PHPJoey89 Posted October 26, 2014 Share Posted October 26, 2014 I have this snippet that pulls up a confirmation page and requires a click to confirm before deleting the input member (or gives invalid member error), I have been completely unsuccessful removing the confirmation step and just deleting the member with success... case 'deletemember': if (!isset($_POST['deletemember']) && !isset($confirm)) { $delmembername = null; print eval(get_template('delete_member')); } else { if (isset($confirm) && isset($mid)) { mysql_query("DELETE FROM members WHERE member_id='$mid'") or die(mysql_error()); mysql_query("UPDATE topics SET topic_rid=0 WHERE topic_rid='$mid'")or die(mysql_error()); mysql_query("UPDATE topics SET topic_lrid=0 WHERE topic_lrid='$mid'")or die(mysql_error()); mysql_query("UPDATE replies SET reply_aid=0 WHERE reply_aid='$mid'")or die(mysql_error()); show_message('Member deleted'); } else { $result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'"); if (mysql_num_rows($result) == 0) show_message('Member invalid'); else { $mid = mysql_result($result, 0); $board_title = sprintf('Delete '.$delmembername.'?'); $message = $board_title; $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>'; print eval(get_template('confirm')); } } } break; Can anyone help me here, I know it has to be something simple, I'm just not that great at PHP. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 26, 2014 Share Posted October 26, 2014 I don't think you are showing us the relevant code. I'm assuming that the confirmation message is a JS production, so you should be looking for something using a 'confirm(xxx)' or 'alert(xxx)' statement in js code. Don't see that here. Quote Link to comment Share on other sites More sharing options...
PHPJoey89 Posted October 26, 2014 Author Share Posted October 26, 2014 (edited) No, there is no JS. On the last step of that case code if the member name is valid it calls for get_template('confirm') which is a seperate HTML page consisting of: <div class=message>{$message}<br><br>{$confirmed_link}</div> After clicking this link the member is deleted. I'm trying to modify the snippet so that as long as the username is valid it just deletes the member without having to pull up this second page and clicking the link. I've tried removing this step: else { $mid = mysql_result($result, 0); $board_title = sprintf('Delete '.$delmembername.'?'); $message = $board_title; $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>'; print eval(get_template('confirm')); } But this justs makes the case not delete anything and I get no error codes. The one thing I'm not sure about is $mid - The snippet is taking $delmembername and deleting the actual member_id from MySQL using: $result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'"); The only references to $mid in the entire script are in this original snippet. I'm just totally lost on how to remove this call for confirmation... This is what I thought the entire snippet should have been edited to, but again not sure about the (isset($mid)) case 'deletemember': if (!isset($_POST['deletemember'])) { $delmembername = null; print eval(get_template('delete_member')); } else { if (isset($mid)) { mysql_query("DELETE FROM members WHERE member_id='$mid'") or die(mysql_error()); mysql_query("UPDATE topics SET topic_rid=0 WHERE topic_rid='$mid'")or die(mysql_error()); mysql_query("UPDATE topics SET topic_lrid=0 WHERE topic_lrid='$mid'")or die(mysql_error()); mysql_query("UPDATE replies SET reply_aid=0 WHERE reply_aid='$mid'")or die(mysql_error()); show_message('Member deleted'); } else { $result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'"); if (mysql_num_rows($result) == 0) show_message('Member invalid'); } } break; Edited October 26, 2014 by PHPJoey89 Quote Link to comment Share on other sites More sharing options...
PHPJoey89 Posted October 26, 2014 Author Share Posted October 26, 2014 (edited) I don't think you are showing us the relevant code. I'm assuming that the confirmation message is a JS production, so you should be looking for something using a 'confirm(xxx)' or 'alert(xxx)' statement in js code. Don't see that here. I posted more details above, but to answer your question the link on the next page outputs this: Any help would be greatly appreciated admin.php?a=deletemember&mid=2&confirm=1 Edited October 26, 2014 by PHPJoey89 Quote Link to comment Share on other sites More sharing options...
jcbones Posted October 26, 2014 Share Posted October 26, 2014 Perhaps admin.php is the page you should be showing. Quote Link to comment Share on other sites More sharing options...
