From 832ae4b3e60dbac93d1cd716c32b3c1d362a227a Mon Sep 17 00:00:00 2001
From: speedie <speedie@speedie.site>
Date: Sun, 1 Oct 2023 01:31:38 +0200
Subject: [PATCH] Add removal of files as well

---
 admin.php  |  1 +
 remove.php | 37 +++++++++++++++++++++++++++++++++----
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/admin.php b/admin.php
index 793b182..2bf54aa 100644
--- a/admin.php
+++ b/admin.php
@@ -105,6 +105,7 @@ if ($Action == "files") {
         $html .= "\t\t\t\t\t\t<td class=\"adminUploadDate\">$uploadDate</td>\n";
         $html .= "\t\t\t\t\t\t<td class=\"adminKeyID\">$keyID</td>\n";
         $html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
+        $html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove.php?redir=admin&id=$ID\">Remove</a></td>\n";
 
         $html .= "\t\t\t\t\t</tr>\n";
     }
diff --git a/remove.php b/remove.php
index babe43e..40e0d9b 100644
--- a/remove.php
+++ b/remove.php
@@ -7,10 +7,11 @@
 include "config.php";
 include "create-table.php";
 
-if (isset($_REQUEST['key'])) {
-    $Key = $_REQUEST['key'];
-} else {
-    print "No key specified.";
+if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
+    header('Location: login.php?redir=admin');
+    die();
+} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
+    header('Location: /');
     die();
 }
 
@@ -26,11 +27,32 @@ if (!$enableUploadRemoval || $enableUploadRemoval == "false") {
     die();
 }
 
+$Redirect = "";
 $FileToRemove = "";
 $AuthorizedRemoval = 0;
 $fileUploadedByPrimary = 0;
 
+if (isset($_REQUEST['redir'])) {
+    $Redirect = $_REQUEST['redir'];
+}
+
 $Database = createTables($sqlDB);
+$DatabaseQuery = $Database->query('SELECT * FROM admins');
+
+while ($line = $DatabaseQuery->fetchArray()) {
+    if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
+        $AuthorizedRemoval = 1;
+        $AdminIsPrimary = $line['primaryadmin'];
+        break;
+    }
+}
+
+// not authorized
+if ($AuthorizedRemoval != 1) {
+    header('Location: /');
+    die();
+}
+
 $DatabaseQuery = $Database->query('SELECT * FROM uploads');
 
 while ($line = $DatabaseQuery->fetchArray()) {
@@ -84,4 +106,11 @@ if ($AuthorizedRemoval != 1) {
 
 $Database->exec("DELETE FROM uploads WHERE id='$fileID'");
 unlink(ltrim($FileToRemove, '/'));
+
+if ($Redirect == "admin") {
+    header("Location: admin.php?action=files");
+} else {
+    header("Location: /");
+}
+
 ?>