Come cancellare un utente dal Databse con un link

[lasslo]

Salve ragazzi!

E' sabato e non c'è giorno migliore per aprire la seguente discussione :P

Parto postando i file interessati nel problema:

Preannuncio che parliamo di un sito in php con cui gestisco gli utenti.

nella cartella "/controlli" ho il file impostazioni_profilo.php

Codice PHP:

<?php
    
    if( !$this->network->id ) {
        $this->redirect('home');
    }
    if( !$this->user->is_logged ) {
        $this->redirect('signin');
    }
    
    $this->load_langfile('inside/global.php');
    $this->load_langfile('inside/settings.php');
    
    $D->page_title    = $this->lang('settings_profile_pagetitle', array('#SITE_TITLE#'=>$C->SITE_TITLE));
    
    $D->menu_bdate_d    = array();
    $D->menu_bdate_m    = array();
    $D->menu_bdate_y    = array();
    if( $this->user->info->birthdate == '0000-00-00' ) {
        $D->menu_bdate_d[0]    = '';
        $D->menu_bdate_m[0]    = '';
        $D->menu_bdate_y[0]    = '';
    }
    for($i=1; $i<=31; $i++) {
        $D->menu_bdate_d[$i]    = $i;
    }
    for($i=1; $i<=12; $i++) {
        $D->menu_bdate_m[$i]    = strftime('%B', mktime(0,0,1,$i,1,2009));
    }
    for($i=intval(date('Y')); $i>=1900; $i--) {
        $D->menu_bdate_y[$i]    = $i;
    }
    
    $D->submit    = FALSE;
    $D->error    = FALSE;
    $D->errmsg    = '';
    
    $D->name        = $this->user->info->fullname;
    $D->location    = $this->user->info->location;
    $D->gender        = $this->user->info->gender;
    $D->aboutme        = $this->user->info->about_me;
    $D->tags        = implode(', ', $this->user->info->tags);
    $D->bdate_d        = 0;
    $D->bdate_m        = 0;
    $D->bdate_y        = 0;
    if( $this->user->info->birthdate != '0000-00-00' ) {
        $D->bdate_d        = intval(substr($this->user->info->birthdate,8,2));
        $D->bdate_m        = intval(substr($this->user->info->birthdate,5,2));
        $D->bdate_y        = intval(substr($this->user->info->birthdate,0,4));
    }
    
    $u    = $this->user->info;
    
    $tmphash    = md5($u->fullname.$u->location.$u->birthdate.$u->gender.$u->about_me.serialize($u->tags));
    
    if( isset($_POST['sbm']) ) {
        $D->submit    = TRUE;
        $D->name        = trim($_POST['name']);
        $D->location    = trim($_POST['location']);
        $D->gender        = isset($_POST['gender']) ? trim($_POST['gender']) : '';
        $D->aboutme        = trim($_POST['aboutme']);
        $D->tags        = trim($_POST['tags']);
        $D->bdate_d        = intval($_POST['bdate_d']);
        $D->bdate_m        = intval($_POST['bdate_m']);
        $D->bdate_y        = intval($_POST['bdate_y']);
        if( $D->gender!='m' && $D->gender!='f' ) {
            $D->gender    = '';
        }
        if( !isset($D->menu_bdate_m[$D->bdate_m]) || !isset($D->menu_bdate_d[$D->bdate_d]) || !isset($D->menu_bdate_y[$D->bdate_y]) ) {
            $D->bdate_m    = 0;
            $D->bdate_d    = 0;
            $D->bdate_y    = 0;
        }
        if( $D->bdate_d==0 || $D->bdate_m==0 || $D->bdate_y==0 ) {
            $D->bdate_m    = 0;
            $D->bdate_d    = 0;
            $D->bdate_y    = 0;
            $birthdate    = '0000-00-00';
        }
        else {
            $birthdate    = $D->bdate_y.'-'.str_pad($D->bdate_m,2,0,STR_PAD_LEFT).'-'.str_pad($D->bdate_d,2,0,STR_PAD_LEFT);
        }
        $D->tags    = str_replace(array("\n","\r"), ',', $D->tags);
        $D->tags    = preg_replace('/\,+/ius', ',', $D->tags);
        $D->tags    = explode(',', $D->tags);
        foreach($D->tags as $k=>$v) {
            $v    = trim($v);
            if( FALSE == preg_match('/^[a-zа-я0-9\-\_\.\s\+]{2,}$/iu', $v) ) {
                unset($D->tags[$k]);
                continue;
            }
            $D->tags[$k]    = $v;
        }
        $D->tags    = implode(', ', $D->tags);
        
        $db2->query('UPDATE users SET fullname="'.$db2->e($D->name).'", about_me="'.$db2->e($D->aboutme).'", tags="'.$db2->e($D->tags).'", gender="'.$db2->e($D->gender).'", birthdate="'.$db2->e($birthdate).'", location="'.$db2->e($D->location).'" WHERE id="'.$this->user->id.'" LIMIT 1');
        
        $this->user->sess['LOGGED_USER']    = $this->network->get_user_by_id($this->user->id, TRUE);
        $this->user->info    = & $this->user->sess['LOGGED_USER'];
        
        $u    = $this->user->info;
        $tmphash2    = md5($u->fullname.$u->location.$u->birthdate.$u->gender.$u->about_me.serialize($u->tags));
        if( $tmphash != $tmphash2 ) {
            $n    = intval( $this->network->get_user_notif_rules($this->user->id)->ntf_them_if_i_edt_profl );
            if( $n == 1 ) {
                $this->load_langfile('inside/notifications.php');
                $this->load_langfile('email/notifications.php');
                $followers    = array_keys($this->network->get_user_follows($this->user->id)->followers);
                foreach($followers as $uid) {
                    $send_post    = FALSE;
                    $send_mail    = FALSE;
                    $n    = intval( $this->network->get_user_notif_rules($uid)->ntf_me_if_u_edt_profl );
                    if( $n == 2 ) { $send_post = TRUE; } elseif( $n == 3 ) { $send_mail = TRUE; } elseif( $n == 1 ) { $send_post = TRUE; $send_mail = TRUE; }
                    if( $send_post ) {
                        $lng    = array('#USER#'=>'[url="'.$C->SITE_URL.$this->user->info->username.'"]user->info->fullname).'"><span class="mpost_mentioned">@</span>'.$this->user->info->username.'[/url]');
                        $this->network->send_notification_post($uid, 0, 'msg_ntf_me_if_u_edt_profl', $lng, 'replace');
                    }
                    if( $send_mail ) {
                        $lng_txt    = array('#SITE_TITLE#'=>$C->SITE_TITLE, '#USER#'=>'@'.$this->user->info->username, '#NAME#'=>$this->user->info->fullname, '#A0#'=>$C->SITE_URL.$this->user->info->username);
                        $lng_htm    = array('#SITE_TITLE#'=>$C->SITE_TITLE, '#USER#'=>'[url="'.$C->SITE_URL.$this->user->info->username.'"]user->info->fullname).'" target="_blank">@'.$this->user->info->username.'[/url]', '#NAME#'=>$this->user->info->fullname, '#A0#'=>'');
                        $subject        = $this->lang('emlsubj_ntf_me_if_u_edt_profl', $lng_txt);
                        $message_txt    = $this->lang('emltxt_ntf_me_if_u_edt_profl', $lng_txt);
                        $message_htm    = $this->lang('emlhtml_ntf_me_if_u_edt_profl', $lng_htm);
                        $this->network->send_notification_email($uid, 'u_edt_profl', $subject, $message_txt, $message_htm);
                    }
                }
            }
        }
    }
    
    $this->load_template('impostazioni_profilo.php');
    
?>

Il file Template impostazioni_profilo.php contiene invece:

Codice PHP:

<?php
    
    $this->load_template('header.php');
    
