1. 首頁
  2. 問答
  3. 刪除用戶腳本

刪除用戶腳本

2013-05-12 63 views
0

我發現這個腳本用於在互聯網上添加和刪除用戶,我調整它使其適用於我的用途。我知道這個腳本容易受到sql注入的影響,並且mysql_ *被折舊了,但是對於我的目的來說,這並不重要,因爲它永遠不會在實時環境中發佈。刪除用戶腳本

我無法刪除任何記錄。我也想刪除添加用戶功能,因爲如果要創建一個新用戶,他們可以使用我創建的註冊頁面。

下面是腳本:

<?php //admin.php 
session_start(); 
$user = $_SESSION['username']; 
include ("connection.php"); 

$get = mysql_query ("SELECT * FROM Users WHERE username='$user'"); 
while ($row = mysql_fetch_assoc($get)) 
{ 
$admin = $row['admin']; 
} 

if ($admin==0) 
die("Your not an ADMIN!"); 
?>

下一個腳本:

<?php//conection.php 
$mysql_hostname = "localhost"; 
$mysql_user = "root"; 
$mysql_password = ""; 
$mysql_database = "ninjaz_gaming"; 
$prefix = ""; 
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database"); 
mysql_select_db($mysql_database, $bd) or die("Could not select database"); 
?>

刪除和更新用戶腳本:

<?php//urmuser.php 
include('admin.php'); 
include('connection.php'); 

if (isset($_POST['id']) && 
isset($_POST['username']) && 
isset($_POST['password']) && 
isset($_POST['email']) && 
isset($_POST['birth']) && 
isset($_POST['age']) && 
isset($_POST['ircts3']) && 
isset($_POST['game']) && 
isset($_POST['gender']) && 
isset($_POST['name']) && 
isset($_POST['admin'])) 

{ 
$id = get_post('id'); 
$username = get_post('username'); 
$password = get_post(md5('password')); 
$email = get_post('email'); 
$birth = get_post('birth'); 
$age = get_post('age'); 
$ircts3 = get_post('ircts3'); 
$game = get_post('game'); 
$gender = get_post('gender'); 
$name = get_post('name'); 
$administrator = get_post('admin'); 

if (isset($_POST['delete']) && $id != "") 
{ 
$query = "DELETE FROM Users WHERE id='$id'"; 

if (!mysql_query($query, $bd)) 
echo "DELETE failed: $query<br />" . 
mysql_error() . "<br /><br />"; 
} 
else 
{ 
$query = "INSERT INTO Users VALUES" . 
"('$id', '$username', '$password', '$email', '$birth', '$age', '$ircts3', '$game', '$gender', '$name'. '$administrator')"; 

if (!mysql_query($query, $bd)) 
echo "INSERT failed: $query<br />" . 
mysql_error() . "<br /><br />"; 
} 
} 

echo <<<_END 
<form action="urmuser.php" method="post"><pre> 
Id: <input type="text" name="id" /> 
Username: <input type="text" name="username" /> 
Password: <input type="text" name="password" /> 
E-mail: <input type="text" name="email" /> 
Birth Year: <input type="text" name="birth" /> 
Age: <input type="text" name="age" /> 
IRCTS3: <input type="text" name="ircts3" /> 
Game: <input type="text" name="game" /> 
Gender: <input type="text" name="gender" /> 
Name: <input type="text" name="name" /> 
Admin: <input type="text" name="admin" /> 
<input type="submit" value="ADD USER" /> 
</pre></form> 
_END; 

$query = "SELECT * FROM Users"; 
$result = mysql_query($query); 

if (!$result) die ("Database access failed: " . mysql_error()); 
$rows = mysql_num_rows($result); 

for ($j = 0 ; $j < $rows ; ++$j) 
{ 
$row = mysql_fetch_row($result); 
echo <<<_END 
<pre> 
Id: $row[0] 
Username: $row[1] 
Password: $row[2] 
Email: $row[3] 
Birth: $row[4] 
Age: $row[5] 
IRCTS3: $row[6] 
Fav Game: $row[7] 
Gender: $row[8] 
Name: $row[9] 
Admin: $row[10] 
</pre> 
<form action="urmuser.php" method="post"> 
<input type="hidden" name="delete" value="yes" /> 
<input type="hidden" name="id" value="$row[0]" /> 
<input type="submit" value="DELETE USER" /></form> 
_END; 
} 

mysql_close($bd); 

function get_post($var) 
{ 
return mysql_real_escape_string($_POST[$var]); 
} 
?>

