login.php
- Code: Select all
<?php
if(isset($_POST['submit'])){
$username = "put_your_username_here";
$password = "put_your_password_here";
if(empty($_POST['username'])){
// is username value empty
echo "Please enter a username";
}
elseif(empty($_POST['password'])){
// is password value empty
echo "Please enter a password";
}
elseif($_POST['username'] !== $username){
// does the username value match your username
echo "Invalid username";
}
elseif($_POST['password'] !== $password){
// does the password value match your password
echo "Invalid password";
}
else
{
// continue with login
// create the session and assign it to the username
$_SESSION['admin'] = $username;
echo "You are now logged in. <a href=\"panel.php\">Admin Panel</a>";
}
}
else
{
// the form hasn't been submitted so we will end the php and write the form out in html
// remember that this form will only be viewable if the user has not submitted the form
?>
<form action="login.php" method="post">
Username: <input type="text" name="username" size="30" /><br />
Password: <input type="password" name="password" size="30" /><br />
<input type="submit" name="submit" value="Login" />
</form>
<?php
// echo re open php and end the else
}
?>
Now to create the panel page, this is where all the links will be for the admin to edit and delete.
panel.php
- Code: Select all
<?php
if(isset($_SESSION['admin'])){
// get data for links
// select the id, author and quote columns from the database table
// and order by the id
$query = @mysql_query("SELECT id, author, quote FROM quotes ORDER BY id DESC");
// now we check if the query has run
if($query){
echo "<table>\n";
echo "<tr><td>ID</td><td>Author</td><td>Quote</td><td>Action</td></tr>\n";
while($row = mysql_fetch_array($query, MYSQL_ASSOC){
echo "<tr><td>" . $row['id'] . "</td><td>" . $row['author'] . "</td><td>" . $row['quote'] . "</td>\n";
echo "<td><a href=\"edit.php?id=" . $row['id'] . "\">Edit</a><br />\n
<a href=\"delete.php?id=" . $row['id'] . "\">Delete</a></td></tr>\n";
}
echo "</table>\n";
}
}
else
{
echo "You are not logged in and do not have permission to view this page.";
}
?>
Now in that page basically, we display some links for each quote so it is easier for the administrator to edit and delete quotes.
In those links we link to two files, edit.php and delete.php. We also specify the id in the url's so that we can use in both files so we know what to edit/delete. First, we will create edit.php.
edit.php
- Code: Select all
// check if an id has been specified and make sure it is a number
if(isset($_GET['id']) && is_numeric($_GET['id'])){
$id = $_GET['id'];
}
else
{
echo "No id has been specified.";
exit();
}
// select data from the database corresponding to the specified id
$query = @mysql_query("SELECT id, author, quote FROM quotes WHERE id='$id'");
if($query){
if(isset($_POST['submit'])){
if(empty($_POST['quote'])){
echo "Please enter a quote";
}
elseif(empty($_POST['author']))
{
echo "Please enter an author";
}
else
{
$author = $_POST['author'];
$quote = $_POST['quote'];
$update = @mysql_query("UPDATE quotes SET author='$author', SET quote='$quote', SET date='NOW()' WHERE id='$id'");
if($update){
echo "Updated, <a href=\"panel.php\">back to panel</a>";
}
else
{
echo "Could not update quote";
}
}
}
else
{
// no need to loop through the results because we will only have one
$row = mysql_fetch_array($query, MYSQL_ASSOC);
echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">";
echo "Author: <input type=\"text\" name=\"author\" value=\"" . $row['author'] . "\" size=\"30\" /><br />";
echo "Quote: <textarea name=\"quote\">" . $row['quote'] . "</textarea><br />";
echo "<input type=\"submit\" name=\"submit\" value=\"Update\" />";
echo "</form>";
}
}
else
{
echo "Could not retrieve any results";
}
In that, we fill out the form fields with current values from the database. Then when we run the $update query, we don't want to insert a new quote, so we update previous values where the id matches the id in the url.
Now for the deletion.
delete.php
- Code: Select all
// once agani, we check if an id has been specified and make sure it is a number
if(isset($_GET['id']) && is_numeric($_GET['id'])){
$id = $_GET['id'];
}
else
{
echo "No id has been specified.";
exit();
}
if(isset($_GET['confirm']) && $_GET['confirm'] == "yes" && isset($id)){
// if the user has confirmed the delete
$delete = @mysql_query("DELETE FROM quotes WHERE id='$id'");
if($delete){
echo "The quote has been deleted.";
}
}
else
{
$query = @mysql_query("SELECT id, author, quote FROM quotes WHERE id='$id'");
if($query){
// display the quote to let the admin know what he is deleting
$row = mysql_fetch_array($query, MYSQL_ASSOC);
echo "Author: " . $row['author'] . "<br />";
echo "Quote: " . $row['quote'] . "<br />";
echo "Delete this quote: <a href=\"delete.php?id=" . $id . "&confirm=yes\">Yes</a> | <a href=\"panel.php\">No</a>";
}
}
In this file, we use the data from the database to display the quote so the user has the choice to delete or not. If they press confirm, we re run the script and this time, if the confirm is set and is equal to "yes" then we delete all the data in the columns where the id is equal to the id in the url.
Mostly, the scripts are commented out but if you have questions, don't hesitate to ask.
Thanks for reading.
