query('SELECT * FROM uploads'); while ($line = $DatabaseQuery->fetchArray()) { if ($line['id'] == $fileID) { // passed ID is a file that exists // check if our key is authorized to remove the file if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) { $keyDatabaseQuery = $Database->query('SELECT * FROM keys'); while ($kline = $keyDatabaseQuery->fetchArray()) { if ($line['keyid'] == $kline['id']) { $AuthorizedRemoval = 1; break; } } } // check if our key is a temporary key if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) { $keyDatabaseQuery = $Database->query('SELECT * FROM tkeys'); while ($kline = $keyDatabaseQuery->fetchArray()) { if ($line['keyid'] == $kline['id']) { $AuthorizedRemoval = 1; break; } } } // check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) { $keyDatabaseQuery = $Database->query('SELECT * FROM admins'); // check if the file was uploaded by a primary admin while ($kline = $keyDatabaseQuery->fetchArray()) { if ($kline['key'] == $line['keyid']) { $fileUploadedByPrimary = $kline['primaryadmin']; } } while ($kline = $keyDatabaseQuery->fetchArray()) { if ($kline['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $kline['key'] != "") { // key = passed key if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file $AuthorizedRemoval = 1; break; } } } } $FileToRemove = $line['file']; break; } } // fuck off pleb if ($AuthorizedRemoval != 1) { header("Location: /"); die(); } $Database->exec("DELETE FROM uploads WHERE id='$fileID'"); unlink(ltrim($FileToRemove, '/')); if ($Redirect == "admin") { header("Location: admin.php?action=files"); } else if ($Redirect == "files") { header("Location: files.php"); } else { header("Location: /"); } ?>