<?php
require '../mysqlvars.php';
require '../init.php';
require '../lib/db.php';
require '../lib/form_functions.php';
session_start('ADMIN');
$dbConn = connectDB($dbHost, $dbUser, $dbPass, $dbDB);
if (!$dbConn) {
die('Database is currently down...please try again later');
}
require 'includes/secure_page.php';
if (!isset($_GET['address_id']) && !isset($_POST['address_id'])) {
die ('Illegal navigation');
}
else {
$address_id = isset($_GET['address_id']) ? $_GET['address_id'] : $_POST['address_id'];
}
if (!isset($_GET['file_id']) && !isset($_POST['file_id'])) {
die ('Illegal navigation');
}
else {
$file_id = isset($_GET['file_id']) ? $_GET['file_id'] : $_POST['file_id'];
}
unset($error);
unset($confirm);
$found = false;
$querystr = "SELECT concat(username, ' ', address_id) as name FROM wsd_contacts WHERE address_id = '$address_id'";
$result = mysql_query($querystr);
if ($result) {
if ($frow = mysql_fetch_row($result)) {
//$name = $frow[0];
}
else {
$error = 'Contact not found';
}
}
else {
$error = mysql_error();
}
if (!isset($error)) {
if (isset($_POST['confirm'])) {
$fl = $_POST['file_id'] . '.' . $_POST['ftype'];
if (file_exists($APP->upload_dir . $fl)) {
unlink($APP->upload_dir . $fl);
}
mysql_query("DELETE FROM wsd_files WHERE file_id = " . $_POST['file_id']); ?>
<SCRIPT LANGUAGE="JavaScript">
<!--
if (window.opener) {
if (!window.opener.closed) {
window.opener.location.reload(1);
}
window.close();
}
//-->
</SCRIPT>
<?php
$confirm = 'File deleted';
$found = false;
}
else {
$query = "SELECT * FROM wsd_files WHERE ";
$query .= "address_id = '$address_id' AND file_id = '$file_id'";
$result = mysql_query($query, $dbConn);
if ($result) {
if ($frow = mysql_fetch_array($result)) {
$found = true;
$ftype = $frow['ftype'];
$title = $frow['title'];
}
else {
$error = 'File not found';
}
}
else {
$error = mysql_error();
}
}
}
include '../members/includes/header.php';
?>
<tr>
<td>
<table class="fg">
<tr>
<td class="title">Delete File</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table class="nb">
<?php if (isset($confirm)) { echo "<tr><td class=\"bold\">$confirm</td><tr>"; } ?>
<?php if (isset($error)) { echo "<tr><td class=\"error\">$error</td></tr>"; } ?>
</table>
</td>
</tr>
<tr>
<td>
<?php if ($found) { ?>
<table class="fg">
<form method="POST" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<tr>
<td class="label"> </td>
<td class="field">
<input type="hidden" name="address_id" value="<?php echo $address_id ?>">
<input type="hidden" name="file_id" value="<?php echo $file_id ?>">
<input type="hidden" name="ftype" value="<?php echo $ftype ?>">
</td>
</tr>
<tr>
<td class="label">File:</td>
<td class="field"><?php echo $title ?></td>
</tr>
<tr><td class="label"> </td><td class="field"><input type="Submit" name="confirm" value="Delete"></td></tr>
</form>
</table>
<?php } ?>
</td>
</tr>
<?php include '../members/includes/footer.php' ?>