I have a form that allows the user to delete users from a database based on the extension number they enter. Before they can delete anyone they go through a login page. Once they delete a user from the data we receive an email stating what extension number was deleted. Is there a way that I could add which user deleted the data from the table ?
(Please note, I am aware of SQL injection issues and the use of mysql is depreciated. I will change them to PDO or mysqli once I have this issue sorted)
Currently the email looks like:
Extension Number 4324 was removed from the extension list.
Can I make it:
Extension Number 4324 was removed from the extension list by James.
The login form:
<html>
<head>
<title>Login</title> <link rel="stylesheet" type="text/css" href="style.css">
</head>
<body id="body-color">
<div id="Sign-In">
<center><fieldset style="width:30%"><legend>Welcome Please Login Below</legend>
<form method="POST" action="connectivity.php">
Username: <br><input type="text" name="user" size="40"><br>
Password: <br><input type="password" name="pass" size="40">
<br>
<br>
<input id="button" type="submit" name="submit" value="Log-In">
</form>
</center>
</fieldset>
</div>
</body>
</html>
Connectivity.php
<?php
session_start();
define('DB_HOST', 'localhost');
define('DB_NAME', 'list');
define('DB_USER','root');
define('DB_PASSWORD','****');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user']; $Password = $_POST['pass'];
*/
function SignIn()
{
session_start();
if(!empty($_POST['user']))
{
$query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
$row = mysql_fetch_array($query);
if(!empty($row['userName']) AND !empty($row['pass']))
{
$_SESSION['userName'] = $row['pass'];
header("Location: index.php");
$_SESSION['CheckLogin'] = true;
}
else
{
header("Location: login.php");
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}
?>
The Delete.php form
<?php
require ("database.php");
session_start();
if (!isset($_SESSION['CheckLogin'])) { header("Location: login.php"); }
if($_POST['action'])
{
$this_user_ext =$_GET['extension'];
// sending query
mysql_query("DELETE FROM users WHERE extension = '$this_user_ext'")
or die(mysql_error());
include('maildelete.php');
$extension=$_POST['extension'];
header("Location: index.php");
}
?>
<center><form action="" method="post">
Enter 4 Digit Extension Number :<br><input type="text" name="extension">
<br><h2><input type="submit" name="action" value="Delete Extension">
<br></h2>
<h3>
<a href="index.php"> Main Menu </a>
</h3>
</form>
</center>
and the maildelete.php
<?php
$extension = $_POST['extension'];
$department = $_POST['department'];
if ($_POST['department']=="IT DEPARTMENT") {
$address2="alpineit@alpinemotors.co.za";
}
require 'PHPMailer-master/PHPMailerAutoload.php';
$mail = new PHPMailer;
$mail->IsSMTP(); // telling the class to use SMTP
$mail->Host = "****"; // SMTP server // enables SMTP debug information
$mail->SMTPAutoTLS = false;
$mail->SMTPSecure = false;
$mail->SMTPAuth = true; // enable SMTP authentication
$mail->Host = "****"; // sets the SMTP server
$mail->Port = 587; // set the SMTP port for the GMAIL server
$mail->Username = "****"; // SMTP account username
$mail->Password = "****"; // SMTP account password
$mail->From = "no-reply@sdsads.co.za";
$mail->FromName = "Extension List";
$mail->AddAddress('jurgen@asdas.co.za', $address2, "");
$mail->isHTML(true);
$mail->Subject = 'Extension Deleted';
$mail->Body = "Extension Number " . $extension . " from the " . $department . " was removed from the Extension List";
if(!$mail->Send()) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $mail->ErrorInfo;
exit;
}
echo 'Email Sent Successfully!';
?>
I found the fix.
I added $_SESSION['userName'];
so the line of code in my maildelete.php :
$mail->Body = "Extension Number " . $extension . " from the " . $department . " was removed from the Extension List" . $_SESSION['userName'];
Always put some extra column in your table, created_by, created_at, updated_by, updated_at, deleted_by, deleted_at. There value are the ID of logged-in user who perform the following operation.
By using this you can easily track the add, update, delete operation done by whom and on what date.
It seems that you have the username in the variable
$_SESSION['userName']
So it would be just to add that to the email message in maildelete.php
$mail->Body = "Extension Number " . $extension . " from the " . $department . " was removed from the Extension List";
With this:
$mail->Body = "Extension Number " . $extension . " from the " . $department . " was removed from the Extension List by ".$_SESSION['userName'];