Sindbad~EG File Manager
<?php
require_once '../../config/config.php';
checkLogin();
checkAccess('assembly');
$db = Database::getInstance()->getConnection();
// Check if member ID is provided
if (!isset($_GET['id']) || empty($_GET['id'])) {
$_SESSION['error'] = 'No member ID provided.';
header('Location: index.php');
exit;
}
$memberId = (int)$_GET['id'];
// Get user access parameters for verification
$accessLevel = $_SESSION['access_level'] ?? 'assembly';
$areaId = $_SESSION['area_id'] ?? null;
$districtId = $_SESSION['district_id'] ?? null;
$assemblyId = $_SESSION['assembly_id'] ?? null;
try {
// Verify user has access to this member based on their access level
$accessWhere = '';
$accessParams = ['member_id' => $memberId];
if ($accessLevel === 'assembly') {
$accessWhere = ' AND assembly_id = :assembly_id';
$accessParams['assembly_id'] = $assemblyId;
} elseif ($accessLevel === 'district') {
$accessWhere = ' AND district_id = :district_id';
$accessParams['district_id'] = $districtId;
} elseif ($accessLevel === 'area') {
$accessWhere = ' AND area_id = :area_id';
$accessParams['area_id'] = $areaId;
}
// Check if member exists and user has access
$checkStmt = $db->prepare("SELECT id, first_name, last_name FROM members WHERE id = :member_id {$accessWhere}");
$checkStmt->execute($accessParams);
$member = $checkStmt->fetch();
if (!$member) {
$_SESSION['error'] = 'Member not found or you do not have permission to delete this member.';
header('Location: ' . ($_SERVER['HTTP_REFERER'] ?? 'index.php'));
exit;
}
$db->beginTransaction();
// Delete associated records in proper order to avoid foreign key constraints
// Delete from membership_issues if exists
try {
$deleteIssuesStmt = $db->prepare("DELETE FROM membership_issues WHERE member_id = ?");
$deleteIssuesStmt->execute([$memberId]);
} catch (PDOException $e) {
// Table might not exist, continue
}
// Delete from member_accounts
try {
$deleteAccountStmt = $db->prepare("DELETE FROM member_accounts WHERE member_id = ?");
$deleteAccountStmt->execute([$memberId]);
} catch (PDOException $e) {
// Continue even if this fails
}
// Delete from membership_cards
try {
$deleteCardStmt = $db->prepare("DELETE FROM membership_cards WHERE member_id = ?");
$deleteCardStmt->execute([$memberId]);
} catch (PDOException $e) {
// Continue even if this fails
}
// Delete the member record
$deleteMemberStmt = $db->prepare("DELETE FROM members WHERE id = ?");
if (!$deleteMemberStmt->execute([$memberId])) {
throw new Exception("Failed to delete member record");
}
$db->commit();
// Log the deletion
if (class_exists('AuditLog')) {
try {
$auditLog = new AuditLog();
$auditLog->log(
$_SESSION['user_id'] ?? null,
'delete',
'members',
$memberId,
['name' => "{$member['first_name']} {$member['last_name']}"],
null
);
} catch (Exception $e) {
// Fail silently
error_log("Audit log error: " . $e->getMessage());
}
}
$_SESSION['success'] = "Member '{$member['first_name']} {$member['last_name']}' has been deleted successfully.";
} catch (PDOException $e) {
if (isset($db) && $db->inTransaction()) {
$db->rollBack();
}
$_SESSION['error'] = 'An error occurred while deleting the member: ' . $e->getMessage();
}
// Redirect back to referring page or index
$redirectUrl = $_SERVER['HTTP_REFERER'] ?? 'index.php';
// Clean up the URL to remove any existing id parameter
$redirectUrl = preg_replace('/[?&]id=\d+/', '', $redirectUrl);
header('Location: ' . $redirectUrl);
exit;
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists