Allowing poster to delete their post or topic?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

metroid87706
Forum Newbie
Posts: 17
Joined: Sat Jul 14, 2007 12:06 pm

Post by metroid87706 »

So, um, yea. Does anyone have a easy way to tell it to a newbie in PHP to get this to work?
So far as I can see I need:

Code for deletepost.php
The variable to get who posted the reply

I think thats it.
If you can make a code for me, thanks a lot, if not, its fine.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

astions wrote:Those of you who are saying it is not a security risk should read about CSRF (cross site request forgeries). Although unlikely, it can and does allow you to perform actions on other sites on behalf of the currently logged in user through the use of get requests. Think image tags...

Code: Select all

<img src="deletepost.php?post_id=1234" />
Using get requests to perform actions is also a violation of the HTTP specifications. (Section 9.1.1 of RFC 2616).

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
It is perfectly fine to use the GET method to specify which post should be deleted. The deletion itself would be performed through a POST method in which the user is given a choice of "Delete" or "Cancel." Upon clicking "Delete," the deletion would take place, but it wouldn't be prone to XSS.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

metroid87706 wrote:So, um, yea. Does anyone have a easy way to tell it to a newbie in PHP to get this to work?
So far as I can see I need:

Code for deletepost.php
The variable to get who posted the reply

I think thats it.
If you can make a code for me, thanks a lot, if not, its fine.
It's not very complicated... Have you even tried yet?

Code: Select all

if(deletion has been confirmed && user is logged in && the post belongs to the user)
{
    delete the post;
}
metroid87706
Forum Newbie
Posts: 17
Joined: Sat Jul 14, 2007 12:06 pm

Post by metroid87706 »

Um, yes iv tried, but i have almost no knowlege of php compared to you guys.

I know the

if {
-----------
}
else {
-----------
}

kinda stuff, and how to dselete, change, add stuff to mysql, but i dont know how to use it in the way i am doing it.

I dont know how to specify the posters name, to get it from the post, i dont knok how to do most of the stuff your suggeting.

*sigh* Nevermind, I guess this isnt mandatory, but I wanted this feature. Oh well.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

What? It sounds like your problem is in your database. In order for users to edit / delete posts, the entry in the database for the post needs to have an author. Then, you check the currently logged in user with the author of the post.
metroid87706
Forum Newbie
Posts: 17
Joined: Sat Jul 14, 2007 12:06 pm

Post by metroid87706 »

metroid87706
Forum Newbie
Posts: 17
Joined: Sat Jul 14, 2007 12:06 pm

Post by metroid87706 »

Does anyone have a solution?

Thanks.
metroid87706
Forum Newbie
Posts: 17
Joined: Sat Jul 14, 2007 12:06 pm

Post by metroid87706 »

Can somebody help me here?
Post Reply