R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Delete Account in Form Creator Form CMS

This script is called delete-account_.php

The Delete Account in Form Creator Form CMS script is one of a group of PHP scripts that handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. In addition to the expectable editing scripts for both administrative and end-user functions, there's also a Search and Match script so that users can use the scripts to find other users with various individual or group commonalities, including proximity searches, i.e., find all the users within various distances. There are even private messaging scripts.

The purpose of this script is to provide a way in which the user can delete his user profile.

First, we start up a session (in the checkid_.php script) and include the config.php script to ensure that our connection to our database is made correctly. This file has the codes below in it:

$theemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$theusername = "yourusername"; //EDIT ME
$thepassword = "yourpassword"; //EDIT ME
$thedatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$theusername."","".$thepassword."") or die(mysql_error());
mysql_select_db("".$thedatabasename."") or die(mysql_error());

We also use the checkid_.php script to ensure that the session id variable is set, and send the user to register-with-captcha_.php if it is not. Then we put the session variable 'username' into $U—we will be checking that it is set in a second. Then we define a named constant '_NODIRECTACCESS'. We include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.

Next we check if the session variables 'groupname', 'username', and 'userid' are set. If not, we are sent to the login script. We make sure $U is still equal to the session variable 'username', that it is not an empty string, and that it's at least 6 characters long or . . . you guessed it . . . the login script. We make sure the session id is set and send them away if not.

Farther down the page, we use the MySQL query DELETE FROM my_members WHERE username = '$U'. If the command did not have the WHERE clause, ALL records in the MySQL database table would be erased! But we confined the deletion to just the account deleting user.

If the deletion works okay, they see "The account deleting was successfully accomplished." and we send them off to HTML Form Creator—Register with Captcha. On the other hand, if something goes wrong with the deletion, we show them "Deleting failed.", and we send them off to HTML Form Creator—Profile and Account Management.

The form itself is pretty standard stuff. The user sees "This will delete your account, [username]." If the user is serious about the deletion, he presses the Submit button and it's bye-bye account record. However, right under the button is a link that says "Return to Account Management—do NOT delete anything!" which sends them off to HTML Form Creator—Profile and Account Management. Just because they land on the account deletion page doesn't mean they are forced to delete anything. It's a clear choice: delete or don't delete.

There's a JavaScript script at the end of the script that puts the user name in a hidden form field before sending the user away, however the HTML Form Creator—Profile and Account Management page does not use the $_POST function to get the username—it uses session variables. It the user of our script wishes to modify our script and avoid session use, this JavaScript script would come in handy. But this JavaScript script is not needed and not useful, as it is.

There's no decent way to get the captcha value from the HTML Form Creator—Captcha Script for Registration and Login (captcha-with-sessions.php) script without sessions, and captchas are used in both the HTML Form Creator—Register with Captcha and the HTML Form Creator—Login to Profile and Account Management scripts. So we use sessions, and as long as we are going to use them, we figured we might as well make the user name survive going from one of our HTML Form Creator CMS apps to another the easy way: sessions. Some other ways for specified variables to survive page loads are cookies and URL querystrings. The latter shows the user name in the URL so is weak, security wise. The former forces users to turn on cookies in their Internet Options.

But the best 2 ways for specified variables to survive page loads are POSTing to PHP from hidden or unhidden HTML form input fields or simply saving 'username' (or other) session variables in the login script, and consult these as needed. We chose the latter. Cookies are—admittedly—used for session id storage, but because they are not always available, PHP also provides an alternative way so that cookies are NOT required for session use. The second method embeds the session id directly into URLs. But this is a lot safer than putting the user name in these url query strings, since only sophisicated hackers know what to do with this id to do hacking.

The script below is called: delete-account_.php


<?php
include_once"checkid_.php";
$U=$_SESSION['username'];
define('_NODIRECTACCESS', TRUE);
include_once"includes/config.php";
if (!isset($_SESSION['groupname']) || !isset($_SESSION['userid']) || !isset($_SESSION['username']) || $_SESSION['username']<>$U || !isset($U) || $U=="" || strlen($U)<6 || !isset($_SESSION['sessionid'])){echo '<script language="javascript">alert("Please login."); window.location = "login_.php";</script>';}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Delete Account</TITLE>
<meta name="description" content="Delete Account">
<meta name="keywords" content="Delete Account,account,my account,delete account,javascript, dhtml, DHTML">
</head>
<body bgcolor="green">

<?php

$A=$_POST['answer'];if($A=="1"){

$sql="DELETE FROM my_members WHERE username = '$U'";
$result=mysql_query($sql) or die('Error ,deleting failed');

$rc = mysql_affected_rows();
if ($rc>0){echo '<script language="javascript">alert("The account deleting was successfully accomplished.");window.location ="register-with-captcha_.php"; </script>';}
else{echo '<script language="javascript">alert("Deleting failed.");window.location = "profile-and-account-management.php"; </script>';}

mysql_close();
}
?>

<div style='margin:100px 0 0 50px;'>
<form id="form1" name="form1" method="post" action="delete-account_.php">
<table style='padding:20px;background-color:#eee' width="400" border="1" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><input type="hidden" name="username" value=" "><input type="hidden" name="answer" value="1"></td>
</tr>
<tr>
<td>This will delete your account, <? echo stripslashes($U); ?>.</td>
</tr>
<tr>
<td align=center><input type="submit" name="Submit" value="Submit"></td>
</tr>
<tr>
<td><a href="profile-and-account-management.php"><B>Return to Account Management—do NOT delete anything!</B></a></td>
</tr>
</table>
</form>
</div>

<script type="text/javascript">

var u = <?php echo json_encode($U); ?>;
u=u.replace(/\\/g,'');
document.form1.username.value=u;

</script>

</body>
</html>