來源

2013-05-12 Nick

+0

你可以修復縮進,很難說你的'if'語句的嵌套。 – Barmar 2013-05-12 18:56:10

回答

1

我在你的代碼中看到,您刪除用戶如果查詢結果爲true,則再次添加它。

if (isset($_POST['delete']) && $id != "") { 
    ################################## 
    #####YOU DELETE THE USER HERE 
    ################################## 
    $query = "DELETE FROM Users WHERE id='$id'"; 

    if (!mysql_query($query, $bd)) 
     echo "DELETE failed: $query<br />" . 
     mysql_error() . "<br /><br />"; 

    }else{ 
     ################################## 
     ##### YOU ADD THE USER AGAIN IF IT WAS DELETE 
     ################################## 
     $query = "INSERT INTO Users VALUES" . 
     "('$id','$username','$password','$email','$birth','$age','$ircts3','$game','$gender','$name'. '$administrator')"; 

    if (!mysql_query($query, $bd)) 
     echo "INSERT failed: $query<br />" . mysql_error() . "<br /><br />"; 

    } 
}

這樣用戶永遠不會被刪除。

::編輯::

你可以做到這一點

<?php 
session_start(); 
include ("connection.php"); 

// check admin part 
$isAdmin = 0; 
$user = $_SESSION['username']; 
$sql = "SELECT * FROM Users WHERE username = '$user' AND admin = 1"; 
$query = mysql_query($sql,$bd)or die(mysql_error()); 

if(mysql_num_rows($query)>0){ 
    $isAdmin = 1; 
} 

if(isset($_GET['id'])){ 
    if($isAdmin == 1){ 
     $delete_id = mysql_real_escape_string($_GET['id']); 
     $sql = "DELETE FROM Users WHERE id = '$delete_id'"; 
     $query = mysql_query($sql,$bd)or die(mysql_error()); 
     echo "User id: {$_GET['id'] deleted}"; 
    }else{ 
     echo 'You are not an admin'; 
    } 
} 

$sql = "SELECT * FROM Users ORDER BY id ASC"; 
$query = mysql_query($sql,$bd)or die(mysql_error()); 

if(mysql_num_rows($query)>0){ 
    while($row = mysql_fetch_array($query)){ 
     echo '<a href="'.$_SERVER['PHP_SELF'].'?id="'.$row['id'].'">'.$row['id'].'</a> '.$row['username']; 

    } 
}else{ 
    echo "No results in database"; 
} 

?>

來源

2013-05-12 18:31:30 Galfau

+0

所以如果我只是刪除該代碼,它會被刪除? – Nick 2013-05-12 18:36:07

+0

您是否可以編輯讀取用戶的部分,以便它只是一個刪除用戶腳本? – Nick 2013-05-12 18:39:21

+0

您需要用戶列表並刪除腳本? – Galfau 2013-05-12 18:42:03

0

的代碼刪除用戶來檢查,如果所有新用戶的字段設置if,這當刪除用戶時顯然不是這種情況。

if (isset($_POST['id']) && 
isset($_POST['username']) && 
isset($_POST['password']) && 
isset($_POST['email']) && 
isset($_POST['birth']) && 
isset($_POST['age']) && 
isset($_POST['ircts3']) && 
isset($_POST['game']) && 
isset($_POST['gender']) && 
isset($_POST['name']) && 
isset($_POST['admin'])) 
{ 
    $id = get_post('id'); 
    $username = get_post('username'); 
    $password = get_post(md5('password')); 
    $email = get_post('email'); 
    $birth = get_post('birth'); 
    $age = get_post('age'); 
    $ircts3 = get_post('ircts3'); 
    $game = get_post('game'); 
    $gender = get_post('gender'); 
    $name = get_post('name'); 
    $administrator = get_post('admin'); 
    $query = "INSERT INTO Users VALUES" . 
"('$id', '$username', '$password', '$email', '$birth', '$age', '$ircts3', '$game', '$gender', '$name'. '$administrator')"; 

    if (!mysql_query($query, $bd)) 
    echo "INSERT failed: $query<br />" . 
    mysql_error() . "<br /><br />"; 
    } 
} 
else if (isset($_POST['delete']) && isset($_POST['id']) 
{ 
$id = intval(get_post('id')); 
$query = "DELETE FROM Users WHERE id='$id'"; 

if (!mysql_query($query, $bd)) 
echo "DELETE failed: $query<br />" . 
mysql_error() . "<br /><br />"; 
}

來源

2013-05-12 18:47:48 rpkamp

+0

我明白這個部分,腳本實際上是一個添加和刪除用戶的腳本,但是我試圖讓它成爲一個腳本,列出我的數據庫中的用戶,然後允許我單擊刪除按鈕並從中刪除該用戶數據庫。 – Nick 2013-05-12 18:51:37

相關問題

 相關問題