GitList - GitList

Raw Blame Patch Log History
<?php
/**
 *  Copyright (C) 2021  Double Bastion LLC
 *
 *  This file is part of Roundpin, which is licensed under the
 *  GNU Affero General Public License Version 3.0. The license terms
 *  are detailed in the "LICENSE.txt" file located in the root directory.
 */

session_start();

 // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');

if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

 define('ACCESSCONST', TRUE);

 require('db-connect.php');

    $username = $_POST['username'];
    $videoConfExtension = $_POST['video_conf_extension'];

    // Get the id of the current user from the 'app_users' table
    $querysel = $mysqli->prepare("SELECT id, userrole, username FROM app_users WHERE BINARY username = ?");
    $querysel->bind_param("s", $username);
    $querysel->execute();
    $confdatafromdb = $querysel->get_result()->fetch_assoc();
    $cruserid = $confdatafromdb['id'];
    $cruserrole = $confdatafromdb['userrole'];

    if ($cruserrole == 'superadmin') {

        // Remove the video conference data from the 'conferences_video' table
        $querydel = $mysqli->prepare("DELETE FROM conferences_video WHERE video_conf_extension = ?");
        $querydel->bind_param("s", $videoConfExtension);

        if ($querydel->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'Error while removing the data !'; }

    } elseif ($cruserrole == 'admin') {

        // Get the id of the user who saved this conference data
        $queryfd = $mysqli->prepare("SELECT id, userid, video_conf_extension FROM conferences_video WHERE video_conf_extension = ?");
        $queryfd->bind_param("s", $videoConfExtension);
        $queryfd->execute();
        $confdatadb = $queryfd->get_result()->fetch_assoc();
        $useridfdb = $confdatadb['userid'];

        if ($useridfdb == $cruserid) {

            // Remove the video conference data from the 'conferences_video' table
            $querydelad = $mysqli->prepare("DELETE FROM conferences_video WHERE userid = ? AND video_conf_extension = ?");
            $querydelad->bind_param("is", $cruserid, $videoConfExtension);

            if ($querydelad->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'Error while removing the data !'; }

        } else { $messagetosend = "You are not allowed to remove this conference data!"; }

    } elseif ($cruserrole == 'regular_user') { $messagetosend = 'Only Admins and Superadmins can remove conference data!'; }

    $response = array('result' => $messagetosend);
    echo json_encode($response);

} else {
    header("Location: ../login.php");
}

?>