PHPJoey89 Posted October 26, 2014 Author Share Posted October 26, 2014 (edited) Perhaps admin.php is the page you should be showing. <?php error_reporting(E_ALL); require ('functions.php'); foreach ($_GET as $var=>$val) { if (is_array($val)) $$var = $val; else $$var = trim($val); } foreach ($_POST as $var=>$val) { if (is_array($val)) $$var = $val; else $$var = trim($val); } foreach ($_COOKIE as $var=>$val) { if (is_array($val)) $$var = $val; else $$var = trim($val); } require ('mysqlconfig.php'); require ('template.php'); @mysql_connect($dbhost, $dbuser, $dbpass) or die ('Database error'); @mysql_select_db($dbname) or die ('Database error'); // login check $member_id = 0; // guest if (!isset($_COOKIE[$cookiename])) die('Access denied'); list($member_id, $member_pass_sha1) = @unserialize(stripslashes($_COOKIE[$cookiename])); $member_id = addslashes($member_id); $member_pass_sha1 = addslashes($member_pass_sha1); if ($member_id != 1) die('Access denied'); if (!is_numeric($member_id)) die('Fatal error'); $result = mysql_query("SELECT member_name FROM members WHERE member_id='$member_id' AND member_pass='$member_pass_sha1'"); if (mysql_num_rows($result) != 1) die('Fatal error'); else $member_name = mysql_result($result, 0); $admin_link = eval(get_template('admin')); // end login checking $board_path = null; if (!isset($_GET['a']) || !in_array($_GET['a'], array ('deletemember', 'recountmembers'))) $action = 'admin'; else $action = $_GET['a']; ob_start(); board_arrays(); $title = 'Administration'; $navigation = eval(get_template('member_menu')); print eval(get_template('header')); switch ($action) { case 'admin': print eval(get_template('administration')); break; case 'deletemember': if (!isset($_POST['deletemember']) && !isset($confirm)) { $delmembername = null; print eval(get_template('delete_member')); } else { if (isset($confirm) && isset($mid)) { mysql_query("DELETE FROM members WHERE member_id='$mid'") or die(mysql_error()); mysql_query("UPDATE topics SET topic_rid=0 WHERE topic_rid='$mid'")or die(mysql_error()); mysql_query("UPDATE topics SET topic_lrid=0 WHERE topic_lrid='$mid'")or die(mysql_error()); mysql_query("UPDATE replies SET reply_aid=0 WHERE reply_aid='$mid'")or die(mysql_error()); show_message('Member deleted'); } else { $result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'"); if (mysql_num_rows($result) == 0) show_message('Member invalid'); else { $mid = mysql_result($result, 0); $board_title = sprintf('Delete '.$delmembername.'?'); $message = $board_title; $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>'; print eval(get_template('confirm')); } } } break; case 'recountmembers': member_stats(); show_message('Members recounted'); break; } print eval(get_template('footer')); ?> Edited October 26, 2014 by PHPJoey89 Quote Link to comment Share on other sites More sharing options...
jcbones Posted October 26, 2014 Share Posted October 26, 2014 You could do this two ways.1. find the confirm code, and take it out. It may be JS code, that appends the confirm=1 onto the URL query string. 2. Change your delete link by appending confirm=1 onto the URL query string. The correct way: 1. Change the delete link to send a POST to the action page. Only thing that should be passed in a URL query string should be for reading from the database. This change could be done via javascript (ajax), or by creating a form. Quote Link to comment Share on other sites More sharing options...
jcbones Posted October 26, 2014 Share Posted October 26, 2014 Sorry, I stopped before I should. My recommended way: Create a new column on the table, int(1) default value 0. When you delete change the value to 1. Change the queries to match the new column (WHERE deleted != 1). This in turn will allow you to reverse a mistake, then you would catch (archive) the deleted rows, to a log file, after a set amount of time. Quote Link to comment Share on other sites More sharing options...
PHPJoey89 Posted October 26, 2014 Author Share Posted October 26, 2014 That is a little beyond me, I'll keep playing around with it and searching through php.net Thanks for your help jc! Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 26, 2014 Share Posted October 26, 2014 Sorry - I don't see anything that could be doing a 'popup confirmation message'. I do see this tho as bad/invalid code - did you copy it verbatim or re-type it yourself? <div class=message>{$message}<br><br>{$confirmed_link}</div></code> message needs to be quoted so this is obviously an error. Try viewing the source code of the page that is onscreen when the confirm msg pops up (in your browser). There you should see the JS code or at least some references to js modules. Quote Link to comment Share on other sites More sharing options...
PHPJoey89 Posted October 26, 2014 Author Share Posted October 26, 2014 There is no javascript, there is just that php snippet and 1 html file being called by $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>'; print eval(get_template('confirm')); That 1 line of code you mentioned is for the html file so nothing needs to be quoted. I am just trying to find a way to delete the member without calling for this confirmation. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 26, 2014 Share Posted October 26, 2014 And when you viewed the source in the browser you saw no js code? And despite that anchor being in the html, it still needs quotes. Quote Link to comment Share on other sites More sharing options...
maxxd Posted October 27, 2014 Share Posted October 27, 2014 I have this snippet that pulls up a confirmation page and requires a click to confirm before deleting the input member (or gives invalid member error), I have been completely unsuccessful removing the confirmation step and just deleting the member with success... case 'deletemember': if (!isset($_POST['deletemember']))// && !isset($confirm)) { $delmembername = null; print eval(get_template('delete_member')); } else { if (/*isset($confirm) && */isset($mid)) { mysql_query("DELETE FROM members WHERE member_id='$mid'") or die(mysql_error()); mysql_query("UPDATE topics SET topic_rid=0 WHERE topic_rid='$mid'")or die(mysql_error()); mysql_query("UPDATE topics SET topic_lrid=0 WHERE topic_lrid='$mid'")or die(mysql_error()); mysql_query("UPDATE replies SET reply_aid=0 WHERE reply_aid='$mid'")or die(mysql_error()); show_message('Member deleted'); } else { $result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'"); if (mysql_num_rows($result) == 0) show_message('Member invalid'); /* else { $mid = mysql_result($result, 0); $board_title = sprintf('Delete '.$delmembername.'?'); $message = $board_title; $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>'; print eval(get_template('confirm')); } */ } } break; Can anyone help me here, I know it has to be something simple, I'm just not that great at PHP. You need to remove the check on $_GET['confirm']. The above changes (marked in red) should work - I've not tested them or had my second cup of coffee yet, so no guarantees, but that should do it. I'm assuming that $mid is being validated and sanitized at some point before your switch statement. As a side note, switch from mysql_* to PDO and do the DELETE and UPDATE statements in a transaction so you don't end up with orphaned records. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.