Jump to content

[SOLVED] Fixing My Admin File for My Shout Box

FortMyersDrew

By FortMyersDrew
in PHP Coding Help

 Share

Recommended Posts

FortMyersDrew Member

FortMyersDrew

Posted
Posted

Alright I have my shout box set up too how i want it and all but i need help on my shoutbox admin

 

<?php //Start the session so you would stay logged in..//must be ABOVE ANY outputsession_start(); //Get the cmd variable$cmd=$_GET['cmd'];$idg=$_GET['id'];?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"><title>ACP</title></head><body><?php//include config.phpinclude 'config.php';//get the username from the form and add some security//so you cant get hacked so easy $username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));$password = md5($_POST['password']);//if login button is pressedif ($_POST['login']){//check if username and password are insertedif((!$username) || (!$password)){//if not tell them to...do insert all of infoecho "Please enter both values<br>";}//when they have we check if the username and the password exists$sql = mysql_query("SELECT * FROM `shoutbox_admin` WHERE `name` = '$username' AND `password`= '$password'") OR die(mysql_error());//so we need to check it for real //mysql_num_rows() counts the rows which are returned as true$login_check = mysql_num_rows($sql);//if the check is true....true = 1 and $login check is set as $login_check=1if($login_check > 0){//so if it is larger than 1 we set some session variables -//username and id$r=mysql_fetch_array($sql);$_SESSION['id'] = $r['id'];$_SESSION['username'] = $r['name'];//if it's not let's make him suffer...moahahahaa...//reload the page I mean.. }else {header("Refresh:2;admin.php");echo 'Go and login <-<';}}//so if session username isn't set show user the login formif(!isset($_SESSION['username'])){?><center><form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>Username: <input type='text' size='15' name='username'><br>Password: <input type='password' size='15' name='password'><br><input name="login" type="submit" value="Submit"></form></center><? }//if not - show him the contents and stuff...else{//welcome message and logout link...echo "<center>Welcome, ". $_SESSION['username'] ."! <a href='logout.php'>Log Out</a></center>";echo "<br><br><center>";//see my ?id= browsing tutorial to understand switch()switch($cmd){default://getting all of the shouts and adding `delete me` link...$result = mysql_query("select * from shoutbox order by id desc"); while($r=mysql_fetch_array($result)) { $name=$r["name"];$message=$r["message"];$time=$r["time"];$id=$r["id"];echo "Shout by: ".$name." <strong>@</strong> ".$time."<br>".$message."<br><a href='?cmd=delete&id=".$id."'>Delete me</a><br><br>";}break;case 'delete':$sql = "DELETE FROM shoutbox WHERE id=".$idg."";$result = mysql_query($sql);header('Refresh:2;admin.php');echo "deleted";};}

This is what my friend helped me with but he gave me it like this... and i dont think its working right

Link to comment
Share on other sites
FortMyersDrew Member

FortMyersDrew

Posted
  • Author
Posted

Admin.php

<?php 
//Start the session so you would stay logged in..
//must be ABOVE ANY output
session_start(); 
//Get the cmd variable
$cmd=$_GET['cmd'];
$idg=$_GET['id'];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<title>ACP</title>
</head>
<body>
<?php
//include config.php
include 'config.php';
//get the username from the form and add some security
//so you cant get hacked so easy 
$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));
$password = md5($_POST['password']);
//if login button is pressed
if ($_POST['login']){
//check if username and password are inserted
if((!$username) || (!$password)){
//if not tell them to...do insert all of info
echo "Please enter both values<br>";}
//when they have we check if the username and the password exists
$sql = mysql_query("SELECT * FROM `shoutbox_admin` WHERE `name` = '$username' AND `password`= '$password'") OR die(mysql_error());
//so we need to check it for real
//mysql_num_rows() counts the rows which are returned as true
$login_check = mysql_num_rows($sql);
//if the check is true....true = 1 and $login check is set as $login_check=1
if($login_check > 0){
//so if it is larger than 1 we set some session variables -
//username and id
$r=mysql_fetch_array($sql);
$_SESSION['id'] = $r['id'];
$_SESSION['username'] = $r['name'];
//if it's not let's make him suffer...moahahahaa...
//reload the page I mean.. 
}else {
header("Refresh:2;admin.php");
echo 'Go and login <-<';
}
}
//so if session username isn't set show user the login form
if(!isset($_SESSION['username'])){
?>
<center>
<form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>
Username: <input type='text' size='15' name='username'><br>
Password: <input type='password' size='15' name='password'><br>
<input name="login" type="submit" value="Submit">
</form></center>
<? }
//if not - show him the contents and stuff...else{
else{
//welcome message and logout link...
echo "<center>Welcome, ". $_SESSION['username'] ."! <a href='logout.php'>Log Out</a></center>";
echo "<br><br><center>";
//see my ?id= browsing tutorial to understand switch()
switch($cmd){
default:
//getting all of the shouts and adding `delete me` link...
$result = mysql_query("select * from shoutbox order by id desc"); 
while($r=mysql_fetch_array($result)) 
{
$name=$r["name"];
$message=$r["message"];
$time=$r["time"];
$id=$r["id"];
echo "Shout by: ".$name." <strong>@</strong> ".$time."<br>".$message."<br><a href='?cmd=delete&id=".$id."'>Delete me</a><br><br>";
}
break;
case 'delete':
$sql = "DELETE FROM shoutbox WHERE id=".$idg."";
$result = mysql_query($sql);
header('Refresh:2;admin.php');
echo "deleted";
}
;}
?>

 

Phew long file but here it is.

