On the members area of my site, if you are an administrator it will show admin links. If your not admin, then no links will be showed.
I want the Non admin Users have the the option to edit or delete themselfs from the members area.
Heres edit_user.php::
<?php # Script 9.3 - edit_user.php
// This page is for editing a user record.
// This page is accessed through view_users.php.
$page_title = 'Edit a User';
require_once ('includes/config.inc.php');
include ('includes/header.html');
// If no first_name session variable exists, redirect the user:
if (!isset($_SESSION['first_name'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
echo '<h1>Edit a User</h1>';
// Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php
$id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
$id = $_POST['id'];
} else { // No valid ID, kill the script.
echo '<p class="error">This Page Has Been Accessed In Error.</p>';
include ('includes/footer.html');
exit();
}
require_once ('mysqli_connect.php');
// Check if the form has been submitted:
if (isset($_POST['submitted'])) {
$errors = array();
// Check for a first name:
if (empty($_POST['first_name'])) {
$errors[] = 'You Forgot To Enter Your First Name.';
} else {
$fn = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
}
// Check for a last name:
if (empty($_POST['last_name'])) {
$errors[] = 'You Forgot To Enter Your Last Name.';
} else {
$ln = mysqli_real_escape_string($dbc, trim($_POST['last_name']));
}
// Check for a city:
if (empty($_POST['city'])) {
$errors[] = 'You Forgot To Enter Your City.';
} else {
$c = mysqli_real_escape_string($dbc, trim($_POST['city']));
}
// Check for a state:
if (empty($_POST['state'])) {
$errors[] = 'You Forgot To Enter Your State.';
} else {
$st = mysqli_real_escape_string($dbc, trim($_POST['state']));
}
// Check for a zip:
if (empty($_POST['zip'])) {
$errors[] = 'You Forgot To Enter Your Zip Code.';
} else {
$z = mysqli_real_escape_string($dbc, trim($_POST['zip']));
}
// Check for an email address:
if (empty($_POST['email'])) {
$errors[] = 'You Forgot To Enter Your Email Address.';
} else {
$e = mysqli_real_escape_string($dbc, trim($_POST['email']));
}
$user_level = $_POST['user_level'];
if (empty($errors)) { // If everything's OK.
// Test for unique email address:
$q = "SELECT user_id FROM users WHERE email='$e' AND user_id != $id";
$r = @mysqli_query($dbc, $q);
if (mysqli_num_rows($r) == 0) {
// Make the query:
$q = "UPDATE users SET first_name='$fn', last_name='$ln', city='$c', state='$st', zip='$z', email='$e', user_level='$user_level' WHERE user_id=$id LIMIT 1";
$r = @mysqli_query ($dbc, $q);
if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
// Print a message:
echo '<p><font color="red">The User Has Been Edited</font></p>';
} else { // If it did not run OK.
echo '<p class="error">The User Could Not Be Edited Due To A System Error. We Apologize For Any Inconvenience.</p>'; // Public message.
echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message.
}
} else { // Already registered.
echo '<p class="error">The Email Address Has Already Been Registered.</p>';
}
} else { // Report the errors.
echo '<p class="error">The Following Error(s) Occurred:<br />';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br />\n";
}
echo '</p><p>Please Try Again.</p>';
} // End of if (empty($errors)) IF.
} // End of submit conditional.
// Always show the form...
// Retrieve the user's information:
$q = "SELECT first_name, last_name, city, state, zip, email, user_level FROM users WHERE user_id=$id";
$r = @mysqli_query ($dbc, $q);
if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.
// Get the user's information:
$row = mysqli_fetch_array ($r, MYSQLI_NUM);
// Create the form:
echo '<form action="edit_user.php" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="15" value="' . $row[0] . '" /></p>
<p>Last Name: <input type="text" name="last_name" size="15" maxlength="30" value="' . $row[1] . '" /></p>
<p>City: <input type="text" name="city" size="15" maxlength="25" value="' . $row[2] . '" /></p>
<p>State: <input type="text" name="state" size="15" maxlength="2" value="' . $row[3] . '" /></p>
<p>Zip Code: <input type="text" name="zip" size="15" maxlength="10" value="' . $row[4] . '" /></p>
<p>Email Address: <input type="text" name="email" size="20" maxlength="40" value="' . $row[5] . '" /> </p>
<label><input type="radio" name="user_level" value="1" id="admin_0"';
if($row['5'] == 1) {
echo 'checked';
}
echo '/>Administrator</label>
<br />
<label><input type="radio" name="user_level" value="0" id="admin_1"';
if($row['5'] == 0) {
echo 'checked';
}
echo '/>Regular User</label>
<br /><br />
<p><input type="submit" name="submit" value="Submit" /></p>
<input type="hidden" name="submitted" value="TRUE" />
<input type="hidden" name="id" value="' . $id . '" />
</form>';
} else { // Not a valid user ID.
echo '<p class="error">This page has been accessed in error.</p>';
}
mysqli_close($dbc);
include ('includes/footer.html');
?>
Heres Delete_user.php::
<?php # Script 9.2 - delete_user.php
// This page is for deleting a user record.
// This page is accessed through view_users.php.
$page_title = 'Delete a User';
require_once ('includes/config.inc.php');
include ('includes/header.html');
// If no first_name session variable exists, redirect the user:
if (!isset($_SESSION['first_name'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
echo '<h1>Delete a User</h1>';
// Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php
$id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
$id = $_POST['id'];
} else { // No valid ID, kill the script.
echo '<p class="error">This page has been accessed in error.</p>';
include ('includes/footer.html');
exit();
}
require_once ('mysqli_connect.php');
// Check if the form has been submitted:
if (isset($_POST['submitted'])) {
if ($_POST['sure'] == 'Yes') { // Delete the record.
// Make the query:
$q = "DELETE FROM users WHERE user_id=$id LIMIT 1";
$r = @mysqli_query ($dbc, $q);
if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
// Print a message:
echo '<p>The user has been deleted.</p>';
} else { // If the query did not run OK.
echo '<p class="error">The user could not be deleted due to a system error.</p>'; // Public message.
echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message.
}
} else { // No confirmation of deletion.
echo '<p>The user has NOT been deleted.</p>';
}
} else { // Show the form.
// Retrieve the user's information:
$q = "SELECT CONCAT(last_name, ', ', first_name) FROM users WHERE user_id=$id";
$r = @mysqli_query ($dbc, $q);
if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.
// Get the user's information:
$row = mysqli_fetch_array ($r, MYSQLI_NUM);
// Create the form:
echo '<form action="delete_user.php" method="post">
<h3>Name: ' . $row[0] . '</h3>
<p>Are you sure you want to delete this user?<br />
<input type="radio" name="sure" value="Yes" /> Yes
<input type="radio" name="sure" value="No" checked="checked" /> No</p>
<p><input type="submit" name="submit" value="Submit" /></p>
<input type="hidden" name="submitted" value="TRUE" />
<input type="hidden" name="id" value="' . $id . '" />
</form>';
} else { // Not a valid user ID.
echo '<p class="error">This page has been accessed in error.</p>';
}
} // End of the main submission conditional.
mysqli_close($dbc);
include ('includes/footer.html');
?>
