Php help needed

texasgamer · May 10, 2008

I have a very basic directory site in which people submit their sites too.
I have a very simple backend (admin.php) in which I can approve submitted links and then they get installed in the mysql database. The backend does not have any way to delete the links that I do not want. I can only approve the links.
Currently I have to approve the unwanted links and then, I log into cpanel and access the database and find the unwanted link and delete it. I need to add some code to my admin.php but am lacking the expertise to do this. Do I need to hire a php coder or is their a couple lines of code I can add?

Heres the php code I currently have in my admin.php

PHP:

<?
ob_start();

?>
<style>
* {
 	font-family: tahoma;
	font-size: 10pt;
	color: #000;
}
</style>
<?php

include("config.php");
$a = $_GET['action'];
$c = $_COOKIE['xxxx'];
$admin_pass = "xxxxxxxxxxxxxxx";
if($c!="") {
        print "<b>Admin</b><p>";
	print "<a href='admin.php?action=approve'>Approve Links</a><p>";
        print "<a href='/'>HOME</a><p>";
		if($a == "") {
 		print "Please choose a section from above!"; 
 	}
  	if($a == "approve") {
 		print "<table border=0 cellpadding=2 cellspacing=0 width=100%>
 		<tr>
 		<Td>Title</td>
 		<td>Category</td>
 		<td>URL</td>
 		<td>Description</td>
 		<td></td>
 		</tr>";
		 $sql = mysql_query("SELECT * FROM `directory` WHERE `approved`='0'");
		while($row = mysql_fetch_array($sql)) {
		 	extract($row);
		 	
		 	$sql2 = mysql_query("SELECT * FROM `directory_cats` WHERE `id`='$category'");
		 	while($row2 = mysql_fetch_array($sql2)) {
		 	 	$category_name = $row2["category"];
		 	}
			 	print "<tr>
		 	<td>$headline</td>
		 	<td>$category_name</td>
		 	<td>$url</td>
		 	<td>$description</td>
		 	<td><a href='admin.php?action=app&id=$id'>Approve</td>
		 	</tr>";
		} 
			print "</table>";
 	}
	if($a == "app") {
			$id = $_GET['id'];
				if($id) {
			 	mysql_query("UPDATE `directory` SET `approved`='1' WHERE `id`='$id'");
				 Header("Location: admin.php?action=approve");
			}
	}
}
else {
	$p = $_POST['password'];
		if($p!="") {
	 	if($p==$admin_pass) {
	 	 	if(setcookie("xxxx","xxxx",time()+3600)) {
	 	 	 	Header("Location: admin.php");
	 	 	}
	 	 	else {
	 	 	 	print "Cant Set Cookie";
	 	 	}
	 	}
	 	else {
	 	 	print "Wrong Password";
	 	}
	}
	else {
	?>
	<form action="admin.php" method="post">
	Type in a password: <input type="password" name="password" size="30"><p>
	<input type="submit" value="Login"></form>
	<? 
	} 
}
?>

-NC- · May 10, 2008

Something like this should do the job:
( untested, please back up your database before using )

PHP:

  <?
ob_start();

?>
<style>
* {
    font-family: tahoma;
    font-size: 10pt;
    color: #000;
}
</style>
<?php

include("config.php");
$a = $_GET['action'];
$c = $_COOKIE['xxxx'];
$admin_pass = "xxxxxxxxxxxxxxx";
if($c!="") {
        print "<b>Admin</b><p>";
    print "<a href='admin.php?action=approve'>Approve Links</a><p>";
        print "<a href='/'>HOME</a><p>";
        if($a == "") {
        print "Please choose a section from above!";
    }
    
    if($a == "delete" &&  isset($_GET['id']) )
    {
    	
    	$id = $_GET['id'];
    	
    	if( is_numeric( $id ) )
    	{
    		mysql_query("DELETE FROM `directory` WHERE `id`='$id' LIMIT 1");
    	}
    	
    	$a = "approve";
    }
    
    if($a == "approve") {
        print "<table border=0 cellpadding=2 cellspacing=0 width=100%>
        <tr>
        <Td>Title</td>
        <td>Category</td>
        <td>URL</td>
        <td>Description</td>
        <td></td>
        </tr>";
         $sql = mysql_query("SELECT * FROM `directory` WHERE `approved`='0'");
        while($row = mysql_fetch_array($sql)) {
             extract($row);
             
             $sql2 = mysql_query("SELECT * FROM `directory_cats` WHERE `id`='$category'");
             while($row2 = mysql_fetch_array($sql2)) {
                  $category_name = $row2["category"];
             }
                 print "<tr>
             <td>$headline</td>
             <td>$category_name</td>
             <td>$url</td>
             <td>$description</td>
             <td><a href='admin.php?action=app&id=$id'>Approve</a> | 
             	<a href='admin.php?action=delete&id=$id'>Delete</a></td>
             </tr>";
        }
            print "</table>";
    }
    if($a == "app") {
            $id = $_GET['id'];
                if($id) {
                 mysql_query("UPDATE `directory` SET `approved`='1' WHERE `id`='$id'");
                 Header("Location: admin.php?action=approve");
            }
    }
}
else {
    $p = $_POST['password'];
        if($p!="") {
         if($p==$admin_pass) {
              if(setcookie("xxxx","xxxx",time()+3600)) {
                   Header("Location: admin.php");
              }
              else {
                   print "Cant Set Cookie";
              }
         }
         else {
              print "Wrong Password";
         }
    }
    else {
    ?>
    <form action="admin.php" method="post">
    Type in a password: <input type="password" name="password" size="30"><p>
    <input type="submit" value="Login"></form>
    <?
    }
}
?>

Dave · May 10, 2008

That is very unsecure code...

All I would need to do is find out the name of the cookie and im in.

Keral_Patel · May 11, 2008

Just delete the login stuff and put this admin.php into some folder called "admin"

Password protect that folder via cpanel Password protected directories option.

The rest of the code can be secured or unsecured it doesn't matters.

texasgamer · May 12, 2008

NC thanks for the help. I still can not get this to work. I really do appreciate your help tho.
The original developer, of the site, saw this thread and has contacted and offered assistance!

Nick, I took your advice and secured the admin.php file in a password protected folder.
I would have never thought about this - but its a great tip!
It may be oldhat too some, but tips like this are very helpful to us who are still learning...

Keral_Patel · May 12, 2008

texasgamer said:
Nick, I took your advice and secured the admin.php file in a password protected folder.
I would have never thought about this - but its a great tip!
It may be oldhat too some, but tips like this are very helpful to us who are still learning...

Thanks. Happens to me all the time when I am only looking at the cream floating on the glass and assume its filled with milk. Without knowing it could be water on which the cream is floating :D

Php help needed

VIP Member

TravellerVIP Member

Top Member

I'll do itRestricted (Chatroom)

VIP Member

I'll do itRestricted (Chatroom)

Miscellaneous.co

intelopen.com

FunRunUSA.com

ChatCoin.org

CryptoMaple.com

bestductcleaning.com

Libergs.com

JRivera.com

destineos.com

GamerVideos.com

Similar threads

We're social

Miscellaneous.co

intelopen.com

FunRunUSA.com

ChatCoin.org

CryptoMaple.com

bestductcleaning.com

Libergs.com

JRivera.com

destineos.com

GamerVideos.com

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling