mark.bendal.erica mark.bendal.erica - 2 months ago 10
MySQL Question

PHP ask password before delete

I want a web application to ask for the password before deleting. The procedure I created is, before clicking the delete button, a modal will appear and ask for the password for security.

Here is my source code:

<?php
session_start();
require 'database.php';
$id = 0;

if ( !empty($_GET['id'])) {
$id = $_REQUEST['id'];
}



?>

<?php

if(isset($_POST['login']))
{
$password = mysql_real_escape_string(trim($_POST["password"], "/\'\"\;"));
$msg = '';

$query = mysql_query("SELECT * from tbl_user where password = '$password'");
{
while($rwOK = mysql_fetch_assoc($query))
{
$_SESSION['password'] = $rwOK['password'];
}
if( $_SESSION['password']==$passsowrd)
{
include 'database.php';
$pdo = Database::connect();
$sql = 'SELECT * FROM customers ORDER BY id DESC';
foreach ($pdo->query($sql) as $row)
{
header("Location: delete_member.php?id=$row[id]");
}
}
else if(empty($password))
{
$msg = '<i><font color="red">Please input Administrator password.</font></i>';
}
else
{
//$_SESSION['tae'] = $tae;
$msg = '<i><font color="red">Invalid Password</font></i>';
}
}
}



?>




<!DOCTYPE html>
<html lang="en">
<head>
<title> Stock Employee </title>
<meta charset="utf-8">
<link href="css/bootstrap.min.css" rel="stylesheet">
<script src="js/bootstrap.min.js"></script>
</head>

<!-- modal -->
<!--
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"> -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>

<!-- -->

<body>
<div class="container">

<div class="span10 offset1">
<div class="row">
<h3>Delete Record</h3>
</div>

<!-- <form class="form-horizontal" action="delete.php" method="post"> -->
<form class="form-horizontal" action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="hidden" name="id" value="<?php echo $id;?>"/>
<p class="alert alert-error">Are you sure to delete ?</p>
<?php echo !empty($passwordError)?'error':'';?>
<div class="form-actions">

<!-- <button type="submit" class="btn btn-danger">Yes</button> -->

<!-- Trigger the modal with a button -->
<button type="button" class="btn btn-danger" data-toggle="modal" data-target="#myModal">Yes</button>

<!-- Modal -->
<div class="modal fade" id="myModal" role="dialog">
<div class="modal-dialog">

<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<h4 class="modal-title">Administrator Access</h4>
</div>
<div class="modal-body">

<div class="control-group <?php echo !empty($passwordError)?'error':'';?>">
<label class="control-label">Password :</label>
<div class="controls">
<input name="password" type="password" placeholder="username" required value="<?php echo !empty($password)?$password:'';?>">
<?php if (!empty($passwordError)): ?>
<span class="help-inline"><?php echo $passwordError;?></span>
<?php endif; ?>
</div>
</div>

<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-danger">Delete</button>
</div>
</div>

</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal" name="login">Close</button>
</div>
</div>

</div>
</div>

<a class="btn" href="index.php">No</a>
</div>
</form>
</div>

</div> <!-- /container -->
</body>
</html>


Any kind of help is much appreciated. Thank you.

Answer

i think you should a session for deleting the item in order to delete the item

try this

<?php
session_start();
require 'database.php';
$id = 0;

if ( !empty($_GET['id'])) {
    $id = $_REQUEST['id'];
}

if ( !empty($_POST)) {
    // keep track post values
    $id = $_POST['id'];

    // delete data
    $pdo = Database::connect();
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $sql = "DELETE FROM customers  WHERE id = ?";
    $q = $pdo->prepare($sql);
    $q->execute(array($id));
    Database::disconnect();
    header("Location: index.php");

}
?>
Comments