- session_start: documentation ( source)
- header: documentation ( source)
<?php
session_start();
//db
include_once('db.php');
$user_email = $_SESSION['email'];
$resultuid = mysql_query("SELECT `id` FROM `tbluser` WHERE `email` = '$user_email'") or die(mysql_error());
$row_id = mysql_fetch_assoc($resultuid);
$user_id = $row_id['id']; // id of the user
if(isset($_POST['delete_user']) && !empty($_POST['delete_user'])) {
$gid = $_POST['gid'];
$query4admin = mysql_query("SELECT * FROM groups WHERE id = '$gid' AND admin = '$user_id' AND active = '1'");
$admin = mysql_num_rows($query4admin);
if($admin==1){
$delete_user = mysql_real_escape_string($_POST['delete_user']);
mysql_query("UPDATE groupmembers SET flag = '0' WHERE `member`='$delete_user' AND `id`='$gid'") or die("Error occured!");
header('Location: /groups/?id='.$gid.'&msg=The user has been kicked out or deleted from the group!');
} else {
echo "<b>You are not admin of this group</b> or this group is a deleted/suspended one!";
}
} elseif(isset($_POST['group']) && !empty($$_POST['group'])) {
$gid = mysql_real_escape_string($_POST['group']);
$query4admin = mysql_query("SELECT * FROM groups WHERE id = '$gid' AND admin = '$user_id' AND active = '1'");
$admin = mysql_num_rows($query4admin);
if($admin==1){
mysql_query("UPDATE groups SET active = '0' WHERE `id`='$gid' AND `admin`='$user_id'") or die("Error occured!");
header('Location: /groups/?msg=You group has been deleted!');
} else {
echo "<b>You are not admin of this group</b> or this group is already deleted!";
}
}
?>