-2

I am trying to solve an issue I am facing. I want to delete a logged in user from a MySql database after they click a button.

The code I have named as changepw.php

<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "loginsystem";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}


$uid =$_REQUEST['user_uid'];
// sql to delete a record
$sql = "DELETE FROM users WHERE user_uid='$uid'";

if ($conn->query($sql) === TRUE) {
    echo "Record deleted successfully";
} else {
    echo "Error deleting record: " . $conn->error;
}

$conn->close();
?>

The error I am getting: screenshot of error

It refers to this line:

$uid =$_REQUEST['user_uid'];

My login.php file looks like this:

<?php

session_start();

#first if
if (isset($_POST['submit'])) {

    include 'dbh.inc.php';

    $uid = mysqli_real_escape_string( $conn , $_POST['uid'] );
    $pwd = mysqli_real_escape_string( $conn , $_POST['pwd'] );

    //Error handerlers
    //Check if this input are empty
    #second if
    if (empty($uid) || empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    }/*second else*/ else {
        $sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
        $result = mysqli_query($conn,$sql);
        $resultCheck = mysqli_num_rows($result);
        #third if
        if ($resultCheck < 1) {
            header("Location: ../index.php?login=error");
            exit();
        }/*third else*/ else {
            #forth if
            if ($row = mysqli_fetch_assoc($result)) {
                //de-hashing the password
                $hashedPwdCheck = password_verify($pwd , $row['user_pwd']);
                #fifth if
                if ($hashedPwdCheck == false) {
                    header("Location: ../index.php?login=error");
                    exit();
                } /*fifth else*/ elseif ($hashedPwdCheck == true) {
                    //Log in the user here
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_first'] = $row['user_first'];
                    $_SESSION['u_last'] = $row['user_last'];
                    $_SESSION['u_email'] = $row['user_email'];
                    $_SESSION['u_uid'] = $row['user_uid'];
                    #might be not necessary
                    $email = $_SESSION['user_email'];

                    header("Location: ../index.php?login=success");
                    exit();
                }
            }
        }
    }
}/*first else*/ else {
    header("Location: ../index.php?login=error");
    exit();
}

Code where the button is located index.php

<?php
    include 'header.php';
?>


<section class="main-container">
    <div class="main-wrapper">
        <h2>About</h2>
        <?php
            if (isset($_SESSION['u_id'])) {
                echo '

                <form action="includes/changepw.php" method="POST">
                            <button type="submit" name="submit">Delete User</button>
                </form>
                    ';

            }
        ?>  
    </div>
</section>


<?php
    include 'footer.php';
?>

I would really appreciate some help as I am not sure how to solve this.

Thanks in advance!

user3783243
  • 5,368
  • 5
  • 22
  • 41
Kalman
  • 19
  • 1
  • 1
  • 5
  • 3
    The error you're getting is telling you what you need to know - there's no index "user_uid" in $_REQUEST. I'm guessing the problem is coming from the frontend, not the php end. Can't really help without seeing how you're passing the data to the php file – Michael Beeson Jun 07 '18 at 12:38
  • Parameter named 'user_uid' is missing in your request. You should provide it to php file as get or post. – Lovepreet Singh Jun 07 '18 at 12:38
  • 2
    Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](https://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) – Nigel Ren Jun 07 '18 at 12:40
  • You also are open to SQL injections. With this code one could easily delete all user accounts. – user3783243 Jun 07 '18 at 12:50
  • You should put an hidden field named 'user_uid' inside the form with the button in index.php. Otherwise $_REQUEST['user_uid'];is not set obviously. – Frédéric Clausset Jun 07 '18 at 13:02

1 Answers1

0

Here request parameter user_uid is missing. So add hidden input field inside form that will store user_uid as follows:

if (isset($_SESSION['u_id'])) {
    echo '<form action="includes/changepw.php" method="POST">
        <button type="submit" name="submit">Delete User</button>
    <input type="hidden" name="user_uid" value="'. $_SESSION['u_id'].'"
                    </form>';
}

Also don't forgot to sanitize input:

$uid = filter_var($_REQUEST['user_uid'], FILTER_SANITIZE_NUMBER_INT);

Read documentation for filter_var.

Lovepreet Singh
  • 4,792
  • 1
  • 18
  • 36
  • With this approach a user could brute force delete all users. The `$_SESSION` should just be used server side. – user3783243 Jun 07 '18 at 13:06
  • For some strange reason I get the exact same error with this solution. Any ideas why would that be? – Kalman Jun 07 '18 at 13:16
  • 1
    @user3783243: While this appears **massively** insecure, this is the answer to the question which was asked. We don't know if header.php contains any authorization check - but it is a big help when people provide MINIMAL, VERIFIABLE CODE. (+1 for Lovepreet) – symcbean Jun 07 '18 at 14:05
  • We don't what code written beyond this piece of code. So we should just provide solution according to current situation. Can't write whole code. – Lovepreet Singh Jun 07 '18 at 16:22