Mailinglist – php example code – part 5 – unsubscribe by e-mail for users

Article focus on improvement mailinglist app for enabling access for common users only on by e-mail unsubscription without ability to see list of all subscribed users.

Goal of unsubscribe by user app extension

For further security hardening (not main improvement but first partialy update) we separate page for unsubscribing for admin (somebody who knows name of that page – no improvement in this way is done) and for unsubscribing for common user.

Users cannot see list of all subscribers names and email. But there is no way for refering any changes in the table. For better user experience, we expanded messaging output for information about:

  • that e-mail was found in database table – select query search database for appropriate e-mail
  • that e-mail was succesfully deleted from databse
  • or warning message that e-mail was not found (user with this e-mail is not subscribed for mailing)

Frontend of the page after inserting wrong e-mail looks like this

e-mail is not in subscribers list

or succesfull e-mail removed output

e-mail was found and removed from list

Main logic of script

Next code snipet contains logic for finding appropriate-mail and show message about succesfull search. Next deleting selected e-mail from subscribtion list.

<?php
    // two variables for message and styling of the mesage with bootstrap
    require_once(‚appvars.php‘); // including variables for database

 

    $msg = “;
    $msgClass = “;
    $msg_about_contains_email = “;
    $msgClass_email = “;

 

    // default values of auxiliary variables
    $email =““;
  

 

    $is_removed = false; //before hitting submit button no result is available
    $is_present = false; // email is not in the table – default before slecting against user submitted email for deletion
    
    if(filter_has_var(INPUT_POST, ‚submit‘)){
        // Data obtained from $_postmessage are assigned to local variables
        $email = htmlspecialchars($_POST[‚email‘]);
       
    
        // Controll if all required fields was written
        if(!empty($email) ) {
            // If check passed – all needed fields are written
            if(filter_var($email, FILTER_VALIDATE_EMAIL) === false){
                // E-mail is not walid
                $msg = ‚Please use a valid email‘;
                $msgClass = ‚alert-danger‘;
            } else {
                // E-mail is walid – now delete row with matching e-mail

 

                        // make database connection
                    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PW, DB_NAME);

 

                    // Check connection
                        if($dbc === false){
                            die(„ERROR: Could not connect to database. “ . mysqli_connect_error());
                        }
                    
                    // get info if appropriate e-mail is in mailinglist
                       // create SELECT query
                        $sql = „SELECT email FROM mailinglist WHERE email = „.“‚$email'“;

                        if(($row[‚email‘] = mysqli_fetch_array($result = mysqli_query($dbc, $sql))) != ‚){
                            
                            $msg_about_contains_email = ‚Subscriber with e-mail: ‚.$email. ‚ was found in database for deletion.‘;
                            $msgClass_email = ‚alert-success‘;
                            $is_present = true;

 

                            // create DELETE query
                            $sql = „DELETE FROM mailinglist WHERE email = „.“‚$email'“.“ LIMIT 1″;
 
                            if(mysqli_query($dbc, $sql)){
                            
                                $msg = ‚Subscriber with e-mail: ‚.$email. ‚ has been succesfully removed from mailinglist.‘;
                                $msgClass = ‚alert-success‘;
                                $is_removed = true;
                                                      
                                };
                            
                                         
                        } else{
                            $msg_about_contains_email = ‚Subscriber with e-mail: ‚.$email. ‚ was not found in database for deletion. Probably was not subscribed for mailing.‘;
                            $msgClass_email ‚alert-warning‚;
                            $msg = „ERROR: Could not able to execute $sql. “ . mysqli_error($dbc);
                            $msgClass = ‚alert-danger‘;
                            $is_present = false;
                        };

       

                    // end connection
                        mysqli_close($dbc);
                    };           
                
        } else {
            // Failed – if not all fields are fullfiled
            $msg = ‚Please fill in all fields‘;
            $msgClass = ‚alert-danger‘; // bootstrap format for allert message with red color
        }; 
    };  
    
    
    // if reset button clicked
    if(filter_has_var(INPUT_POST, ‚reset‘)){
        $msg = “;
        $msgClass = “; // bootstrap format for allert message with red color
        $subject =“;
        $email =“;
        $msg_about_contains_email = “;
        
    };
        
?>

Full code of page usrunsub.php can be obtained from github here.