Fixed some bugs

src/processors/delete_event.php

@@ -1,46 +1,76 @@
-<?php
-$rootPath = dirname(dirname(__DIR__));
-include_once($rootPath . '/header.php');
-checkAdmin();
 
+<?php
+ob_start();
 header('Content-Type: application/json');
 
-$event_id = $_POST['event_id'] ?? null;
+$rootPath = dirname(dirname(__DIR__));
+require_once($rootPath . "/src/config/env.php");
+require_once($rootPath . '/src/config/functions.php');
+require_once($rootPath . '/src/config/connection.php');
 
-if (!$event_id) {
-    echo json_encode(['status' => 'error', 'message' => 'Event ID is required']);
+// Start session if not already started
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+// Check admin status
+if (empty($_SESSION['user_id'])) {
+    ob_end_clean();
+    echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
     exit;
 }
 
-// Get event details to delete associated files
-$stmt = $conn->prepare("SELECT image, promo FROM events WHERE event_id = ?");
-$stmt->bind_param("i", $event_id);
-$stmt->execute();
-$result = $stmt->get_result();
-
-if ($result->num_rows > 0) {
-    $event = $result->fetch_assoc();
-    
-    // Delete image files
-    if ($event['image'] && file_exists($rootPath . '/' . $event['image'])) {
-        unlink($rootPath . '/' . $event['image']);
-    }
-    if ($event['promo'] && file_exists($rootPath . '/' . $event['promo'])) {
-        unlink($rootPath . '/' . $event['promo']);
-    }
-    
-    // Delete from database
-    $delete_stmt = $conn->prepare("DELETE FROM events WHERE event_id = ?");
-    $delete_stmt->bind_param("i", $event_id);
-    
-    if ($delete_stmt->execute()) {
-        echo json_encode(['status' => 'success', 'message' => 'Event deleted successfully']);
-    } else {
-        echo json_encode(['status' => 'error', 'message' => 'Failed to delete event']);
-    }
-    $delete_stmt->close();
-} else {
-    echo json_encode(['status' => 'error', 'message' => 'Event not found']);
+$user_role = getUserRole();
+if (!in_array($user_role, ['admin', 'superadmin'])) {
+    ob_end_clean();
+    echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
+    exit;
 }
 
-$stmt->close();
+try {
+    $event_id = intval($_POST['event_id'] ?? 0);
+
+    if ($event_id <= 0) {
+        throw new Exception('Invalid event ID');
+    }
+
+    // Get event details to delete associated files
+    $stmt = $conn->prepare("SELECT image, promo FROM events WHERE event_id = ?");
+    $stmt->bind_param("i", $event_id);
+    $stmt->execute();
+    $result = $stmt->get_result();
+
+    if ($result->num_rows > 0) {
+        $event = $result->fetch_assoc();
+
+        // Delete image files
+        if ($event['image'] && file_exists($rootPath . '/' . $event['image'])) {
+            unlink($rootPath . '/' . $event['image']);
+        }
+        if ($event['promo'] && file_exists($rootPath . '/' . $event['promo'])) {
+            unlink($rootPath . '/' . $event['promo']);
+        }
+
+        // Delete from database
+        $delete_stmt = $conn->prepare("DELETE FROM events WHERE event_id = ?");
+        $delete_stmt->bind_param("i", $event_id);
+
+        if ($delete_stmt->execute()) {
+            ob_end_clean();
+            echo json_encode(['status' => 'success', 'message' => 'Event deleted successfully']);
+        } else {
+            ob_end_clean();
+            echo json_encode(['status' => 'error', 'message' => 'Failed to delete event']);
+        }
+        $delete_stmt->close();
+    } else {
+        ob_end_clean();
+        echo json_encode(['status' => 'error', 'message' => 'Event not found']);
+    }
+
+    $stmt->close();
+
+} catch (Exception $e) {
+    ob_end_clean();
+    echo json_encode(['status' => 'error', 'message' => $e->getMessage()]);
+}