public function delete() { $Category = new Category($this->db, $this->plural_resorce); if (isset($_REQUEST['category_id'])) { $user_id = $_SESSION['id']; $category_id = $_REQUEST['category_id']; // カテゴリーを検査する(本当にユーザー自身のカテゴリかどうか) $sql = $Category->check($category_id); $record = mysqli_query($this->db, $sql) or die(mysqli_error($this->db)); $table = mysqli_fetch_assoc($record); // 本当にユーザー自身のカテゴリだったら if ($table['user_id'] == $user_id) { // カテゴリーの削除 $sql = $Category->delete($category_id); mysqli_query($this->db, $sql) or die(mysqli_error($this->db)); // 削除したカテゴリーが設定されていたToDoのカテゴリ情報をクリア $sql = $Category->clear($category_id); mysqli_query($this->db, $sql) or die(mysqli_error($this->db)); } } header('Location: ../task/index'); exit; }
/** * Suppression d'une sous-categorie (seulement "desassociation") * * @param Category $fille Objet category * @return int 1 : OK * -3 : categorie ($this ou $fille) invalide */ function del_fille($fille) { if (!$this->check() || !$fille->check()) { return -3; } $sql = "DELETE FROM " . MAIN_DB_PREFIX . "categorie_association"; $sql .= " WHERE fk_categorie_mere = " . $this->id . " and fk_categorie_fille = " . $fille->id; if ($this->db->query($sql)) { return 1; } else { $this->error = $this->db->error() . ' sql=' . $sql; return -1; } }
public static function check($field, $value) { session_start(); $headers = apache_request_headers(); $token = $headers['X-Auth-Token']; if (!$headers['X-Auth-Token']) { header('Invalid CSRF Token', true, 401); return print json_encode(array('success' => false, 'status' => 400, 'msg' => 'Invalid CSRF Token / Bad Request / Unauthorized ... Please Login again'), JSON_PRETTY_PRINT); } else { if ($token != $_SESSION['form_token']) { header('Invalid CSRF Token', true, 401); return print json_encode(array('success' => false, 'status' => 400, 'msg' => 'Invalid CSRF Token / Bad Request / Unauthorized ... Please Login again'), JSON_PRETTY_PRINT); } else { $value = strtolower($value); $value = preg_replace('/\\s+/', '', $value); Category::check($field, $value); } } }