Confirming deletion of records

Hey Simon.

A simple way to do something like that is to just to generate a unique string, send it to the user via email, and ask them to copy/paste the string into a input box.

Simply put:
[code=php]<?php
session_start() ;
$_SESSION['confirmation_k ey'] = md5(microtime(t rue) . mt_rand(1000));

$to = 'user@example.c om';
$subject = 'Artist deletion confirmation.';
$message = 'This is your key: ' . $_SESSION['confirmation_k ey'];
$headers = 'From: no-reply@example.c om' . "\r\n" .
'Reply-To: no-reply@example.c om' . "\r\n" .
'X-Mailer: PHP/' . phpversion();

if(!mail($to, $subject, $message, $headers)) {
die('Failed to send the confirmation email. Please go whine about it to the webmaster.');
}
?>
<!DOCTYPE html>
<html>
<head><title>De lete stuff</title></head>
<body>
<form action="deleteS tuff.php" method="post">
The Key: <input type="text" name="the_key" />
<input type="submit" />
</form>
</body>
</html>[/code]
[code=php]<?php
if(isset($_POST['the_key'])) {
if($_POST['the_key'] == $_SESSION['confirmation_k ey']) {
// Delete stuff
}
else {
echo "Better luck next time.";
}
}
?>[/code]
That's at least the general idea.

Alti,

Many thanks for your response. The adminstrator already has to log in and I control access to the page that deletes all the pictures and the user and using the $_SESSION variable. I have written the code to delete the pictures and user and then got worried about hackers.

What I had in mind was that once the administrator had hit the delete key the PHP code would be suspended until a confirmation response is recieved and if it isn't within, say 24hours, it would cancel the delete.

On reflection and researching a bit further I think this is a bit fanciful and I'll rely on the login script and regular backups!

Once again, many thanks for your time and the code; which I will adapt for email confirming when a new user is created.

Ok, no problem.

One good way to avoid getting hacked and having all your info deleted, is to not use delete statements. Rather than DELETE the user and all the data belonging to it, you could add a 'deleted' field to the user table and UPDATE it to read TRUE. Then you could just omit the users marked deleted from the data you display.

To further protect against this, you could restrict the database user to only be allowed to use the SELECT and INSERT commands on most tables, and UPDATE on only the tables that need it. That way, even if somebody managed to hack his way into a admin account, or get a hold of your database login, the worst he would be able to do is replace the data in the UPDATE'able tables and add more data to the others.

Alti, once again thanks for your time and some very good ideas. I'll implement the delete flag idea and then write something so I can purge the database regularly.

Reagrds,

Simon