I have this code that allows a user to only delete his own topics. It's working but in the case that the user is not the one who posted the topic, he is still getting the message: Topic has been deleted, whereas he should get: You didnt make this topic.
The else statement isnt running.
if(isset($_SESSION['username']))
{
$uid = $_SESSION['uid'];
$id=$_GET['id'];
$check = mysql_query("SELECT * FROM topics WHERE id = '$id' AND topicCreator = '$uid'");
if($check){
$query1=mysql_query("delete FROM topics WHERE id='$id' AND topicCreator='$uid'");
echo "<p>Topic has been successfully deleted. <a href='index.php'>Click here to return to home page.</a>";
}
else{
echo "<p><b>ERROR: You didnt make this topic.";
}
}
I dont know why the else statement wont run.
$check is to see if the user who is logged in is the one who created the topic.
(PS: I'll switch to mysqli once this works.)
As the comments suggest, you can't check against the resource itself. Try:
if(isset($_SESSION['username'])) {
$uid = $_SESSION['uid'];
$id=$_GET['id'];
$check = mysql_query("SELECT * FROM topics WHERE id = '$id' AND topicCreator = '$uid'");
$count = mysql_num_rows($check);
if($count) {
// $count is greater than 1 hence TRUE
$query1=mysql_query("delete FROM topics WHERE id='$id' AND topicCreator='$uid'");
echo "<p>Topic has been successfully deleted. <a href='index.php'>Click here to return to home page.</a>";
} else{
// $count is 0 or FALSE - no rows returned
echo "<p><b>ERROR: You didnt make this topic.";
}
}
Related
i am making a code where the system checks if you are an 'Admin' or a 'SuperAdmin'.
i cant seem to make it loop everything to check if 'SuperAdmin' is in the 'user_type'
$sql = "SELECT * from users";
$result = mysqli_query($con,$sql);
while ($row2 = mysqli_fetch_array($result)) {
if ($row2['user_type'] != "SuperAdmin") {
echo "<script>window.alert('You do not have administrative
priviledges for this page!');
location.href='../admin_page.php';</script>";
} else {
}
}
window.alert("You do not have administrative priviledges for this page!"); location.href="../admin_page.php";';
} else {
}
?>
I believe you want to check if the current use is an "Admin" or a "SuperAdmin". In that case, you need to get the row for the current user using the UserID that you get after authenticating the user. Change your query and php code to something like:
$UserId = 111; //This is the user id from database you get on authenticating the user: e.g. 111.
$sql = "SELECT * from users WHERE UserId = ". $UserId;
$result = mysqli_query($con,$sql); //This should retrieve a single row, with details for the specific user.
while ($row2 = mysqli_fetch_array($result)) {
if !(($row2['user_type'] == "SuperAdmin")||($row2['user_type'] == "Admin")){
echo "<script>window.alert('You do not have administrative
priviledges for this page!');
location.href='../admin_page.php';</script>";
} else {
//Code to be executed if the user is an admin or a super admin
}
}
I am making a list in messages.php which displays all the active conversations the logged in user ($username) has.
What is classed as an "active conversation"? (What should be listed in the li..)
Assume I am logged in as Alice. Alice sends a message to Fred, this is an active conversation where the $username (Alice) is sending a message to $user (Fred).
Assume I am logged in as Alice. Fred sends a message to Alice. This is also an active conversation.
Summary: Any messages to $username (logged in user) and any messages from $usernameshould be listed, only ONCE.
Current behavior:
Currently, with the code displayed below, an li is being generated for every message I send (every row in the private_messages table relating to the $username).
For example:
Again, assume I am logged in as Alice.
Alice sends a message to Fred saying - "Hello Fred".
One list element is generated stating Fred's firstname.
If, as Alice, I send another message to Fred, it will still display one li element for Fred - Which is good, this is what I want, as the logged in user, I want to see the user I am taking with.
However, if I log off, sign in a Fred, and reply back to Alice, it will generate another li element, but this time with the logged in users credentials, so an li would be generated stating Fred's first name etc.
What I need is all this to be in one li since the conversation is between two people.
This is my current code:
<?php
$displayed = [];
// get number of messages from a specific user to the logged in user
$get_mess = mysqli_query ($connect, "SELECT * FROM private_messages WHERE message_to = '$username' AND message_from ='$user'");
$num_msgs = mysqli_num_rows($get_mess);
// getting all the conversations which concern the user logged on.
