Admin, deleting rows.

Newbie567

Hey!
I'm having a couple of problems with my guestbook.
The first problem is that the delete buttom that is only
supposed to be shown when your logged in as admin, is
always shown.
The second problem is that when i try to delete a row using
the delete bottom the row doesnt get deleted.
If anyone of you can find any fauls in my code i would really
apricate it. Here is the code:

<?
session_start();

?>
<!doctype html public "-//W3C//DTD HTML 4.0 //EN">
<html>
<head>
       <title>Title here!</title>
</head>

<?
$adminuser = "";
$adminpassword = "";

//:::::::::::::::::::::::::::::::::::::::::::::::::::

?>

<body>

<form action = "<? echo $_SERVER['PHP_SELF']; ?>" method = "POST" name = "login">
Login:
<br>
Användarnamn:<input type = "text" name = "user"> <br>
Lösenord: <input type = "password" name = "password" > <br>
<input type = "submit" name = "login" >


<?

if(isset($_POST['login'])) {
$user = $_POST['user'];
$password = $_POST['password'];

if($user == $adminuser && $password == $adminpassword){
echo "Du är inloggad";
$_SESSION['Admin']= $user;
}
}

?>

<br>


<FORM ACTION = "<? echo $_SERVER['PHP_SELF'] ?>" METHOD = "POST" >
<pre>
<h1>Gästbok </h1>

Namn:  <input type = "text" name = "name">
Email: <input type = "text" name = "email" >

<textarea name = "message" cols = "38" rows = "9" wrap = "virtual" >
</textarea>

<input type = "submit" name = "submit">
</FORM>
</pre>
<?


If(isset($_POST['submit'])){

$conn = mysql_connect("localhost", "", "") or
        die("kunde inte ansluta");

mysql_select_db("db1", $conn);

$name=$_POST['name'];
$email=$_POST['email'];
$message=$_POST['message'];

$query = "insert into guestbook (name, email, message, date)
values ('$name', '$email', '$message',  NOW())";

mysql_query($query);

mysql_close($conn);

}

$conn = mysql_connect("localhost", "", "") or
        die("kunde inte ansluta");
mysql_select_db("db1", $conn);

$result = mysql_query("SELECT * FROM guestbook ORDER BY id DESC");

while($row =  mysql_fetch_array($result))
{
echo " <table width = '500' border = '2' cellspacing = '3' cellpadding = '2'>
<tr>
<td valign = 'left'>Namn: $row[1]</td>

<td valign = 'left'>Email: $row[2]</td>

<td valign = 'left'>Skickat: $row[4]</td>
</tr>
<tr valign = 'left'>
<td colspan = '3'> $row[3] </td></tr>
 ";
if(isset($_SESSION['Admin'])){
?>
<tr><td>
<form action = "<? echo $_SERVER['PHP_SELF']; ?>" method = "POST">
<input type = "submit" name = "radera" value = "Radera">
</tr></td></table>
<?
if(isset($_POST['radera'])){
$query = "DELETE FROM guestbook WHERE id = $row[id]";
mysql_query($query);
}
}

?>

<?}
mysql_close($conn);


?>

</body>
</html>

ereptur

I'm not very up on sessions, but wouldn't you use session_register("admin") instead of $_SESSION["admin"]

Newbie567

I tried that but it didnt seem to help.

ereptur

Then I would recommend using a test that returns true or false.
Then test if $isadmin is set to true or false later on.

if(isset($_POST['login'])) {
$user = $_POST['user'];
$password = $_POST['password'];

if($user == $adminuser && $password == $adminpassword){
echo "Du är inloggad";
$isadmin = true;
}
}