION['id'];
$query = "SELECT * FROM comment WHERE user_id={$_SESSION['id']}";
}
$res = $conn->query($query);
if($conn->num_rows($res) > 0){
    while($row = $conn->fetch_assoc($res)){
        ?>
    <div id="img">
        <a href="dcomm.php?id=<?php echo $row['id'];?>"><img src="img/delete.png" title="DELETE COMMENT"></a>
        <p><b> Name: </b><br><?php echo $row['name'];?></p> 
        <p><b> Comment: </b><br><?php echo $row['comment'];?></p>
    </div>
    <hr>
    <?php
    }
}else{
    echo "<h3>No comments!</h3>";
}

Sorry, I'm new here. Here is part of my code... I need to make a difference between logged in user and admin. Admin need to be able to see all and delete all and users who log in they just need to be able to delete their own posts.

[aleX2]

if(isset($_SESSION['id'])){

$id = $_SESSION['id'];


$query = "DELETE FROM comment WHERE user_id={$id}";

$conn->query($query);

This is second part of code...I don't know how to make a difference.

[Barand]

How do you know if a user is an admin or not?

[aleX2]

I have in sql users table and status col admin and users 

[ginerjm]

Here is how I would do it.   Some question about your use of columns 'id' and 'user_id'.

if(login())
{
	$id = $_SESSION['id'];	// assuming that login function sets this value altho the 
							// the more normal approach would be to return it from the function
	$query = "SELECT user_id, id, name, comment FROM comment 
		WHERE user_id=$id";
	//  Why is there a user id and an id column?
	$res = $conn->query($query);
	if($conn->num_rows($res) > 0)
	{
		while($row = $conn->fetch_assoc($res))
		{	//  show all of the related comments that match the id given
			//  you will have to add some code to determine if the id is the admin
			echo "
				<div id='img'>
				<form method='POST' action'dcomm.php'>
				<label>Name: 
				<input type='text' name='username' value='{$row["name"]}'>
				</label>
				<label>Comment: 
				<input type='text' name='comment' value='{$row["comment"]}'>
				</label>
				<input type='hidden' name='user_id' value='{$row["user_id"]}'>
				<input type='submit' name='btn' value='Delete Comment' onclick='return confirmDelete()'>
				</form>
				</div>
				<hr>
				";
		}
	}
	else
	{
		echo "<h3>No comments for user id $id</h3>";
	}
}
else
	echo "<h3>User is not logged in</h3>";

At the end you will have a set of divs on your screen that each contain a form with a button and they will each call your delete script with the id value provide by the POST array.  I would add a js function to the screen's page that makes the user confirm the delete is to happen 

[Barand]

Quote

I have in sql users table and status col admin and users 

It might be useful to use that in your code.

Your code only shows comments for the $_SESSION{'id'] value. Would an admin not want to see/delete all comments?

Can a none admin see all comments even they can only delete their own?

Edited April 29, 2022 by Barand

[aleX2]

Well...they told us to make a news page with categories. Only logged in users can leave comment on news. I have News table, Users table (id, name, email, username, pass, status(admin, user)), Comment table (id, user_id(to know what user wrote a comment) newsid(to know on what news user wrote a comment), name, comment).Everything is great until moment where I can make a difference who can see and delete things.So, if you log in you can type a comment and supposed to delete it(own comment) and if you are admin you can see and delete all. 

[aleX2]

<?php
session_start();
require_once("function.php");
require_once("class/DataB.class.php");
$conn = new DataB();
if(!$conn->connect()) {
    echo "Wrong DB connection!";
    exit();
}
?>
<!DOCTYPE html>
<html lang="en">
    <head>
    <meta charset="UTF-8">
    <title>News</title>
    <link rel="stylesheet" href="css/style.css">
    </head>
    <body>
        
        <div id="container">
        <?php
        require_once("nav.php");
                if(isset($_GET['id'])) {
                    $id=$_GET['id'];
                if(filter_var($id, FILTER_VALIDATE_INT)) {
                    $query="UPDATE news SET seen=seen+1 WHERE id={$id}";
                    $conn->query($query);
                    $query="SELECT * FROM viewnews WHERE deleted=0 AND id={$id}";
                    $res=$conn->query($query);
                    while($row=$conn->fetch_assoc($res)) {
                        echo "<div>";
                        echo "<p><a href='news.php?category={$row['category']}'>{$row['categoryname']}</a></p>";
                        echo "<h2>{$row['title']}</h2>";
                        echo "<p>{$row['text']}</p><br>";
                        echo "<div style='color:white;'><a href='news.php?author={$row['author']}'>{$row['name']}</a> | ".date("d.m.Y H:i",strtotime($row['time']))."</div>";
                        echo "</div>";
                    }
                }            
            }
            else
                echo "<p>You didn't choose the news!!!<p>";
        ?>
        <hr>
        <?php
            if(login()) {
            
            ?>          
        <div style="text-align:center">
       
            <form action="news2.php?id=<?= $_GET['id']?>" method="POST">          
            <input type="text" name="name" placeholder="Name..."><br><br>
            <textarea name="comment" cols="30" rows="10" placeholder="Comment..."></textarea><br><br>
            <button>Add Comment</button>
      </form>   
    </div>
       
        <hr>
        <?php
            if(isset($_POST['name']) AND isset($_POST['comment'])) {
                $name = $_POST['name'];
                $comment = $_POST['comment'];
                $name=filter_var($name, FILTER_SANITIZE_STRING);
                $comment=filter_var($comment, FILTER_SANITIZE_STRING);
                
            if($name != "" AND $comment != "") {
                $query = "INSERT INTO comment (user_id, newsid, name, comment) VALUES ('{$_SESSION['id']}', '{$_GET['id']}', '{$name}', '{$comment}')";
                $res = $conn->query($query);
            if(!$conn->error()) {
               
