57 lines
1.8 KiB
PHP
57 lines
1.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
require_once __DIR__ . '/_bootstrap.php'; // $pdo, $iduserlogin
|
|
|
|
try {
|
|
$method = strtoupper($_SERVER['REQUEST_METHOD'] ?? 'GET');
|
|
|
|
$cert_id = 0;
|
|
if ($method === 'DELETE') {
|
|
$cert_id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
|
|
} else {
|
|
// POST fallback
|
|
$cert_id = isset($_POST['cert_id']) ? (int)$_POST['cert_id'] : (isset($_GET['id']) ? (int)$_GET['id'] : 0);
|
|
}
|
|
|
|
if ($cert_id <= 0) {
|
|
http_response_code(422);
|
|
echo json_encode(['success' => false, 'message' => 'Missing certificate id (id or cert_id).']);
|
|
exit;
|
|
}
|
|
|
|
// Get cert and ensure ownership
|
|
$stmt = $pdo->prepare("
|
|
SELECT id, stored_path
|
|
FROM user_medical_certificates
|
|
WHERE id = ? AND user_id = ?
|
|
LIMIT 1
|
|
");
|
|
$stmt->execute([$cert_id, $iduserlogin]);
|
|
$cert = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$cert) {
|
|
http_response_code(404);
|
|
echo json_encode(['success' => false, 'message' => 'Certificate not found.']);
|
|
exit;
|
|
}
|
|
|
|
// stored_path like: userarea/certificate/xxx
|
|
$stored = (string)$cert['stored_path'];
|
|
$publicRoot = realpath(__DIR__ . '/../../'); // points to /public
|
|
$fullPath = $publicRoot . DIRECTORY_SEPARATOR . str_replace(['/', '\\'], DIRECTORY_SEPARATOR, ltrim($stored, '/\\'));
|
|
|
|
if (is_file($fullPath)) {
|
|
@unlink($fullPath);
|
|
}
|
|
|
|
$del = $pdo->prepare("DELETE FROM user_medical_certificates WHERE id = ? AND user_id = ?");
|
|
$del->execute([$cert_id, $iduserlogin]);
|
|
|
|
echo json_encode(['success' => true, 'deleted_id' => $cert_id], JSON_UNESCAPED_UNICODE);
|
|
} catch (Throwable $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => 'Server error.', 'error' => $e->getMessage()]);
|
|
}
|