delete/confirm/index.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

<?php

session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . "/private/session.php";

$_CONF_URN = $_FULLNAME;
$_CONF_UID = $_SUID;
$_CONF_USP = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/private/profiles/" . $_CONF_UID . ".json"), true);

function fb() {
    if (isset($_GET['i'])) {
        header("Location: /delete/?i=" . $_GET['i']);
        die();
    } else {
        header("Location: /files");
        die();
    }
}

if (isset($_GET['csrf']) && isset($_SESSION['csrf_token']) && $_GET['csrf'] === $_SESSION['csrf_token']) {
    $selected = null;
    foreach ($_CONF_USP['files'] as $file) {
        if ($file['id'] === $_GET['i']) {
            $selected = $file;
        }
    }

    if ($selected === null) {
        fb();
    } else {
        $file = $selected;
    }
} else {
    fb();
}

unlink("./shares/" . $file['file']);
if (array_search($file, $_CONF_USP['files']) !== false) {
    unset($_CONF_USP['files'][array_search($file, $_CONF_USP['files'])]);
}
file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/private/profiles/" . $_CONF_UID . ".json", json_encode($_CONF_USP, JSON_PRETTY_PRINT));
header("Location: /files");
die();