Jump to content

Recommended Posts

I have this snippet that pulls up a confirmation page and requires a click to confirm before deleting the input member (or gives invalid member error), I have been completely unsuccessful removing the confirmation step and just deleting the member with success...

  case 'deletemember':
    if (!isset($_POST['deletemember']) && !isset($confirm))
    {
      $delmembername = null;
      print eval(get_template('delete_member'));
    }
    else
    {
      if (isset($confirm) && isset($mid))
      {
        mysql_query("DELETE FROM members WHERE member_id='$mid'") or die(mysql_error());
        mysql_query("UPDATE topics SET topic_rid=0 WHERE topic_rid='$mid'")or die(mysql_error());
        mysql_query("UPDATE topics SET topic_lrid=0 WHERE topic_lrid='$mid'")or die(mysql_error());
        mysql_query("UPDATE replies SET reply_aid=0 WHERE reply_aid='$mid'")or die(mysql_error());
        show_message('Member deleted');
      }
      else
      {
        $result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'");
        if (mysql_num_rows($result) == 0)
          show_message('Member invalid');
        else
        {
          $mid = mysql_result($result, 0);
          $board_title = sprintf('Delete '.$delmembername.'?');
          $message = $board_title;
          $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>';
          print eval(get_template('confirm'));
        }          
      }
    }
    break;

Can anyone help me here, I know it has to be something simple, I'm just not that great at PHP.

I don't think you are showing us the relevant code.  I'm assuming that the confirmation message is a JS production, so you should be looking for something using a 'confirm(xxx)' or 'alert(xxx)' statement in js code.  Don't see that here.

No, there is no JS. On the last step of that case code if the member name is valid it calls for get_template('confirm') which is a seperate HTML page consisting of:

<div class=message>{$message}<br><br>{$confirmed_link}</div>

After clicking this link the member is deleted. I'm trying to modify the snippet so that as long as the username is valid it just deletes the member without having to pull up this second page and clicking the link.

 

I've tried removing this step:

        else
        {
          $mid = mysql_result($result, 0);
          $board_title = sprintf('Delete '.$delmembername.'?');
          $message = $board_title;
          $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>';
          print eval(get_template('confirm'));
        }  

But this justs makes the case not delete anything and I get no error codes.

 

The one thing I'm not sure about is $mid - The snippet is taking $delmembername and deleting the actual member_id from MySQL using:

$result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'");

The only references to $mid in the entire script are in this original snippet. I'm just totally lost on how to remove this call for confirmation...

 

This is what I thought the entire snippet should have been edited to, but again not sure about the (isset($mid))

  case 'deletemember':
    if (!isset($_POST['deletemember']))
    {
      $delmembername = null;
      print eval(get_template('delete_member'));
    }
    else
    {
      if (isset($mid))
      {
        mysql_query("DELETE FROM members WHERE member_id='$mid'") or die(mysql_error());
        mysql_query("UPDATE topics SET topic_rid=0 WHERE topic_rid='$mid'")or die(mysql_error());
        mysql_query("UPDATE topics SET topic_lrid=0 WHERE topic_lrid='$mid'")or die(mysql_error());
        mysql_query("UPDATE replies SET reply_aid=0 WHERE reply_aid='$mid'")or die(mysql_error());
        show_message('Member deleted');
      }
      else
      {
        $result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'");
        if (mysql_num_rows($result) == 0)
          show_message('Member invalid');
      }
    }
    break;
Edited by PHPJoey89

I don't think you are showing us the relevant code.  I'm assuming that the confirmation message is a JS production, so you should be looking for something using a 'confirm(xxx)' or 'alert(xxx)' statement in js code.  Don't see that here.

 

I posted more details above, but to answer your question the link on the next page outputs this:

 

Any help would be greatly appreciated

admin.php?a=deletemember&mid=2&confirm=1
Edited by PHPJoey89

Perhaps admin.php  is the page you should be showing.

<?php

error_reporting(E_ALL);
require ('functions.php');

foreach ($_GET as $var=>$val)
{
  if (is_array($val))
    $$var = $val;
  else
    $$var = trim($val);
}

foreach ($_POST as $var=>$val)
{
  if (is_array($val))
    $$var = $val;
  else
    $$var = trim($val);
}

foreach ($_COOKIE as $var=>$val)
{
  if (is_array($val))
    $$var = $val;
  else
    $$var = trim($val);
}

require ('mysqlconfig.php');
require ('template.php');

@mysql_connect($dbhost, $dbuser, $dbpass) or die ('Database error');
@mysql_select_db($dbname) or die ('Database error');

// login check

$member_id = 0; // guest

if (!isset($_COOKIE[$cookiename]))
  die('Access denied');

list($member_id, $member_pass_sha1) = @unserialize(stripslashes($_COOKIE[$cookiename]));  
$member_id = addslashes($member_id);
$member_pass_sha1 = addslashes($member_pass_sha1);

if ($member_id != 1)
  die('Access denied');
if (!is_numeric($member_id))
  die('Fatal error');
$result = mysql_query("SELECT member_name FROM members WHERE member_id='$member_id' AND member_pass='$member_pass_sha1'");
if (mysql_num_rows($result) != 1)
  die('Fatal error');
else
$member_name = mysql_result($result, 0);
$admin_link = eval(get_template('admin'));  

