PDA

View Full Version : How to NOT delete a user


Mark_W
05-20-2007, 12:05 PM
Hi once again,

After using the PHP - Beginners tutorial and the Log-in tutorial I have managed to create a small members page, whereby you can view the members of your site, add members to your site and delete members from your site. However, what I want to know, is there a way or piece of code to disable to deletion of a specific member?

So say for example I have two members, one called Admin and the other called John. You can delete John but NOT Admin.

Thanks for your help guys, this is the furthest I have managed to get with PHP and its all thanks to you.

davidj
05-20-2007, 09:56 PM
best way is to add a user_level field in your db
this carrys numeric level flags like 1=ADMIN 2=USER

so where you have your delete statement just wrap an IF around it

example...
IF($row['user_level'] !=1){

/// delete statement here
}

so what your saying is only delete the user if his access level is 2 which equals a user

Mark_W
05-20-2007, 10:39 PM
Hmm, I understand to a certain point what you mean, I have created the new field but I must be putting the php code in the wrong section.

Below is my delete section of the php code;

if ($del){
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////
}

///////////////////////////////
$query =sprintf("SELECT * FROM users"); // * means all, so 'select all data from table 1 //
$result =@mysql_query($query);
$row =mysql_fetch_array($result);
////////////////////////////


Which part do I wrap the tags around? I believe I have tried it on all of them, but still to no avail.

davidj
05-21-2007, 12:50 AM
you need your select to query first so it knows the user levels befor the delete is fired

so first place the select statement then place your delete under it.
the code should look like this...


/// select statement here

IF ($row['user_level'] !=1){

/// delete statement here
}

Mark_W
05-21-2007, 05:39 PM
I'm definitely doing something wrong here. Sorry about this.

This is the code I am using.

<?php
require_once("Connections/connection.php"); //database connection //

session_start();
include("includes/security.php");

$id = $_SESSION['id'];

/////////////////////////////////////////
$user = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$submit = $_POST['submit'];
$del = $_GET['del'];
////////////////////////////////////////


///////////////////////////////
$query =sprintf("SELECT * FROM users"); // * means all, so 'select all data from table 1 //
$result =@mysql_query($query);
$row =mysql_fetch_array($result);
////////////////////////////

if($row['user_level'] !=1){
}
if ($del){
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////

}
?>

davidj
05-22-2007, 09:05 AM
where you have ...


if($row['user_level'] !=1){
}
if ($del){
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////

}


you need to understand how an IF statement works. You cant just write stuff robotically and expect it to work.

remember an IF structure is like so...


if(///condition here){

///if condition is true run code in curly braces here...

}


lets look at what you have...


if($row['user_level'] !=1){
}
if ($del){
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////

}


look at the if which checks the user_level and tell me what code is going to run if the condition is true? remember you want this to run the delete statement if its true so how would you do that?

Mark_W
05-22-2007, 07:24 PM
I understand how an if statement works to a certain extent, my problem is when I want to an 'if this happens AND this happens then do this'.

I thought it would be something like this

if($row['user_level'] !=1 && ($del)){

//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////

}

However this doesn't work so its obviously wrong.

In response to your question I believe it to look like this;

if($row['user_level'] !=1 ){

if ($del){
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////

}
}

However I know that it doesn't work as I tested it.

I know how annoying this is, so I apologise once again.

davidj
05-23-2007, 09:32 AM
OK first you are not annoying and you have nothing to apologise for. I bow down to you for wanting to learn this properly.

lets debug this...

where you have...



if($row['user_level'] !=1 ){

if ($del){
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////

}
}



lets do this...

you need to see where its falling over and the best tool for the job is an echo

try this


if($row['user_level'] !=1 ){

echo "hello1";//<< this will echo if the first condition is met

if ($del){

echo "hello2";//<< this will echo if the second condition is met
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////

}
}


tell me what you see

Mark_W
05-23-2007, 03:56 PM
:confused: It doesn't echo anything for some reason.

The code then changes to this when I do what you asked;

/////////////////////////////////////////
$user = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$submit = $_POST['submit'];
$del = $_GET['del'];
////////////////////////////////////////


///////////////////////////////
$query =sprintf("SELECT * FROM users"); // * means all, so 'select all data from table 1 //
$result =@mysql_query($query);
$row =mysql_fetch_array($result);
////////////////////////////

if($row['user_level'] !=1 ){

echo "hello1";//<< this will echo if the first condition is met

if ($del){

echo "hello2";//<< this will echo if the second condition is met
//////////////
$query = sprintf("DELETE FROM users where user_id='$del'");
mysql_query($query) or die (mysql_error());
//////////////

}
} However, if I move the database query to below the delete query, as soon as I load the page it echos 'hello1', when I then proceed to delete a user (it doesnt matter if its a level 1 or 2 user), it echos 'hello1hello2'.

Which reminds me, I dont believe I have mentioned the code I am using on the table which shows the user information.
The code is;

</tr>
<?php do { ?>
<tr>
<td><?php echo $row['user_level']; ?></td>
<td><?php echo $row['user_name']; ?></td>
<td><?php echo $row['user_password']; ?></td>
<td><?php echo $row['user_email']; ?></td>
<td><label>
<input type="checkbox" name="checkbox" id="checkbox" onClick="document.location.href='_view_users.php?del=<?php echo $row['user_id']?>'" />
</label></td>
</tr>
<?php }while ($row = mysql_fetch_array($result)); ?>
</table>

Maybe one day I will look back at this thread and laugh at how hard I found this.

davidj
05-23-2007, 04:08 PM
im sorry

i just glances at the code but didnt read it properly

i can see whats wrong now...

you need to pass the user_level when you click the delete button

where you have

<input type="checkbox" name="checkbox" id="checkbox" onClick="document.location.href='_view_users.php?del=<?php echo $row['user_id']?>'" />



add this addition


<input type="checkbox" name="checkbox" id="checkbox" onClick="document.location.href='_view_users.php?del=<?php echo $row['user_id']; ?>&level=<?php echo $row['user_level']; ?>'" />


ok so now your passing the level of that user along with the delete flag

so now just catch the name and value pair by using a GET

we have defined the name of the var as level so we do this

$level = $_GET['level'];

then adjust your IF statement

if($level !=1){

Mark_W
05-23-2007, 04:21 PM
Yay! Thank you for helping me out with that David :)

Now I will have to try to stop with the PHP until I finish my A-Levels.

Thank you once again,

Mark