Gastenboek met admin (admin niet beveiligd)
Auteur: Analog - 29 augustus 2005 - 12:01 - Gekeurd door: nemesiskoen - Hits: 7103 - Aantal punten: (0 stemmen)
Een eenvoudig gastenboek met een admin gedeelte om te editen en te deleten.
Het admin gedeelte is verder niet beveiligd dat zou je er nog bij kunnen doen.
(omdat ik het script voor school moest maken is een groot gedeelte van het commentaar in het engels)
Query voor de database:
SQL-query:
CREATE TABLE `guestbook` (
`id` int( 11 ) NOT NULL AUTO_INCREMENT ,
`auteur` text NOT NULL ,
`email` text NOT NULL ,
`message` text NOT NULL ,
`datum` date NOT NULL default '0000-00-00',
UNIQUE KEY `id` ( `id` )
) TYPE = MYISAM ;
|
Code: |
<index.php>
<html>
<head>
<title>guestbook</title>
</head>
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
<?php
include('cnnct.php');
// Now select all (*) the fields from the table guestbook.
$queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC LIMIT 0,5");
// Start table
echo "<table border=\"1\" bordercolor='black'>";
// Print a nice header
echo "<tr>";
echo "<th><p>auteur</p></th>";
echo "<th><p>message</p></th>";
echo "<th><p>date</p></th>";
echo "</tr>";
// Print the contents of the table guestbook. The while loop will break
// there are no more rows. The rowData is an array with int as key.
while ($rowData = mysql_fetch_row($queryResult)) {
// Start row
echo "<tr>";
// Print the data
echo "<td><p>" . $rowData[1] . "</p></td>";
echo "<td><p>" . $rowData[3] . "</p></td>";
echo "<td><p>" . $rowData[4] . "</p></td>";
// End row
echo "</tr>";
}
// End table
echo "</table><br>";
echo "<hr>";
?>
<a href="add.php"><p>Add message</p></a>
</body>
</html>
<html> <head> <title>guestbook</title> </head> <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20"> <?php include('cnnct.php'); // Now select all (*) the fields from the table guestbook. $queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC LIMIT 0,5"); // Start table echo "<table border=\"1\" bordercolor='black'>"; // Print a nice header echo "<th><p>auteur</p></th>"; echo "<th><p>message</p></th>"; echo "<th><p>date</p></th>"; // Print the contents of the table guestbook. The while loop will break // there are no more rows. The rowData is an array with int as key. // Start row // Print the data echo "<td><p>" . $rowData[1] . "</p></td>"; echo "<td><p>" . $rowData[3] . "</p></td>"; echo "<td><p>" . $rowData[4] . "</p></td>"; // End row } // End table ?> <a href="add.php"><p>Add message</p></a> </body> </html>
<add.php>
<form action="addprocess.php" method="post">
Name:<br>
<input type="text" name="auteur" size="20"><br>
Email:<br>
<input type="text" name="email" size="30">
(will not be displayed)<br>
Message:<br>
<textarea name="message" rows="1" cols="40"></textarea><br>
<input name="submit" type="submit" value="Submit">
</form>
<form action="addprocess.php" method="post"> Name:<br> <input type="text" name="auteur" size="20"><br> Email:<br> <input type="text" name="email" size="30"> (will not be displayed)<br> Message:<br> <textarea name="message" rows="1" cols="40"></textarea><br> <input name="submit" type="submit" value="Submit"> </form>
<addprocess.php>
<html>
<head>
<title>Add records</title>
</head>
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
<?php
include('cnnct.php');
// Transfer to normal vars
$auteur = $_POST['auteur'];
$email = $_POST['email'];
$message = $_POST['message'];
if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');}
else {
// Date
$today = date("Y-m-d");
// Place data in database
$query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')";
$queryResult = mysql_query($query)
or die("<b>Adding the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
// If no errors occur adding the new record, display a 'thank you' message.
