这是我的"config.php"文件
<?php
/******************************************************
------------------Required Configuration---------------
Please edit the following variables so the forum can
work correctly.
******************************************************/
//We log to the DataBase
mysql_connect('', '', '');
mysql_select_db('');
//Username of the Administrators
$admin='Hexagon';
$mod='test1';
/******************************************************
-----------------Optional Configuration----------------
******************************************************/
//Forum Home Page
$url_home = 'index.php';
//Design Name
$design = 'default';
/******************************************************
----------------------Initialization-------------------
******************************************************/
include('init.php');
?>
这是我的"delete_topic.php"文件:
<?php
//This page let delete a topic
include('config.php');
if(isset($_GET['id']))
{
$id = intval($_GET['id']);
if(isset($_SESSION['username']))
{
$dn1 = mysql_fetch_array(mysql_query('select count(t.id) as nb1, t.title, t.parent, c.name from topics as t, categories as c where t.id="'.$id.'" and t.id2=1 and c.id=t.parent group by t.id'));
if($dn1['nb1']>0)
{
if($_SESSION['username']==$admin)
if($_SESSION['username']==$mod)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>Delete a topic - <?php echo htmlentities($dn1['title'], ENT_QUOTES, 'UTF-8'); ?> - <?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?> - Forum</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Forum" /></a>
</div>
<div class="content">
<?php
$nb_new_pm = mysql_fetch_array(mysql_query('select count(*) as nb_new_pm from pm where ((user1="'.$_SESSION['userid'].'" and user1read="no") or (user2="'.$_SESSION['userid'].'" and user2read="no")) and id2="1"'));
$nb_new_pm = $nb_new_pm['nb_new_pm'];
?>
<div class="box">
<div class="box_left">
<a href="<?php echo $url_home; ?>">Forum Index</a> > <a href="list_topics.php?parent=<?php echo $dn1['parent']; ?>"><?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?></a> > <a href="read_topic.php?id=<?php echo $id; ?>"><?php echo htmlentities($dn1['title'], ENT_QUOTES, 'UTF-8'); ?></a> > Delete the topic
</div>
<div class="box_right">
<a href="list_pm.php">Your messages(<?php echo $nb_new_pm; ?>)</a> - <a href="profile.php?id=<?php echo $_SESSION['userid']; ?>"><?php echo htmlentities($_SESSION['username'], ENT_QUOTES, 'UTF-8'); ?></a> (<a href="login.php">Logout</a>)
</div>
<div class="clean"></div>
</div>
<?php
if(isset($_POST['confirm']))
{
if(mysql_query('delete from topics where id="'.$id.'"'))
{
?>
<div class="message">The topic have successfully been deleted.<br />
<a href="list_topics.php?parent=<?php echo $dn1['parent']; ?>">Go to "<?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?>"</a></div>
<?php
}
else
{
echo 'An error occured while deleting the topic.';
}
}
else
{
?>
<form action="delete_topic.php?id=<?php echo $id; ?>" method="post">
Are you sure you want to delete this topic?
<input type="hidden" name="confirm" value="true" />
<input type="submit" value="Yes" /> <input type="button" value="No" onclick="javascript:history.go(-1);" />
</form>
<?php
}
?>
</div>
<div class="foot"><a href="http://www.webestools.com/scripts_tutorials-code-source-26-simple-php-forum-script-php-forum-easy-simple-script-code-download-free-php-forum-mysql.html">Simple PHP Forum Script</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
<?php
}
else
{
echo '<h2>You don't have the right to delete this topic.</h2>';
}
}
else
{
echo '<h2>The topic you want to delete doesn't exist.</h2>';
}
}
else
{
echo '<h2>You must be logged as an administrator to access this page: <a href="login.php">Login</a> - <a href="signup.php">Sign Up</a></h2>';
}
}
else
{
echo '<h2>The ID of the topic you want to delete is not defined.</h2>';
}
?>
由于某些原因,$mod组中的任何人都不能删除主题。这已经困扰我一段时间了,因为我需要版主能够删除主题和编辑帖子,但他们甚至不能删除主题。有什么建议吗?这是一个非常大的项目,我正在工作,这对我来说很重要,我可以有模组和管理员之间的差异。[顺便说一句,数据库信息填写在我的config.php文件]
解决这个问题的一个好方法是在您的用户(或成员)表中创建一个字段,并将该字段称为"user_levels",其中将
Admin设置为1,
Moderator设置为2,
其他成员设置为3或空或0(无论您喜欢什么)。
那么您可以设置会话$_SESSION['user_levels']并始终检查该会话,如下所示
if ($_SESSION['user_levels']==1 || $_SESSION['user_levels']==2)
{
// Grant him permission to delete the record
}
else
{
// tell him that he is not authorize to delete it
}
你的问题在这里
if($_SESSION['username']==$admin)
if($_SESSION['username']==$mod)
{
如果$admin条件不满足,你会发现自己不在允许删除的块中…我想你可能需要这个
if($_SESSION['username']==$mod || $_SESSION['username']==$admin)
{
请开始使用mysqli,因为mysql已被弃用