<?php
error_reporting(0);
session_start();
if(!$_SESSION["login"]){
print '<script type="text/javascript">';
print 'alert("You need to login first")';
print '</script>'; echo '<meta http-equiv="REFRESH" content="0;url=home.php">';
die();
}
?>
<?php
//This is the book stuff
ob_start();
#error_reporting(0);
$host="localhost"; // Host name
include 'databaselogin.php';
$db_name="X"; // Database name
$tbl_name="Books"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$id = $_GET["id"];
$sql = 'SELECT * FROM Books WHERE `id` = '.$id.' LIMIT 1';
$result=mysql_query($sql) or die(mysql_error());
while($rows = mysql_fetch_array($result)){
?>
<?
//this is user stuff.
ob_start();
error_reporting(0);
$host="localhost"; // Host name
include 'databaselogin.php';
$currentuser = $_SESSION["id"];
$db_name="X"; // Database name
$tbl_name="users"; // Table name
$tbl_name="Books"; // Table name
/*
if ($rows['userid'] != $currentusers)
{
print '<script type="text/javascript">';
print 'alert("you dont have permissions")';
print '</script>'; echo '<meta http-equiv="REFRESH" content="0;url=home.php">';
}
*/
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Silent Generation</title>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
<link rel="stylesheet" type="text/css" href="print.css" media="print" />
<!--[if IE]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
<!--script section-->
<script type="text/javascript">
</script>
<!--end script section-->
</head>
<body>
<div id="wrapper"><!-- #wrapper -->
<header><!-- header -->
<h1><a href="#">Silent Generation</a></h1>
<h2>Would it be too chezy to say silent but deadly</h2>
</header><!-- end of header -->
<nav><!-- top nav -->
<div class="menu">
<ul>
<li><a href="home.php">Home</a></li>
<li><a href="sell.php">Sell</a></li>
<li><a href="buy.php">Buy</a></li>
<li><a href="stores.php">Stores</a></li>
<li><a href="donate.php">Donate</a></li>
<li><a href="contact.php">Contact Us</a></li>
<li><a href="support.php">Support</a></li>
</ul>
</div>
</nav><!-- end of top nav -->
<section id="main"><!-- #main content and sidebar area -->
<section id="content"><!-- #content -->
<article>
<form method="GET" action="editadd.php" name="add" id="add">
Book Name:
<div align="center" style="margin-top:-15px;">
<input type="text" name="name" id="name" value="<?echo $rows["name"];?>"/></div>
Author's Name: <div align="center" style="margin-top:-15px;"><input type="text" name="author" id="author" value="<?echo $rows["author"];?>"></div>
ISBN: <div align="center" style="margin-top:-15px;"><input type="text" name="ISBN" id="ISBN" value="<?echo $rows["ISBN"];?>"></div>
Edition : <div align="center" style="margin-top:-15px;"><input type="text" name="edition" id="edition" value="<?echo $rows["edition"];?>"></div>
Contact info:<div align="center" style="margin-top:-15px;"> <input type="text" name="contact" id="contact" value="<?echo $rows["contact"];?>" /></div>
Price: <div align="center" style="margin-top:-15px;"> <input type="text" name="price" id="price" / value="<?echo $rows["price"];?>"></div>
Comments: <div align="center"><textarea id="comments" name="comments" rows="13" cols="80" ><?echo $rows["comment"];?> </textarea></div>
<div align="center"><input type="submit" value="Submit" style="width:660px;height:70px;"/></div>
<input type="hidden" name="id" value="<?echo $rows["id"];?>" />
</form>
current user: <?echo $currentuser;?>
posted by: <?echo $rows['userid']?>
<?
}
ob_end_flush();
if ( intval($rows['userid']) == intval($currentusers))
{echo "true";}
else
{echo "fasle";}
?>
</article>
<pre>
</pre>
</section><!-- end of #content -->
<aside id="sidebar"><!-- sidebar -->
<?php
error_reporting(0);
session_start();
if(!$_SESSION["login"]){
?>
<h3>Login</h3>
<form method="post" ACTION="login.php">
E-mail
<input type="text" id="myusername" name="myusername" />
<br/>
<br/>
Password <input type="password" id="mypassword" name="mypassword" />
<br/>
<br/>
<INPUT TYPE="submit" VALUE="Submit" />
<br/>
<input TYPE="button" VALUE="Password?"onclick="javascript:document.location='lostpass.php'; return false; "/>
</form>
<pre>
</pre>
<h3>Register</h3>
<form method="post" action="register.php" name="register" id="register">Name <br/><input type="text" id="name" name="name" ><br/>
Email <br/> <input type="text" id="email" name="email"><br/>
School <br/> <select name="school" id="school">
<option value='Sierra College'>Sierra College</option>
<option value='American River'>American River</option>
<option value='UC Davis'>UC Davis</option>
<option value='UCLA'>UCLA</option>
<option value='UCSD'>UCSD</option>
</select><br/>
Password <br/> <input type="password" id="password" name="password"><br/>
Conform Password <br/> <input type="password" id="password2" name="password2"><br/>
<br/>
<input type="submit" value="Submit">
<input type="reset" value="Clear">
</form>
<?}else{?>
<h3>Welcome</h3> <?php echo $_SESSION["username1"] ?>
<a href="logout.php">Logout</a>
<?}
?>
<h3>Connect With Us</h3>
<ul>
<li><a href="#">Twitter</a></li>
<li><a href="#">Facebook</a></li>
</ul>
</aside><!-- end of sidebar -->
</section><!-- end of #main content and sidebar-->
<footer>
<section id="footer-area">
<section id="footer-outer-block">
<aside class="footer-segment">
<h4>Joubin Jabbari</h4>
<p>© 2011 <a href="#">Silentgen.com</a>
presents a site by a student for students.
</p>
</aside><!-- end of #fourth footer segment -->
</section><!-- end of footer-outer-block -->
</section><!-- end of footer-area -->
</footer>
</div><!-- #wrapper -->
<!-- Free template created by http://freehtml5templates.com -->
</body>
</html>
The above is my entire code…. the fist few blocks of php is all you need to look at. All I want to is to make sure that the person is trying to edit this post is the person that has posted it. otherwise, they need to be rerouted else where.
hmm… perhaps tryingif ( intval($rows['userid']) == intva($currentusers))Ok, you were using the wrong variable name. It is meant to by $currentuser not $currentusers.