Here is my concern: I have a mini-site which allows making pages. Several users have access to my database. First: authentication, once past this page, it displays the list of existing records and according to the author of said sheets, the possible actions are not the same:
(I use real names, so I've hidden)
Here, for example, I am connected with the name D. and if I click Play, it works, I get page I want. Edit and Delete the same. But if I click on Read other lines, I always see the user D
If I switch users, the problem remains the same. Each button leads to information about the connected user. I also have an Administrator user who can normally do anything (view, edit, delete), but then he saw that the last sheet created (by the user F)
Here is the form code where there is the list:
HTML Code:
<body>
<form action="modify.php" method="post">
<table id="list">
<tr>
<th>
Title page |
</th>
<th>
Date modified |
</th>
<th>
Author of the page |
</th>
<th colspan="3">
Available actions
</th>
</tr>
<?php
$co = new PDO('mysql:host=127.0.0.1;dbname=pwet', $_SESSION['login'], $_SESSION['pwd']);
$list=$co->query("SELECT id, owner, date_redac, nom FROM page ORDER BY id ASC";);
$list->setFetchMode(PDO::FETCH_OBJ);
while($tri=$list->fetch()){
?>
<?php
$list_date = $tri->date_redac;
list($yyyy, $mm, $dd) = explode("-", $list_date);
$list_date = "$dd-$mm-$yyyy";
?>
<tr style="<?php if($user == $tri->owner){
echo "background-color: #b5e2f9;";
}else{
echo "background-color: #ff8c8c;";
}
if($user == "Administrator";){
echo "background-color: #9cff8c";
}?>">
<?php if($user == $tri->owner || $user == "Administrator";){?>
<td>
<?php echo $tri->name;?>
</td>
<td>
<?php echo $list_date;?>
</td>
<td>
<?php echo $tri->owner;?>
</td>
<td colspan="3">
<input type="hidden" name="id_select" value="<?php echo $tri->id;?>" />
<input type="submit" name="save" value="Read" />
<input type="submit" name="page_to_modify" value="Edit" />
<input type="submit" name="page_to_delete" value="Remove" />
</td>
<?php } else { ?>
<td>
<?php echo $tri->name;?>
</td>
<td>
<?php echo $list_date;?>
</td>
<td>
<?php echo $tri->owner;?>
</td>
<td colspan="3">
<input type="submit" name="save" value="Read" />
</td>
<?php
}
}
$list->closeCursor();
?>
</tr>
</table>
</form>
</body>
Normally, the id of my statement should be recovered and sent to the next page (modify.php). Is there a transformation of the type of variable to (id which is used in a mysql query to call the correct data based on the id supplied)?
I doubt that it shits in the multiple submit buttons, but I do not know how to fix it while keeping the layout and the current navigation
Any ideas?
Bookmarks