$folder_name created"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if (isset($_POST['rename_folder'])) { enforceUserPermission('module_support', 2); $folder_id = intval($_POST['folder_id']); $folder_name = sanitizeInput($_POST['folder_name']); // Get old Folder Name Client ID for Logging $sql = mysqli_query($mysqli,"SELECT folder_name, folder_client_id FROM folders WHERE folder_id = $folder_id"); $row = mysqli_fetch_array($sql); $old_folder_name = sanitizeInput($row['folder_name']); $client_id = intval($row['folder_client_id']); // Folder edit query mysqli_query($mysqli,"UPDATE folders SET folder_name = '$folder_name' WHERE folder_id = $folder_id"); //Logging logAction("Folder", "Rename", "$session_name renamed folder $old_folder_name to $folder_name", $client_id, $folder_id); $_SESSION['alert_message'] = "Folder $old_folder_name renamed to $folder_name"; header("Location: " . $_SERVER["HTTP_REFERER"]); } if (isset($_GET['delete_folder'])) { enforceUserPermission('module_support', 3); $folder_id = intval($_GET['delete_folder']); // Get Folder Name Client ID for Logging $sql = mysqli_query($mysqli,"SELECT folder_name, folder_client_id FROM folders WHERE folder_id = $folder_id"); $row = mysqli_fetch_array($sql); $folder_name = sanitizeInput($row['folder_name']); $client_id = intval($row['folder_client_id']); mysqli_query($mysqli,"DELETE FROM folders WHERE folder_id = $folder_id"); // Move files in deleted folder back to the root folder / $sql_documents = mysqli_query($mysqli,"SELECT * FROM documents WHERE document_folder_id = $folder_id"); while($row = mysqli_fetch_array($sql_documents)) { $document_id = intval($row['document_id']); mysqli_query($mysqli,"UPDATE documents SET document_folder_id = 0 WHERE document_id = $document_id"); } //Logging logAction("Folder", "Delete", "$session_name deleted folder $folder_name", $client_id); $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "Folder $folder_name deleted"; header("Location: " . $_SERVER["HTTP_REFERER"]); }