PHP删除评论按钮

Question

我对PHP很新颖（目前正在做一个大学项目）。我的网站是一个管理网站，约有3位管理员用户可以登录和更改网站等。目前，我对我的评论（用户可以发布到网站的评论）有删除功能，但任何进入网站的人都可以看到删除功能，并可以删除任何机构的评论？

我想让它只有我的管理员登录后才能看到删除功能，并且随后成为唯一可以删除评论的人。我有一个用户数据库，其中包含名称，密码，用户名和电子邮件列。我想知道如果有人可以请看看我的代码，并告诉我如何改变这一点，只有当管理员登录时，他们才能看到按钮并删除评论。

$str_message = ""; 
    if (!$db_server){ 
     die("Unable to connect to MySQL: " . mysqli_connect_error()); 
    }else{ 

     //if ($_SESSION['admin'] == 'yes') { 


     if(isset($_GET['delete'])){ 
      $deleteq="DELETE FROM comments WHERE ID={$_GET['delete']} LIMIT 1"; 

      $deleter=mysqli_query($db_server, $deleteq); 
      IF($deleter){ 
       echo"<p>That message was deleted!</p>";}} 


     //} 

     //Test whether form has been submitted 
     if(trim($_POST['submit']) == "Submit"){ 
      //Handle submission 
      $resp = recaptcha_check_answer ($privatekey, 
              $_SERVER["REMOTE_ADDR"], 
              $_POST["recaptcha_challenge_field"], 
              $_POST["recaptcha_response_field"]); 
      if (!$resp->is_valid) { 
       // What happens when the CAPTCHA was entered incorrectly 
       $str_message = "The reCAPTCHA wasn't entered correctly. Go back and try it  
    again. 
           (reCAPTCHA said: " . $resp->error . ")"; 
      } else { 

       // Your code here to handle a successful verification 
       $comment = $_POST['comment']; 
       if($comment != ""){ 
        $query = "INSERT INTO comments (comment) VALUES ('$comment')"; 
        mysqli_query($db_server, $query) or die("Comment insert failed: " .  
    mysqli_error($db_server)); 
        $str_message = "Thanks for your comment!"; 
       }else{ 
        $str_message = "Invalid form submission"; 
       } 
      } 
     } 
     //Create page with or without submission 
     $query = "SELECT * FROM comments"; 
     $result = mysqli_query($db_server, $query); 
     if (!$result) die("Database access failed: " . mysqli_error($db_server)); 
     { 

     while($row = mysqli_fetch_array($result)){ 
     $ID= $row['ID']; 



      $str_result .= "<p><em>Comment $j (" . $row['commDate'] . 
        ")</em><br /> " .$row['comment'] . "</p> 
        <a href ='commentnow.php?delete=$ID 
        '>Delete</a><hr />"; 
     } 
     mysqli_free_result($result); 
    } } 

    ?> 

Answer 1

if ($_SESSION['admin'] == 'yes') { 
<insert code to generate a delete button here> 
} 

Answer 2

首先，你需要在你的登录页面来改变。当用户登录时，然后检查他是否是管理员用户。如果是，则将会话变量（$_SESSION['admin']）设置为yes或将其设置为no。尝试像这样：

//login.php 
if (!$db_server){ 
      die("Unable to connect to MySQL: " . mysqli_connect_error()); 
     }else{ 

    session_start(); 
    $sql="Select * FROM users WHERE user_name = 'your_username' and LIMIT 1"; 
    $result=mysqli_query($db_server, $sql); 
    $objUser = $result->fetch_object(); 
    if($objUser->user_type =="admin") 
     $_SESSION['admin'] = 'yes'; 
     else 
     $_SESSION['admin'] = 'no'; 
    //rest of your code for login the user 
} 

然后在您的删除页面检查当前用户是否是admin。如果是，则执行查询，否则回显消息。像这样：

session_start(); 
$str_message = ""; 
    if (!$db_server){ 
     die("Unable to connect to MySQL: " . mysqli_connect_error()); 
    }else{ 


     if(isset($_GET['delete'])){ 
      if ($_SESSION['admin'] == 'yes') { 
       $deleteq="DELETE FROM comments WHERE ID={$_GET['delete']} LIMIT 1"; 

       $deleter=mysqli_query($db_server, $deleteq); 
       if($deleter){ 
       echo"<p>That message was deleted!</p>";} 
      } 
      else 
      { 
      echo "you are not admin"; 
      } 

