ethics-canvas/canvas/php/remove-canvas.php

<?php
    /* Removes the canvas passed by parameter, prior check that it
        belongs to the user currently logged in                    */
    session_start();
    
    if(!isset($_POST['remove_canvas_ID'], $_SESSION['userlogin'])) {
        echo 400; // Missing parameters
    }
    else {
        // Retrieve user credentials
        $canvas_id = $_POST['remove_canvas_ID'];
        $email = $_SESSION['userlogin'];
        
        require_once('../../php/db_utils.php');
        $conn = db_connect(); // Connect to the database
        
        // Check if the canvas exists and belongs to the current user
        if(!($result = mysqli_query($conn, 'SELECT canvas_id FROM canvas WHERE canvas_id = "' . $canvas_id . '" AND user_id = "' . $email . '"'))) {
            echo 400; // Wrong query
        }
        else if(mysqli_num_rows($result) != 1) { // User not registered or duplicated
            echo 401;
        }
        else { // Canvas exists: delete canvas
            if(!mysqli_query($conn, "DELETE FROM canvas WHERE canvas_id = '$canvas_id'")) {
                echo 400; // Wrong query
            }
            else { // Canvas successfully deleted: remove json file
                unlink("../json/$canvas_id.json");
                echo 200;
            }
        }
        
        mysqli_free_result($result);
        db_close($conn); // Close the database
    }
?>