            }
            else {
                echo "<p>Try again!</p>";
            }
        }
    }        
            $query="SELECT * FROM comment";
            $res=$conn->query($query);
            if($conn->num_rows($res)==0) 
            echo "<h3>No comments!</h3>";
            else {
            while($row=$conn->fetch_object($res)) {
                echo "<div id='img'>";
                echo "<a href='dcomm.php?id={$row->id}>'><img src='img/delete.png' title='DELETE COMMENT'></a>";   
                echo "<p style='color:purple'><ins><b>$row->name</b></ins> | ".date("d.m.Y H:i",strtotime($row->time))."</p>"; 
                echo "<p>$row->comment</p>";
                echo "</div>";
                echo "<hr>";    
                }
            }
        }
    ?>
</div>
</body>
</html>

This is news page with comments

[aleX2]

<?php
session_start();
require_once("function.php");
require_once("class/DataB.class.php");
$conn = new DataB();
if(!$conn->connect()) {
    echo "Wrong DB connection!";
    exit();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Delete Comment</title>
    <link rel="stylesheet" href="css/style.css">
</head>
<body>
<div id="container">
<?php
require_once("nav.php");
if(login()) {
    $id = $_SESSION['id'];
$query = "SELECT * FROM comment";
}
$res = $conn->query($query);
if($conn->num_rows($res) > 0){
    while($row = $conn->fetch_assoc($res)){
        ?>
    <div id="img">
        <a href="dcomm.php?id=<?php echo $row['id'];?>"><img src="img/delete.png" title="DELETE COMMENT"></a>
        <p><b> Name: </b><br><?php echo $row['name'];?></p> 
        <p><b> Comment: </b><br><?php echo $row['comment'];?></p>
    </div>
    <hr>
    <?php
    }
}else{
    echo "<h3>No comments!</h3>";
}
?>
</div>
</div>
</body>

this is delecomment page

[aleX2]

<?php
session_start();
require_once("function.php");
require_once("class/DataB.class.php");
$conn = new DataB();
if(!$conn->connect()) {
    echo "Wrong DB connection!";
    exit();
}

if(isset($_POST['comment'])){
if(login()) {
$id = $_SESSION['id'];
$user_id = $_SESSION['user_id'];
$status = $_SESSION['status'];

}

$query = "DELETE FROM comment WHERE user_id={$id}";

$conn->query($query);

header("Location: deletecomment.php");
}
?>

And this is a dcomm page

[aleX2]

As I said I am a begginer...I don't know what I'm doing.😶

I don't know what I need to change.

Edited April 29, 2022 by aleX2

[ginerjm]

Look at my code sample of how to make the page wiht a delete button on it.  You need to pass the selected id to the dele script, don't you?  

[aleX2]

That is a problem...I know how to make delete button, but I don't know how to make it function well for user and admin.We still didn't got to js script part in classes.😒

[ginerjm]

It is not the delete button that is a concern.  It is how to do your query for either a single person or all users/admins.  You need to return something from the login function to tell you what to query.  If it is an admin drop the where condition and just say "Where 1" which will give you all records.

[Barand]

You don't need the "WHERE 1" (even though Dreamweaver always output that in its generated queries). Just omitting the WHERE clause altogether will give the same result

[aleX2]

They told me to do this: "Only logged in users need to be able to write comments. It is necessary to keep the user id in the session. Expand the comment table with the user_id column to keep track of which user left the comment (you are taking the user id from the session). When scrolling through comments, it is necessary to compare whether the user id and the comment table match the user id from the session, if it matches, only then display the delete buttons."

Well, I done the part that only logged in users are able to write a comment and I expanded table...But when it comes to write a match code I get lost.Or I don't write a code well or I don't put it in the right place.I don't know where is the problem.😰

 

[ginerjm]

And I don't understand what you are trying to say.  What do you mean by "expand the table"?  Is that you way of saying "add a record"?

Show us the layout of your table.  I'm gonna guess that it has the comment column, a column for the person who posted it and a column for the date/time that it was first saved and perhaps another for the latest update.  Anything else?  Show us the actual structure.  That would be a good start

[aleX2]

They told me to expand so i can see what user on what news left the comment.

It is a  "newspaper" folder in mysql so I have:

users table id, name, email, password, status

comment table I have id, user_id, newsid, name, comment and time

news table id, title, text, category, author

Point is to show news and only logged in user can comment on that news.User can only delete the message that he wrote and admin can delete all messages.

[ginerjm]

Those are the REAL names of your columns???   What is the id column in your users table - the person's id?  What is the id column in the comments table - the person's who wrote the comment?  What is the id on the news table - the same person again? if so what is the author - the guy who it was copied from?

Trying to understand the connections here.

[aleX2]

Yes, the real names of columns. In users table id is person's id, in comments table id is id of comment and user_id is person who wrote the comment.And id in news table is news id.Author is the person who wrote the news in my case is admin(me) 

[aleX2]

users: id name email password status(admin or user) (sign up and log in)

news:id(of the news), title, text, category, author(I am the author)

comment: id(of comment), user_id(to see what user wrote the comment), newsid(to se on what news he wrote the comment), name(of the person), comment, time

[ginerjm]

So is ID the same in any of these tables?   If an id is the "user id" then why don't you call it that where ever it is user?

[aleX2]

in users table is the real id of the person...

news id just have the news id so I can show it in comment table.

and I guess that I don't need the id of comment...just the id of person?