-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdelete_chat.php
More file actions
119 lines (106 loc) · 3.65 KB
/
delete_chat.php
File metadata and controls
119 lines (106 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
session_start();
include 'includes/db_connect.php';
if (!isset($_SESSION['user_id'])) {
// If AJAX, return 403; otherwise redirect to login.
$isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';
if ($isAjax) {
http_response_code(403);
echo 'unauthorized';
exit();
} else {
header("Location: auth/login.php");
exit();
}
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['request_id'])) {
header("Location: requests_sent.php");
exit();
}
$user_id = intval($_SESSION['user_id']);
$request_id = intval($_POST['request_id']);
// helper to detect AJAX (attempt several common indicators)
function is_ajax_request() {
if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest') {
return true;
}
if (!empty($_POST['ajax']) && $_POST['ajax'] == '1') {
return true;
}
if (!empty($_SERVER['HTTP_ACCEPT']) && strpos($_SERVER['HTTP_ACCEPT'], 'application/json') !== false) {
return true;
}
if (!empty($_SERVER['HTTP_SEC_FETCH_MODE']) && in_array($_SERVER['HTTP_SEC_FETCH_MODE'], ['cors','same-origin'])) {
return true;
}
return false;
}
$ajax = is_ajax_request();
// 1) Verify the request exists and that the current user is either the requester or the provider
$stmt = $conn->prepare("SELECT requester_id, provider_id FROM requests WHERE id = ?");
if (!$stmt) {
if ($ajax) { http_response_code(500); echo 'error'; exit(); }
$_SESSION['message'] = "Server error.";
header("Location: requests_sent.php");
exit();
}
$stmt->bind_param("i", $request_id);
$stmt->execute();
$stmt->bind_result($requester_id, $provider_id);
$found = $stmt->fetch();
$stmt->close();
if (!$found) {
if ($ajax) { http_response_code(404); echo 'not_found'; exit(); }
$_SESSION['message'] = "Request not found.";
header("Location: requests_sent.php");
exit();
}
if ($user_id !== intval($requester_id) && $user_id !== intval($provider_id)) {
if ($ajax) { http_response_code(403); echo 'unauthorized'; exit(); }
$_SESSION['message'] = "Unauthorized action!";
header("Location: requests_sent.php");
exit();
}
// Begin transaction (optional but safer)
$conn->begin_transaction();
try {
// 2) Delete chat messages related to the request (table: chat_messages)
$deleteChat = $conn->prepare("DELETE FROM chat_messages WHERE request_id = ?");
if ($deleteChat) {
$deleteChat->bind_param("i", $request_id);
$deleteChat->execute();
$deleteChat->close();
}
// 3) Delete the request itself
$deleteRequest = $conn->prepare("DELETE FROM requests WHERE id = ?");
if ($deleteRequest) {
$deleteRequest->bind_param("i", $request_id);
$deleteRequest->execute();
$affected = $deleteRequest->affected_rows;
$deleteRequest->close();
} else {
$affected = 0;
}
$conn->commit();
if ($ajax) {
// Keep response minimal so client-side JS can check "success"
echo 'success';
exit();
} else {
$_SESSION['message'] = "Chat and request deleted successfully!";
header("Location: requests_sent.php");
exit();
}
} catch (Exception $e) {
$conn->rollback();
if ($ajax) {
http_response_code(500);
echo 'error';
exit();
} else {
$_SESSION['message'] = "Failed to delete chat.";
header("Location: requests_sent.php");
exit();
}
}