Fatal编程技术网
  • php/
  • Php 删除用户脚本

Php 删除用户脚本

php

Php 删除用户脚本,php,Php,我找到了这个用于在互联网上添加和删除用户的脚本,并对其进行了调整,使其适合我的使用。我知道这个脚本容易受到sql注入的攻击,mysql_*也会贬值,但就我而言,这并不重要,因为它永远不会在实时环境中发布 我无法删除任何记录。我还想删除添加用户功能,因为如果要创建新用户,他们可以使用我创建的注册页面 以下是脚本: <?php //admin.php session_start(); $user = $_SESSION['username']; include ("connection.php

我找到了这个用于在互联网上添加和删除用户的脚本,并对其进行了调整,使其适合我的使用。我知道这个脚本容易受到sql注入的攻击,mysql_*也会贬值,但就我而言,这并不重要,因为它永远不会在实时环境中发布

我无法删除任何记录。我还想删除添加用户功能,因为如果要创建新用户,他们可以使用我创建的注册页面

以下是脚本:

<?php //admin.php
session_start();
$user = $_SESSION['username'];
include ("connection.php");

$get = mysql_query ("SELECT * FROM Users WHERE username='$user'");
while ($row = mysql_fetch_assoc($get))
{
$admin = $row['admin']; 
}

if ($admin==0)
die("Your not an ADMIN!");
?>

正如我在代码中看到的,您删除了该用户,如果查询结果为true,则再次添加该用户


if (isset($_POST['id']) &&
isset($_POST['username']) &&
isset($_POST['password']) &&
isset($_POST['email']) &&
isset($_POST['birth']) &&
isset($_POST['age']) &&
isset($_POST['ircts3']) &&
isset($_POST['game']) &&
isset($_POST['gender']) &&
isset($_POST['name']) &&
isset($_POST['admin']))
{
  $id = get_post('id');
  $username = get_post('username');
  $password = get_post(md5('password'));
  $email = get_post('email');
  $birth = get_post('birth');
  $age = get_post('age');
  $ircts3 = get_post('ircts3');
  $game = get_post('game');
  $gender = get_post('gender');
  $name = get_post('name');
  $administrator = get_post('admin');
  $query = "INSERT INTO Users VALUES" .
"('$id', '$username', '$password', '$email', '$birth', '$age', '$ircts3', '$game',    '$gender', '$name'. '$administrator')";

  if (!mysql_query($query, $bd))
  echo "INSERT failed: $query<br />" .
  mysql_error() . "<br /><br />";
  }
}
else if (isset($_POST['delete']) && isset($_POST['id']) 
{
$id = intval(get_post('id'));
$query = "DELETE FROM Users WHERE id='$id'";

if (!mysql_query($query, $bd))
echo "DELETE failed: $query<br />" .
mysql_error() . "<br /><br />";
}



if(isset($\u POST['delete'])&&&$id!=“”){
##################################
#####您可以在此处删除用户
##################################
$query=“从id='$id'的用户中删除”;
if(!mysql_query($query,$bd))
echo“删除失败:$query
”。
mysql_error().“

”;
}否则{
##################################
#####如果用户被删除,则再次添加该用户
##################################
$query=“插入用户值”。
“('$id'、'$username'、'$password'、'$email'、'$birth'、'$age'、'$ircts3'、'$game'、'$gender'、'$name'、'$administrator')”;
if(!mysql_query($query,$bd))
echo“INSERT failed:$query
”。mysql_error()。“

”;
}
}


这样用户就永远不会被删除

::编辑::

