Jump to content

Recommended Posts

sorry; forgot to post it.

 

if (mysql_num_rows($result) > 0) {
	$row = mysql_fetch_array($result) or die(mysql_error());
	if ((($row['pword']) == $password) && ($row['uname'] == $_SESSION['user'])) { 
		mysql_query("DELETE FROM members WHERE uname = '$_SESSION[user]' AND pword = '$password'"); 
		rmdir('users/$_SESSION[user]/uploads');
		rmdir('users/$_SESSION[user]');
		header('Location: logout.php?accountDeleted');
		mysql_close($result);
	}

The first thing that jumps out at me is the first three lines

if (mysql_num_rows($result) > 0) {
	$row = mysql_fetch_array($result) or die(mysql_error());
	if ((($row['pword']) == $password) && ($row['uname'] == $_SESSION['user'])) {

 

I would assume that the originating query ($result) would be a select statement using the password and username as WHERE conditions. So, why would you need the second if() statement to see if the username and password match the record? If that query isn't using the username/password as conditions then you may be returning more rows than the one for the user you want to delete. And, that code is only processing the first record.

 

Also, I don't see that either of those if() statements have an else condition. So, how do you know if the condition is false?

 

You know, problems like these are very simple to debug. Just add some echo's to your code to validate what is happening. For example, echo the actual value of mysql_num_rows($result) to the page (preferable right before that first line above:

echo "Records returned: "  . mysql_num_rows($result);

 

If that returns 0 or >1, then you know the problem is likely with that query or the parameters used in it. If the value is 1, then you can "assume" the results are correct and then continue to debug inside the first if() condition.

Use this code and you should know exactly where the problem is. By the way, you need to implement error handling for any process that could fail, such as the delete query and the rmdir() functions.

 

echo "Records returned: "  . mysql_num_rows($result) . "<br>\n";
if (mysql_num_rows($result) > 0)
{
    $row = mysql_fetch_array($result) or die(mysql_error());
    echo "Results of query " . print_r($result, true) . "<br>\n";
    echo "Username compare: DB value = '{$row['uname']}'; Session Value = '{$_SESSION['user']}'<br>\n";
    echo "Password compare: DB value = '{$row['pword']}'; password var = '{$password}'<br>\n";
    if ((($row['pword']) == $password) && ($row['uname'] == $_SESSION['user']))
    {
        $result = mysql_query("DELETE FROM members WHERE uname = '$_SESSION[user]' AND pword = '$password'");
        if(!$result)
        {
            echo "unable to perform delete query<br>\n";
        }
        if(!rmdir('users/$_SESSION[user]/uploads')) { echo "Unable to remove upload directory.<br>\n";
        if(!rmdir('users/$_SESSION[user]')) { echo "Unable to remove user directory.<br>\n";
        //Comment out the redirect for testing
        //header('Location: logout.php?accountDeleted');
        mysql_close($result);
    }
}

here is what i had:

 

<?php
// BEGIN TERMINATION OF ACCOUNT
if(isset($_POST['terminate'])) {
if (empty($_POST['terminatePassword'])) {
	$errors_terminate = "<div class='errors'>Please type in your account password to continue.</div>";
}
$password = md5($_POST['terminatePassword']);
mysql_select_db($database_uploader, $uploader);    
      	$query = "SELECT * FROM members WHERE uname = '$_SESSION[user]' AND pword='$password'";
      	$result = mysql_query($query) or die(mysql_error());

if (mysql_num_rows($result) > 0) {
	$row = mysql_fetch_array($result) or die(mysql_error());
	if ((($row['pword']) == $password) && ($row['uname'] == $_SESSION['user'])) { 
		mysql_query("DELETE FROM members WHERE uname = '$_SESSION[user]' AND pword = '$password'"); 
		rmdir('users/$_SESSION[user]/uploads');
		rmdir('users/$_SESSION[user]');
		header('Location: logout.php?accountDeleted');
		mysql_close($result);
	}
	else { 
		echo "We are sorry, but the password you have entered is not valid.";
		mysql_close($result);
	} 
} else { echo "User account not found!"; }
}
?>

ok, i got it to work.  i just need to redirect:

 

if ((($row['pword']) == $password) && ($row['uname'] == $_SESSION['user']))

    {

        $result = mysql_query("DELETE FROM members WHERE uname = '$_SESSION[user]' AND pword = '$password'");

        if(!$result)

        {

            echo "unable to perform delete query<br>\n";

        }

        if(!rmdir('users/'.$_SESSION[user].'/uploads')) { echo "Unable to remove upload directory.<br>\n"; }

        if(!rmdir('users/'.$_SESSION[user].'')) { echo "Unable to remove user directory.<br>\n"; }

        header('Location: logout.php?accountDeleted');

        mysql_close($result);

}

 

it doesn't seem to want to redirect after deleting the account for some odd reason.

 

i get this error: Warning: Cannot modify header information - headers already sent by (output started at /homepages/45/htdocs/uploader/my_account.php:17) in /homepages/45/htdocs/uploader/my_account.php on line 289

 

here is line 17: "<style type="text/css">"

 

would this redirect code have to be before the html code?

would this redirect code have to be before the html code?

 

From the manual: http://us.php.net/manual/en/function.header.php

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP.

 

Also, as I alluded to before, this if() condition serves no purpose:

if ((($row['pword']) == $password) && ($row['uname'] == $_SESSION['user'])) {

 

Your query is only pulling records where that condition is true and you are already testing that there was a record (or records returned). This just over-complicates the code.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.