检查密码正确后删除用户

时间:2013-05-12 08:30:56

标签: php mysql sql-delete

我想在用户提交正确的密码后删除用户,并显示一条消息,告知用户他已被删除。

在我的代码中,问题是无论用户写什么系统都考虑写入并允许删除。

删除.php 

<?php 
session_start();
$msgToUser="";
if(@!$_SESSION['user_id'])
{
    $msgToUser= '<br /><br /><font color = "#FF000">Only registered users can delete their account</font><p><a href = "register.php">Join Here</a></p>';
    exit();
}
$id = $_SESSION['user_id'];

if(isset($_POST['delete']))
{


        $del_acct_pass = $_POST['del_account_pass'];

         require_once('include/connect.php'); 
        $check_pass= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND  user_id = '$id'") or die(mysql_error());
        if($check_pass)
        {
            $sql = mysql_query("SELECT * FROM user  WHERE user_id = '$id'")or die(mysql_error());
            $pass_check_num = mysql_num_rows($sql);
            if($pass_check_num >0)
            {
                $pic1=("members/$id/image01.jpg");
                if(file_exists($pic1))
                { 
                      unlink($pic1);

                }
                $dir = "members/$id";
                rmdir($dir);
                $sqltable1 = mysql_query("DELETE FROM user WHERE user_id ='$id'")or die(mysql_error());
                $sqltable1 = mysql_query("DELETE FROM blabing WHERE u_id ='$id'")or die(mysql_error());
                session_destroy();
                $msgToUser="YOUR Account Has Been Deleted!!!";
                exit();
            }
       }
       $msgToUser="<h3 style='color:#CC0000'>You must Write the Correct Password</h3>";
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit Page</title>
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet' type='text/css' />
<link href='http://fonts.googleapis.com/css?family=Abel|Satisfy' rel='stylesheet' type='text/css' />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />

</head>

<body>

<?php /*require_once('header.php');*/ ?>
<div id="wrapper">
    <div id="page-wrapper">
        <div id="page">
            <div id="wide-content">
              <table width="70%" align="center" cellpadding="6">
              <form action="delete_account.php" method="post" name="delete_form" >
                <tr>
                  <td bgcolor="#CCCCCC">Delete Your Account </td>
                </tr>
                <tr>
                  <td>Please enter Your current Password to proceed with account deletion</td>
                </tr>
                <tr>
                  <td><input type="password" name="del_account_pass" id="del_account_pass" /></td>
                </tr>
                <tr>

                  <td><input type="submit" name="delete" id="delete" value="Delete Account" /></td>
                </tr>
                <tr>
                <td><?php echo $msgToUser; ?></td>
                </tr>
                </form>
              </table>



            </div>
        </div>
  </div>
</div>
<?php  require_once('footer.php'); ?>


</body>
</html>

4 个答案:

答案 0 :(得分:3)

此if语句错误

if($check_pass)

$ check_pass将是一个资源ID,即使你得到结果,它也总是非空的。如果使用此

返回任何数据,您应该使用mysql_num_rows进行检查 
if (mysql_num_rows($check_pass)>0) {


      //write your delete code here

}

答案 1 :(得分:1)

您必须先传递第一个查询资源而不是第二个查询。

$pass_check_num = mysql_num_rows($sql);

应该是

$pass_check_num = mysql_num_rows($check_pass);

答案 2 :(得分:0)

我认为不是这样做

$check_pass= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND  user_id = '$id'") or die(mysql_error());
        if($check_pass)
        {
            $sql = mysql_query("SELECT * FROM user  WHERE user_id = '$id'")or die(mysql_error());
            $pass_check_num = mysql_num_rows($sql);
            if($pass_check_num >0)
            {

你可以简单地这样做:

$sql= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND  user_id = '$id'") or die(mysql_error());
            $pass_check_num = mysql_num_rows($sql);
            if($pass_check_num >0)
            {

答案 3 :(得分:0)

您的代码必须像这样才能工作,但是请注意您的查询已被弃用,您应该使用msqli或PDO,改变它们并不难,如果您继续使用它,最可能的是您的查询不久的将来不会工作,不提安全问题。 Link to Get Your Code Better 

<?php 
session_start();
$msgToUser="";
if(@!$_SESSION['user_id'])
{
    $msgToUser= '<br /><br /><font color = "#FF000">Only registered users can delete their account</font><p><a href = "register.php">Join Here</a></p>';
    exit();
}
$id = $_SESSION['user_id'];

if(isset($_POST['delete']))
{


        $del_acct_pass = $_POST['del_account_pass'];

         require_once('include/connect.php'); 
        $check_pass= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND  user_id = '$id'") or die(mysql_error());
         $check_pass_num = mysql_num_rows($check_pass);
          if($check_pass_num >0)
               {

                $pic1=("members/$id/image01.jpg");
                if(file_exists($pic1))
                { 
                      unlink($pic1);

                }
                $dir = "members/$id";
                rmdir($dir);
                $sqltable1 = mysql_query("DELETE FROM user WHERE user_id ='$id'")or die(mysql_error());
                $sqltable1 = mysql_query("DELETE FROM blabing WHERE u_id ='$id'")or die(mysql_error());
                session_destroy();
                $msgToUser="YOUR Account Has Been Deleted!!!";
                exit();

       }
       $msgToUser="<h3 style='color:#CC0000'>You must Write the Correct Password</h3>";
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit Page</title>
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet' type='text/css' />
<link href='http://fonts.googleapis.com/css?family=Abel|Satisfy' rel='stylesheet' type='text/css' />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />

</head>

<body>

<?php /*require_once('header.php');*/ ?>
<div id="wrapper">
    <div id="page-wrapper">
        <div id="page">
            <div id="wide-content">
              <table width="70%" align="center" cellpadding="6">
              <form action="delete_account.php" method="post" name="delete_form" >
                <tr>
                  <td bgcolor="#CCCCCC">Delete Your Account </td>
                </tr>
                <tr>
                  <td>Please enter Your current Password to proceed with account deletion</td>
                </tr>
                <tr>
                  <td><input type="password" name="del_account_pass" id="del_account_pass" /></td>
                </tr>
                <tr>

                  <td><input type="submit" name="delete" id="delete" value="Delete Account" /></td>
                </tr>
                <tr>
                <td><?php echo $msgToUser; ?></td>
                </tr>
                </form>
              </table>



            </div>
        </div>
  </div>
</div>
<?php  require_once('footer.php'); ?>


</body>
</html>
相关问题
最新问题