Hello,
Basically I am creating a Forum system and I want to add a feature in which the the 'admin' of the forum can delete the topic created inside the forum.
I know I would need the following sql statement:
$sql = "DELETE FROM `forum_topics` WHERE `id`='".$id."';
Currently I have a mod.php file to edit topics which can only be done either by the author or admin and I call this from my topic.php page posted below.
mod.php
<?php
error_reporting(E_ALL ^ E_NOTICE); //Report all error except NOTICES
if(!$_SESSION['uid']){
header("Location: index.php");
}
$actz = $_GET['act2'];
$actzz = array('reply','topic','admin');
if($actz){
$admin = isa($_SESSION['uid']);
if($actz == 'admin'){
if($admin){
}else {
echo "You are not an administrator, so you cannot view this page!";
}
}
if($actz == 'reply'){
$id = mss($_GET['id']);
if($id){
$sql = "SELECT * FROM `forum_replies` WHERE `id`='".$id."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0){
echo "This topic doesn't exist, so therefore you cannot edit it!";
}else {
$row = mysql_fetch_assoc($res);
$user_id = $row['uid'];
if($user_id == $_SESSION['uid'] || $admin == 1){
if(!$_POST['submit']){
echo "<form method=\"post\" action=\"./index.php?act=mod&act2=reply&id=".$id."\">\n";
echo "<table border=\"0\" width=\"100%\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<tr><td class=\"forum_header\" align=\"center\"><textarea style=\"width:90%;height:200px\" name=\"reply\">".$row['message']."</textarea></td></tr>\n";
echo "<tr><td class=\"forum_header\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Edit This Reply\"></td></tr>\n";
echo "</table></form>\n";
}else {
$reply = mss($_POST['reply']);
if($reply){
$r = range(10,10000);
if(in_array(strlen($reply),$r)){
$sql2 = "UPDATE `forum_replies` SET `message`='".$reply."', `edit_time`='".time()."' WHERE `id`='".$id."'";
$res2 = mysql_query($sql2) or die(mysql_error());
header("Location: index.php?act=topic&id=".$row['tid']."");
}else {
echo "Your message must be between 10 and 10000";
}
}
}
}else {
echo "This is not your reply to edit!";
}
}
}
}
if($actz == 'topic'){
}
}else {
header("Location: index.php");
}
?>
topic.php
<?php
error_reporting(E_ALL ^ E_NOTICE); //Report all error except NOTICES
$id = mss($_GET['id']);
$page = (!$_GET['page'] || $_GET['page'] < 0) ? "1" : $_GET['page'];
$page = ceil($page);
$limit = 10;
$start = $limit;
$end = $page*$limit-($limit);
if($id){
$sql = "SELECT * FROM `forum_topics` WHERE `id`='".$id."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0){
echo "This topic does not exists!";
}else {
$row = mysql_fetch_assoc($res);
$sql2 = "SELECT admin FROM `forum_sub_cats` WHERE `id`='".$row['cid']."'";
$res2 = mysql_query($sql2) or die(mysql_error());
$row2 = mysql_fetch_assoc($res2);
if($row2['admin'] == 1 && $admin_user_level == 0){
echo "You cannot view this topic!";
}else {
$a = (isa($row['uid'])) ? "<font style=\"color:#800000;\">ADMIN</font>" : "";
echo "<table border=\"0\" width=\"100%\"cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\"><b>".$row['title']."</b>- Posted on: <em>".$row['date']."</em></td></tr>\n";
echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($row['uid'],true)."<br>Post Count: ".post($row['uid'])."</br>".$a."</td>\n";
echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
echo topic($row['message']);
echo "</td>\n";
echo "</tr>\n";
$amount_check = "SELECT * FROM `forum_replies` WHERE `tid`='".$id."'";
$amount_check_res = mysql_query($amount_check) or die(mysql_error());
$amount_count = mysql_num_rows($amount_check_res);
$pages = ceil($amount_count/$limit);
$previous = ($page-1 <= 0) ? "« Prev" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page-1)."\">« Prev</a>";
$nextpage = ($page+1 > $pages) ? "Next »" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page+1)."\">Next »</a>";
echo "<tr><td align=\"right\" colspan=\"2\" class=\"forum_header\">\n";
echo "Pages: ";
echo $previous;
for($i=1;$i<=$pages;$i++){
$href = ($page == $i) ? " ".$i." " : " <a href=\"./index.php?act=topic&id=".$id."&page=".$i."\">".$i."</a> ";
echo $href;
}
echo $nextpage;
echo "</td></tr>\n";
$select_sql = "SELECT * FROM `forum_replies` WHERE `tid`='".$id."' ORDER BY id ASC LIMIT ".$end.",".$start."";
$select_res = mysql_query($select_sql) or die(mysql_error());
while($rowr = mysql_fetch_assoc($select_res)){
echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\">Posted on: <em>".$rowr['date']."</em></td></tr>\n";
echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($rowr['uid'],true)."<br>Post Count: ".post($rowr['uid'])."</br>".$a."</td>\n";
echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
echo topic($rowr['message']);
if($rowr['edit_time'] > 0){
echo "<tr><td align=\"left\" colspan=\"3\" class=\"forum_header\"><em>Edited at:".date("l jS \of F Y",$rowr['edit_time']) . " at " . date("h:i:s",$rowr['edit_time'])."</em></td></tr>\n";
}
$adminz = isa($_SESSION['uid']);
if($adminz == 1 || $rowr['uid'] == $_SESSION['uid']){
echo "<tr><td align=\"left\" colspan=\"2\"><a href=\"index.php?act=mod&act2=reply&id=".$rowr['id']."\">Edit This Reply</a></td><tr>\n";
}
echo "</td>\n";
echo "</tr>\n";
}
echo "<form method=\"post\" action=\"./index.php?act=reply&id=".$row['id']."\">\n";
echo "<tr><td colspan=\"2\" align=\"center\"><textarea style=\"width:90%\" name=\"reply\"></textarea><br><input type=\"submit\" name=\"submit\" value=\"Add Reply\" stlye=\"width:90%\"></td</tr>\n";
echo "</table>\n";
}
}
}else {
echo "Please view a valid topic!";
}
?>
I was wondering if anybody could guide me as how I could perform this task.
I only want the the admin to be able to delete the post.