-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdelete.php
More file actions
78 lines (64 loc) · 2.83 KB
/
delete.php
File metadata and controls
78 lines (64 loc) · 2.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
require_once './php/essentials.php';
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
define('RESPONSE_CODE', 405);
header('HTTP/1.1 405 Method Not Allowed');
header('Allow: POST');
trigger_error("The {$_SERVER['REQUEST_METHOD']} method is not allowed for the requested URL.", E_USER_ERROR);
}
$headings = array_key_exists('headings', $_POST) ? $_POST['headings'] : array();
$navbox = array_key_exists( 'navbox', $_POST) ? $_POST[ 'navbox' ] : TRUE;
$urls = array_key_exists( 'urls', $_POST) ? $_POST[ 'urls' ] : array();
include_once './php/nocache.php';
do {
if (! array_key_exists('del_table', $_POST)) break;
if (! array_key_exists('del_usrid', $_POST)) break;
if (! array_key_exists('del_busid', $_POST)) break;
if (! array_key_exists('del_recid', $_POST)) break;
if (preg_match('/^(\d+)|(\d+)|(\d+)$/',
"{$_POST['del_usrid']}|{$_POST['del_busid']}|{$_POST['del_recid']}",
$information)
) {
$del_busid = intval($_POST['del_busid']);
$del_recid = intval($_POST['del_recid']);
} else {
break;
die;
}
$user_id = intval($_POST['del_usrid']);
require_once './php/identify/authenticate.php';
if (AUTHUID != $_POST['del_usrid']) die;
switch ($singular = $_POST['del_table']) {
case 'job':
$plural = 'jobs';
break;
case 'expense':
$plural = 'expenses';
break;
default:
break 2;
}
$friendlyname = $_POST['friendlyname'];
treat_input_string($friendlyname);
if (!$db_connection->query("DELETE FROM $plural WHERE user_id=$user_id AND "
. "business_id=$del_busid AND {$singular}_id=$del_recid")) {
trigger_error("I wasn't able to delete the $singular ‘" . htmlify($friendlyname) .
"’. Here's the error message:<br />\n" . $db_connection->error, E_USER_ERROR);
}
$db_connection->query("INSERT INTO messages (user_id,tie,msg) VALUES($user_id," .
yellowboxtie($user_id) . ',' . wrap_for_sql("I have deleted the $singular ‘{$friendlyname}’") . ')');
if ($singular == 'job') {
if (!$db_connection->query("UPDATE expenses SET job_id=NULL WHERE user_id=$user_id AND "
. "business_id=$del_busid AND job_id=$del_recid")) {
trigger_error("I've deleted the job ‘" . htmlify($friendlyname) .
"’, but I haven't managed to sever its related expenses, so they " .
"now show as belonging to a job that doesn't exist. Here's " .
"the error message:<br />\n" . $db_connection->error, E_USER_ERROR);
}
}
redirect($_POST['goto']);
} while (false);
trigger_error("I don't understand what you're trying to do. It sounds" .
" like you want to delete something, but I couldn't make sense of what " .
"you're asking. There must be something wrong with the page you've".
" just come from. Try something else.", E_USER_ERROR);