i have an admin system, which when u insert the info, it also inserts ur username into the table the content is in.

now, i have a edit page and a delete page.

they use "edit.php?id=titleofmoo!"

lets say the person who created that was bob.

if author = "bob"
echo "go on and edit"
else
echo "go away!"

what do i do?

nevermind, i did it myself! :D

boy i'm happy! i didnt know i could do it!:D :D

sounds good to me, what seems to be the problem? maybe you need to check to see if they are actually logged in and are the ones doing the delete, maybe the cookie or session depending on what you are using now.

i have a slight problem now, the security works for all the pages except the last delete page...hmmm... just great :rolleyes: heres the code:
(delete2.php)

<? include "session.php" ?>
<style>
A:link {font-family: Verdana; font-size: 12pt; color:#000000;}
A:visited {font-family: Verdana; font-size: 12pt; color: red;}
A:hover {font-family: Verdana; font-size: 12pt; color: blue;}
</style>
<?
if($_SESSION['level']=='admin'){

$id=$_POST['id'];
$content=$_POST['content'];

include "database.php";


$query=" SELECT * FROM $table WHERE id='$id'"; // put the databasename here

$result=mysql_query($query);



while ($row= mysql_fetch_array($result)) {

if ($username == $row['author']) {



$query="DELETE FROM $table WHERE id='$id'";

$result = mysql_query($query);
echo "Successfully Deleted! [<a href='myhomepage.php'>Back</a>]";
mysql_close($result);

}
else echo "Sorry but you didnt create this topic!";
}



?>
<?
}

else if($_SESSION['level']==''){

echo "Not logged in.";

}



else echo "Not logged in.";





?>



it works on the first page, delete.php, but not delete2.php.. is it a form problem????
(delete.php)

<? include "session.php" ?>
<script>
function add_link(){
var loc=prompt("What is the Location?","http://")
var pagedesc=prompt("What is the name of the page","My Home Page")
var str="<a href='" + loc + "'>" + pagedesc + "</a>"
document.edit.content.value+=str
}
function bold(){
var bold=prompt("Please enter the text you want to be bold","bold text")
var str="<B>" + bold + "</B>"
document.edit.content.value+=str
}
function italic(){
var italic=prompt("Please enter the text you want to be italic","italic text")
var str="<I>" + italic + "</I>"
document.edit.content.value+=str
}
function add_image(){
var loc=prompt("What is the Location of the image?","moo.gif")
var alt=prompt("Alternitive text (optional)","image1")
var str="<img src='" + loc + "' alt='" + alt + "'>"
document.edit.content.value+=str
}
</script>

<style>
.textinput { font-size: 9pt; font-family: verdana, helvetica, sans-serif; vertical-align: middle }
</style>


<?
if($_SESSION['level']=='admin'){
$id=$_GET['id'];

include "database.php";






$query=" SELECT * FROM $table WHERE id='$id'"; // put the databasename here

$result=mysql_query($query);



while ($row= mysql_fetch_array($result)) {

if ($username == $row['author']) {


echo "<pre><input type='button' value='Add Link' onClick='add_link()'> <input type='button' value='Bold Text' onClick='bold()'> <input type='button' value='Italic Text' onClick='italic()'> <input type='button' value='Add Image' onClick='add_image()'></pre>";

?>
<?
echo "
<form action='delete2.php' method='post' name='edit'>

<input type='hidden' name='id' value='";?><? echo $row['id']; ?><?echo "'>

Content:<BR><textarea cols='60' style='width:95%' rows='15' wrap='soft' tabindex='3' class='textinput' name='content'>";?><? echo $row['content']; ?><? echo"</text><br>

<input type='Submit' value='Delete'>

</form>";
?>

<?

}
else echo "Sorry but you didnt create this topic!";
}

?>
<?
}

else if($_SESSION['level']==''){

echo "Not logged in.";

}



else echo "Not logged in.";





?>

where is $username coming from? and do you have the session_start(); at the very top of the page?

$username is a session already stored.
yes session_start(); is what session.php ... i like to use that .. i think i know what the problem is.. only delete2.php, it wont show "author" ..... ????

i'm also having some problems with the last edit page too.. it saying i cant edit it, when i created it myself.

heres the edit2.php code:


<? include "session.php" ?>
<style>
A:link {font-family: Verdana; font-size: 12pt; color:#000000;}
A:visited {font-family: Verdana; font-size: 12pt; color: red;}
A:hover {font-family: Verdana; font-size: 12pt; color: blue;}
</style>
<?
if($_SESSION['level']=='admin'){


$id=$_POST['id'];

$content=$_POST['content'];



include "database.php";



$content = nl2br(strip_tags($content,'<b><a><i><img>'));

$message_length = strlen($content);

if($message_length > 1000000) {

echo "Error ! : Your message was too long, messages must be less than 1 million chars";

die;

}
else {

if ($username == $row['author']) {



$query="UPDATE $table SET content='$content' WHERE id='$id' ";
echo "Successfully edited! [<a href='myhomepage.php'>Back</a>]";

$result = mysql_query($query);
mysql_close();
}else echo "Sorry but you didn't create this topic! $username!";
echo $row['author'];
?>
<?
}}

else if($_SESSION['level']==''){

echo "Not logged in.";

}



else echo "Not logged in.";


?>

here is one error

<input type='hidden' name='id' value='";?><? echo $row['id']; ?><?echo "'>

// should be

<input type='hidden' name='id' value='$row['id']'>

// and your textarea should be liek this
Content:<BR><textarea cols='60' style='width:95%' rows='15' wrap='soft' tabindex='3' class='textinput' name='content'>$row['content']</textarea><br>


one you go into an echo, you don't go out to echo php stuff. did write the variable like it is.

you have a lot of problems with that after I look at it long enough. I would redo it.

i understand that some of that code is not proper, but what about the error?

how do i make it check edit2.php and delete2.php the same way like delete.php?

where is $username being set?