你可以这样做


删除用户的代码位于检查是否为新用户设置了所有字段的
if
中,删除用户时显然不是这样


if(isset($\u POST['id']))&&
isset($\u POST['username'])&&
isset($\u POST['password']))&&
isset($_POST['email']))&&
isset(出生后的美元)&&
isset($_POST['age']))&&
isset($_POST['ircts3']))&&
isset($_POST['game']))&&
isset($_POST['gender']))&&
isset($_POST['name']))&&
isset($_POST['admin']))
{
$id=获取邮政信息(“id”);
$username=get_post('username');
$password=get_post(md5('password'));
$email=get_post('email');
$birth=get_post('birth');
$age=get_post('age');
$ircts3=获取发布(“ircts3”);
$game=get_post('game');
$SEXT=get_post(“性别”);
$name=get_post('name');
$administrator=get_post('admin');
$query=“插入用户值”。
“('$id'、'$username'、'$password'、'$email'、'$birth'、'$age'、'$ircts3'、'$game'、'$gender'、'$name'、'$administrator')”;
if(!mysql_query($query,$bd))
echo“插入失败:$query
”。
mysql_error().“

”;
}
}
else if(isset($\u POST['delete'])和&isset($\u POST['id']))
{
$id=intval(get_post('id'));
$query=“从id='$id'的用户中删除”;
if(!mysql_query($query,$bd))
echo“删除失败:$query
”。
mysql_error().“

”;
}

您是否可以编辑掉读取用户的部分,使其成为一个删除用户脚本?您需要一个用户列表和删除脚本?它不起作用,它列出了用户,他们的id是一个链接。当您单击他们的号码时,它只会将您带到另一个带有apache错误的页面,这是一种不用管理员和连接文件的方式es正在融合。这样我就可以同时包含admin和connection.php文件了?它不起作用,因为您没有将file.php更改为您的文件名。但现在它已经修复了,我使用了$\u SERVER['php\u SELF']要单独获取文件名并添加connection.php文件,请立即尝试!我了解这一部分,脚本实际上是一个添加和删除用户的脚本,但是我正在尝试将其制作为一个列出数据库中用户的脚本,然后允许我单击“删除”按钮并从数据库中删除该用户。您可以修复吗对于缩进,很难判断
if
语句的嵌套。

<?php//urmuser.php
include('admin.php');
include('connection.php');

if (isset($_POST['id']) &&
isset($_POST['username']) &&
isset($_POST['password']) &&
isset($_POST['email']) &&
isset($_POST['birth']) &&
isset($_POST['age']) &&
isset($_POST['ircts3']) &&
isset($_POST['game']) &&
isset($_POST['gender']) &&
isset($_POST['name']) &&
isset($_POST['admin']))

{
$id = get_post('id');
$username = get_post('username');
$password = get_post(md5('password'));
$email = get_post('email');
$birth = get_post('birth');
$age = get_post('age');
$ircts3 = get_post('ircts3');
$game = get_post('game');
$gender = get_post('gender');
$name = get_post('name');
$administrator = get_post('admin');

if (isset($_POST['delete']) && $id != "") 
{
$query = "DELETE FROM Users WHERE id='$id'";

if (!mysql_query($query, $bd))
echo "DELETE failed: $query<br />" .
mysql_error() . "<br /><br />";
}
else
{
$query = "INSERT INTO Users VALUES" .
"('$id', '$username', '$password', '$email', '$birth', '$age', '$ircts3', '$game',    '$gender', '$name'. '$administrator')";

if (!mysql_query($query, $bd))
echo "INSERT failed: $query<br />" .
mysql_error() . "<br /><br />";
}
}

echo <<<_END
<form action="urmuser.php" method="post"><pre>
Id: <input type="text" name="id" />
Username: <input type="text" name="username" />
Password: <input type="text" name="password" />
E-mail: <input type="text" name="email" />
Birth Year: <input type="text" name="birth" />
Age: <input type="text" name="age" />
IRCTS3: <input type="text" name="ircts3" />
Game: <input type="text" name="game" />
Gender: <input type="text" name="gender" />
Name: <input type="text" name="name" />
Admin: <input type="text" name="admin" />
<input type="submit" value="ADD USER" />
</pre></form>
_END;

