Agrilinksqlphp/delete_account.php at master · mr0developer/Agrilinksqlphp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
session_start();

if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != 1) {
    header("Location: Login/error.php");
    exit();
}

require 'db.php';

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $password = $_POST['password'];
    $user_id = $_SESSION['id'];
    $category = $_SESSION['Category'];

    // Verify password
    if ($category == 1) {
        $sql = "SELECT fpassword FROM farmer WHERE fid = ?";
        $table = "farmer";
        $id_field = "fid";
    } else {
        $sql = "SELECT bpassword FROM buyer WHERE bid = ?";
        $table = "buyer";
        $id_field = "bid";
    }

    $stmt = $conn->prepare($sql);
    $stmt->bind_param("i", $user_id);
    $stmt->execute();
    $result = $stmt->get_result();
    $user = $result->fetch_assoc();

    if (password_verify($password, $user[$category == 1 ? 'fpassword' : 'bpassword'])) {
        // Delete user's profile picture if exists
        if (isset($_SESSION['picName']) && $_SESSION['picName'] != 'profile0.png') {
            $pic_path = "images/profileImages/" . $_SESSION['picName'];
            if (file_exists($pic_path)) {
                unlink($pic_path);
            }
        }

        // Delete user's products if farmer
        if ($category == 1) {
            $sql = "DELETE FROM fproduct WHERE fid = ?";
            $stmt = $conn->prepare($sql);
            $stmt->bind_param("i", $user_id);
            $stmt->execute();
        }

        // Delete user's orders and messages
        $sql = "DELETE FROM orders WHERE " . ($category == 1 ? "fid" : "bid") . " = ?";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param("i", $user_id);
        $stmt->execute();

        // Delete user's chat messages
        $sql = "DELETE FROM chat_messages WHERE " . ($category == 1 ? "farmer_id" : "buyer_id") . " = ?";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param("i", $user_id);
        $stmt->execute();

        // Finally, delete the user account
        $sql = "DELETE FROM " . $table . " WHERE " . $id_field . " = ?";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param("i", $user_id);

        if ($stmt->execute()) {
            // Destroy session and redirect to login
            session_destroy();
            header("Location: Login/login.php?message=Account deleted successfully");
            exit();
        } else {
            $_SESSION['message'] = "Error deleting account. Please try again.";
            header("Location: profileEdit.php");
            exit();
        }
    } else {
        $_SESSION['message'] = "Incorrect password. Please try again.";
        header("Location: profileEdit.php");
        exit();
    }
} else {
    header("Location: profileEdit.php");
    exit();
}
?>