WARNING
huge php script, watch your head
/WARNING :D
Ok, i want to start by saying that this is part of a free script im making and therefor may be used by anyone, the script if available at:
http://pctipforum.com/index.php?topic=345.0
next i want to say that this is a login script for the admin panel of the above utility, the utility is a php based guestbook
This admin panel, for now, offers the person whom uses it the ability to delete and entry from the guestbook, at the time it does not work
I think there is a piece missing where its marked, youll see it torward the end like this:
//---------------------------------
//<--- SOMETHING GOES HERE --->
//---------------------------------
some part of the script is not escaped with a } and so its missing a piece, the script WAS functional, when it had multiple pages, ie this page linked to another page to parse the form..
but after i got about 30 pages in this simple to use guestbook, it became too complicated, as such i put them into one page, and now i cant figure out what im missing ><
please help
<?PHP
//turn off error reporting...
error_reporting(0);
//Include the file with the password
include ("Config.php");
//Convert the username and password into usable strings
$user = $_POST['user'];
$pass = $_POST['pass'];
//We need to disable the first parse of this script, which is when the person first come to the page...
if($user=="")
{
echo '
<center>
<table border="0">
<form method="POST" action="A_login.php">
<tr><td>
Admin Username:
<td>
<input type="text" name="user">
<tr><td>
Admin Password:
<td>
<input type="password" name="pass">
<tr><td>
Submit:
<td>
<input type="submit" value="Submit">
</form>
</table>
</center>
<center>
This will display the FULL guestbook, it gets quite long....
</center>
';
die('');
}
if($Delete=="")
{
//Check username and password
if (($user=="$Ad_Username") && ($pass=="$Ad_Password"))
{
//if its right, we can go ahead and display the info
echo '
<br><br>
<center>
<h2>THIS WILL DELETE WHATEVER NUMBER YOU INPUT!</h2>
</center>
<br>
<center>
<table border="0">
<form method="POST" action="A_login.php">
<input type="hidden" value="$user" name="user">
<input type="hidden" value="$pass" name="pass">
<tr><td>
DELETE NUMBER:
<td>
<input type="text" name="Delete">
<tr><td>
Submit:
<td>
<input type="submit" value="Submit">
</form>
</table>
</center>
';
//Admin Guestbook, for use in the panel ONLY
echo '<br><br><br>';
echo '<center>';
//This includes the Configuration file that should be in the same folder as this guestbook Script
include ("Config.php");
//This is where the Script connects to your database
$con = mysql_connect("$Hostname","$Username","$Password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
//Selects the database in config.php
mysql_select_db("$Database", $con);
//Selects the info from the guestbook table and sets it as a variable
$result = mysql_query("SELECT * FROM $Table ORDER BY Number DESC");
//This portion configures the table which will display the guestbook
echo "<font color=$HeaderColor size=\"2\">FOR USE IN THE ADMIN PANEL ONLY</font>";
echo '<br><br>';
echo "<table width=\"80%\" Border=\"$TableBord\">";
echo "<tr><td><font color=$HeaderColor>Number<td><font color=$HeaderColor>Smiley<td><font color=$HeaderColor>Name<td><font color=$HeaderColor>Date<td><font color=$HeaderColor>Comment<td><font color=$HeaderColor>Email<td><font color=$HeaderColor>IP";
//This is an array, it takes each entry into the guestbook and puts it on a line
while($row = mysql_fetch_array($result))
{
Echo "<tr>";
Echo "<td><font color=$EntryColor>";
Echo $row['Number'];
Echo "<td><img src=Smiley/";
Echo $row['Smiley'];
Echo ".gif>";
Echo "<td><font color=$EntryColor>";
Echo $row['Name'];
Echo "<td><font color=$EntryColor>";
Echo $row['Date'];
Echo "<td><font color=$EntryColor>";
Echo $row['Comment'];
Echo "<td><font color=$EntryColor>";
Echo $row['Email'];
Echo "<td><font color=$EntryColor>";
Echo $row['IP'];
}
Echo "</font>";
//Disconnect from the database
mysql_close($con);
//End Admin Guestbook viewer
echo '</center>';
die('');
}
else
{
die('Wrong username and or password!');
}
//---------------------------------
//<--- SOMETHING GOES HERE --->
//---------------------------------
else
{
//This includes the Configuration file that should be in the same folder as this Script
include ("Config.php");
echo "
<a href=$LINK>Return</a>
<br><br><br><br>
";
//This is where the Script connects to your database
$con = mysql_connect("$Hostname","$Username","$Password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
//Selects the database in config.php
mysql_select_db("$Database", $con);
$sql="DELETE FROM $Table WHERE Number='$_POST[Delete]'";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "record deleted";
}
?>
p.s. yes i know its messy, yes i know i have a LOT of html being parsed by php, i will clean it up later, right now its like that for simplicities sake....
thanks in advance!