nicht angemeldet
Hallo miteinander,
Ich beisse mir nun seit gut 2 Tagen die Zähne an einem PHP Skript aus, dass folgendes macht sollte.
Die Webseite sollte das Anlegen/Löschen neuer User, Modifizieren der Benutzerdaten erlauben.
Dabei werden die Userdaten in einer Datenbank verschlüsselt gespeichert. ebenso wird die Möglichkeit gegeben den Usern untschiedliche Rechte zu geben.
Mein Problem ist die Variablen weitergabe. Das Skript lässt mich keine neuen User anlegen und ich weiss nicht woran das liegen kann.
Danke fuer eure Tips im vorraus.
Sourcecode:
<html>
<head>
<title>Useradministration</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body><div align=center>
<?php
include('file:///C|/Program%20Files/Apache%20Group/Apache2/htdocs/DBOSDB/config.php');
$link=MYSQL_CONNECT($MYSQL_HOST,$MYSQL_USER,$MYSQL_PASS);
MYSQL_SELECT_DB($DB_NAME,$link);
$idle=10;
//Add new user
if (isset($_POST['sent'])=="1")
{
$sql="INSERT INTO $tablename () VALUES () ";
MYSQL_QUERY($sql,$link);
if(MYSQL_INSERT_ID()>0)
{
$ID=MYSQL_INSERT_ID();
$message="New User added<br>";
}
else
{
$message="Was not able to create a new User<br>";}
}
//Store Userdata
if(isset($_POST['sent'])=="2")
{
if($Password!='' AND (strlen($Password)<6 OR strlen($Password)>12))
{
$message.=" Incorrect password length<br>";
unset($Password);
}
$sql="UPDATE $tablename SET ";
if ($Password!='')
{
$Password2=md($Password);
$sql.=" Password='$Password2',";
}
$sql.=" Username='$Username',";
$sql.=" admin='$admin',";
$sql.=" description='$description',";
$sql.=" WHERE ID='$ID',";
$test=MYSQL_QUERY($sql,$link);
if ($Password!='' AND !$test) {$message.="The update could not be saved, the old password is still valid<br>";}
if ($Password!='' AND $test) {$message.="The new password - $Password - is now valid<br>";}
}
//Delete a user
if(isset($_POST['sent'])=="3")
{
$sql="DELETE FROM $tablename WHERE ID=$ID ";
MYSQL_QUERY($sql,$link);
unset($ID);
}
echo "<h2><font color=blue>$message</font></h2>";
//List of User and display of form
$sql="SELECT * FROM $tablename ORDER BY username ";
$result=MYSQL_QUERY($sql,$link);
if(MYSQL_NUM_ROWS($result)>0)
{
echo "<h2>Choose your Username</h2>";
echo "<form action='$PHP_SELF' method='post'>";
echo "<select name='ID'>";
for ($i=0;$i<MYSQL_NUM_ROWS($result);$i++)
{
$ID1=MYSQL_RESULT($result,$i,'ID');
$uname=MYSQL_RESULT($result,$i,'username');
echo "<option value=$ID1";
if ($ID==$ID1){echo " selected ";}
echo ">$uname";
}
echo "</select><br><br>";
echo "<input type=submit>";
echo "</form>";
}
//Editing form
if($ID)
{
$sql="SELECT * FROM $tablename WHERE ID=$ID ";
$result=MYSQL_QUERY($sql,$link);
if(MYSQL_NUM_ROWS($result)==1)
{
$ID1=MYSQL_RESULT($result,0,'ID');
$username1=MYSQL_RESULT($result,0,'username');
$password1=MYSQL_RESULT($result,0,'password');
$admin1=MYSQL_RESULT($result,0,'admin');
$description1=MYSQL_RESULT($result,0,'Description');
echo "<h2>Modify user $username1</h2>";
echo "<form action='$PHP_SELF' method='post'>";
echo "<input type=hidden name=sent value=2>";
echo "<input type=hidden name=ID value=$ID1>";
echo "<p>Username</p>";
echo "<input type=text name=username value='$username1'>";
echo "<p>password <br><font color=red> If you do not want to modify your password, leave it blank!</font></p>";
if($password1=='passw') {echo "<p><font color=red size=+1>Please insert your password.</font></p>";}
echo "<input type=text name=password value=''>";
echo "<p>Description:</p>";
echo "<input type=text name=Description value='$descrition1'>";
echo "<p>Administrator</p>";
echo "<input type=radio name=admin value=-1 ";
if($admin1==-1){echo " checked ";}
echo ">No --- ---";
echo "<input type=radio name=admin value=1 ";
if($admin1==1){echo "checked ";}
echo ">Yes ";
echo "<br><br><input type=submit>";
echo "</form>";
echo "<br><a href='$PHP_SELF?sent=3&ID=$ID1'><font size=+1>Delete User</font></a>";
}
}
echo "<br><a href='$PHP_SELF?sent=1'><font size=+1>Create a new user</font></a>";
?>
</div>
</body>
</html>