$con = mysqli_query ($connect, "SELECT * FROM private_messages WHERE message_from='$username' OR message_to='$username'");
while ($get_con = mysqli_fetch_assoc($con)){
$msg_from = $get_con['message_from'];
$msg_to = $get_con['message_to'];
// get other persons firstname
$u_name = mysqli_query($connect, "SELECT * FROM users WHERE username ='$msg_to'");
$get_cu = mysqli_fetch_assoc($u_name);
$got_ufn = $get_cu['first_name'];
$got_uln = $get_cu['last_name'];
if ($msg_to == $username || $msg_from == $username){
if(!in_array($msg_to, $displayed)) {
echo "<li class='list' role='presentation'>
<div class='parent'>
<div class='disp_pic'>
<img class='img-rounded' src='$profile_pic2'/>
</div>
<div class='user_d'>
<a href='messages.php?u=$msg_from'> $got_ufn $got_uln</a>
</div>";
if ($num_msgs == 0){
// dont display badge
}else {
echo "<span id='num_of_msgs_from' class='badge'>";
if ($user == $user){
$num_msgs == 0;
echo "$num_msgs </span>";
}else {
echo " $num_msgs </span>";
}
}
echo"
</div>
</li>";
$displayed[] = $msg_to;
}
}
} // while closed
?>
You need to get other user with something like this:
$other_user = ($msg_to == $username) ? $msg_from : $msg_to;
And full code will be like this:
<?php
$displayed = [];
// get number of messages from a specific user to the logged in user
$get_mess = mysqli_query ($connect, "SELECT * FROM private_messages ".
"WHERE message_to = '$username' AND message_from ='$user'");
$num_msgs = mysqli_num_rows($get_mess);
// getting all the conversations which concern the user logged on.
$con = mysqli_query ($connect, "SELECT * FROM private_messages ".
"WHERE message_from='$username' OR message_to='$username'");
while ($get_con = mysqli_fetch_assoc($con)){
$msg_from = $get_con['message_from'];
$msg_to = $get_con['message_to'];
$other_user = ($msg_to == $username) ? $msg_from : $msg_to;
// get other persons firstname
$u_name = mysqli_query($connect, "SELECT * FROM users ".
"WHERE username ='$other_user'");
$get_cu = mysqli_fetch_assoc($u_name);
$got_ufn = $get_cu['first_name'];
$got_uln = $get_cu['last_name'];
if ($msg_to == $username || $msg_from == $username){
if(!in_array($other_user, $displayed)) {
echo "<li class='list' role='presentation'>
<div class='parent'>
<div class='disp_pic'>
<img class='img-rounded' src='$profile_pic2'/>
</div>
<div class='user_d'>
<a href='messages.php?u=$other_user'> $got_ufn $got_uln</a>
</div>";
if ($num_msgs == 0){
// dont display badge
}else {
echo "<span id='num_of_msgs_from' class='badge'>";
if ($user == $user){
$num_msgs == 0;
echo "$num_msgs </span>";
}else {
echo " $num_msgs </span>";
}
}
echo"
</div>
</li>";
$displayed[] = $other_user;
}
}
} // while closed
?>
I have the following PHP code which is for a voting system of an app.
Its a Q&A app, and the user can vote for questions and answers that are posted.
In my php code, I first check if the user has voted for a specific question.
This would exist in the QVOTES table, with the email and the id of the question being voted for.
When performing this check, I am not sure of how to see if $result is an empty set, so as to submit the user's vote if they have not voted for the question yet.
How can i get this working? All help is greatly appreciated.
<?php
$con=mysqli_connect("127.2.1.1","S837","887","D887");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$qid = $_POST['qid'];
$email = $_POST['email'];
$result = mysqli_query($con, "SELECT * FROM QVOTES WHERE QID = $qid AND EMAIL = '$email'");
if (!mysqli_num_rows($result) ){
if ($result = mysqli_query($con, "INSERT INTO QVOTES (QID, EMAIL) VALUES ($qid, '$email')")) {
mysqli_query($con, "Update QUESTIONS SET VOTES = VOTES +1 WHERE QID = $qid");
echo "Update successful";
} else{
echo "Update unsuccessful";
}
} else{
echo "null";
}
mysqli_close($con);
Actually you are doing in a wrong way. Please try to do like this:-
<?php
$con=mysqli_connect("127.2.1.1","S837","887","D887");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$qid = $_POST['qid'];
$email = $_POST['email'];
$result = mysqli_query($con, "SELECT * FROM QVOTES WHERE QID = $qid AND EMAIL = $email") or die(mysqli_error($con)); // no need of extra quote
if ($result->num_rows == 0 ){ // means no vote-up done till now
$result = mysqli_query($con, "INSERT INTO QVOTES (QID, EMAIL) VALUES ($qid, $email)")or die(mysqli_error($con)); // insert
if($result){
echo "Vote Added successfully.";
} else{
echo "Error occur while adding vote.Please try again.";
}
} else{
$result = mysqli_query($con, "Update QUESTIONS SET VOTES = VOTES +1 WHERE QID = $qid AND EMAIL = $email")or die(mysqli_error($con)); // upddate
if($result){
echo "Vote updated successfully.";
} else{
echo "Error occur while updating vote.Please try again.";
}
}
mysqli_close($con);
Note:- I change message for better understanding. You can change according to your wish. thanks.
How to see if $result is an empty set?
