From 04dad13ad3a03295a04a91439dcff10a62a120a6 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sat, 8 Apr 2023 21:59:54 +0100
Subject: [PATCH] Client file deletion - Add file delete confirmation modal -
 Change file deletes to POST not GET requests in post.php as they are state
 changing - Require CSRF validation for file deletes

---
 client_file_add_modal.php    |  2 +-
 client_file_delete_modal.php | 21 +++++++++++++++++++++
 client_files.php             |  6 ++++--
 js/file_delete_modal.js      |  5 +++++
 post.php                     | 29 +++++++++++++++--------------
 5 files changed, 46 insertions(+), 17 deletions(-)
 create mode 100644 client_file_delete_modal.php
 create mode 100644 js/file_delete_modal.js

diff --git a/client_file_add_modal.php b/client_file_add_modal.php
index 5b5fa383..6a1ca4b8 100644
--- a/client_file_add_modal.php
+++ b/client_file_add_modal.php
@@ -17,7 +17,7 @@
                             <div class="input-group-prepend">
                                 <span class="input-group-text"><i class="fa fa-fw fa-file"></i></span>
                             </div>
-                            <input type="text" class="form-control" name="new_name" placeholder="leave blank to use existing name">
+                            <input type="text" class="form-control" name="new_name" placeholder="Leave blank to use existing name">
                         </div>
                     </div>
 
diff --git a/client_file_delete_modal.php b/client_file_delete_modal.php
new file mode 100644
index 00000000..63c1a2fa
--- /dev/null
+++ b/client_file_delete_modal.php
@@ -0,0 +1,21 @@
+<script src="js/file_delete_modal.js"></script>
+<div class="modal" id="deleteFileModal" tabindex="-1">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-body">
+                <div class="mb-4" style="text-align: center;">
+                    <i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
+                    <h2>Are you sure?</h2>
+                    <h6 class="mb-4 text-secondary">Do you really want to delete this file?</h6>
+                    <h5 class="mb-4 text-secondary text-bold" id="file_delete_name">Name</h5>
+                    <form action="post.php" method="POST">
+                        <input type="hidden" name="file_id" id="file_delete_id" value="id">
+                        <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+                        <button type="button" name="cancel" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button>
+                        <input type="submit" name="delete_file" class="btn btn-danger btn-lg px-5" value="Yes, Delete!">
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
diff --git a/client_files.php b/client_files.php
index 67566805..fa019b80 100644
--- a/client_files.php
+++ b/client_files.php
@@ -47,7 +47,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
 
                                 <small><?php echo $file_name; ?></small>
 
-                                <a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-white float-right mr-1"><i class="fa fa-times"></i></a>
+                                <a href="#" data-toggle="modal" data-target="#deleteFileModal" onclick="populateFileDeleteModal(<?php echo "$file_id , '$file_name'" ?>)" class="text-white float-right mr-1"><i class="fa fa-times"></i></a>
                             </div>
                         </div>
                     </div>
@@ -90,7 +90,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
                             <td>
                                 <a href="<?php echo "uploads/clients/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
                                 <a href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)" class="text-secondary float-left ml-1"><i class="fa fa-share"></i></a>
-                                <a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-secondary float-right mr-1"><i class="fa fa-times"></i></a>
+                                <a href="#" data-toggle="modal" data-target="#deleteFileModal" onclick="populateFileDeleteModal(<?php echo "$file_id , '$file_name'" ?>)" class="text-secondary float-right mr-1"><i class="fa fa-times"></i></a>
                             </td>
                         </tr>
                         <?php
@@ -104,4 +104,6 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
 <?php
 require_once("client_file_add_modal.php");
 require_once("share_modal.php");
+require_once("client_file_delete_modal.php");
 require_once("footer.php");
+
diff --git a/js/file_delete_modal.js b/js/file_delete_modal.js
new file mode 100644
index 00000000..5a9c432c
--- /dev/null
+++ b/js/file_delete_modal.js
@@ -0,0 +1,5 @@
+function populateFileDeleteModal(file_id, file_name) {
+    // Dynamically populate the file delete modal with the file id (hidden) and name
+    document.getElementById("file_delete_id").value = file_id;
+    document.getElementById("file_delete_name").innerText = file_name;
+}
diff --git a/post.php b/post.php
index b23b755b..854927bc 100644
--- a/post.php
+++ b/post.php
@@ -244,7 +244,7 @@ if(isset($_POST['edit_profile'])){
         if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) {
 