?>
                    <div id="settings">
                        <div id="settings_left">                
                            <div class="ttl" style="margin-right:12px;"><div class="ttl2"><h3><?= $this->lang('settings_menu_title') ?></h3></div></div>
                            <div class="sidenav">
                                [url="<?= $C->SITE_URL ?>settings/profile"]<?= $this->lang('settings_menu_profile') ?>[/url]
                                [url="<?= $C->SITE_URL ?>settings/contacts"]<?= $this->lang('settings_menu_contacts') ?>[/url]
                                [url="<?= $C->SITE_URL ?>settings/avatar"]<?= $this->lang('settings_menu_avatar') ?>[/url]
                                [url="<?= $C->SITE_URL ?>settings/esporta"]Esporta Profilo[/url]
                                [url="<?= $C->SITE_URL ?>settings/password"]<?= $this->lang('settings_menu_password') ?>[/url]
                                [url="<?= $C->SITE_URL ?>settings/system"]<?= $this->lang('settings_menu_system') ?>[/url]
                                [url="<?= $C->SITE_URL ?>settings/notifications"]<?= $this->lang('settings_menu_notif') ?>[/url]
                                <?php if( function_exists('curl_init') ) { ?>
                                [url="<?= $C->SITE_URL ?>settings/rssfeeds"]<?= $this->lang('settings_menu_rssfeeds') ?>[/url]
                                <?php } ?>
                            </div>
                        </div>
                        <div id="settings_right">
                            <?php if($D->submit) { ?>
                            <?= okbox($this->lang('st_profile_ok'), $this->lang('st_profile_okmsg')) ?>
                            <?php } ?>
                            <div class="ttl"><div class="ttl2">
                                <h3><?= $this->lang('settings_profile_ttl2') ?></h3>
                                [url="<?= $C->SITE_URL ?><?= $this->user->info->username ?>/tab:info"]<?= $this->lang('settings_viewprofile_link') ?>[/url]
                            </div></div>
                            <form method="post" action="">
                                <table id="setform" cellspacing="5">
                                    <tr>
                                        <td class="setparam"><?= $this->lang('st_profile_name') ?></td>
                                        <td><input type="text" name="name" value="<?= htmlspecialchars($D->name) ?>" class="setinp" maxlength="255" /></td>
                                    </tr>
                                    <tr>
                                        <td class="setparam"><?= $this->lang('st_profile_location') ?></td>
                                        <td><input type="text" name="location" value="<?= htmlspecialchars($D->location) ?>" class="setinp" maxlength="255" /></td>
                                    </tr>
                                    <tr>
                                        <td class="setparam"><?= $this->lang('st_profile_birthdate') ?></td>
                                        <td>
                                            <select name="bdate_d" class="setselect" style="width:55px;">
                                            <?php foreach($D->menu_bdate_d as $k=>$v) { ?>
                                            <option value="<?= $k ?>"<?= $k==$D->bdate_d?' selected="selected"':'' ?>><?= $v ?></option>
                                            <?php } ?>
                                            </select>
                                            <select name="bdate_m" class="setselect" style="width:130px;">
                                            <?php foreach($D->menu_bdate_m as $k=>$v) { ?>
                                            <option value="<?= $k ?>"<?= $k==$D->bdate_m?' selected="selected"':'' ?>><?= $v ?></option>
                                            <?php } ?>
                                            </select>
                                            <select name="bdate_y" class="setselect" style="width:70px;">
                                            <?php foreach($D->menu_bdate_y as $k=>$v) { ?>
                                            <option value="<?= $k ?>"<?= $k==$D->bdate_y?' selected="selected"':'' ?>><?= $v ?></option>
                                            <?php } ?>
                                            </select>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td class="setparam" valign="top"><?= $this->lang('st_profile_gender') ?></td>
                                        <td>
                                            <label><input type="radio" name="gender" value="m" <?= $D->gender=='m'?'checked="checked"':'' ?> /> <span><?= $this->lang('st_profile_gender_m') ?></span></label>
                                            <label><input type="radio" name="gender" value="f" <?= $D->gender=='f'?'checked="checked"':'' ?> /> <span><?= $this->lang('st_profile_gender_f') ?></span></label>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td class="setparam" valign="top"><?= $this->lang('st_profile_aboutme') ?></td>
                                        <td><textarea name="aboutme" class="setinp" style="height:90px;"><?= htmlspecialchars($D->aboutme) ?></textarea></td>
                                    </tr>
                                    <tr>
                                        <td class="setparam" valign="top"><?= $this->lang('st_profile_tags') ?></td>
                                        <td><textarea name="tags" class="setinp"><?= htmlspecialchars($D->tags) ?></textarea></td>
                                    </tr>
                                    <tr>
                                        <td></td>
                                        <td><input type="submit" name="sbm" value="<?= $this->lang('st_profile_savebtn') ?>" style="padding:4px; font-weight:bold;"/></td>
                                    </tr>
                                </table>
                            </form>
                        </div>
                    </div>
<?php
    
    $this->load_template('footer.php');
    
?>

e nella root principale ho il file di configurazione config.php che contiene:

Codice PHP:

// MySQL SETTINGS
    // 
        $C->DB_HOST    = 'host';
        $C->DB_USER    = 'sqluser';
        $C->DB_PASS    = 'pass';
        $C->DB_NAME    = 'nome db';



e altro... 


Come è facile intuire, il database del mio sito contiene una tabella chiamata users in cui ci sono tutti i dati degli utenti (username, email, password, tel., link facebook etc.)



Mi sapete dire come fare per creare un link - nella pagina impostazioni - tramite cui l'utente possa eliminare il proprio account? Cerco in rete da giorni ma non ho trovato nulla di buono, non mi funzionano i codici che ho provato.

Chi sa aiutarmi?

[W3bm@st3r]

Basta che fai un semplice link passando l'id dell'utente da cancellare dall'url e quindi riacchiappandola con un get per poi fare la DELETE

[lasslo]

Si ma poi ci sono gravi problemi di sicurezza... comunque tu come faresti il codice?