$query = "SELECT * FROM Users";
$result = mysql_query($query);

if (!$result) die ("Database access failed: " . mysql_error());
$rows = mysql_num_rows($result);

for ($j = 0 ; $j < $rows ; ++$j)
{
$row = mysql_fetch_row($result);
echo <<<_END
<pre>
Id: $row[0]
Username: $row[1]
Password: $row[2]
Email: $row[3]
Birth: $row[4]
Age: $row[5]
IRCTS3: $row[6]
Fav Game: $row[7]
Gender: $row[8]
Name: $row[9]
Admin: $row[10]
</pre>
<form action="urmuser.php" method="post">
<input type="hidden" name="delete" value="yes" />
<input type="hidden" name="id" value="$row[0]" />
<input type="submit" value="DELETE USER" /></form>
_END;
}

mysql_close($bd);

function get_post($var)
{
return mysql_real_escape_string($_POST[$var]);
}
?>



if (isset($_POST['delete']) && $id != "") {
    ##################################
    #####YOU DELETE THE USER HERE
    ##################################
    $query = "DELETE FROM Users WHERE id='$id'";

    if (!mysql_query($query, $bd))
        echo "DELETE failed: $query<br />" .
        mysql_error() . "<br /><br />";

    }else{
        ##################################
        ##### YOU ADD THE USER AGAIN IF IT WAS DELETE
        ##################################
        $query = "INSERT INTO Users VALUES" .
        "('$id','$username','$password','$email','$birth','$age','$ircts3','$game','$gender','$name'. '$administrator')";

    if (!mysql_query($query, $bd))
        echo "INSERT failed: $query<br />" . mysql_error() . "<br /><br />";

    }
}



<?php
session_start();
include ("connection.php");

// check admin part
$isAdmin = 0;
$user = $_SESSION['username'];
$sql = "SELECT * FROM Users WHERE username = '$user' AND admin = 1";
$query = mysql_query($sql,$bd)or die(mysql_error());

if(mysql_num_rows($query)>0){
    $isAdmin = 1;
}

if(isset($_GET['id'])){
    if($isAdmin == 1){
        $delete_id = mysql_real_escape_string($_GET['id']);
        $sql = "DELETE FROM Users WHERE id = '$delete_id'";
        $query = mysql_query($sql,$bd)or die(mysql_error());
        echo "User id: {$_GET['id'] deleted}";
    }else{
        echo 'You are not an admin';
    }
}

$sql = "SELECT * FROM Users ORDER BY id ASC";
$query = mysql_query($sql,$bd)or die(mysql_error());

if(mysql_num_rows($query)>0){
    while($row = mysql_fetch_array($query)){
        echo '<a href="'.$_SERVER['PHP_SELF'].'?id="'.$row['id'].'">'.$row['id'].'</a> '.$row['username'];

    }
}else{
    echo "No results in database";
}

?>



if (isset($_POST['id']) &&
isset($_POST['username']) &&
isset($_POST['password']) &&
isset($_POST['email']) &&
isset($_POST['birth']) &&
isset($_POST['age']) &&
isset($_POST['ircts3']) &&
isset($_POST['game']) &&
isset($_POST['gender']) &&
isset($_POST['name']) &&
isset($_POST['admin']))
{
  $id = get_post('id');
  $username = get_post('username');
  $password = get_post(md5('password'));
  $email = get_post('email');
  $birth = get_post('birth');
  $age = get_post('age');
  $ircts3 = get_post('ircts3');
  $game = get_post('game');
  $gender = get_post('gender');
  $name = get_post('name');
  $administrator = get_post('admin');
  $query = "INSERT INTO Users VALUES" .
"('$id', '$username', '$password', '$email', '$birth', '$age', '$ircts3', '$game',    '$gender', '$name'. '$administrator')";

  if (!mysql_query($query, $bd))
  echo "INSERT failed: $query<br />" .
  mysql_error() . "<br /><br />";
  }
}
else if (isset($_POST['delete']) && isset($_POST['id']) 
{
$id = intval(get_post('id'));
$query = "DELETE FROM Users WHERE id='$id'";

if (!mysql_query($query, $bd))
echo "DELETE failed: $query<br />" .
mysql_error() . "<br /><br />";
}