user profile

public/userarea/ajax/employee_profile/delete_training_attachment.php

@@ -0,0 +1,59 @@
+<?php
+require_once(__DIR__ . '/../hr_auth_check.php');
+
+header('Content-Type: application/json');
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    echo json_encode(['success' => false, 'message' => 'Metodo non consentito.']);
+    exit;
+}
+
+$pdo = DBHandlerSelect::getInstance()->getConnection();
+
+$id = (int)($_POST['id'] ?? 0);
+if ($id <= 0) {
+    echo json_encode(['success' => false, 'message' => 'ID allegato non valido.']);
+    exit;
+}
+
+$row = $pdo->prepare("
+    SELECT a.stored_name, a.original_name, a.training_id, t.employee_id
+    FROM employee_training_attachments a
+    JOIN employee_trainings t ON t.id = a.training_id
+    WHERE a.id = :id
+    LIMIT 1
+");
+$row->execute(['id' => $id]);
+$att = $row->fetch(PDO::FETCH_ASSOC);
+if (!$att) {
+    echo json_encode(['success' => false, 'message' => 'Allegato non trovato.']);
+    exit;
+}
+
+try {
+    $pdo->beginTransaction();
+    $pdo->prepare("DELETE FROM employee_training_attachments WHERE id = :id")->execute(['id' => $id]);
+    $pdo->prepare("
+        INSERT INTO employee_training_log
+            (employee_id, training_id, action, field, old_value, new_value, changed_by, changed_at)
+        VALUES
+            (:eid, :tid, 'attachment_deleted', 'attachment', :name, NULL, :cb, NOW())
+    ")->execute([
+        'eid'  => $att['employee_id'],
+        'tid'  => $att['training_id'],
+        'name' => $att['original_name'],
+        'cb'   => $currentUserId,
+    ]);
+    $pdo->commit();
+
+    $path = __DIR__ . '/../../files/employees/' . (int)$att['employee_id'] . '/trainings/' . $att['stored_name'];
+    if (is_file($path)) {
+        @unlink($path);
+    }
+
+    echo json_encode(['success' => true]);
+} catch (Exception $e) {
+    if ($pdo->inTransaction()) $pdo->rollBack();
+    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
+}