Initial commit

public/userarea/api/api_medical_certificates_delete.php

@@ -0,0 +1,56 @@
+<?php
+
+declare(strict_types=1);
+
+require_once __DIR__ . '/_bootstrap.php'; // $pdo, $iduserlogin
+
+try {
+    $method = strtoupper($_SERVER['REQUEST_METHOD'] ?? 'GET');
+
+    $cert_id = 0;
+    if ($method === 'DELETE') {
+        $cert_id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
+    } else {
+        // POST fallback
+        $cert_id = isset($_POST['cert_id']) ? (int)$_POST['cert_id'] : (isset($_GET['id']) ? (int)$_GET['id'] : 0);
+    }
+
+    if ($cert_id <= 0) {
+        http_response_code(422);
+        echo json_encode(['success' => false, 'message' => 'Missing certificate id (id or cert_id).']);
+        exit;
+    }
+
+    // Get cert and ensure ownership
+    $stmt = $pdo->prepare("
+        SELECT id, stored_path
+        FROM user_medical_certificates
+        WHERE id = ? AND user_id = ?
+        LIMIT 1
+    ");
+    $stmt->execute([$cert_id, $iduserlogin]);
+    $cert = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if (!$cert) {
+        http_response_code(404);
+        echo json_encode(['success' => false, 'message' => 'Certificate not found.']);
+        exit;
+    }
+
+    // stored_path like: userarea/certificate/xxx
+    $stored = (string)$cert['stored_path'];
+    $publicRoot = realpath(__DIR__ . '/../../'); // points to /public
+    $fullPath = $publicRoot . DIRECTORY_SEPARATOR . str_replace(['/', '\\'], DIRECTORY_SEPARATOR, ltrim($stored, '/\\'));
+
+    if (is_file($fullPath)) {
+        @unlink($fullPath);
+    }
+
+    $del = $pdo->prepare("DELETE FROM user_medical_certificates WHERE id = ? AND user_id = ?");
+    $del->execute([$cert_id, $iduserlogin]);
+
+    echo json_encode(['success' => true, 'deleted_id' => $cert_id], JSON_UNESCAPED_UNICODE);
+} catch (Throwable $e) {
+    http_response_code(500);
+    echo json_encode(['success' => false, 'message' => 'Server error.', 'error' => $e->getMessage()]);
+}