restrictii pagina

Discutii despre script-uri si coduri PHP-MySQL, precum si lucru cu XML in PHP.
Avatar utilizator
evident
Mesaje:168

restrictii pagina

am facut o pagina in care userii sa intre sa stearga anunturile lor.
am facut asa:
pag_anunt_user.php

Cod: Selectaţi tot

<style type="text/css">
<!--
.style1 {font-weight: bold}
.style3 {
	font-family: Arial, Helvetica, sans-serif;
	font-weight: bold;
}
-->
</style>
<?php

include "connect_to_mysql.php";
$user = $_SESSION['username'];
$sql = mysql_query("SELECT id, titluanunt, textanunt, pret, moneda, categorie FROM anunturi WHERE nume='" .$user. "' ORDER BY id DESC");

$nr = mysql_num_rows($sql); 
if (isset($_GET['pn'])) { 
    $pn = preg_replace('#[^0-9]#i', '', $_GET['pn']);
    
} else { 
    $pn = 1;
}

$itemsPerPage = 10;

$lastPage = ceil($nr / $itemsPerPage);

if ($pn < 1) { 
    $pn = 1; 
} else if ($pn > $lastPage) { 
    $pn = $lastPage; 
}

$centerPages = "";
$sub1 = $pn - 1;
$sub2 = $pn - 2;
$add1 = $pn + 1;
$add2 = $pn + 2;
if ($pn == 1) {
    $centerPages .= '&nbsp; <span class="pagNumActive">' . $pn . '</span> &nbsp;';
    $centerPages .= '&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $add1 . '&id='.$user.'">' . $add1 . '</a> &nbsp;';
} else if ($pn == $lastPage) {
    $centerPages .= '&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $sub1 . '&id='.$user.'">' . $sub1 . '</a> &nbsp;';
    $centerPages .= '&nbsp; <span class="pagNumActive">' . $pn . '</span> &nbsp;';
} else if ($pn > 2 && $pn < ($lastPage - 1)) {
    $centerPages .= '&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $sub2 . '&id='.$user.'">' . $sub2 . '</a> &nbsp;';
    $centerPages .= '&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $sub1 . '&id='.$user.'">' . $sub1 . '</a> &nbsp;';
    $centerPages .= '&nbsp; <span class="pagNumActive">' . $pn . '</span> &nbsp;';
    $centerPages .= '&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $add1 . '&id='.$user.'">' . $add1 . '</a> &nbsp;';
    $centerPages .= '&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $add2 . '&id='.$user.'">' . $add2 . '</a> &nbsp;';
} else if ($pn > 1 && $pn < $lastPage) {
    $centerPages .= '&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $sub1 . '&id='.$user.'">' . $sub1 . '</a> &nbsp;';
    $centerPages .= '&nbsp; <span class="pagNumActive">' . $pn . '</span> &nbsp;';
    $centerPages .= '&nbsp; <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $add1 . '&id='.$user.'">' . $add1 . '</a> &nbsp;';
}

$limit = 'LIMIT ' .($pn - 1) * $itemsPerPage .',' .$itemsPerPage;

$sql2 = mysql_query("SELECT id, titluanunt, textanunt, pret, moneda, categorie, data_adaugari, expira FROM anunturi WHERE nume='" .$user. "' ORDER BY id DESC $limit");

$paginationDisplay = ""; 

if ($lastPage != "1"){
    
    $paginationDisplay .= 'Page <strong>' . $pn . '</strong> of ' . $lastPage. '&nbsp;  &nbsp;  &nbsp; ';
   
    if ($pn != 1) {
        $previous = $pn - 1;
        $paginationDisplay .=  '&nbsp;  <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $previous . '&id='.$cat.'"> Back</a> ';
    }
    
    $paginationDisplay .= '<span class="paginationNumbers">' . $centerPages . '</span>';
   
    if ($pn != $lastPage) {
        $nextPage = $pn + 1;
        $paginationDisplay .=  '&nbsp;  <a href="' . $_SERVER['PHP_SELF'] . '?pn=' . $nextPage . '&id='.$cat.'"> Next</a> ';
    }
}

$outputList = '';
while($row = mysql_fetch_array($sql2)) {

    $id = $row["id"];
    $textanunt = $row["textanunt"];
    $categorie = $row["categorie"];
	$titluanunt = $row["titluanunt"];
	$data_adaugari = $row["data_adaugari"];
	$expira = $row["expira"];
	$check_pic = "anunt/$id/poza.jpg";
    $default_pic = "anunt/0/poza.jpg";
    if (file_exists($check_pic)) {
    $user_pic = "<img src=\"$check_pic\" width=\"100px\" height=\"60\" border=\"0\" />"; 
    } else {
    $user_pic = "<img src=\"$default_pic\" width=\"100px\" height=\"60\" border=\"0\" />"; 
    }
	
   $textanunt=''.$row['textanunt'].'';
   $text = ucfirst($textanunt);
	$textanuntCut = substr($text, 0, 150);
	$titluanunt=''.$row['titluanunt'].'';
   $titlu = ucfirst($titluanunt);
	$titluanuntCut = substr($titlu, 0, 87);
	$pret = $row["pret"];
	$moneda = $row["moneda"];
	



   


    $outputList .= '<table width="100%" height="1%" border="0">
  <tr>
    <td valign="top"><table width="100%" border="0" bordercolor="#CC0000" bgcolor="#CC0000">
      <tr>
        <td width="74%" bordercolor="#CC0000" bgcolor="#CC0000"><span class="style3"><a href="anunt.php?id=' . $id . '" target="_blank"><font color="white"><b>' . $titluanuntCut . '</b></font></a></span></td>
        <td width="14%" bgcolor="#CC0000"><span class="style1"><a><span class="style3"><font color="white">' . $pret . ' ' . $moneda . '</font></span></a></span></td>
      </tr>
    </table>
	  <table width="100%" border="1" cellspacing="0" bordercolor="#CC0000">
        <tr>
          <td width="20%" rowspan="2"><div style="width="100" height="60" overflow:hidden;"><a href="anunt.php?id=' . $id . '" target="_blank">' . $user_pic . '</a>&nbsp;</td>
          <td colspan="2" valign="top">' . $textanuntCut . '&nbsp;</td>
        </tr>
        <tr>
          <td width="40%" height="20" valign="top"><span class="style3">Data adaugari: ' . $data_adaugari . '&nbsp;</span></td>
          <td width="40%" valign="top"><span class="style3">Expira la: ' . $expira . '&nbsp; </span></td>
        </tr>
      </table></td>
  </tr>
</table><form action="sterge.php" method="post" enctype="multipart/form-data">
<select name="sterge">
 <option value="' . $id . '">Sterge</option>
 </select>
<input type="submit" name="Sterge" value="sterge"/> </form>
';  



$outputList .= '';
   
}
iar stergere.php

Cod: Selectaţi tot

<?php
include 'connect_to_mysql.php';
$id = $_POST['sterge'];
mysql_query("DELETE FROM anunturi WHERE id='" .$id. "'");

?>
dar e o problema la acest script pentru ca daca cineva vrea sa faca un rau la site face un formular cum am facut eu la pag_anunt_user.php si imi sterge ce anunturi vrea el.
cum pot sa fac o restrictie in pagina sterge.php care sa nu fie afisata daca anuntul pe care il sterge nu este al userului care vrea sa stearga
Sper ca m-ati inteles
Multumesc.

claUdiu Mesaje:313
Daca la anunturi ai si numele celui care a postat, atunci poti sa faci un select dupa nume, sau daca il in sessiune e foarte bine. Cu acest nume faci un search in tabela cu anunturi dupa nume si id-ul din get:

WHERE postat_de = "NUME" AND id="ID"
Se spune ca...."omul tot invata in viata". Dar...Totusi...Trebie sa ne oprim undeva, nu?

evident Mesaje:168
aha...am inteles.fac asta in sterge.php ?
ceva de genu:

Cod: Selectaţi tot

<?php
include 'connect_to_mysql.php';
if (isset($_SESSION['username'])) {
$nume = $_SESSION['username'];
$id = $_POST['sterge'];
mysql_query("DELETE FROM anunturi WHERE nume='" .$nume. "' AND id='" .$id. "'");
}
else {echo "Anuntul nu iti apartine"}
?>
nu?

evident Mesaje:168
am facut asa:

Cod: Selectaţi tot

<?php
session_start();
include 'connect_to_mysql.php';
if (isset($_SESSION['username'])) {
$nume = $_SESSION['username'];
$id = $_POST['sterge'];
mysql_query("DELETE FROM anunturi WHERE nume='" .$nume. "' AND id='" .$id. "'");
}
else echo 'Anuntul nu va apartine';
?>
cred ca merge ca nu imi apare Anuntul nu va apartine si anuntul se sterge

claUdiu Mesaje:313
Incearca asa:

Cod: Selectaţi tot

<?php
include 'connect_to_mysql.php';

$select = mysql_query("SELECT * FROM anunturi WHERE nume = '$nume' AND id = '$id'");
$randuri = mysql_num_rows($select);

if($randuri == 1){
$sterge = mysql_query("DELETE FROM anunturi WHERE nume='" .$nume. "' AND id='" .$id. "'");
}else{
echo "Cred ca vrei sa stergi ceva ce nu-i al tau!"
}
?>
Pune tu variabila cu sesiunea.
Se spune ca...."omul tot invata in viata". Dar...Totusi...Trebie sa ne oprim undeva, nu?

evident Mesaje:168
Eu zic ca merge cum am facut eu mai sus.
Cu al tau imi zice doar Cred ca vrei sa stergi ceva ce nu-i al tau!
Multumesc

Subiecte similare