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

Do not output any html or data for that matter before the header call, that or make it a META tag or Javascript.

 

Headers can only be sent if no ouput has been sent to the screen, which in that call obviously there is a bunch of output sent to the screen.

Link to comment
Share on other sites
teng84 Member

teng84

Posted
Posted

<?php

//Start the session so you would stay logged in..

//must be ABOVE ANY output

session_start();

//Get the cmd variable

$cmd=$_GET['cmd'];

$idg=$_GET['id'];

?>

 

remove this

//Start the session so you would stay logged in..

//must be ABOVE ANY output

 

that will give you the error message about header and dont put white space on the top of session start

Link to comment
Share on other sites
FortMyersDrew Member

FortMyersDrew

Posted
  • Author
Posted 
<?php 
//Start the session so you would stay logged in..
//must be ABOVE ANY output
session_start(); 
//Get the cmd variable
$cmd=$_GET['cmd'];
$idg=$_GET['id'];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<title>ACP</title>
</head>
<body>
<?php
//include config.php
include 'config.php';
//get the username from the form and add some security
//so you cant get hacked so easy 
$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));
$password = md5($_POST['password']);
//if login button is pressed
if ($_POST['login']){
//check if username and password are inserted
if((!$username) || (!$password)){
//if not tell them to...do insert all of info
echo "Please enter both values<br>";}
//when they have we check if the username and the password exists
$sql = mysql_query("SELECT * FROM `shoutbox_admin` WHERE `name` = '$username' AND `password`= '$password'") OR die(mysql_error());
//so we need to check it for real
//mysql_num_rows() counts the rows which are returned as true
$login_check = mysql_num_rows($sql);
//if the check is true....true = 1 and $login check is set as $login_check=1
if($login_check > 0){
//so if it is larger than 1 we set some session variables -
//username and id
$r=mysql_fetch_array($sql);
$_SESSION['id'] = $r['id'];
$_SESSION['username'] = $r['name'];
//if it's not let's make him suffer...moahahahaa...
//reload the page I mean.. 
}else {
header("Refresh:2;admin.php");
echo 'Go and login <-<';
}
}
//so if session username isn't set show user the login form
if(!isset($_SESSION['username'])){
?>
<center>
<form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>
Username: <input type='text' size='15' name='username'><br>
Password: <input type='password' size='15' name='password'><br>
<input name="login" type="submit" value="Submit">
</form></center>
<? }
//if not - show him the contents and stuff...else{
else{
//welcome message and logout link...
echo "<center>Welcome, ". $_SESSION['username'] ."! <a href='logout.php'>Log Out</a></center>";
echo "<br><br><center>";
//see my ?id= browsing tutorial to understand switch()
switch($cmd){
default:
//getting all of the shouts and adding `delete me` link...
$result = mysql_query("select * from shoutbox order by id desc"); 
while($r=mysql_fetch_array($result)) 
{
$name=$r["name"];
$message=$r["message"];
$time=$r["time"];
$id=$r["id"];
echo "Shout by: ".$name." <strong>@</strong> ".$time."<br>".$message."<br><a href='?cmd=delete&id=".$id."'>Delete me</a><br><br>";
}
break;
case 'delete':
$sql = "DELETE FROM shoutbox WHERE id=".$idg."";
$result = mysql_query($sql);
header('Refresh:2;admin.php');
echo "deleted";
}
;}
?>

Link to comment
Share on other sites
teng84 Member

teng84

Posted
Posted

<?php

session_start();

//Get the cmd variable

$cmd=$_GET['cmd'];

$idg=$_GET['id'];

//include config.php

include 'config.php';

//get the username from the form and add some security

//so you cant get hacked so easy

$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));

$password = md5($_POST['password']);

//if login button is pressed

if ($_POST['login']){

//check if username and password are inserted

if((!$username) || (!$password)){

//if not tell them to...do insert all of info

//echo "Please enter both values<br>";

}

//when they have we check if the username and the password exists

$sql = mysql_query("SELECT * FROM `shoutbox_admin` WHERE `name` = '$username' AND `password`= '$password'") OR die(mysql_error());

//so we need to check it for real

//mysql_num_rows() counts the rows which are returned as true

$login_check = mysql_num_rows($sql);

//if the check is true....true = 1 and $login check is set as $login_check=1

if($login_check > 0){

//so if it is larger than 1 we set some session variables -

//username and id

$r=mysql_fetch_array($sql);

$_SESSION['id'] = $r['id'];

$_SESSION['username'] = $r['name'];

//if it's not let's make him suffer...moahahahaa...

