Mailinglist – php example code – part 5 – unsubscribe by e-mail for users

17.10.202026.09.2020 milan.ciljak

Article focus on improvement mailinglist app for enabling access for common users only on by e-mail unsubscription without ability to see list of all subscribed users.

Goal of unsubscribe by user app extension

For further security hardening (not main improvement but first partialy update) we separate page for unsubscribing for admin (somebody who knows name of that page – no improvement in this way is done) and for unsubscribing for common user.

Users cannot see list of all subscribers names and email. But there is no way for refering any changes in the table. For better user experience, we expanded messaging output for information about:

that e-mail was found in database table – select query search database for appropriate e-mail
that e-mail was succesfully deleted from databse
or warning message that e-mail was not found (user with this e-mail is not subscribed for mailing)

Frontend of the page after inserting wrong e-mail looks like this

or succesfull e-mail removed output

Main logic of script

Next code snipet contains logic for finding appropriate-mail and show message about succesfull search. Next deleting selected e-mail from subscribtion list.

<?php

// two variables for message and styling of the mesage with bootstrap

require_once(‚appvars.php‘); // including variables for database

$msg = “;

$msgClass = “;

$msg_about_contains_email = “;

$msgClass_email = “;

// default values of auxiliary variables

$email =““;

$is_removed = false; //before hitting submit button no result is available

$is_present = false; // email is not in the table – default before slecting against user submitted email for deletion

if(filter_has_var(INPUT_POST, ‚submit‘)){

// Data obtained from $_postmessage are assigned to local variables

$email = htmlspecialchars($_POST[‚email‘]);

// Controll if all required fields was written

if(!empty($email) ) {

// If check passed – all needed fields are written

if(filter_var($email, FILTER_VALIDATE_EMAIL) === false){

// E-mail is not walid

$msg = ‚Please use a valid email‘;

$msgClass = ‚alert-danger‘;

} else {

// E-mail is walid – now delete row with matching e-mail

// make database connection

$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PW, DB_NAME);

// Check connection

if($dbc === false){

die(„ERROR: Could not connect to database. “ . mysqli_connect_error());

}

// get info if appropriate e-mail is in mailinglist

// create SELECT query

$sql = „SELECT email FROM mailinglist WHERE email = „.“‚$email'“;

if(($row[‚email‘] = mysqli_fetch_array($result = mysqli_query($dbc, $sql))) != ‚‚){

$msg_about_contains_email = ‚Subscriber with e-mail: ‚.$email. ‚ was found in database for deletion.‘;

$msgClass_email = ‚alert-success‘;

$is_present = true;

// create DELETE query

$sql = „DELETE FROM mailinglist WHERE email = „.“‚$email'“.“ LIMIT 1″;

if(mysqli_query($dbc, $sql)){

$msg = ‚Subscriber with e-mail: ‚.$email. ‚ has been succesfully removed from mailinglist.‘;

$msgClass = ‚alert-success‘;

$is_removed = true;

};

} else{

$msg_about_contains_email = ‚Subscriber with e-mail: ‚.$email. ‚ was not found in database for deletion. Probably was not subscribed for mailing.‘;

$msgClass_email = ‚alert-warning‚;

$msg = „ERROR: Could not able to execute $sql. “ . mysqli_error($dbc);

$msgClass = ‚alert-danger‘;

$is_present = false;

};

// end connection

mysqli_close($dbc);

};

} else {

// Failed – if not all fields are fullfiled

$msg = ‚Please fill in all fields‘;

$msgClass = ‚alert-danger‘; // bootstrap format for allert message with red color

};

// if reset button clicked

if(filter_has_var(INPUT_POST, ‚reset‘)){

$msg = “;

$msgClass = “; // bootstrap format for allert message with red color

$subject =“;

$email =“;

$msg_about_contains_email = “;

};

Full code of page usrunsub.php can be obtained from github here.

Share the article via the network