Delete Account in Form Creator Form CMS
This script is called delete-account_.php
The Delete Account in Form Creator Form CMS script is one of a group of PHP scripts that handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. In addition to the expectable editing scripts for both administrative and end-user functions, there's also a Search and Match script so that users can use the scripts to find other users with various individual or group commonalities, including proximity searches, i.e., find all the users within various distances. There are even private messaging scripts.
- HTML Form Creator
- Edit Options in HTML Form Creator Form
- Administrator Page for HTML Form Creator
End-User HTML Form Creator Scripts
- HTML Form Creator—Register with Captcha
- HTML Form Creator—View Profile
- HTML Form Creator—Edit Profile
- HTML Form Creator—Search and Match
- HTML Form Creator—Search and Match — Security
- HTML Form Creator—Search and Match — JavaScript
- HTML Form Creator—Search and Match — Form
- HTML Form Creator—Search and Match — PHP
- HTML Form Creator—Enter Record in Form
- HTML Form Creator—View Record in Form
- HTML Form Creator—Profile and Account Management
- HTML Form Creator—Login to Profile and Account Management
- HTML Form Creator—Logout of Profile and Account Management
- HTML Form Creator—Delete Group Account
- HTML Form Creator—Forgot User Name
- HTML Form Creator—Forgot Password
- HTML Form Creator—Form to Send Private Message
- HTML Form Creator—Send Private Message
- HTML Form Creator—Private Message Outbox
- HTML Form Creator—Private Message Inbox
- HTML Form Creator—Delete Private Message from Inbox
- HTML Form Creator—Delete Private Message from Outbox
- HTML Form Creator—Private Message Logout
- HTML Form Creator—Search and Match Session Monitoring
- HTML Form Creator—Configure File for Database Connection
- HTML Form Creator—Captcha Script for Registration and Login
Administrative HTML Form Creator Scripts
The purpose of this script is to provide a way in which the user can delete his user profile.
First, we start up a session (in the checkid_.php script) and include the config.php script to ensure that our connection to our database is made correctly. This file has the codes below in it:
$theemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$theusername = "yourusername"; //EDIT ME
$thepassword = "yourpassword"; //EDIT ME
$thedatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$theusername."","".$thepassword."") or die(mysql_error());
mysql_select_db("".$thedatabasename."") or die(mysql_error());
We also use the checkid_.php script to ensure that the session id variable is set, and send the user to register-with-captcha_.php if it is not. Then we put the session variable 'username' into $U—we will be checking that it is set in a second. Then we define a named constant '_NODIRECTACCESS'. We include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.
Next we check if the session variables 'groupname', 'username', and 'userid' are set. If not, we are sent to the login script. We make sure $U is still equal to the session variable 'username', that it is not an empty string, and that it's at least 6 characters long or . . . you guessed it . . . the login script. We make sure the session id is set and send them away if not.
Farther down the page, we use the MySQL query DELETE FROM my_members WHERE username = '$U'. If the command did not have the WHERE clause, ALL records in the MySQL database table would be erased! But we confined the deletion to just the account deleting user.
If the deletion works okay, they see "The account deleting was successfully accomplished." and we send them off to HTML Form Creator—Register with Captcha. On the other hand, if something goes wrong with the deletion, we show them "Deleting failed.", and we send them off to HTML Form Creator—Profile and Account Management.
The form itself is pretty standard stuff. The user sees "This will delete your account, [username]." If the user is serious about the deletion, he presses the Submit button and it's bye-bye account record. However, right under the button is a link that says "Return to Account Management—do NOT delete anything!" which sends them off to HTML Form Creator—Profile and Account Management. Just because they land on the account deletion page doesn't mean they are forced to delete anything. It's a clear choice: delete or don't delete.
There's a JavaScript script at the end of the script that puts the user name in a hidden form field before sending the user away, however the HTML Form Creator—Profile and Account Management page does not use the $_POST function to get the username—it uses session variables. It the user of our script wishes to modify our script and avoid session use, this JavaScript script would come in handy. But this JavaScript script is not needed and not useful, as it is.
There's no decent way to get the captcha value from the HTML Form Creator—Captcha Script for Registration and Login (captcha-with-sessions.php) script without sessions, and captchas are used in both the HTML Form Creator—Register with Captcha and the HTML Form Creator—Login to Profile and Account Management scripts. So we use sessions, and as long as we are going to use them, we figured we might as well make the user name survive going from one of our HTML Form Creator CMS apps to another the easy way: sessions. Some other ways for specified variables to survive page loads are cookies and URL querystrings. The latter shows the user name in the URL so is weak, security wise. The former forces users to turn on cookies in their Internet Options.
But the best 2 ways for specified variables to survive page loads are POSTing to PHP from hidden or unhidden HTML form input fields or simply saving 'username' (or other) session variables in the login script, and consult these as needed. We chose the latter. Cookies are—admittedly—used for session id storage, but because they are not always available, PHP also provides an alternative way so that cookies are NOT required for session use. The second method embeds the session id directly into URLs. But this is a lot safer than putting the user name in these url query strings, since only sophisicated hackers know what to do with this id to do hacking.
The script below is called: delete-account_.php
<?php
include_once"checkid_.php";
$U=$_SESSION['username'];
define('_NODIRECTACCESS', TRUE);
include_once"includes/config.php";
if (!isset($_SESSION['groupname']) || !isset($_SESSION['userid']) || !isset($_SESSION['username']) || $_SESSION['username']<>$U || !isset($U) || $U=="" || strlen($U)<6 || !isset($_SESSION['sessionid'])){echo '<script language="javascript">alert("Please login."); window.location = "login_.php";</script>';}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Delete Account</TITLE>
<meta name="description" content="Delete Account">
<meta name="keywords" content="Delete Account,account,my account,delete account,javascript, dhtml, DHTML">
</head>
<body bgcolor="green">
<?php
$A=$_POST['answer'];if($A=="1"){
$sql="DELETE FROM my_members WHERE username = '$U'";
$result=mysql_query($sql) or die('Error ,deleting failed');
$rc = mysql_affected_rows();
if ($rc>0){echo '<script language="javascript">alert("The account deleting was successfully accomplished.");window.location ="register-with-captcha_.php"; </script>';}
else{echo '<script language="javascript">alert("Deleting failed.");window.location = "profile-and-account-management.php"; </script>';}
mysql_close();
}
?>
<div style='margin:100px 0 0 50px;'>
<form id="form1" name="form1" method="post" action="delete-account_.php">
<table style='padding:20px;background-color:#eee' width="400" border="1" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><input type="hidden" name="username" value=" "><input type="hidden" name="answer" value="1"></td>
</tr>
<tr>
<td>This will delete your account, <? echo stripslashes($U); ?>.</td>
</tr>
<tr>
<td align=center><input type="submit" name="Submit" value="Submit"></td>
</tr>
<tr>
<td><a href="profile-and-account-management.php"><B>Return to Account Management—do NOT delete anything!</B></a></td>
</tr>
</table>
</form>
</div>
<script type="text/javascript">
var u = <?php echo json_encode($U); ?>;
u=u.replace(/\\/g,'');
document.form1.username.value=u;
</script>
</body>
</html>