403Webshell
Server IP : 158.247.231.215  /  Your IP : 216.73.217.84
Web Server : Apache/2.4.41 (Ubuntu)
System : Linux CTMS 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /mnt/blockstorage/ctms/api/custom-api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /mnt/blockstorage/ctms/api/custom-api/vr-content-delete.php
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, DELETE, OPTIONS');
header("Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization");

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

// Load WordPress and auth helper
require_once('/mnt/blockstorage/ctms/wp-load.php');
require_once('auth-helper.php');

include('../database.php');

// Verify JWT token
$user_id = verify_jwt_token();

if (!$user_id) {
    send_error_response('User not authenticated', 401);
}

/**
 * Delete directory and all its contents
 */
function delete_directory($dir) {
    if (!file_exists($dir)) {
        return true;
    }

    if (!is_dir($dir)) {
        return unlink($dir);
    }

    foreach (scandir($dir) as $item) {
        if ($item == '.' || $item == '..') {
            continue;
        }

        if (!delete_directory($dir . DIRECTORY_SEPARATOR . $item)) {
            return false;
        }
    }

    return rmdir($dir);
}

// Main processing
if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'DELETE') {
    try {
        // Get content_id
        $content_id = null;

        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            $content_id = isset($_POST['id']) ? intval($_POST['id']) : 0;
        } else {
            $delete_data = json_decode(file_get_contents('php://input'), true);
            $content_id = isset($delete_data['id']) ? intval($delete_data['id']) : 0;
        }

        if ($content_id <= 0) {
            throw new Exception('Valid content ID is required');
        }

        // Get content info
        $sql = "SELECT * FROM vr_contents WHERE id = $content_id";
        $result = $conn->query($sql);

        if (!$result || $result->num_rows === 0) {
            throw new Exception('Content not found');
        }

        $content = $result->fetch_assoc();

        // Get version count before deletion
        $version_count_sql = "SELECT COUNT(*) as count FROM vr_content_versions WHERE content_id = $content_id";
        $version_count_result = $conn->query($version_count_sql);
        $version_count = $version_count_result->fetch_assoc()['count'];

        // Delete versions (CASCADE will handle this in DB, but we need to delete files)
        $versions_sql = "SELECT * FROM vr_content_versions WHERE content_id = $content_id";
        $versions_result = $conn->query($versions_sql);

        while ($version = $versions_result->fetch_assoc()) {
            // Delete APK files
            if ($version['pico_apk_path']) {
                $file_path = '/mnt/blockstorage/ctms/vr-content-uploads/' . $version['pico_apk_path'];
                if (file_exists($file_path)) {
                    unlink($file_path);
                }
            }
            if ($version['quest_apk_path']) {
                $file_path = '/mnt/blockstorage/ctms/vr-content-uploads/' . $version['quest_apk_path'];
                if (file_exists($file_path)) {
                    unlink($file_path);
                }
            }
        }

        // Delete content from database (CASCADE will delete versions)
        $delete_sql = "DELETE FROM vr_contents WHERE id = $content_id";

        if ($conn->query($delete_sql) !== TRUE) {
            throw new Exception('Failed to delete content: ' . $conn->error);
        }

        // Delete content directory
        $content_dir = '/mnt/blockstorage/ctms/vr-content-uploads/contents/' . $content_id;
        delete_directory($content_dir);

        $response = array(
            'status' => 'success',
            'message' => 'Content deleted successfully',
            'data' => array(
                'content_id' => $content_id,
                'title' => $content['title'],
                'deleted_versions' => intval($version_count)
            )
        );

        header('Content-Type: application/json');
        echo json_encode($response);

    } catch (Exception $e) {
        $response = array(
            'status' => 'error',
            'message' => $e->getMessage()
        );
        header('Content-Type: application/json');
        http_response_code(400);
        echo json_encode($response);
    }

    $conn->close();

} else {
    $response = array(
        'status' => 'error',
        'message' => 'Only POST or DELETE requests are allowed'
    );
    header('Content-Type: application/json');
    http_response_code(405);
    echo json_encode($response);
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit