ccrevcypsys Posted October 3, 2007 Share Posted October 3, 2007 I have a comment system on my web site. And i need to be able to edit the comment if it is my own comments like. I posted a comment and wish to edit or delete it. How would i get this to work if i dont want other people deleting mine or other peoples messages. Here is the code i am using. <table width="100%" border="0" cellspacing="0" cellpadding="4" class="tblList"> <tr class="songTitle"> <td width="20%">Time</td> <td width="30%">Comment</td> <td width="20%">Mood</td> <td width="20%">Customer</td> <td width="20%">Delete\Edit</td> </tr> <?php if($results == TRUE){ for ($i=0; $i<count($results); $i++){ ?> <tr> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['time']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['comment']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['mood']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"> <?php echo $results[$i]['customer_id']; ?></span></td> <?php if($_GET['customer_id']==$db->mySQLSafe($_POST['edit']) ){ ?> <td align="center" width="10%" class="tdlisting"><a href="?delete=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Delete</a>\<a href="?edit=<?php echo $results[$i]['comment_id']; ?>&customer_id=<?php echo $results[$i]['customer_id']; ?>&productId=<?php echo $results[$i]['productId']; ?>&comment_id=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Edit</a> </td> <?php }else{ echo '<td align="center" width="10%" class="tdlisting"> Nope! </td>';}?> </tr> <?php } // end loop ?> </table> Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/ Share on other sites More sharing options...
trq Posted October 3, 2007 Share Posted October 3, 2007 Have you already a login system in place? If so, all you need do is validate your login credentials against the owner of the comment. eg; <?php if ($_SESSION['uid'] == $row['comments_user_id'])) { // edit. } else { echo "you are not permitted to edit this comment"; } ?> Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-360961 Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 so i changed it to this <?php if($_SESSION['customer_id'] == $row['customer_id'] ){ ?> <td align="center" width="10%" class="tdlisting"> <a href="?delete=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Delete</a> \ <a href="?edit= <?php echo $results[$i]['comment_id']; ?>&customer_id=<?php echo $results[$i]['customer_id']; ?>&productId=<?php echo $results[$i]['productId']; ?>&comment_id=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Edit</a> but it still loaded up the edit button and delete button for customer #33 and im customer #31. Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-360972 Share on other sites More sharing options...
MadTechie Posted October 3, 2007 Share Posted October 3, 2007 please use code tags.. too much of a pain to read that! Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-360976 Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 what do i make $row equal or does it already equal something? Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-360977 Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 someone please help me figure this out... Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-360991 Share on other sites More sharing options...
trq Posted October 3, 2007 Share Posted October 3, 2007 Calm down, no need to bump after 10 minutes. $row was just an example. Its a little hard to tell from your code but it would appear the $results[$i]['comment_id'] is what your looking to check against. Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-360994 Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 ok well i tried that. and i also tried to make the "$row" $results[$i]['customer_id'] but it now wont let me edit or delete again. When i did the if($_SESSION['customer_id'] == $row['customer_id']) it showed the edit/delete up but it let me edit everyones from a customer acct. Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-360999 Share on other sites More sharing options...
MadTechie Posted October 3, 2007 Share Posted October 3, 2007 Maybe see comments <table width="100%" border="0" cellspacing="0" cellpadding="4" class="tblList"> <tr class="songTitle"> <td width="20%">Time</td> <td width="30%">Comment</td> <td width="20%">Mood</td> <td width="20%">Customer</td> <td width="20%">Delete\Edit</td> </tr> <?php //updated if($results > 0){ for ($i=0; $i<count($results); $i++){ ?> <tr> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['time']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['comment']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['mood']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"> <?php echo $results[$i]['customer_id']; ?></span></td> <?php //changed //if($_GET['customer_id']==$db->mySQLSafe($_POST['edit']) ) //I think.. kinda hard to read your code if($_GET['customer_id']==$db->mySQLSafe($_POST['edit']) && $_GET['customer_id']==$results[$i]['customer_id'] ) { ?> <td align="center" width="10%" class="tdlisting"><a href="?delete=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Delete</a>\<a href="?edit=<?php echo $results[$i]['comment_id']; ?>&customer_id=<?php echo $results[$i]['customer_id']; ?>&productId=<?php echo $results[$i]['productId']; ?>&comment_id=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Edit</a> </td> <?php }else{ echo '<td align="center" width="10%" class="tdlisting"> Nope! </td>';}?> </tr> <?php } // end loop ?> </table> Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-361002 Share on other sites More sharing options...
trq Posted October 3, 2007 Share Posted October 3, 2007 Does $_SESSION['customer_id'] have a value? ie: Are your users logged in somehow? Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-361004 Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 yes the users r logged in... Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-361027 Share on other sites More sharing options...
MadTechie Posted October 3, 2007 Share Posted October 3, 2007 how does the system know their logged inn!!!! is their user id stored some where ? Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-361032 Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 ok here is is. they are logged in thru the sessions page. There is 2 includes that are on this page to let the page know that they are logged in. include_once("../includes/sessionStart.inc.php"); include_once("../includes/session.inc.php"); now i use these data base names for the comment page and the session page This is the comment db comment_id customer_id this is the session db sessid customer_id (well there is more than this but i dont think those others matter) Link to comment https://forums.phpfreaks.com/topic/71703-how-would-i/#findComment-361043 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.