//reload the page I mean..

}else {

header("Refresh:2;admin.php");

exit();

}

}

//so if session username isn't set show user the login form

if(!isset($_SESSION['username'])){

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">

<title>ACP</title>

</head>

<body>

<center>

<form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>

Username: <input type='text' size='15' name='username'><br>

Password: <input type='password' size='15' name='password'><br>

<input name="login" type="submit" value="Submit">

</form></center>

<? }

//if not - show him the contents and stuff...else{

else{

//welcome message and logout link...

echo "<center>Welcome, ". $_SESSION['username'] ."! <a href='logout.php'>Log Out</a></center>";

echo "<br><br><center>";

//see my ?id= browsing tutorial to understand switch()

switch($cmd){

default:

//getting all of the shouts and adding `delete me` link...

$result = mysql_query("select * from shoutbox order by id desc");

while($r=mysql_fetch_array($result))

{

$name=$r["name"];

$message=$r["message"];

$time=$r["time"];

$id=$r["id"];

echo "Shout by: ".$name." <strong>@</strong> ".$time."<br>".$message."<br><a href='?cmd=delete&id=".$id."'>Delete me</a><br><br>";

}

break;

case 'delete':

$sql = "DELETE FROM shoutbox WHERE id=".$idg."";

$result = mysql_query($sql);

header('Refresh:2;admin.php');

exit();

}

}

?>

Link to comment
Share on other sites
teng84 Member

teng84

Posted
Posted

<?php

session_start();

//Get the cmd variable

$cmd=$_GET['cmd'];

$idg=$_GET['id'];

//include config.php

include 'config.php';

//get the username from the form and add some security

//so you cant get hacked so easy

$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));

$password = md5($_POST['password']);

//if login button is pressed

if ($_POST['login']){

//check if username and password are inserted

if((!$username) || (!$password)){

//if not tell them to...do insert all of info

//echo "Please enter both values";

}

//when they have we check if the username and the password exists

$sql = mysql_query("SELECT * FROM `shoutbox_admin` WHERE `name` = '$username' AND `password`= '$password'") OR die(mysql_error());

//so we need to check it for real

//mysql_num_rows() counts the rows which are returned as true

$login_check = mysql_num_rows($sql);

//if the check is true....true = 1 and $login check is set as $login_check=1

if($login_check > 0){

//so if it is larger than 1 we set some session variables -

//username and id

$r=mysql_fetch_array($sql);

$_SESSION['id'] = $r['id'];

$_SESSION['username'] = $r['name'];

//if it's not let's make him suffer...moahahahaa...

//reload the page I mean..

}else {

header("Refresh:2;admin.php");

exit();

}

}

//so if session username isn't set show user the login form

if(!isset($_SESSION['username'])){

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">

<title>ACP</title>

</head>

<body>

<center>

<form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>

Username: <input type='text' size='15' name='username'>

 

Password: <input type='password' size='15' name='password'>

 

<input name="login" type="submit" value="Submit">

</form></center>

<? }

//if not - show him the contents and stuff...else{

else{

//welcome message and logout link...

echo "<center>Welcome, ". $_SESSION['username'] ."! <a href='logout.php'>Log Out[/url]</center>";

echo "

 

<center>";

//see my ?id= browsing tutorial to understand switch()

switch($cmd){

default:

//getting all of the shouts and adding `delete me` link...

$result = mysql_query("select * from shoutbox order by id desc");

while($r=mysql_fetch_array($result))

{

$name=$r["name"];

$message=$r["message"];

$time=$r["time"];

$id=$r["id"];

echo "Shout by: ".$name." <strong>@</strong> ".$time."

".$message."

<a href='?cmd=delete&id=".$id."'>Delete me[/url]

 

";

}

break;

case 'delete':

$sql = "DELETE FROM shoutbox WHERE id=".$idg."";

$result = mysql_query($sql);

header('Refresh:2;admin.php');

exit();

}

}

?>

 

 

that should run cause it works fine on me

Link to comment
Share on other sites
FortMyersDrew Member

FortMyersDrew

Posted
  • Author
Posted

alright it works it brings up all the shouts however when i click delete the shout it goes to this

 

Welcome, FortMyersDrew! Log Out[/url]

Warning: Cannot modify header information - headers already sent by (output started at /home/content/d/r/e/drewsmedia/html/admin.php:60) in /home/content/d/r/e/drewsmedia/html/admin.php on line 85

 

However it is deleting the files, but they are all put together like this aaaaaaaaaaaabbbbbbbbbbbbccccccccccccccccdddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffffgggggggggggggggggggggghhhhhhhhhhhhhhhhhhhiiiiiiiiiiiiiiiiiiiiiiiiiijjjjjjjjjjjjjjjjjjjjjjjjjjjjkkkkkkkkkkkkkkkkkkkkklllllllllllllllllllllllllllllllll

 

and when i delete one it kicks me off

 

its still coming off line 85

header('Refresh:2;admin.php');

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.