OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	01/07/2025 11:50:15 AM	rwxr-xr-x
📁 PHPMailer	-	05/19/2025 10:07:22 AM	rwxr-xr-x
📄 backup-navbar.php	27.29 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 backupnavbar.php	21.23 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 blockAccount.php	2.23 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 bnavbar.php	35.82 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 bottom_navbar.php	6.18 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 common.js	46.89 KB	01/07/2025 11:50:18 AM	rw-r--r--
📄 config.php	9.38 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 db_config.php	3.43 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 db_connect.php	293 bytes	05/19/2025 10:07:22 AM	rw-r--r--
📄 delete_account.php	3.5 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 edit_post.php	2.23 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 footer.php	1.25 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 function.php	20.12 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 go_backbar.php	4.01 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 handler.php	3.46 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 indexFooter.php	597 bytes	05/19/2025 10:07:22 AM	rw-r--r--
📄 mail.php	2.67 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 navbar.php	24.1 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 process_data.php	3.87 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 readert_validate.logged.php	481 bytes	05/19/2025 10:07:22 AM	rw-r--r--
📄 report_account.php	1.42 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 report_stream.php	2.08 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 savePost.php	2.38 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 siginupProcess.php	5.24 KB	05/19/2025 10:07:22 AM	rw-r--r--
📁 simplepie	-	05/19/2025 10:07:22 AM	rwxr-xr-x
📄 stream_post_handler.php	3.68 KB	05/19/2025 10:07:22 AM	rw-r--r--
📄 validate.logged.php	1.01 KB	05/19/2025 10:07:22 AM	rw-r--r--

Editing: delete_account.php

<?
include 'validate.logged.php';
include 'db_config.php';
include 'mail.php';
header('Content-Type: application/json');

function verify_user_with_pwd($userId, $pwd)
{
    global $creamdb;
    $stmt = $creamdb->prepare("SELECT COUNT(*) AS count FROM user WHERE id = ? AND password = ?");
    $stmt->bind_param("is", $userId, $pwd);
    $stmt->execute();
    $result = $stmt->get_result();
    $row = $result->fetch_assoc();
    return $row['count'];
}
function delete_account_sql($userId, $reason)
{
    global $creamdb;
    $result = [];
    $status = 'not_confirmed';

try {
        mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
        $stmt = $creamdb->prepare("INSERT INTO acc_deletion (userId, reason, status, updates_on) VALUES (?, ?, ?, NULL)");
        $stmt->bind_param("iss", $userId, $reason, $status);
        if ($stmt->execute()) {
            if ($stmt->affected_rows > 0) {
                $result = ['status' => 'success', 'message' => 'Account Deleted Successfully'];
            } else {
                throw new mysqli_sql_exception("Unknown :(");
            }
        }
    } catch (mysqli_sql_exception $e) {
        $result = ['status' => 'error', 'message' => 'Account Could Not be Deleted. Reason: ' . $e->getMessage()];
    } finally {
        if ($stmt) {
            $stmt->close();
        }
    }
    return $result;
}

function delete_account_confirmation($toName, $toEmail)
{
 global $gUserEmail;
 $result = [];
 $deleteAccLink = "https://knoblycream.com/report/account_deletion.php?code=" . simpleEncDec($gUserEmail);
 $emailSubject = "Your Request for Account Deletion";
 $emailBody = "
 Hi $toName , 
 You opted to Delete Your Account from Knobly Cream. Please click the link below to complete the process:
 <a href='" . $deleteAccLink . "'>Delete your account</a> 
 Accounts Team 
 Knobly Cream
 ";

$mailResponse = sendEmail($toName, $toEmail, '', $emailSubject, $emailBody);
    if ($mailResponse['status'] == "success") {
        $result = ['status' => 'success', 'message' => 'The deletion mail has been sent to the registered email address'];
    } else {
        $result = ['status' => 'error', 'message' => "Could not send the mail to the registered email address"];
    }
    return $result;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (isset($_POST['password'])) {
        if (verify_user_with_pwd($gUserId, $_POST['password'])) {
            $mailresponse = delete_account_confirmation($gUserName, $gUserEmail);
            if ($mailresponse['status'] === 'success') {
                $sqlresponse = delete_account_sql($gUserId, $_POST['reason']);
                if ($sqlresponse['status'] === 'success') {
                    echo json_encode($mailresponse);
                } else {
                    echo json_encode(['status' => 'error', 'message' => $sqlresponse['message']]);
                }
            } else {
                echo json_encode(['status' => 'error', 'message' => $mailresponse['message']]);
            }
            // delete_account($gUserId, $_POST['password'], $_POST['reason']);
        } else {
            echo json_encode(['status' => 'error', 'message' => 'Wrong Password Entered']);
        }
    } else {
        echo json_encode(['status' => 'error', 'message' => "Unknown Request"]);
    }
    exit;
} else {
    echo json_encode(['status' => 'error', 'message' => "Unknown Request"]);
    exit;
}