我有一个删除帐户页面,允许用户在检查密码是否正确但问题出现后删除他们的帐户 当用户插入错误的密码时,系统显示错误信息,表示密码不正确。 当用户插入正确的密码时,系统不会显示任何消息来通知用户。 任何人都可以帮助我吗?
<?php
session_start();
$msgToUser="";
if(@!$_SESSION['user_id'])
{
$msgToUser= '<br /><br /><font color = "#FF000">Only registered users can delete their account</font><p><a href = "register.php">Join Here</a></p>';
exit();
}
$id = $_SESSION['user_id'];
if(isset($_POST['delete']))
{
$del_acct_pass = $_POST['del_account_pass'];
require_once('include/connect.php');
$check_pass = mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND user_id ='$id'")or die(mysql_error());
$check_pass_num = mysql_num_rows($check_pass);
if($check_pass_num>0)
{
/*$sql = mysql_query("SELECT * FROM user WHERE user_id = '$id'")or die(mysql_error());
$pass_check_num = mysql_num_rows($sql);*/
$pic1=("members/$id/image01.jpg");
if(file_exists($pic1))
{
unlink($pic1);
}
$dir = "members/$id";
rmdir($dir);
$sqltable1 = mysql_query("DELETE FROM user WHERE user_id ='$id'")or die(mysql_error());
$sqltable1 = mysql_query("DELETE FROM blabing WHERE u_id ='$id'")or die(mysql_error());
$msgToUser="<h3 style='color:#99FF33'>YOUR Account Has Been Deleted!!!</h3>";
session_destroy();
}
$msgToUser = "<h3 style='color:#CC0000'>YOU must Write the correct Password</h3>";
}
?>
<table width="70%" align="center" cellpadding="6">
<form action="delete_account.php" method="post" name="delete_form" >
<tr>
<td bgcolor="#CCCCCC">Delete Your Account </td>
</tr>
<tr>
<td>Please enter Your current Password to proceed with account deletion</td>
</tr>
<tr>
<td><input type="password" name="del_account_pass" id="del_account_pass" /></td>
</tr>
<tr>
<td><input type="submit" name="delete" id="delete" value="Delete Account" /></td>
</tr>
<tr>
<td><?php echo $msgToUser; ?></td>
</tr>
</form>
</table>
答案 0 :(得分:1)
始终将$ msgToUser始终设置为错误密码的消息。
即使删除帐户也会运行。
您可能希望在Else子句
中使用它} else {
$msgToUser = "<h3 style='color:#CC0000'>YOU must Write the correct Password</h3>";
}
顺便说一句,您需要阅读安全性,您的代码很容易受到SQL注入攻击。