Portions created by the Initial Developer are Copyright (C) 2008-2023 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane James Rose */ //disable this feature exit; //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; //check permissions if (permission_exists('edit_save')) { //access granted } else { echo "access denied"; exit; } //add multi-lingual support $language = new text; $text = $language->get(); //set the variabls $folder = $_REQUEST["folder"]; $folder = str_replace ("\\", "/", $folder); $folder = realpath($folder); $file = $_REQUEST["file"]; //delete the file or show the html form if (strlen($folder) > 0 && strlen($file) > 0 && isset($_POST['token'])) { //compare the tokens $key_name = '/app/edit/file_delete'; $hash = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]); if (!hash_equals($hash, $_POST['token'])) { echo "access denied"; exit; } //delete the file unlink($folder.'/'.$file); //redirect the browser header("Location: file_options.php"); } else { //create the token $key_name = '/app/edit/file_delete'; $_SESSION['keys'][$key_name] = bin2hex(random_bytes(32)); $_SESSION['token'] = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]); //display form require_once "header.php"; echo "
"; echo "
"; echo "
"; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo "
".$text['label-path']."
".escape($folder)."
"; echo "
"; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo "
".$text['label-file-name']."
"; echo " "; echo " "; echo " "; echo "
"; echo "
"; echo "
"; //include the footer require_once "footer.php"; }