confirm before action

@cybercampbellSep 14.2004

Hi all

I’m using this to delete files from my server:

[code=php] if($_GET[“action”] == “delete” && isset($_GET[“file”])) { chmod($file, 0777); unlink(“$path/$file”); } [/code]

but what I need is when the delete image is clicked (which invokes the action) a pop box asks to confirm that I wish to delete the file.

does this sound easy enough?

Cheers
Chris

to post a comment

PHP

10 Comments(s) _↴

@shimonSep 14.2004 — #Yes, that sounds relatively easy - though it sounds more like a job for javascript than PHP.

Should also mention - you might want to be careful with that code, and do some serious validation on the input. As it stands it looks like it would be extremely simple for an outsider to knock out a script to delete every file from your server. I don't think you want that ?

@cybercampbellauthorSep 14.2004 — #Thanks for that...I look into some validation.

Cheers

Chris

@cybercampbellauthorSep 14.2004 — #I tried this for some validation but it doesn't work....I've messed up here some where:

[code=php]if($_GET["action"] == "delete" && isset($_GET["file"])) { 
 $files = array(@opendir($path)); 
 if(in_array($file, $files)){
 chmod($file, 0777);
 unlink("$path/$file");
 $results = '* The file <strong>'.$file.'</strong> has been deleted.'; 
 } else { 
 $results = '* Sorry but your file was either missing or could not be deleted!'; 
 } 
 }[/code]

I quite new to this but I am learning.

I think the problem is here:

[code=php]$files = array(@opendir($path)); [/code]

I need to get the contents of the directory into an array.

I also found this but I'm not sure how it incorperate it into my php function.

[code=php]<script>
 function confirmDelete(delUrl) {
 if (confirm("Are you sure you want to delete")) {
 document.location = delUrl;
 }
 }
 </script>
 
 <a href="javascript:confirmDelete('delete.page?id=1')">Delete</a> [/code]

any ideas?

Chris

@cybercampbellauthorSep 14.2004 — #OK

This works but is it secure enough:

[code=php]
 if($_GET["action"] == "delete" && isset($_GET["file"])) { 
 if (file_exists($file)) { 
 chmod($file, 0777);
 unlink("$path/$file");
 $results = '* The file <strong>'.$file.'</strong> has been deleted.'; 
 } else { 
 $results = '* Sorry but your file was either missing or could not be deleted!'; 
 } 
 }
 [/code]

is this OK

Chris

@NogDogSep 14.2004 — #[i](Edited: added closing quote to second $_GET index)[/i]

I would add some validation that there is no ".." and no "/" in the file name. This would prevent a user from doing something like entering "../../public_html" do delete your web site (though hopefully your file permissions would not allow this anyway). Something like:

[code=php]
 if(strpos($_GET['file'], '..') or strpos($_GET['file'], '/'))
 {
 # display error message
 }
 else
 {
 # do deletion processing
 }
 [/code]

@JonaSep 14.2004 — #[font=trebuchet ms]Where you want to have the confirmation box popup, put this in the head tag.[/font]

<i>
 </i>&lt;script type="text/javascript"&gt;&lt;!--
 function confirmDel(q){
 if(confirm(q)){ return true; }
 return false;
 }
 //--&gt;&lt;/script&gt;

[font=trebuchet ms]Then for wherever you want to invoke the popup, use this.[/font]

<i>
 </i>&lt;a href="del.php?action=delete&amp;amp;file=file.jpg" onclick="return confirmDel('Delete this file?');"&gt;Delete file.jpg&lt;/a&gt;

@cybercampbellauthorSep 14.2004 — #Thanks guys......Done and works.

Cheers

Chris

?

@JonaSep 14.2004 — #[font=trebuchet ms]JavaScript is a client-side language, so it might take a little while to get a hang of the basics, but it's very easy once you've done so - especially if you already know PHP. ? [/font]

@sciguyryanSep 14.2004 — #[i]Originally posted by Jona [/i]

[B][font=trebuchet ms]JavaScript is a client-side language, so it might take a little while to get a hang of the basics, but it's very easy once you've done so - especially if you already know PHP. ? [/font] [/B][/QUOTE]

Yup, very true (I learned them the other way arround XD)

Anyway, here is a good plae to start:

http://www.w3schools.com and some FAQs at http://www.webdevfaqs.com

RyanJ

@JonaSep 14.2004 — #[i]Originally posted by sciguyryan [/i]

[B](I learned them the other way arround XD)[/B][/QUOTE]

[font=trebuchet ms]As did I. ? [/font]

Also in #PHP _↴

Populate some fields from a select option display user's comments in webpage.Help with RewriteEngine

Success!

Help @cybercampbell spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.14,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

confirm before action

10 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

confirm before action

10 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

10 Comments(s) _↴

Also in #PHP _↴