login  Naam:   Wachtwoord: 
Registreer je!
 Scripts:

Scripts > PHP > Gastenboeken > Gastenboek met admin (admin niet beveiligd)

Gastenboek met admin (admin niet beveiligd)

Auteur: Analog - 29 augustus 2005 - 12:01 - Gekeurd door: nemesiskoen - Hits: 6972 - Aantal punten: (0 stemmen)



Een eenvoudig gastenboek met een admin gedeelte om te editen en te deleten.
Het admin gedeelte is verder niet beveiligd dat zou je er nog bij kunnen doen.

(omdat ik het script voor school moest maken is een groot gedeelte van het commentaar in het engels)

Query voor de database:
SQL-query:
CREATE TABLE `guestbook` (
`id` int( 11 ) NOT NULL AUTO_INCREMENT ,
`auteur` text NOT NULL ,
`email` text NOT NULL ,
`message` text NOT NULL ,
`datum` date NOT NULL default '0000-00-00',
UNIQUE KEY `id` ( `id` )
) TYPE = MYISAM ;

Code:
<index.php>
  1. <html>
  2. <head>
  3. <title>guestbook</title>
  4. </head>
  5.  
  6. <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
  7.  
  8. <?php
  9. include('cnnct.php');
  10.  
  11. // Now select all (*) the fields from the table guestbook.
  12. $queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC LIMIT 0,5");
  13.  
  14. // Start table
  15. echo "<table border=\"1\" bordercolor='black'>";
  16.  
  17. // Print a nice header
  18. echo "<tr>";
  19. echo "<th><p>auteur</p></th>";
  20. echo "<th><p>message</p></th>";
  21. echo "<th><p>date</p></th>";
  22. echo "</tr>";
  23.  
  24.  
  25.  
  26. // Print the contents of the table guestbook. The while loop will break
  27. // there are no more rows. The rowData is an array with int as key.
  28. while ($rowData = mysql_fetch_row($queryResult)) {
  29.  
  30. // Start row
  31. echo "<tr>";
  32.  
  33. // Print the data
  34. echo "<td><p>" . $rowData[1] . "</p></td>";
  35. echo "<td><p>" . $rowData[3] . "</p></td>";
  36. echo "<td><p>" . $rowData[4] . "</p></td>";
  37.  
  38. // End row
  39. echo "</tr>";
  40. }
  41.  
  42. // End table
  43. echo "</table><br>";
  44.  
  45. echo "<hr>";
  46.  
  47.  
  48.  
  49. ?>
  50. <a href="add.php"><p>Add message</p></a>
  51.  
  52. </body>
  53. </html>


<add.php>
  1. <form action="addprocess.php" method="post">
  2. Name:<br>
  3. <input type="text" name="auteur" size="20"><br>
  4. Email:<br>
  5. <input type="text" name="email" size="30">
  6. (will not be displayed)<br>
  7. Message:<br>
  8. <textarea name="message" rows="1" cols="40"></textarea><br>
  9. <input name="submit" type="submit" value="Submit">
  10. </form>


<addprocess.php>
  1. <html>
  2. <head>
  3. <title>Add records</title>
  4. </head>
  5.  
  6. <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
  7.  
  8. <?php
  9. include('cnnct.php');
  10. // Transfer to normal vars
  11. $auteur = $_POST['auteur'];
  12. $email = $_POST['email'];
  13. $message = $_POST['message'];
  14.  
  15. if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');}
  16. else {
  17.  
  18. // Date
  19. $today = date("Y-m-d");
  20.  
  21. // Place data in database
  22. $query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')";
  23. $queryResult = mysql_query($query)
  24. or die("<b>Adding the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
  25.  
  26. // If no errors occur adding the new record, display a 'thank you' message.
  27. echo "Thank you " . $auteur . "!<br><br>";
  28. include('index.php');
  29. }
  30. ?>
  31.  
  32. </body>
  33. </html>


<addadmin.php>
  1. <form action="addprocessadmin.php" method="post">
  2. Name:<br>
  3. <input type="text" name="auteur" size="20"><br>
  4. Email:<br>
  5. <input type="text" name="email" size="30"><br>
  6. Message:<br>
  7. <textarea name="message" rows="1" cols="40"></textarea><br>
  8. <input name="submit" type="submit" value="Submit">
  9. </form>



