Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 8 of 8
  1. #1
    Junior Member
    Join Date
    Nov 2012
    Posts
    4
    Member #
    33788
    Maybe someone can help to correct this code
    PHP Code:
    <?
    if ($_GET['do'] == 'editdeladmin') {

        
    $id = ($_POST['id']);
          
    $username cleanuserinput($_POST['username']);
        
    $password cleanuserinput($_POST['password']);
        
    $rpassword cleanuserinput($_POST['rpassword']);
        
    $pass md5($_POST['password']);

        if (
    $_POST['delete']){
            
    mysql_query("delete from admin where id='".$id."'");
            print 
    '<center><font color=black>Admin has been deleted!</font><br>';
        }

        if (
    $_POST['edit']) {

            
    //Make sure username isn't blank
            
    if (!$username){
                
    $error .= '<font color=red>Sorry, the username was empty.</font><br>';
            }
            
    //Make sure password isn't blank
            
    if (!$password){
                
    $error .= '<font color=red>Sorry, your password was empty.</font><br>';
            }
            
    //Make sure both passwords match
            
    if ($password != $rpassword) {
            
    $error .= '<font color=red>Passwords Doesn\'t Match!</font><br>';
            }
            
    //Check username length
            
    if (!ctype_alnum($username) || strlen($username) < || strlen($username) > 15) {
            
    $error .= '<font color=red>Username must be between 4-15 characters!</font><br>';
            }
            
    //Check password length
            
    if (!ctype_alnum($password) || strlen($password) < || strlen($password) > 15) {
                
    $error .= '<font color=red>Password must be between 4-15 characters.</font><br>';
            }

        if (!
    $error){
            
    $sql_insert "UPDATE admin set username = '$username', password= '$pass' where id='".$id."'";
                
    $result mysql_query ($sql_insert) or DIE(mysql_error());
            print 
    "<center><font color=black>User "$_POST['username'] ." Has been edited.</font><br>";
        
            }
        
    $getview mysql_query("select * from admin where id='".$id."'");
        
    $admin mysql_fetch_array($getview);
     
    echo 
    $error "<form method='post'>
    <table>
    <h1>Edit Admin</h1>
        <tr><td><b>Username<font color=red>*</font></b></td><td><div><small>[ 4-15 characters ]</small></div><input name='username' type='text' maxlength='50' size='25' tabindex='1' value='"
    .$admin['username']."'></td></tr>
        <tr><td><b>Password<font color=red>*</font></b></td><td><div><small>[ 4-15 characters ]</small></div><input name='password' type='text' maxlength='50' size='25' tabindex='2' value=''></td></tr>
        <tr><td><b>Password 2<font color=red>*</font></b></td><td><input name='rpassword' type='text' maxlength='50' size='25' tabindex='3' value=''></td></tr>

            </table>

                <input type=hidden name=id value='"
    .$_POST['id']."'>
                <div align='center'><br><input type='submit' name='submit' tabindex='4' value='Submit'></div>

          </form>"
    ;
    } else {
    $getview mysql_query("select * from admin ");
    print
    " <table width=90%>
    <tr><th colspan=20>Current Admin</th></tr>
            <td>Admin Name</td>
            <td>Added Date</td>
            <td align=center>Action</td>
            </tr>"
    ;
     
        while (
    $row mysql_fetch_array($getview)){
            
    $date date('Y-m-d'$row['registered']);

            print 
    "
                    <td>"
    $row["username"] ."</td>
                    <td>
    {$date}</td>
                    <td align=center>
            <form method=POST>
                    <input name=id type=hidden value='"
    .$row['id']."'>
                    <input type=submit name=edit value='Edit'>
                    <input type=submit name=delete value='Delete'>
                </td>
                </form>
                </tr>"
    ;
     
        }
        print 
    "</table>";
    }

    } else {
        
    admin_wrong_file();
    }

    ?>

  2.  

  3. #2
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,717
    Member #
    5580
    Liked
    718 times
    Describe what does or does not work, any error messages you get, and if you have
    an online example of the script, or the form you display for entering the user/pass.

    Not enough information provided in your post to answer your question.


  4. #3
    Junior Member
    Join Date
    Nov 2012
    Posts
    4
    Member #
    33788
    If i hit Edit button i got these error before i click Submit

  5. #4
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,717
    Member #
    5580
    Liked
    718 times
    I think your problem has to do with having two submit buttons on one form.
    I would suspect some javascripting is needed as it won't know which
    button you clicked otherwise.

    If it were me, I would make the delete button separate.
    For deleting, you only need to know the ID number. After clicking that button,
    the script should ask a confirmation "Are you sure you want to delete?", and
    two buttons YES and NO.

    You don't need a form for the delete operations.
    myscript.php?id=123&action=d
    An ID and an action .... in this case d (delete).

    confirmation (YES) might be like:
    myscript.php?id=123&action=c

    If they click NO or cancel, it simply returns to the script without doing anything.

    With all of your scripting, I don't see any SESSION being used to
    verify the person executing the script is logged-in, or if they have
    a specific level of admin. Maybe you're only showing a small part
    of the scripting you have?