// end login checking

$board_path = null;

if (!isset($_GET['a']) || 
    !in_array($_GET['a'], array ('deletemember', 'recountmembers')))
  $action = 'admin';
else
  $action = $_GET['a'];

ob_start();


board_arrays();

$title = 'Administration';
$navigation =  eval(get_template('member_menu'));
print eval(get_template('header'));

switch ($action)
{
  case 'admin':
    print eval(get_template('administration'));
    break;
  case 'deletemember':
    if (!isset($_POST['deletemember']) && !isset($confirm))
    {
      $delmembername = null;
      print eval(get_template('delete_member'));
    }
    else
    {
      if (isset($confirm) && isset($mid))
      {
        mysql_query("DELETE FROM members WHERE member_id='$mid'") or die(mysql_error());
        mysql_query("UPDATE topics SET topic_rid=0 WHERE topic_rid='$mid'")or die(mysql_error());
        mysql_query("UPDATE topics SET topic_lrid=0 WHERE topic_lrid='$mid'")or die(mysql_error());
        mysql_query("UPDATE replies SET reply_aid=0 WHERE reply_aid='$mid'")or die(mysql_error());
        show_message('Member deleted');
      }
      else
      {
        $result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'");
        if (mysql_num_rows($result) == 0)
          show_message('Member invalid');
        else
        {
          $mid = mysql_result($result, 0);
          $board_title = sprintf('Delete '.$delmembername.'?');
          $message = $board_title;
          $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>';
          print eval(get_template('confirm'));
        }          
      }
    }
    break;
  case 'recountmembers':
    member_stats();
    show_message('Members recounted');
    break;
}

print eval(get_template('footer'));

?>
Edited by PHPJoey89

You could do this two ways.
1. find the confirm code, and take it out.  It may be JS code, that appends the confirm=1 onto the URL query string.

2. Change your delete link by appending confirm=1 onto the URL query string.

 

The correct way:

1. Change the delete link to send a POST to the action page. Only thing that should be passed in a URL query string should be for reading from the database.

This change could be done via javascript (ajax), or by creating a form.

Sorry, I stopped before I should.

 

My recommended way:

Create a new column on the table, int(1) default value 0.  When you delete change the value to 1.  Change the queries to match the new column (WHERE deleted != 1).

This in turn will allow you to reverse a mistake, then you would catch (archive) the deleted rows, to a log file, after a set amount of time.
 

Sorry - I don't see anything that could be doing a 'popup confirmation message'.  I do see this tho as bad/invalid code - did you copy it verbatim or re-type it yourself?

<div class=message>{$message}<br><br>{$confirmed_link}</div>

</code>

 

message needs to be quoted so this is obviously an error.

 

Try viewing the source code of the page that is onscreen when the confirm msg pops up (in your browser).  There you should see the JS code or at least some references to js modules.

There is no javascript, there is just that php snippet and 1 html file being called by

          $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>';
          print eval(get_template('confirm'));

That 1 line of code you mentioned is for the html file so nothing needs to be quoted.

 

I am just trying to find a way to delete the member without calling for this confirmation.

I have this snippet that pulls up a confirmation page and requires a click to confirm before deleting the input member (or gives invalid member error), I have been completely unsuccessful removing the confirmation step and just deleting the member with success...

  case 'deletemember':
    if (!isset($_POST['deletemember']))// && !isset($confirm))
    {
      $delmembername = null;
      print eval(get_template('delete_member'));
    }
    else
    {
      if (/*isset($confirm) && */isset($mid))
      {
        mysql_query("DELETE FROM members WHERE member_id='$mid'") or die(mysql_error());
        mysql_query("UPDATE topics SET topic_rid=0 WHERE topic_rid='$mid'")or die(mysql_error());
        mysql_query("UPDATE topics SET topic_lrid=0 WHERE topic_lrid='$mid'")or die(mysql_error());
        mysql_query("UPDATE replies SET reply_aid=0 WHERE reply_aid='$mid'")or die(mysql_error());
        show_message('Member deleted');
      }
      else
      {
        $result = mysql_query("SELECT member_id FROM members WHERE member_name='$delmembername'");
        if (mysql_num_rows($result) == 0)
          show_message('Member invalid');
/*
        else
        {
          $mid = mysql_result($result, 0);
          $board_title = sprintf('Delete '.$delmembername.'?');
          $message = $board_title;
          $confirmed_link = '<a href="admin.php?a=deletemember&mid='.$mid.'&confirm=1">Delete</a>';
          print eval(get_template('confirm'));
        }
*/
      }
    }
    break;

Can anyone help me here, I know it has to be something simple, I'm just not that great at PHP.

You need to remove the check on $_GET['confirm']. The above changes (marked in red) should work - I've not tested them or had my second cup of coffee yet, so no guarantees, but that should do it. I'm assuming that $mid is being validated and sanitized at some point before your switch statement. As a side note, switch from mysql_* to PDO and do the DELETE and UPDATE statements in a transaction so you don't end up with orphaned records.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.