function listmsgs(){
echo '<table width="100%" border="0" cellspacing="1">
  <tr>
    <td width="4%">&nbsp;</td>
    <td width="60%">Title</td>
    <td width="36%">Action</td>
  </tr>';
  echo '</table>';
$query1="Select artid,title,COUNT(*) FROM article WHERE
artchild='0' GROUP BY title ";
$blogarticles = mysql_query($query1) or die(mysql_error());
$num = mysql_num_rows($blogarticles);
if($num>0){
while($row=mysql_fetch_assoc($blogarticles)){
 echo' <table width="100%" border="0" cellspacing="1">
 <tr>
    <td width="4%"><img src="../images/fopen.gif" width="15"
height="15" /></td>
    <td width="60%">'.$row['title'].'</td>
    <td width="36%"><a href="delete.php?aid='.$row
['artid'].'">Delete Thread</a> </td>
  </tr>';
echo '</table>';
}
}else{
echo '<p>There are no articles in the database.</p>';
}
}

This function list all the messages in the database by title and also gives the option to remove the messages. The "<a href="delete.php?aid='.$row['artid'].'">Delete Thread</a>"  link includes a message id variable (.$row['artid'].) which is sent to the delete script as "aid."

Here’s the output of this function:

And here’s the code for the delete.php script that goes with the listmsgs function:

<?
include "../config.php";
if(isset($_GET['aid'])){
$query="DELETE FROM article WHERE artid='".$_GET['aid']."'";
if(!mysql_query($query)){
echo mysql_error();
}
$query1="DELETE FROM article WHERE artchild='".$_GET['aid']."'";
mysql_query($query1);
header("Location:main.php?action=listmsgs");
}
?>

The delete script will only work if the "aid" variable is set, in other words, it will only work if the "aid" has a value in it. Then it does two things. First it deletes the main thread that has a message id of "aid," then it deletes all the messages that are related to the main message.

Next is the listusers() function. This function, as the name indicates, lists all the users in the database. It also gives you the option to delete a user, and tells you the banned status of a user. Below is the function code:

function listusers(){
echo '<table width="100%" border="0" cellspacing="1">
  <tr>
    <td width="4%">&nbsp;</td>
    <td width="20%"><b>User</b></td>
    <td width="15%"><b>Action</b></td>
             <td width="60%"><b>Ban</b></td>
  </tr>';
   echo '</table>';
$query_users="select id,uname,isbanned from user ORDER BY
date_joined DESC";
$result_users=mysql_query($query_users);
$num_users = mysql_num_rows($result_users);
if($num_users > 0){
while($row_users=mysql_fetch_assoc($result_users)){
 echo '<table width="100%" border="0" cellspacing="1"> 
 <tr>
    <td width="4%"><img src="../images/icon_user.gif" width="16"
height="16" /></td>
    <td width="20%">'.$row_users['uname'].' </td>
    <td width="15%"><a href="delete_user.php?uid='.$row_users
['id'].'">Delete</a> </td>';
if($row_users['isbanned']=="yes"){      
echo '<td width="60%"><a href="ban.php?uid='.$row_users['id'].' &
status=banned ">User is Banned</a></td>';
}else{
echo '<td width="60%"><a href="ban.php?uid='.$row_users['id'].' &
notbanned">User not Banned</a></td>';
}
echo'  </tr>';
echo '</table>';
}
}else{
echo "Could not find any users in the database.";
}
}

When you click on the delete link, this link:

<a href="delete_user.php?uid='.$row_users['id'].'">Delete</a>

sends a user id to the delete_user.php page. And if you click on the ban user link, a user id is sent to the ban.php page.

Here’s the output of this function:

And here’s the code for the delete_user page:

<?
include "../config.php";
if(isset($_GET['uid'])){
$query="DELETE FROM user WHERE id='".$_GET['uid']."'";
if(!mysql_query($query)){
echo mysql_error();
}
header("Location:main.php?action=listusers");
}
?>

As with any database-related delete operation, this delete is very simple. All that it does is search for a user with the given user id and then delete the record that matches that id. It then returns to exactly where it was.

And here’s the code for the ban.php page:

<?
include "../config.php";
if(isset($_GET['uid'])){
if($_GET['status'] == "banned"){//is banned so unban the user
$query="UPDATE user SET isbanned='no' WHERE id='".$_GET['uid']."'";
if(!mysql_query($query)){
echo mysql_error();
}//query if
}//ban query
if($_GET['status'] == "notbanned"){ // ban the user
$query="UPDATE user SET isbanned='yes' WHERE id='".$_GET['uid']."'";
if(!mysql_query($query)){
echo mysql_error();
}//query if
}//
header("Location:main.php?action=listusers");
}//if
?>

This function checks the value of  the "status" variable that is sent by the listusers function, to see if that value included in that variable is "notbanned" or "banned." Based on that value it will then take the appropriate action, either to ban a user or not. It the returns to the main page.  All new users are by default set to "not banned." Unless the user was registered by the admin, in which case the admin can set the banned status him/herself.

function listcat(){
echo '<table width="100%" border="0" cellspacing="1"> 
 <tr>
    <td width="50%"><b>Category name</b></td>
    <td width="50%"><b></b>Action </td>';
   echo'  </tr>';
echo '</table>';
$query2="Select * FROM categories";
$cat = mysql_query($query2) or die(mysql_error());
$num=mysql_num_rows($cat);
if($num>0){
while($row=mysql_fetch_assoc($cat)){
 echo '<table width="100%" border="0" cellspacing="1"> 
 <tr>
    <td width="50%">'.$row['category'].'</td>
    <td width="50%"><a href="delete_cat.php?catid='.$row
['catid'].'">Delete</a> </td>';
   echo'  </tr>';
echo '</table>';
}
}
}

This function lists all the categories in the database by name and also gives the option to delete them. The link:

<a href="delete_cat.php?catid='.$row['catid'].'">Delete</a>

sends a value called "catid" to the delete_cat.php page.

Here’s the output of this function:

And here’s the code that performs the deletion:

<?
include "../config.php";
if(isset($_GET['catid'])){
$query="DELETE FROM categories WHERE catid='".$_GET['catid']."'";
if(!mysql_query($query)){
echo mysql_error();
}
header("Location:main.php?action=listcat");
}
?>

This function uses the category id value sent by the listcat() function to delete the category from the database. Again I’ve taken the secure route by checking first to see whether the “catid” variable has a value before proceeding with deleting the record.