PHP Code for Delete User Account in Blog Members Table
Content Management System: Blogs
- regular blog: home page
- small blog: home page
- tiny blog: home page
- blog: search
- blog: login
- blog: topic and replies viewing page
- blog: add topic to database
- blog: add reply to database
- blog: edit topic in database
- blog: create topic in database
- blog: delete topic in database
- blog: delete reply in database
- blog: create categories in database
- blog: edit categories in database
- blog: open or close topic
- blog: delete user account in members table
The blog's account deleting page whose code is on this web page allows you to delete your member account which is stored in the blogmembers table. It also deletes any topics or replies that were created by you, in the topics and replies tables.
On to the PHP code. As usual, we start with config.php, since without it, the MySQL-based blog would not be viable. You cannot relate to a db without knowing the magic words. Next, the security of the page is dealt with by ensuring the page visitor has a valid username. Note that the various pages on our blog app use both forms and URL query strings to transfer data between pages, so both POST and GET are checked for username, and if neither works, the visitor is sent to the login script. Not only is the username checked to ensure it is the administrator's username, the username is checked to make sure it has only 6 to 20 letters, numbers or underscore in it and no other characters—otherwise, it's off to the login script. If a hacker has put something nasty in the query string, he'll end up at the login script. All our blog app scripts have this same (almost) username checker at the top of the PHP section—except for the login script. We say "almost" because most pages only allow the administrator access because most pages are about adding, deleting, or editing topics, replies, or categories. So, seeing if the username is the administrator's is in the user checker on most of these blog app pages.
If your username matches a valid username, you're allowed on this page—otherwise you get sent to the login page. If you are legit, you see the message "This will delete your account, [YOUR USERNAME]." If you submit the form, your account is erased. The submission will send an answer flag with a 1 in it to the PHP script on the page. Then all the topics in the topics table that have your username in the topics_username field get their ids stored in an array. Then all the records in the replies table that have these topic ids in their question_id field are deleted. Next, all topics in the topics table with your username in their topics_username field are deleted. Finally, the blogmembers table is checked for your account and the record with your username in it is dumped. If you have a change of heart about deleting your account, there's a "Return to Blog—do NOT delete anything!" link you can click that will take you back to the blog home page.
SAVE THIS PAGE AS: cms-delete-blog-account.php
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Delete Blog Account—Content Management System (CMS)</TITLE>
<meta name="description" content="Delete Blog Account—Content Management System (CMS)">
<meta name="keywords" content="Blogs,Blog,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
</head>
<body bgcolor="green">
<?php
include_once"config.php";
$U=$_POST['username'];if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){$check_user_data = mysql_query("SELECT * FROM blogmembers WHERE username='$U'") or die(mysql_error());if(mysql_num_rows($check_user_data)==0){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("Please login.");window.location="blog-login.php"; </script>';}
$A=$_POST['answer'];if($A=="1"){
$ids=array();
$res = mysql_query("SELECT id FROM blog_question WHERE topics_username = '$U'") or die(mysql_error());
while ($row = mysql_fetch_row($res)) {
array_push ($ids, $row[0]);}
$number=mysql_num_rows($res);
if($number<>0){for ($counter = 0; $counter < $number; $counter++) {
$sql="DELETE FROM blog_answer WHERE question_id='$ids[$counter]'";
$result=mysql_query($sql) or die('Error ,deleting failed');}}
$sql="DELETE FROM blog_question WHERE topics_username = '$U'";
$result=mysql_query($sql) or die('Error ,deleting failed');
$sql="DELETE FROM members WHERE username = '$U'";
$result=mysql_query($sql) or die('Error ,deleting failed');
$rc = mysql_affected_rows();
if ($rc>0){echo '<script language="javascript">alert("The account deleting was successfully accomplished.");window.location ="blog-login.php"; </script>';}
else{echo '<script language="javascript">alert("Deleting failed.");window.location = "cms-blog.php?username='.$U.'"; </script>';}
mysql_close();
}
?>
<form id="form1" name="form1" method="post" action="cms-delete-blog-account.php">
<table style='margin:100px 0 0 50px;background-color:#eee' width="400" border="1" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><input type="hidden" name="username" value=" "><input type="hidden" name="answer" value="1"></td>
</tr>
<tr>
<td>This will delete your account, <? echo stripslashes($U); ?>.</td>
</tr>
<tr>
<td align=center><input type="submit" name="Submit" value="Submit"></td>
</tr>
<tr>
<td><a href="cms-blog.php?username=<? echo stripslashes($U); ?>"><B>Return to Blog—do NOT delete anything!</B></a></td>
</tr>
</table>
</form>
<script type="text/javascript">
var u = <?php echo json_encode($U); ?>;
u=u.replace(/\\/g,'');
document.form1.username.value=u;
</script>
</body>
</html>