From the docs:
Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE (Ref)
Use $result->num_rows if $result is not FALSE;
I want to delete columns in my sql, which is going with succes. But there is another problem, I need to solve. I've tried and checked here around. All with any kind of succes I will try to explain my problem.
I've a member system where you can add your content, edit you submitted content and now I'm creating to delete your content. My script can delete now post which are created by the same user as logged in. For example my account is called Bobby and someone is called Alex I cannot delete the content of Alex only mimes, thats what I want.
For example my content link of bobby : category.php?nameID=cat2&id=22 And the delete link is deletepost.php?id=22
EX. content link Alex:
category.php?nameID=cat2&id=23 And the delete link is deletepost.php?id=23
When I'm logged in as Bobby and I go to deletepost.php?id=23 and receive a message like You cannot delete this content!
And When I go to mimes deletepost.php?id=22 I need to receive a message like: Your content has been delete succesfully!
I'm only receive NO!
<?php
$user = new User();
if (isset($_GET['id'])) {
$id = mysql_real_escape_string($_GET['id']);
if(!$user->isLoggedIn()) {
Redirect::to('index.php');
}
if($user->isLoggedIn()) {
$pakuser = $user->data()->username;
$sql = mysql_query("DELETE FROM post
WHERE post.id = '$id' AND post.add = '$pakuser'")
or die(mysql_error());
if (!$sql) {
echo 'NO';
}
if ($sql) {
echo 'YES';
}
}
}
?>
Beside from the possible sql injections in your code, you can try this format for a delete query to determine the mistake:
<?php
$sql = "
DELETE FROM
post
WHERE
post.id = ".$id." AND post.add = '".$pakuser."'
";
if(!$res = mysql_query($sql))
{
trigger_error(mysql_error().'<br />In query: '.$sql);
}
elseif(mysql_affected_rows() == 0)
{
echo 'No records Deleted. <br />Query: '.$sql;
}
else
{
echo 'There are '.mysql_affected_rows().' records deleted.';
}
?>
Are you also sure that post.add is the username?
I'm really struggling with this now for a while and can't seem to get it working. In members.php (where I show all the registered users) I have a list printed out with a link "ADD TO FRIENDS" next to each user.
I managed, for testing purposes to display each members id well (so it gets the ID) but when I click the link it directs to the friends.php where it seems the fault is in. I don't know how to get that friend's id I clicked on IN THE friends.php file. Please have a look!
members.php
<?php
include 'connect.php';
include 'header.php';
if(isset($_SESSION['signed_in']) == false || isset($_SESSION['user_level']) != 1 )
{
//the user is not an admin
echo '<br/>';
echo 'Sorry! You have to be <b>logged in</b> to view all the <b>registered</b> members.';
echo '<br/><br/>';
}
else
{
echo '<h2>Registered users:</h2>';
$sql = "SELECT * FROM users ORDER BY user_name ASC";
$result = mysql_query($sql);
$num=mysql_numrows($result);
$i=0;
while ($i < $num)
{
//$name = mysql_result($result,$i,"user_name");
//$id = mysql_result($result,$i,"user_id");
//$picture = mysql_result($result,$i,"pic_location");
//?friend_id="'. $id .'
while($user = mysql_fetch_array($result)){
echo $user['user_name'].'<br/><br/>ADD TO FRIENDS<br/>';
echo $user['user_id'];
echo '<br/><br/>';
}
$i++;
}
///////////////////////////////
/// adding users as friends ///
///////////////////////////////
//while($user = mysql_fetch_array($result))
//echo $user['user_name'].'
//ADD TO FRIENDS<br/>';
//NOW I WANT TO MAKE A SPECIFIC "ADD AS FRIEND" LINK NEXT TO EACH USER
}
include 'footer.php';
?>
As I said I'm not sure how to get this so please have a look! Thanks!
J
friends.php
<?php
include "connect.php";
include "header.php";
if(isset($_SESSION['signed_in']) == false || isset($_SESSION['user_level']) != 1 )
{
//the user is not an admin
echo '<br/>';
echo 'Sorry! You have to be <b>logged in</b> if you want to add the person as a friend!';
echo '<br/><br/>';
}
else
{
$sql = "SELECT * FROM users";
$result = mysql_query($sql);
//friend_id is the ID of the friend that is clicked on...
//HOW DO I GET THAT ID THAT IS CLICKED ON IN THE WHILE "loop" in members.php?
$friends = ("INSERT INTO friends SET user_id='" . $_SESSION['user_id'] . "', friend_id='".$id."', status='0'");
$result_friends = mysql_query($friends);
if(!$friends)
{
//When you can't add this person as a friend this error will show!
echo 'You cannot add this user at this time. Please try again later!';
}
else
{
//When the friend is now added to the system!
echo 'Great! Now the user needs to approve before you can be friends!';
}
}
?>
On your friends.php use
$_GET['user_id']
Instead of $id, $id is undefined, to get the value of id from the query string you call it using an $_GET variable like,
$_GET['name_of_query_string_value']