echo "Thank you " . $auteur . "!<br><br>";
include('index.php');
}
?>
</body>
</html>
<html> <head> <title>Add records</title> </head> <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20"> <?php include('cnnct.php'); // Transfer to normal vars $auteur = $_POST['auteur']; $email = $_POST['email']; $message = $_POST['message']; if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');} else { // Date // Place data in database $query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')"; // If no errors occur adding the new record, display a 'thank you' message. echo "Thank you " . $auteur . "!<br><br>"; include('index.php'); } ?> </body> </html>
<addadmin.php>
<form action="addprocessadmin.php" method="post">
Name:<br>
<input type="text" name="auteur" size="20"><br>
Email:<br>
<input type="text" name="email" size="30"><br>
Message:<br>
<textarea name="message" rows="1" cols="40"></textarea><br>
<input name="submit" type="submit" value="Submit">
</form>
<form action="addprocessadmin.php" method="post"> Name:<br> <input type="text" name="auteur" size="20"><br> Email:<br> <input type="text" name="email" size="30"><br> Message:<br> <textarea name="message" rows="1" cols="40"></textarea><br> <input name="submit" type="submit" value="Submit"> </form>
<addprocessadmin.php>
<html>
<head>
<title>Add records</title>
</head>
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
<?php
include('cnnct.php');
// Transfer to normal vars
$auteur = $_POST['auteur'];
$email = $_POST['email'];
$message = $_POST['message'];
if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');}
else {
// Date
$today = date("Y-m-d");
// Place data in database
$query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')";
$queryResult = mysql_query($query)
or die("<b>Adding the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
// If no errors occur adding the new record, display a 'thank you' message.
echo "Thank you " . $auteur . "!<br><br>";
include('indexadmin.php');
}
?>
</body>
</html>
<html> <head> <title>Add records</title> </head> <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20"> <?php include('cnnct.php'); // Transfer to normal vars $auteur = $_POST['auteur']; $email = $_POST['email']; $message = $_POST['message']; if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');} else { // Date // Place data in database $query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')"; // If no errors occur adding the new record, display a 'thank you' message. echo "Thank you " . $auteur . "!<br><br>"; include('indexadmin.php'); } ?> </body> </html>
<admindelete.php>
<html>
<head>
<title>delete message</title>
</head>
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
<?php
include('cnnct.php');
// Now select all (*) the fields from the table guestbook, only
// select the row with the specified id.
$queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id", $db)
or die(mysql_errno () . ": " . mysql_error());
// Fetch the data of the row.
$rowData = mysql_fetch_row($queryResult);
?>
<h1>Delete record (<?php echo $id; ?>):</h1>
Are you sure you want to delete this record:<br>
Name: <?php echo $rowData[1]; ?><br>
Email: <?php echo $rowData[2]; ?><br>
Message: <?php echo $rowData[3]; ?><br>
<form action="deleteprocess.php" method="post">
<!-- Used a hidden field for the id, so the user cannot modify this field -->
<input type="hidden" name="id" value="<?php echo $rowData[0]; ?>"><br>
<input name="submit" type="submit" value="Cancel">
<input name="submit" type="submit" value="Delete">
</form>
</body>
</html>
<html> <head> <title>delete message</title> </head> <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20"> <?php include('cnnct.php'); // Now select all (*) the fields from the table guestbook, only // select the row with the specified id. $queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id", $db) // Fetch the data of the row. ?> <h1>Delete record ( <?php echo $id; ?>):</h1> Are you sure you want to delete this record:<br> Name: <?php echo $rowData[1]; ?><br> Email: <?php echo $rowData[2]; ?><br> Message: <?php echo $rowData[3]; ?><br> <form action="deleteprocess.php" method="post"> <!-- Used a hidden field for the id, so the user cannot modify this field --> <input type="hidden" name="id" value=" <?php echo $rowData[0]; ?>"><br> <input name="submit" type="submit" value="Cancel"> <input name="submit" type="submit" value="Delete"> </form> </body> </html>
<deleteprocess.php>
<?php ob_start(); session_start(); ?>
<html>
<head>
<title>delete message</title>
</head>
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
<?php
If ($_POST['submit'] == 'Cancel') {
// If the user clicked cancel, rewrite the HTTP header and
// redirect the user to the list.
Header("Location: indexadmin.php");
}
else {
include('cnnct.php');
// First set some vars to make the SQL statement easier to read.
$id = $_POST['id'];
// Submit a sql command to the server: update record in the table guestbook
$queryResult = mysql_query("DELETE FROM guestbook WHERE id=$id")
or die("<b>Updating the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
// If no errors occur updating the record, display a 'thank you' message.
echo "The record is deleted!<br><br>";
}
?>
<a href="indexadmin.php">Back to the list</a>
</body>
</html>
<html> <head> <title>delete message</title> </head> <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20"> <?php If ($_POST['submit'] == 'Cancel') { // If the user clicked cancel, rewrite the HTTP header and // redirect the user to the list. Header("Location: indexadmin.php"); } else { include('cnnct.php'); // First set some vars to make the SQL statement easier to read. $id = $_POST['id']; // Submit a sql command to the server: update record in the table guestbook $queryResult = mysql_query("DELETE FROM guestbook WHERE id=$id") // If no errors occur updating the record, display a 'thank you' message. echo "The record is deleted!<br><br>"; } ?> <a href="indexadmin.php">Back to the list</a> </body> </html>
<adminedit.php>
<html>
<head>
<title>edit message</title>
</head>
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
<?php
$id = $_GET['id'];
include('cnnct.php');
// Now select all (*) the fields from the table guestbook, only
// select the row with the specified id.
$queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id")
or die(mysql_errno () . ": " . mysql_error());
// Fetch the data of the row.
$rowData = mysql_fetch_row($queryResult);
?>
<h1>Edit record (<?php echo $id; ?>):</h1>
<form action="editprocess.php" method="post">
<!-- Use a hidden field for the id, so the user cannot modify this field -->
<input type="hidden" name="id" value="<?php echo $rowData[0]; ?>"><br>
Name:<br>
<input type="text" name="auteur" size="40" value="<?php echo $rowData[1]; ?>"><br>
<br>
Email:<br>
<input type="text" name="email" size="40" value="<?php echo $rowData[2]; ?>"><br>
<br>
Message:<br>
<textarea name="message" rows="5" cols="40"><?php echo $rowData[3]; ?></textarea>
<br>
<input name="submit" type="submit" value="Cancel">
<input name="submit" type="submit" value="Update">
</form>
</body>
</html>
<html> <head> <title>edit message</title> </head> <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20"> <?php $id = $_GET['id']; include('cnnct.php'); // Now select all (*) the fields from the table guestbook, only // select the row with the specified id. $queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id") // Fetch the data of the row. ?> <h1>Edit record ( <?php echo $id; ?>):</h1> <form action="editprocess.php" method="post"> <!-- Use a hidden field for the id, so the user cannot modify this field --> <input type="hidden" name="id" value=" <?php echo $rowData[0]; ?>"><br> Name:<br> <input type="text" name="auteur" size="40" value=" <?php echo $rowData[1]; ?>"><br> <br> Email:<br> <input type="text" name="email" size="40" value=" <?php echo $rowData[2]; ?>"><br> <br> Message:<br> <textarea name="message" rows="5" cols="40"> <?php echo $rowData[3]; ?></textarea> <br> <input name="submit" type="submit" value="Cancel"> <input name="submit" type="submit" value="Update"> </form> </body> </html>
<editprocess.php>
<?php ob_start(); ?>
<html>
<head>
<title>edit message</title>
</head>
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
<?php
If ($_POST['submit'] == 'Cancel') {
// If the user clicked cancel, rewrite the HTTP header and
// redirect the user to the list.
Header('Location: indexadmin.php');
}
else {
$id = $_POST['id'];
include('cnnct.php');
// First set some vars to make the SQL statement easier to read.
$id = $_POST['id'];
$auteur = $_POST['auteur'];
$email = $_POST['email'];
$message = $_POST['message'];
// Submit a sql command to the server: update record in the table guestbook
$query = "UPDATE guestbook SET auteur='$auteur',email='$email',message='$message' WHERE id=$id";
$queryResult = mysql_query($query)
or die("<b>Updating the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
// If no errors occur updating the record, display a 'thank you' message.
echo "Thank you, the data is updated!<br><br>";
}
?>
<a href="inexadmin.php">Back to the list</a>
</body>
</html>
<html> <head> <title>edit message</title> </head> <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20"> <?php If ($_POST['submit'] == 'Cancel') { // If the user clicked cancel, rewrite the HTTP header and // redirect the user to the list. Header('Location: indexadmin.php'); } else { $id = $_POST['id']; include('cnnct.php'); // First set some vars to make the SQL statement easier to read. $id = $_POST['id']; $auteur = $_POST['auteur']; $email = $_POST['email']; $message = $_POST['message']; // Submit a sql command to the server: update record in the table guestbook $query = "UPDATE guestbook SET auteur='$auteur',email='$email',message='$message' WHERE id=$id"; // If no errors occur updating the record, display a 'thank you' message. echo "Thank you, the data is updated!<br><br>"; } ?> <a href="inexadmin.php">Back to the list</a> </body> </html>
<indexadmin.php>
<html>
<head>
<title>Example</title>
</head>
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
<h1>Show content:</h1>
<?php
include('cnnct.php');
// Now select all (*) the fields from the table guestbook.
$queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC");
// Start table
echo "<table border=\"1\">";
// Print a nice header
echo "<tr>";
echo "<th>id</th>";
echo "<th>auteur</th>";
echo "<th>email</th>";
echo "<th>message</th>";
echo "<th>date</th>";
echo "<th colspan=\"2\"></th>";
echo "</tr>";
// Print the contents of the table guestbook. The while loop will break
// there are no more rows. The rowData is an array with int as key.
while ($rowData = mysql_fetch_row($queryResult)) {
// Start row
echo "<tr>";
// Print the data
echo "<td>" . $rowData[0] . "</td>";
echo "<td>" . $rowData[1] . "</td>";
echo '<td><a href="mailto:"' . $rowData[2] . "</a>email</td>";
echo "<td>" . $rowData[3] . "</td>";
echo "<td>" . $rowData[4] . "</td>";
echo "<td><a href=\"adminedit.php?id=".$rowData[0]."\">edit</a></td>";
echo "<td><a href=\"admindelete.php?id=".$rowData[0]."\">delete</a></td>";
// End row
echo "</tr>";
}
// End table
echo '</table><br>';
echo '<a href="?pagina=add">Add message</a><br>';
if (isset($_GET['pagina']))
{
if($_GET['pagina']=='add')
{
include('addadmin.php'); }}
echo '<hr>';
// Print the totalrecords of the table guestbook.
$totalRecords = mysql_num_rows ($queryResult);
echo '<br><i>Total records: ' . $totalRecords . '</b><br><br>';
?>
</body>
</html>
<html> <head> <title>Example</title> </head> <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20"> <h1>Show content:</h1> <?php include('cnnct.php'); // Now select all (*) the fields from the table guestbook. $queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC"); // Start table echo "<table border=\"1\">"; // Print a nice header echo "<th colspan=\"2\"></th>"; // Print the contents of the table guestbook. The while loop will break // there are no more rows. The rowData is an array with int as key. // Start row // Print the data echo "<td>" . $rowData[0] . "</td>"; echo "<td>" . $rowData[1] . "</td>"; echo '<td><a href="mailto:"' . $rowData[2] . "</a>email</td>"; echo "<td>" . $rowData[3] . "</td>"; echo "<td>" . $rowData[4] . "</td>"; echo "<td><a href=\"adminedit.php?id=".$rowData[0]."\">edit</a></td>"; echo "<td><a href=\"admindelete.php?id=".$rowData[0]."\">delete</a></td>"; // End row } // End table echo '<a href="?pagina=add">Add message</a><br>'; if (isset($_GET['pagina'])) { if($_GET['pagina']=='add') { include('addadmin.php'); }} // Print the totalrecords of the table guestbook. echo '<br><i>Total records: ' . $totalRecords . '</b><br><br>'; ?> </body> </html>
<cnnct.php>
<?php
$username = "xxxxx"; //username invoeren
$password = "xxxxx"; //password invoeren
$host = "xxxxx"; //eigen host voor je sql (waarschijnlijk iets van sql.xxx.com
$dbnaam = "xxxxx"; //naam van je database (let op! niet van de tabel!)
$db = mysql_connect($host, $username, $password) or die (mysql_error());
mysql_select_db($dbnaam, $db) or die (mysql_error());
?>
<?php $username = "xxxxx"; //username invoeren $password = "xxxxx"; //password invoeren $host = "xxxxx"; //eigen host voor je sql (waarschijnlijk iets van sql.xxx.com $dbnaam = "xxxxx"; //naam van je database (let op! niet van de tabel!) ?>
Download code (.txt)
|
|
|
Stemmen |
Niet ingelogd. |
|