MOON
Server: Apache
System: Linux e2e-78-16.ssdcloudindia.net 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021 x86_64
User: imensosw (1005)
PHP: 8.0.30
Disabled: exec,passthru,shell_exec,system
$ pwd: /home/imensosw/demo.imensosoftware.com/matrix/admin/
Upload Files
File: /home/imensosw/demo.imensosoftware.com/matrix/admin/assignment_delete_code.php
<?php  
require_once '../config.php';

// 🔥 Log errors (do NOT display in production)
ini_set('log_errors', 1);
ini_set('error_log', __DIR__ . '/delete_error.log');

/**
 * ============================
 * SAFE DELETE DIRECTORY
 * ============================
 */
function delete_files($target) {
    if (!file_exists($target)) return;

    if (is_dir($target)) {
        $files = glob($target . '/*');
        foreach ($files as $file) {
            delete_files($file);
        }
        rmdir($target);
    } elseif (is_file($target)) {
        unlink($target);
    }
}

/**
 * ============================
 * SAFE DELETE ZIP FILE
 * ============================
 */
function delete_zip_file($filePath) {
    if (file_exists($filePath)) {
        unlink($filePath);
    }
}

/**
 * ============================
 * HANDLE REQUEST
 * ============================
 */
if ($_SERVER['REQUEST_METHOD'] === 'POST') {

    // ✅ NEW KEY (fixed)
    $ids = $_POST['assignment_ids'] ?? '';

    if (empty($ids)) {
        http_response_code(400);
        echo json_encode(['status' => 'error', 'message' => 'No data received']);
        exit;
    }

    // Convert CSV → array safely
    $ids = array_map('intval', explode(',', $ids));
    $ids = array_filter($ids);

    if (empty($ids)) {
        http_response_code(400);
        echo json_encode(['status' => 'error', 'message' => 'Invalid IDs']);
        exit;
    }

    $fileBasePath = __DIR__ . "/../docs/";
    $zipBasePath  = realpath("../../../1610709752415-sh.hostgator.in/dataftp/data/a/") . "/";

    $success = [];
    $failed  = [];

    foreach ($ids as $res) {

        // 🔒 SECURITY: ensure numeric
        if (!$res) continue;

        $docPath = $fileBasePath . $res;
        $zipPath = $zipBasePath . $res . ".zip";

        try {
            // Delete extracted folder
            if (is_dir($docPath)) {
                delete_files($docPath);
            }

            // Delete zip file (optional)
            if (file_exists($zipPath)) {
                delete_zip_file($zipPath);
            }

            // Soft delete in DB
            $stmt = $conn->prepare("UPDATE assignments SET deleted = 1 WHERE assignment_no = ?");
            $stmt->bind_param("i", $res);
            $stmt->execute();

            $success[] = $res;

        } catch (Exception $e) {
            error_log("Delete failed for $res: " . $e->getMessage());
            $failed[] = $res;
        }
    }

    echo json_encode([
        'status' => 'success',
        'deleted' => $success,
        'failed' => $failed
    ]);
    exit;
}
?>
@ Telegram