In part 2 of this tutorial we will make a simple admin panel for our PHP guestbook.
First let's see all the code and then I'll explain it part by part.
Ok let's start!
Create a new file and name it "admin.php"
It should be in same folder as index.php from last tutorial.
We are going to use sessions to manage admin login and logout.
Each time you use sessions you must put session_start(); in your document or it won't work.
Other 2 lines are used to save your admin username and password.
Change them to whatever you want.
Just connecting to database.
Make sure to put the same data as in index.php (part 1 of this tutorial)
In part 2 we manage login and logout.
If we get command logout through get variable W we just unset the session.
Then we check if POSTed username and password (we use form in part 3 to post those variables) are equal to ones we set at the begining of file.
If they are, start the session.
First we check if admin is logged-in.
If he isn't then show the login form.
If he is logged in echo a link to logout.
If variable (GET) del exists, delete that row from database.
Then we just show all rows from database (just as in part 1) except that this time we add a DEL link that links to "index.php" end sends variable (GET) del with id of current row in it.
<? //PART 0 ---------------------------- session_start(); $set_username = "administrator"; $set_password = "hackme"; //PART 1 ---------------------------- $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = ''; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); $dbname = 'guest_db'; mysql_select_db($dbname); //PART 2 ---------------------------- if($_GET['W'] == 'logout') unset($_SESSION['admin']); if($_POST['username'] == $set_username && $_POST['password'] == $set_password) $_SESSION['admin'] = 1; //PART 3 ---------------------------- if(!isset($_SESSION['admin'])) { echo " <form action='admin.php' method='post'> <b> Admin Login </b> <br> <input name='username' value='username'> <br> <input name='password' value='password' type='password'> <br> <input type='submit' value='Login'> </form> "; } else //PART 4 ---------------------------- { echo "<b> Admin <a href='admin.php?W=logout'>logout</a> </b> <br> <br>"; if($_GET['del']) { $sql = "DELETE FROM `Comments` WHERE `Id`= ".$_GET['del']; mysql_query($sql); } $sql = "SELECT * FROM `Comments` WHERE 1 ORDER BY `Id` DESC"; $result = mysql_query($sql); while( $row = mysql_fetch_array($result) ) { echo $row['Comment']."<br> <i> By: ".$row['Name']. " on ".$row['Date']."</i>"; echo"<br>----<a href='admin.php?del=".$row['Id']."'> [DEL]</a>-------------------<br><br>"; } } ?>
PART 0
Ok let's start!
Create a new file and name it "admin.php"
It should be in same folder as index.php from last tutorial.
//PART 0 ---------------------------- session_start(); $set_username = "administrator"; $set_password = "hackme";
We are going to use sessions to manage admin login and logout.
Each time you use sessions you must put session_start(); in your document or it won't work.
Other 2 lines are used to save your admin username and password.
Change them to whatever you want.
PART 1
Just connecting to database.
Make sure to put the same data as in index.php (part 1 of this tutorial)
PART 2
//PART 2 ---------------------------- if($_GET['W'] == 'logout') unset($_SESSION['admin']); if($_POST['username'] == $set_username && $_POST['password'] == $set_password) $_SESSION['admin'] = 1;
In part 2 we manage login and logout.
If we get command logout through get variable W we just unset the session.
Then we check if POSTed username and password (we use form in part 3 to post those variables) are equal to ones we set at the begining of file.
If they are, start the session.
PART 3
First we check if admin is logged-in.
If he isn't then show the login form.
PART 4
echo "<b> Admin <a href='admin.php?W=logout'>logout</a> </b> <br> <br>"; if($_GET['del']) { $sql = "DELETE FROM `Comments` WHERE `Id`= ".$_GET['del']; mysql_query($sql); } $sql = "SELECT * FROM `Comments` WHERE 1 ORDER BY `Id` DESC"; $result = mysql_query($sql); while( $row = mysql_fetch_array($result) ) { echo $row['Comment']."<br> <i> By: ".$row['Name']." on ".$row['Date']."</i>"; echo"<br>----<a href='admin.php?del=".$row['Id']."'> [DEL]</a>-------------------<br><br>"; }
If he is logged in echo a link to logout.
If variable (GET) del exists, delete that row from database.
Then we just show all rows from database (just as in part 1) except that this time we add a DEL link that links to "index.php" end sends variable (GET) del with id of current row in it.