     } 

     //Test whether form has been submitted 
     if(trim($_POST['submit']) == "Submit"){ 
      //Handle submission 
      $resp = recaptcha_check_answer ($privatekey, 
              $_SERVER["REMOTE_ADDR"], 
              $_POST["recaptcha_challenge_field"], 
              $_POST["recaptcha_response_field"]); 
      if (!$resp->is_valid) { 
       // What happens when the CAPTCHA was entered incorrectly 
       $str_message = "The reCAPTCHA wasn't entered correctly. Go back and try it  
    again. 
           (reCAPTCHA said: " . $resp->error . ")"; 
      } else { 

       // Your code here to handle a successful verification 
       $comment = $_POST['comment']; 
       if($comment != ""){ 
        $query = "INSERT INTO comments (comment) VALUES ('$comment')"; 
        mysqli_query($db_server, $query) or die("Comment insert failed: " .  
    mysqli_error($db_server)); 
        $str_message = "Thanks for your comment!"; 
       }else{ 
        $str_message = "Invalid form submission"; 
       } 
      } 
     } 
     //Create page with or without submission 
     $query = "SELECT * FROM comments"; 
     $result = mysqli_query($db_server, $query); 
     if (!$result) die("Database access failed: " . mysqli_error($db_server)); 
     { 

     while($row = mysqli_fetch_array($result)){ 
     $ID= $row['ID']; 



      $str_result .= "<p><em>Comment $j (" . $row['commDate'] . 
        ")</em><br /> " .$row['comment'] . "</p> 
        <a href ='commentnow.php?delete=$ID 
        '>Delete</a><hr />"; 
     } 
     mysqli_free_result($result); 
    } } 

    ?> 

我认为它是有道理的！

Answer 3

如果我们假设你的注释语句来检查用户是否是管理员（if ($_SESSION['admin'] == 'yes')），那么下面的代码应该给你一个关于如何去做的好主意。有两个地方需要添加if语句。我一直无法测试这个，但看看这个代码中你看到的地方// ADMIN IF STATEMENT，我希望你明白你的代码需要做什么修改才能正常工作。

<? 

$str_message = ""; 

if (!$db_server) { 

    die("Unable to connect to MySQL: " . mysqli_connect_error()); 

} else { 

    if ($_SESSION['admin'] == 'yes') { // ADMIN IF STATEMENT 

     if (isset($_GET['delete'])) { 

      $deleteq = "DELETE FROM comments WHERE ID={$_GET['delete']} LIMIT 1"; 
      $deleter = mysqli_query($db_server, $deleteq); 

      if ($deleter) { 

       echo "<p>That message was deleted!</p>"; 

      } 

     } 

    } 

    //Test whether form has been submitted 
    if (trim($_POST['submit']) == "Submit") { 

     //Handle submission 
     $resp = recaptcha_check_answer(
      $privatekey, 
      $_SERVER["REMOTE_ADDR"], 
      $_POST["recaptcha_challenge_field"], 
      $_POST["recaptcha_response_field"] 
     ); 

     if (!$resp->is_valid) { 

      // What happens when the CAPTCHA was entered incorrectly 
      $str_message = "The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: " . $resp->error . ")"; 

     } else { 

      // Your code here to handle a successful verification 
      $comment = $_POST['comment']; 

      if ($comment != "") { 

       $query = "INSERT INTO comments (comment) VALUES ('$comment')"; 
       mysqli_query($db_server, $query) or die("Comment insert failed: " . mysqli_error($db_server)); 
       $str_message = "Thanks for your comment!"; 

      } else { 

       $str_message = "Invalid form submission"; 

      } 

     } 
    } 

    //Create page with or without submission 
    $query = "SELECT * FROM comments"; 
    $result = mysqli_query($db_server, $query); 

    if (!$result) die("Database access failed: " . mysqli_error($db_server)); { 

     while ($row = mysqli_fetch_array($result)) { 

      $ID = $row['ID']; 

      if ($_SESSION['admin'] == 'yes') { // ADMIN IF STATEMENT 

       $str_result .= "<p><em>Comment $j (" . $row['commDate'] . ")</em><br /> " .$row['comment'] . "</p><a href ='commentnow.php?delete=$ID'>Delete</a><hr />"; 

      } else { 

       $str_result .= "<p><em>Comment $j (" . $row['commDate'] . ")</em><br /> " .$row['comment'] . "</p>"; 

      } 
     } 

     mysqli_free_result($result); 

    } 

} 

?>