<addprocessadmin.php>
  1. <html>
  2. <head>
  3. <title>Add records</title>
  4. </head>
  5.  
  6. <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
  7.  
  8. <?php
  9. include('cnnct.php');
  10. // Transfer to normal vars
  11. $auteur = $_POST['auteur'];
  12. $email = $_POST['email'];
  13. $message = $_POST['message'];
  14.  
  15. if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');}
  16. else {
  17.  
  18. // Date
  19. $today = date("Y-m-d");
  20.  
  21. // Place data in database
  22. $query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')";
  23. $queryResult = mysql_query($query)
  24. or die("<b>Adding the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
  25.  
  26. // If no errors occur adding the new record, display a 'thank you' message.
  27. echo "Thank you " . $auteur . "!<br><br>";
  28. include('indexadmin.php');
  29. }
  30. ?>
  31.  
  32. </body>
  33. </html>


<admindelete.php>
  1. <html>
  2. <head>
  3. <title>delete message</title>
  4. </head>
  5.  
  6. <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
  7.  
  8. <?php
  9.  
  10. include('cnnct.php');
  11.  
  12. // Now select all (*) the fields from the table guestbook, only
  13. // select the row with the specified id.
  14. $queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id", $db)
  15. or die(mysql_errno () . ": " . mysql_error());
  16.  
  17. // Fetch the data of the row.
  18. $rowData = mysql_fetch_row($queryResult);
  19.  
  20. ?>
  21.  
  22. <h1>Delete record (<?php echo $id; ?>):</h1>
  23.  
  24. Are you sure you want to delete this record:<br>
  25. Name: <?php echo $rowData[1]; ?><br>
  26. Email: <?php echo $rowData[2]; ?><br>
  27. Message: <?php echo $rowData[3]; ?><br>
  28.  
  29. <form action="deleteprocess.php" method="post">
  30. <!-- Used a hidden field for the id, so the user cannot modify this field -->
  31. <input type="hidden" name="id" value="<?php echo $rowData[0]; ?>"><br>
  32. <input name="submit" type="submit" value="Cancel">
  33. <input name="submit" type="submit" value="Delete">
  34. </form>
  35.  
  36. </body>
  37. </html>


<deleteprocess.php>
  1. <?php ob_start(); session_start(); ?>
  2. <html>
  3. <head>
  4. <title>delete message</title>
  5. </head>
  6.  
  7. <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
  8.  
  9. <?php
  10.  
  11. If ($_POST['submit'] == 'Cancel') {
  12. // If the user clicked cancel, rewrite the HTTP header and
  13. // redirect the user to the list.
  14. Header("Location: indexadmin.php");
  15. }
  16. else {
  17.  
  18. include('cnnct.php');
  19. // First set some vars to make the SQL statement easier to read.
  20. $id = $_POST['id'];
  21.  
  22. // Submit a sql command to the server: update record in the table guestbook
  23. $queryResult = mysql_query("DELETE FROM guestbook WHERE id=$id")
  24. or die("<b>Updating the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
  25.  
  26. // If no errors occur updating the record, display a 'thank you' message.
  27. echo "The record is deleted!<br><br>";
  28. }
  29.  
  30. ?>
  31.  
  32. <a href="indexadmin.php">Back to the list</a>
  33.  
  34. </body>
  35. </html>


<adminedit.php>
  1. <html>
  2. <head>
  3. <title>edit message</title>
  4. </head>
  5.  
  6. <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
  7.  
  8. <?php
  9.  
  10. $id = $_GET['id'];
  11.  
  12. include('cnnct.php');
  13.  
  14.  
  15. // Now select all (*) the fields from the table guestbook, only
  16. // select the row with the specified id.
  17. $queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id")
  18. or die(mysql_errno () . ": " . mysql_error());
  19.  
  20. // Fetch the data of the row.
  21. $rowData = mysql_fetch_row($queryResult);
  22.  
  23. ?>
  24.  
  25. <h1>Edit record (<?php echo $id; ?>):</h1>
  26.  
  27. <form action="editprocess.php" method="post">
  28. <!-- Use a hidden field for the id, so the user cannot modify this field -->
  29. <input type="hidden" name="id" value="<?php echo $rowData[0]; ?>"><br>
  30. Name:<br>
  31. <input type="text" name="auteur" size="40" value="<?php echo $rowData[1]; ?>"><br>
  32. <br>
  33. Email:<br>
  34. <input type="text" name="email" size="40" value="<?php echo $rowData[2]; ?>"><br>
  35. <br>
  36. Message:<br>
  37. <textarea name="message" rows="5" cols="40"><?php echo $rowData[3]; ?></textarea>
  38. <br>
  39. <input name="submit" type="submit" value="Cancel">
  40. <input name="submit" type="submit" value="Update">
  41. </form>
  42.  
  43. </body>
  44. </html>


<editprocess.php>
  1. <?php ob_start(); ?>
  2. <html>
  3. <head>
  4. <title>edit message</title>
  5. </head>
  6.  
  7. <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
  8.  
  9. <?php
  10.  
  11. If ($_POST['submit'] == 'Cancel') {
  12. // If the user clicked cancel, rewrite the HTTP header and
  13. // redirect the user to the list.
  14. Header('Location: indexadmin.php');
  15. }
  16. else {
  17.  
  18. $id = $_POST['id'];
  19.  
  20. include('cnnct.php');
  21.  
  22. // First set some vars to make the SQL statement easier to read.
  23. $id = $_POST['id'];
  24. $auteur = $_POST['auteur'];
  25. $email = $_POST['email'];
  26. $message = $_POST['message'];
  27.  
  28. // Submit a sql command to the server: update record in the table guestbook
  29. $query = "UPDATE guestbook SET auteur='$auteur',email='$email',message='$message' WHERE id=$id";
  30. $queryResult = mysql_query($query)
  31. or die("<b>Updating the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
  32.  
  33. // If no errors occur updating the record, display a 'thank you' message.
  34. echo "Thank you, the data is updated!<br><br>";
  35. }
  36.  
  37. ?>
  38.  
  39. <a href="inexadmin.php">Back to the list</a>
  40.  
  41. </body>
  42. </html>


<indexadmin.php>
  1. <html>
  2. <head>
  3. <title>Example</title>
  4. </head>
  5.  
  6. <body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
  7.  
  8. <h1>Show content:</h1>
  9.  
  10. <?php
  11. include('cnnct.php');
  12.  
  13. // Now select all (*) the fields from the table guestbook.
  14. $queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC");
  15.  
  16. // Start table
  17. echo "<table border=\"1\">";
  18.  
  19. // Print a nice header
  20. echo "<tr>";
  21. echo "<th>id</th>";
  22. echo "<th>auteur</th>";
  23. echo "<th>email</th>";
  24. echo "<th>message</th>";
  25. echo "<th>date</th>";
  26. echo "<th colspan=\"2\"></th>";
  27. echo "</tr>";
  28.  
  29.  
  30.  
  31. // Print the contents of the table guestbook. The while loop will break
  32. // there are no more rows. The rowData is an array with int as key.
  33. while ($rowData = mysql_fetch_row($queryResult)) {
  34.  
  35. // Start row
  36. echo "<tr>";
  37.  
  38. // Print the data
  39. echo "<td>" . $rowData[0] . "</td>";
  40. echo "<td>" . $rowData[1] . "</td>";
  41. echo '<td><a href="mailto:"' . $rowData[2] . "</a>email</td>";
  42. echo "<td>" . $rowData[3] . "</td>";
  43. echo "<td>" . $rowData[4] . "</td>";
  44. echo "<td><a href=\"adminedit.php?id=".$rowData[0]."\">edit</a></td>";
  45. echo "<td><a href=\"admindelete.php?id=".$rowData[0]."\">delete</a></td>";
  46.  
  47. // End row
  48. echo "</tr>";
  49. }
  50.  
  51. // End table
  52. echo '</table><br>';
  53.  
  54. echo '<a href="?pagina=add">Add message</a><br>';
  55.  
  56. if (isset($_GET['pagina']))
  57. {
  58. if($_GET['pagina']=='add')
  59. {
  60. include('addadmin.php'); }}
  61. echo '<hr>';
  62.  
  63. // Print the totalrecords of the table guestbook.
  64. $totalRecords = mysql_num_rows ($queryResult);
  65. echo '<br><i>Total records: ' . $totalRecords . '</b><br><br>';
  66.  
  67. ?>
  68.  
  69. </body>
  70. </html>


<cnnct.php>
  1. <?php
  2. $username = "xxxxx"; //username invoeren
  3. $password = "xxxxx"; //password invoeren
  4. $host = "xxxxx"; //eigen host voor je sql (waarschijnlijk iets van sql.xxx.com
  5. $dbnaam = "xxxxx"; //naam van je database (let op! niet van de tabel!)
  6. $db = mysql_connect($host, $username, $password) or die (mysql_error());
  7. mysql_select_db($dbnaam, $db) or die (mysql_error());
  8. ?>
Download code! Download code (.txt)

 Bekijk een voorbeeld van dit script!
 Stemmen
Niet ingelogd.

 Reacties
Post een reactie
Lees de reacties (2)
© 2002-2024 Sitemasters.be - Regels - Laadtijd: 0.132s