         $file_tmp_path = $_FILES['file']['tmp_name'];
-    
+
             // directory in which the uploaded file will be moved
             $upload_file_dir = "uploads/users/$user_id/";
             $dest_path = $upload_file_dir . $new_file_name;
@@ -1787,7 +1787,7 @@ if(isset($_POST['add_event'])){
         $client_name = $row['client_name'];
         $contact_name = $row['contact_name'];
         $contact_email = $row['contact_email'];
-        
+
         $sql_company = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
         $row = mysqli_fetch_array($sql_company);
         $company_name = $row['company_name'];
@@ -1844,7 +1844,7 @@ if(isset($_POST['edit_event'])){
         $client_name = $row['client_name'];
         $contact_name = $row['contact_name'];
         $contact_email = $row['contact_email'];
-        
+
         $sql_company = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
         $row = mysqli_fetch_array($sql_company);
         $company_name = $row['company_name'];
@@ -3189,7 +3189,7 @@ if(isset($_GET['decline_quote'])){
 }
 
 if(isset($_GET['email_quote'])){
-    
+
     $quote_id = intval($_GET['email_quote']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM quotes
@@ -3216,7 +3216,7 @@ if(isset($_GET['email_quote'])){
     $contact_extension = preg_replace("/[^0-9]/", '',$row['contact_extension']);
     $contact_mobile = formatPhoneNumber($row['contact_mobile']);
     $client_website = sanitizeInput($row['client_website']);
-    
+
     $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
     $row = mysqli_fetch_array($sql);
     $company_name = sanitizeInput($row['company_name']);
@@ -3672,7 +3672,7 @@ if(isset($_POST['add_payment'])){
         $contact_phone = formatPhoneNumber($row['contact_phone']);
         $contact_extension = preg_replace("/[^0-9]/", '',$row['contact_extension']);
         $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-        
+
 
         $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
         $row = mysqli_fetch_array($sql);
@@ -3817,7 +3817,7 @@ if(isset($_GET['email_invoice'])){
         WHERE invoice_id = $invoice_id"
     );
     $row = mysqli_fetch_array($sql);
-    
+
     $invoice_id = intval($row['invoice_id']);
     $invoice_prefix = $row['invoice_prefix'];
     $invoice_number = $row['invoice_number'];
@@ -6137,7 +6137,7 @@ if(isset($_POST['add_ticket'])){
         $ticket_prefix = $row['ticket_prefix'];
         $ticket_number = intval($row['ticket_number']);
         $ticket_subject = $row['ticket_subject'];
-        
+
         $sql = mysqli_query($mysqli,"SELECT company_phone FROM companies WHERE company_id = 1");
 
         $company_phone = formatPhoneNumber($row['company_phone']);
@@ -6350,7 +6350,7 @@ if(isset($_POST['add_ticket_reply'])){
     $client_id = intval($row['ticket_client_id']);
     $ticket_created_by = intval($row['ticket_created_by']);
     $ticket_assigned_to = intval($row['ticket_assigned_to']);
-    
+
 
     $company_sql = mysqli_query($mysqli,"SELECT company_phone FROM companies WHERE company_id = 1");
     $row = mysqli_fetch_array($company_sql);
@@ -6529,7 +6529,7 @@ if(isset($_GET['close_ticket'])){
         $ticket_prefix = sanitizeInput($row['ticket_prefix']);
         $ticket_number = intval($row['ticket_number']);
         $ticket_subject = sanitizeInput($row['ticket_subject']);
-        
+
         $company_sql = mysqli_query($mysqli,"SELECT company_phone FROM companies WHERE company_id = 1");
         $row = mysqli_fetch_array($company_sql);
         $company_phone = formatPhoneNumber($row['company_phone']);
@@ -7079,11 +7079,12 @@ if(isset($_POST['add_file'])){
 
 }
 
-if(isset($_GET['delete_file'])){
+if(isset($_POST['delete_file'])){
 
     validateAdminRole();
+    validateCSRFToken($_POST['csrf_token']);
 
-    $file_id = intval($_GET['delete_file']);
+    $file_id = intval($_POST['file_id']);
 
     $sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id");
     $row = mysqli_fetch_array($sql_file);
@@ -7318,7 +7319,7 @@ if(isset($_GET['delete_folder'])){
 }
 
 if(isset($_GET['deactivate_shared_item'])){
-    
+
     validateAdminRole();
 
     $item_id = intval($_GET['deactivate_shared_item']);
@@ -7436,7 +7437,7 @@ if(isset($_GET['force_recurring'])){
         $contact_phone = formatPhoneNumber($row['contact_phone']);
         $contact_extension = $row['contact_extension'];
         $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-        
+
         $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1");
         $row = mysqli_fetch_array($sql);
         $company_name = $row['company_name'];