Cracking The Vault (part 1) - The D Word
(Page 12 of 12 )
Finally, we come to "delete.php", which takes care of removing a document from the file system and the database.
<?
// checks and includes
// query to ensure that the logged-in user is the owner of this file and
the file is not checked out
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to
connect!");
$query = "SELECT status FROM data WHERE id = '$id' AND owner =
'$SESSION_UID' AND status = '0'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
// error check
// all ok, proceed!
mysql_free_result($result);
// delete from db
$query = "DELETE FROM data WHERE id = '$id'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
$query = "DELETE FROM perms WHERE fid = '$id'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
$query = "DELETE FROM log WHERE id = '$id'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
// delete from directory
$filename = $id . ".dat";
unlink($dataDir . $filename);
// clean up and back to main page
mysql_close($connection);
$message = "Document successfully deleted";
header("Location: out.php?message=$message");
?>
Nothing too complex here - verify that the file can be
deleted, DELETE all records containing the file ID from the various tables, delete the file (this will fail if your Web server doesn't have the right permissions) and go back to the main page.
At this point, I've built the foundation for the system, although I have not yet addressed the scripts which actually take care of checking documents in and out. That, together with an explanation of how I plan to implement the revision history mechanism and the search feature, will be addressed in the second part of this article. Download the code, play with it, send me your thoughts/flames/savings...and come back next time for more!
This article copyright Melonfire 2001. All rights reserved.| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
