Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Index
- <?php
- session_start();
- include("data.php");
- //print_r($_SESSION); // skriver ut sessionsvariabeln.
- mysql_connect("localhost","nakor003",DB_PASSWORD) or die(mysql_error());
- mysql_select_db("nakor003") or die(mysql_error());
- if ( isset($_SESSION['user']) )
- {
- if ( isset($_POST['submit']) )
- {
- $namn = htmlentities($_SESSION['user']);
- $inlagg = htmlentities($_POST['inlagg']);
- mysql_query("INSERT INTO gb(namn,inlagg,tid) VALUES ('$namn','$inlagg',NOW())") or die(mysql_error());
- ?>
- <h2><font color=green>Lyckades skicka in gästboksinlägg</font></h2>
- <?php
- }
- ?>
- <html>
- <head>
- <title>hej!</title>
- </head>
- <body>
- <form method="POST">
- <b>Shoutbox</b><br>
- <textarea cols=40 rows=5 name="inlagg"></textarea>
- <br>
- <input type="submit" value="Skicka!" name="submit">
- <form>
- <table>
- <?php
- $sql = "SELECT `namn`, `inlagg`, `tid`, `id` FROM `gb` ORDER BY `tid` DESC";
- $resultat = mysql_query($sql) or die(mysql_error());
- while ( $rad = mysql_fetch_assoc($resultat) )
- {
- ?>
- <tr bgcolor="#ffccff"><td><?=$rad['namn'];?></td><td><?=$rad['tid'];?></td>
- <?
- if ( isset($_SESSION['user']) && ($_SESSION['admin'] == 1) )
- {
- ?>
- <td><a href="delete.php?id=<?=$rad['id'];?>">X</a>
- <?php
- }
- else
- {
- echo "";
- }
- ?></td></tr>
- <tr><td colspan=2><?=nl2br($rad['inlagg']);?></td></tr>
- <tr><td colspan=2> </td></tr>
- <?php
- }
- ?>
- </table>
- <a href="logout.php">Logga ut!</a>
- <?php
- }
- else
- {
- include ("session.php");
- }
- ?>
- </body>
- </html>
- <?php
- mysql_close();
- ?>
- //Session
- <?php
- session_start();
- require("data.php"); // $db_pass="hejsan";
- mysql_connect("localhost","nakor003",DB_PASSWORD) or die(mysql_error());
- mysql_select_db("nakor003") or die(mysql_error());
- if ( !isset($_SESSION['user']) )
- {
- // $anv = "passwd";
- // $los = "nav";
- if ( isset($_POST['submit']) )
- {
- $user = $_POST['user'];
- $pass = $_POST['pass'];
- $pass = md5($pass);
- $sql = "SELECT `username`, `admin` FROM `users` WHERE `username` ='$user' AND `password`='$pass' LIMIT 1";
- $q = mysql_query($sql) or die(mysql_error());
- if ( mysql_num_rows($q) == 1 )
- {
- // Inloggad!
- $dat = mysql_fetch_assoc($q);
- $_SESSION['user'] = $dat['username'];
- $_SESSION['admin'] = $dat['admin'];
- header("Location: ?");
- }
- else
- {
- ?>
- <span style="text-size: 20px;">FEEEEEEEEEEEEEEEEEEEEEEEL</span>
- <?php
- }
- }
- ?>
- <form method="POST">
- <b>Användarnamn</b><br>
- <input type="text" name="user"><br>
- <b>Lösenord</b><br>
- <input type="password" name="pass"><br>
- <input type="submit" name="submit" value="Logga in!">
- </form>
- <a href="reg.php">Registrera</a>
- <?php
- }
- else
- {
- ?>
- Hej <?=$_SESSION['user'];?>
- <a href="logout.php">Logga ut! </a><a href="index.php">Moderera Gästboken!</a>
- <?php
- }
- ?>
- //DELETE
- <?php
- session_start();
- include("data.php");
- mysql_connect("localhost","nakor003",DB_PASSWORD) or die(mysql_error());
- mysql_select_db("nakor003") or die(mysql_error());
- if ( isset($_SESSION['user']) && ( isset($_GET['id']) ) )
- {
- $sql = "DELETE FROM `gb` WHERE id=".$_GET['id']." LIMIT 1";
- mysql_query($sql) or die(mysql_error());
- header("Location: ".$_SERVER['HTTP_REFERER']);
- }
- ?>
- //LOGOUT<?php
- session_start();
- session_destroy();
- header("Location: ".$_SERVER['HTTP_REFERER']);
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement