确认用户帐户已删除不起作用

时间:2013-05-12 13:45:13

标签: php mysql

我有一个删除帐户页面,允许用户在检查密码是否正确但问题出现后删除他们的帐户 当用户插入错误的密码时,系统显示错误信息,表示密码不正确。 当用户插入正确的密码时,系统不会显示任何消息来通知用户。 任何人都可以帮助我吗?

delete_account.php

<?php 
session_start();
$msgToUser="";
if(@!$_SESSION['user_id'])
{
    $msgToUser= '<br /><br /><font color = "#FF000">Only registered users can delete their account</font><p><a href = "register.php">Join Here</a></p>';
    exit();
}
$id = $_SESSION['user_id'];

if(isset($_POST['delete']))
{


        $del_acct_pass = $_POST['del_account_pass'];
         require_once('include/connect.php'); 
        $check_pass = mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND user_id ='$id'")or die(mysql_error());
        $check_pass_num = mysql_num_rows($check_pass);
        if($check_pass_num>0)
        {
        /*$sql = mysql_query("SELECT * FROM user  WHERE user_id = '$id'")or die(mysql_error());
        $pass_check_num = mysql_num_rows($sql);*/


            $pic1=("members/$id/image01.jpg");
            if(file_exists($pic1))
            { 
                  unlink($pic1);

            }

            $dir = "members/$id";
            rmdir($dir);

            $sqltable1 = mysql_query("DELETE FROM user WHERE user_id ='$id'")or die(mysql_error());
            $sqltable1 = mysql_query("DELETE FROM blabing WHERE u_id ='$id'")or die(mysql_error());
            $msgToUser="<h3 style='color:#99FF33'>YOUR Account Has Been Deleted!!!</h3>";
            session_destroy();



        }
        $msgToUser = "<h3 style='color:#CC0000'>YOU must Write the correct Password</h3>";

}



?>
  <table width="70%" align="center" cellpadding="6">
          <form action="delete_account.php" method="post" name="delete_form" >
            <tr>
              <td bgcolor="#CCCCCC">Delete Your Account </td>
            </tr>
            <tr>
              <td>Please enter Your current Password to proceed with account deletion</td>
            </tr>
            <tr>
              <td><input type="password" name="del_account_pass" id="del_account_pass" /></td>
            </tr>
            <tr>

              <td><input type="submit" name="delete" id="delete" value="Delete Account" /></td>
            </tr>
            <tr>
            <td><?php echo $msgToUser; ?></td>
            </tr>
            </form>
          </table>

1 个答案:

答案 0 :(得分:1)

始终将$ msgToUser始终设置为错误密码的消息。

即使删除帐户也会运行。

您可能希望在Else子句

中使用它
} else {
    $msgToUser = "<h3 style='color:#CC0000'>YOU must Write the correct Password</h3>";
}

顺便说一句,您需要阅读安全性,您的代码很容易受到SQL注入攻击。