From 6854cb3f4d8219cf1829e32122eb2502a916eae9 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sat, 1 Feb 2020 09:05:48 +0100
Subject: initial checkin

---
 js/callbacks/deletesearches.php | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 js/callbacks/deletesearches.php

(limited to 'js/callbacks/deletesearches.php')

diff --git a/js/callbacks/deletesearches.php b/js/callbacks/deletesearches.php
new file mode 100644
index 0000000..2ff9e3b
--- /dev/null
+++ b/js/callbacks/deletesearches.php
@@ -0,0 +1,30 @@
+<?php
+/*
+    This script is the AJAX callback that deletes a user's saved search
+*/
+
+define('IN_FS', true);
+
+require_once('../../header.php');
+
+if (Cookie::has('flyspray_userid') && Cookie::has('flyspray_passhash')) {
+    $user = new User(Cookie::val('flyspray_userid'));
+    $user->check_account_ok();
+    
+    if( !Post::has('csrftoken') ){
+        http_response_code(428); # 'Precondition Required'
+        die('missingtoken');
+    }elseif( Post::val('csrftoken')==$_SESSION['csrftoken']){
+        # empty
+    }else{
+        http_response_code(412); # 'Precondition Failed'
+        die('wrongtoken');
+    }
+
+    if (!$user->isAnon()) {
+        $db->query('DELETE FROM {searches} WHERE id = ? AND user_id = ?', array(Post::num('id'), $user->id));
+        echo $db->affectedRows();
+    }
+}
+
+?>
-- 
cgit v1.2.3-70-g09d2