  6. #5
    Junior Member
    Join Date
    Nov 2012
    Posts
    4
    Member #
    33788
    With all of your scripting, I don't see any SESSION being used to
    verify the person executing the script is logged-in, or if they have
    a specific level of admin.
    I haven' t added them yet.
    Maybe you're only showing a small part of the scripting you have?
    This is all what I have.

  7. #6
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,717
    Member #
    5580
    Liked
    718 times
    I guess my answer is to not use two submit buttons in one form.

    I'm not sure where you'll go from there.
    You can try my version below ... untested.

    One problem is ...
    After you click either form submit button,
    you no longer have the $_GET variable.
    I'm not sure what is supposed to happen.
    I think there's other things missing.


    PHP Code:

    <?php

    if ($_GET['do'] == 'editdeladmin') {

        
    $id = ($_POST['id']);
          
    $username cleanuserinput($_POST['username']);
        
    $password cleanuserinput($_POST['password']);
        
    $rpassword cleanuserinput($_POST['rpassword']);
        
    $pass md5($_POST['password']);

        if (
    $_POST['delete']){
            
    mysql_query("delete from admin where id='".$id."'");
            print 
    '<center><font color=black>Admin has been deleted!</font><br>';
        }

        if (
    $_POST['edit']) {

            
    //Make sure username isn't blank
            
    if (!$username){
                
    $error .= '<font color=red>Sorry, the username was empty.</font><br>';
            }
            
    //Make sure password isn't blank
            
    if (!$password){
                
    $error .= '<font color=red>Sorry, your password was empty.</font><br>';
            }
            
    //Make sure both passwords match
            
    if ($password != $rpassword) {
            
    $error .= '<font color=red>Passwords Doesn\'t Match!</font><br>';
            }
            
    //Check username length
            
    if (!ctype_alnum($username) || strlen($username) < || strlen($username) > 15) {
            
    $error .= '<font color=red>Username must be between 4-15 characters!</font><br>';
            }
            
    //Check password length
            
    if (!ctype_alnum($password) || strlen($password) < || strlen($password) > 15) {
                
    $error .= '<font color=red>Password must be between 4-15 characters.</font><br>';
            }

        if (!
    $error){
            
    $sql_insert "UPDATE admin set username = '$username', password= '$pass' where id='".$id."'";
                
    $result mysql_query ($sql_insert) or DIE(mysql_error());
            print 
    "<center><font color=black>User "$_POST['username'] ." Has been edited.</font><br>";
        
            }
        
    $getview mysql_query("select * from admin where id='".$id."'");
        
    $admin mysql_fetch_array($getview);
     
    echo 
    $error "<form method='post'>
    <table>
    <h1>Edit Admin</h1>
        <tr><td><b>Username<font color=red>*</font></b></td><td><div><small>[ 4-15 characters ]</small></div><input name='username' type='text' maxlength='50' size='25' tabindex='1' value='"
    .$admin['username']."'></td></tr>
        <tr><td><b>Password<font color=red>*</font></b></td><td><div><small>[ 4-15 characters ]</small></div><input name='password' type='text' maxlength='50' size='25' tabindex='2' value=''></td></tr>
        <tr><td><b>Password 2<font color=red>*</font></b></td><td><input name='rpassword' type='text' maxlength='50' size='25' tabindex='3' value=''></td></tr>

            </table>

                <input type=hidden name=id value='"
    .$_POST['id']."'>
                <div align='center'><br><input type='submit' name='submit' tabindex='4' value='Submit'></div>

          </form>"
    ;
    } else {
    $getview mysql_query("select * from admin ");
    print
    " <table width=90%>
    <tr><th colspan=20>Current Admin</th></tr>
            <td>Admin Name</td>
            <td>Added Date</td>
            <td align=center>Action</td>
            </tr>"
    ;
     
        while (
    $row mysql_fetch_array($getview)){
            
    $date date('Y-m-d'$row['registered']);

            print 
    "
                    <td>"
    $row["username"] ."</td>
                    <td>
    {$date}</td>
                    <td align=center>
            <form method=POST>
                    <input name=id type=hidden value='"
    .$row['id']."'>
                    <input type=submit name=edit value='Edit'>
                </td>
                </form>
                </tr>"
    ;
     
     print 
    "
     <tr>
     <form method=POST>
     <td>
                    <input name=id type=hidden value='"
    .$row['id']."'>
                    <input type=submit name=delete value='Delete'>
                </td>
                </form>
                </tr>"
    ;
        }
        print 
    "</table>";
    }

    } else {
        
    admin_wrong_file();
    }

    ?>


  8. #7
    Junior Member
    Join Date
    Nov 2012
    Posts
    4
    Member #
    33788
    Still same result

  9. #8
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,717
    Member #
    5580
    Liked
    718 times
    It's not anything I can experiment and test on my own.
    You'll have to find someone (a scripting person) to help you with this.
    Someone that can access your website.



Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 01:20 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com