14 replies to this topic

[Tarquin]

I there people, I'm currently trying to learn PHP and have set up an admin panel whereby you can view members of your site, delete members of your site and add members to your site.

With the delete members part I have added a field in my table called 'user_level', with 1= Admin and 2= User. What I want is to be able to stop Admin from being deleted.

Could somebody tell me where I am going wrong with the user level code? Thank you.

<?php
require_once("Connections/connection.php"); //database connection //

session_start();
include("includes/security.php");

$id = $_SESSION['id'];

/////////////////////////////////////////
$user		=	$_POST['username'];
$password	=	$_POST['password'];
$email		=	$_POST['email'];
$submit		=	$_POST['submit'];
$del		=	$_GET['del'];
////////////////////////////////////////


///////////////////////////////
$query		=sprintf("SELECT * FROM users"); // * means all, so 'select all data from table 1 //
$result		=@mysql_query($query);
$row		=mysql_fetch_array($result);
////////////////////////////

if($row['user_level'] !=1){
}
if ($del){
//////////////
$query		= sprintf("DELETE FROM users where user_id='$del'");
			mysql_query($query) or die (mysql_error());
//////////////

}
?>

[curthard89]

put

//////////////
$query		= sprintf("DELETE FROM users where user_id='$del'");
			mysql_query($query) or die (mysql_error());
//////////////

inside

if($row['user_level'] !=1){
}

lol

Edited by curthard89, 21 May 2007 - 02:57 PM.

[Tarquin]

Your probably going to hate me after a while...

So like this....

///////////////////////////////
$query		=sprintf("SELECT * FROM users"); // * means all, so 'select all data from table 1 //
$result		=@mysql_query($query);
$row		=mysql_fetch_array($result);
////////////////////////////

if($row['user_level'] !=1){
//////////////
$query		= sprintf("DELETE FROM users where user_id='$del'");
			mysql_query($query) or die (mysql_error());
//////////////
}
if ($del){

}
?>

Its just that still doesn't work

[curthard89]

<?php
require_once("Connections/connection.php"); //database connection //

session_start();
include("includes/security.php");

$id = $_SESSION['id'];

/////////////////////////////////////////
$user = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$submit = $_POST['submit'];
$del = $_GET['del'];
////////////////////////////////////////


///////////////////////////////
$query =sprintf("SELECT * FROM users"); // * means all, so 'select all data from table 1 //
$result =@mysql_query($query);
$row =mysql_fetch_array($result);
////////////////////////////
if ($del){
if($row['user_level'] !=1){
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////
}
}

}
?>

[Tarquin]

Your a legend!

Seriously thank you so much, I have spent so long trying to figure it out!

...although I swear I did it that way before

Edited by Tarquin, 21 May 2007 - 03:10 PM.

[curthard89]

lol....its not hard lol....ah i love new ppl learning php

[Tarquin]

Actually, it works, but it works too well, you cant delete the normal users (user_level 2)

[curthard89]

<?php
require_once("Connections/connection.php"); //database connection //

session_start();
include("includes/security.php");

$id = $_SESSION['id'];

/////////////////////////////////////////
$user = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$submit = $_POST['submit'];
$del = $_GET['del'];
////////////////////////////////////////


///////////////////////////////
$query =sprintf("SELECT * FROM users"); // * means all, so 'select all data from table 1 //
$result =@mysql_query($query);
$row =mysql_fetch_array($result);
////////////////////////////
if ($del){
if($row['user_level'] === 2){
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////
}
}

}
?>

just play around with it

Edited by curthard89, 21 May 2007 - 03:14 PM.

[Demonslay]

You guys are real funny, not even noticing what you are doing here.

In the original code, you are pulling all members from the database, then grabbing the first result as an array. Then, you are seeing if that first member is an admin, and using that to base your delete function.

Here's how it should look.

<?php
require_once("Connections/connection.php"); //database connection //

session_start();
include('includes/security.php');

$id = (int)$_SESSION['id'];

$user  = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$submit = $_POST['submit'];
$del = (int)$_GET['del'];


$query = sprintf("SELECT * FROM `users` WHERE `user_id` = %d", $del);
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);

if(mysql_num_rows($result) == 0){
  if($row['user_level'] !=1){
    $query = sprintf("DELETE FROM `users` WHERE `user_id` = %d", $del);
    mysql_query($query) or die (mysql_error());
  }
  else{
    echo 'Sorry, you cannot delete an administrator!';
  }
}
else{
  echo 'Sorry, could not find member to delete!';
}
?>

[Tarquin]

But using that code I would not be able to view all the members of the website on the page.
Check out the attachment below, this is what I want to see... (ignore the crapness of it as I'm just messing around at the moment)

Then, when I click the delete checkbox if the user is a 'user' they get deleted, but if they are 'admin' they don't.

Attached Files

•  example1.jpg   76.58K   39 downloads

[Av-]

Safe yourself the trouble and try to put as much as possible in one query

<?php
require_once("Connections/connection.php"); //database connection //

session_start();
include('includes/security.php');

$id = (int)$_SESSION['id'];

$user = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$submit = $_POST['submit'];
$del = (int)$_GET['del'];

$query = mysql_query("DELETE FROM `users` WHERE (`user_id` = '$del' && `user_level` != '1') LIMIT 1");
print((mysql_affected_rows($query) == 1) ? 'Succesfully removed user' : 'Dont you touch no admins!');
?>

Let me know if it works

[Tarquin]

Nope, it comes up with
'Warning: mysql_affected_rows(): supplied argument is not a valid MySQL-Link resource in C:\wamp\www\dreamweaverclub\view_users.php on line 16'

[Av-]

$query = mysql_query("DELETE FROM `users` WHERE (`user_id` = '$del' && `user_level` != '1') LIMIT 1") or die(mysql_error());

Post what error it comes up with

[Tarquin]

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\wamp\www\dreamweaverclub\view_users.php on line 61

That is because of this;

<?php do { ?>
  <tr>
	<td bgcolor="#00FFFF"><input name="textfield" type="text" id="textfield" value="<?php echo $row['user_name']; ?>" /></td>
	<td bgcolor="#00FFFF"><input name="textfield2" type="text" id="textfield2" value="<?php echo $row['user_password']; ?>" /></td>
	<td bgcolor="#00FFFF"><label>
	  <input type="text" name="textfield3" id="textfield3" value="<?php echo $row['user_email']; ?>" />
	</label></td>
	<td height="43" align="center" bgcolor="#00FFFF"><input type="checkbox" name="level" id="del" onclick="document.location.href='view_users.php?del=<?php echo $row['user_id']?>'" /></td>
  </tr>
<?php }while ($query = mysql_fetch_array($result)); ?>	[b]< Line 61[/b]
</table>

Edited by Tarquin, 21 May 2007 - 05:30 PM.

[Demonslay]

Please read your code.

Notice you are assigning your mysql_fetch_array to the variable $query, then you are trying to grab things from $row...
Change it to this.

while($row = mysql_fetch_array($result));

Your code was also kind of ambiguous, since you were only showing us the delete part; thus the reason I changed your code the way I did. I assumed the first query was a verification that the user existed.

Either way, Av-'s code would be more accurate to your task at hand.