MEME

lib/upload.php

@@ -241,11 +241,23 @@ function getImageURL(int $imageFileID) :string
 
 function deleteFile(int $fileID) :string
 {
+    global $mysqli;
     $out = ["Status" => "Fail"];
-    $file_location = fileExists($fileID, false);
-    if ($file_location){
-        if(unlink($file_location)) {
-            $out['Status'] = 'Success';
+    if(isLoggedIn()) {
+        $file_location = fileExists($fileID, !isAdmin());
+        $query = !isAdmin() ? 'DELETE FROM Files WHERE ID = ? AND UploadedBy = ?' : 'DELETE FROM Files WHERE ID = ?';
+        $stmtDelete = $mysqli->prepare($query);
+        if (!isAdmin()) {
+            $stmtDelete->bind_param('ii', $fileID, $_SESSION['id']);
+        } else {
+            $stmtDelete->bind_param('i', $fileID);
+        }
+        $stmtDelete->execute();
+        $stmtDelete->fetch();
+        if ($file_location) {
+            if (unlink($file_location) && $stmtDelete->affected_rows > 0) {
+                $out['Status'] = 'Success';
+            }
         }
     }
     return $out;