From 3f6dda141290946aa8dc6c3232ad09b5fcaa2853 Mon Sep 17 00:00:00 2001
From: Ryan <ryantl66@gmail.com>
Date: Fri, 21 Feb 2025 21:01:13 -0500
Subject: [PATCH] auth and validate

---
 deleteFiles.php | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 deleteFiles.php

diff --git a/deleteFiles.php b/deleteFiles.php
new file mode 100644
index 0000000..5fb8296
--- /dev/null
+++ b/deleteFiles.php
@@ -0,0 +1,46 @@
+<?php
+require_once 'config.php';
+session_start();
+header('Content-Type: application/json');
+
+// Ensure user is authenticated
+if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
+    echo json_encode(["error" => "Unauthorized"]);
+    http_response_code(401);
+    exit;
+}
+
+// Read request body
+$data = json_decode(file_get_contents("php://input"), true);
+
+// Validate request
+if (!isset($data['files']) || !is_array($data['files'])) {
+    echo json_encode(["error" => "No file names provided"]);
+    exit;
+}
+
+$uploadDir = UPLOAD_DIR;
+$deletedFiles = [];
+$errors = [];
+
+foreach ($data['files'] as $fileName) {
+    $filePath = $uploadDir . basename($fileName);
+    
+    if (file_exists($filePath)) {
+        if (unlink($filePath)) {
+            $deletedFiles[] = $fileName;
+        } else {
+            $errors[] = "Failed to delete $fileName";
+        }
+    } else {
+        $errors[] = "$fileName not found";
+    }
+}
+
+// Return response
+if (empty($errors)) {
+    echo json_encode(["success" => "Files deleted: " . implode(", ", $deletedFiles)]);
+} else {
+    echo json_encode(["error" => implode("; ", $errors)]);
+}
+?>