Deleting files from folder

[cjkeane]

Hii everyone.

I'm using the following code to save a file into a folder, and allow files to be deleted from the folder. the upload works fine. The delete does work, but sometimes you have to click on the delete link a few times before the file is deleted. i'm wondering if someone can see where the problem is in the code. Also, when the file is deleted, the history entry is not added. i'm a bit confused why it doesn't. i'd appreciate any assistance which you can provide. thank you.

 

<?php
include('db.php');
        $CommID = $_GET['CommID'];	
        // prevent server timeout if uploads take longer than 30 seconds.
set_time_limit(0);

if (isset($_GET['action'])) {
  $action = $_GET['action'];
} else {
  $action = '';
}

if (($action == 'view' or $action == 'dnld') and isset($_GET['id'])) {
	$id = $_GET['id'];

// User is retrieving a file
$sql = "SELECT * FROM communicationsattachments WHERE id = '$id'";
$result = @mysql_query($sql);
if (!$result) {
	exit('Database error: ' . mysql_error());
}
  
$file = mysql_fetch_array($result);
if (!$file) {
	exit('No files found in database!');
}
    
$uploadDir = "upload/";
$filename = $file['name'];
$mimetype = $file['type'];
$disposition = 'inline';
$filePath = $uploadDir . $filename;
  
if ($action == 'dnld') {
	$disposition = 'attachment';
	if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 5') or
		strpos($_SERVER['HTTP_USER_AGENT'], 'Opera 7')) {
		$mimetype = 'application/x-download';
	}
}
  
header("content-disposition: $disposition; name=$filename");
header("content-type: $type");
readfile($filename);
  	exit();
  
} elseif ($action == 'del' and isset($_GET['id'])) {
  		$id = $_GET['id'];
    	$sql = "SELECT * FROM communicationsattachments WHERE id='$id'";
	$result = @mysql_query($sql);
		if (!$result) {
			exit('Database error: ' . mysql_error());
		}
  
	$file = mysql_fetch_array($result);
  			if (!$file) {
			exit('File with given ID not found in database!');
		}

		chdir('upload/'); 
		$uploadDir = "upload/";
		$filename = $file['name'];
		$mimetype = $file['type'];
		$disposition = 'inline';
		$path="upload/" . $filename;
		if(unlink($path)) 
		echo "File has been deleted file ";

		// User is deleting a file
		mysql_query ("DELETE FROM communicationsattachments WHERE id='$id'") or die(mysql_error());
		    
				// fetch name of case owner based on CommID Number
				$sql = "SELECT communications.CommID, communications.ActionOwner
				FROM communications WHERE communications.CommID='$CommID'";
				$result = mysql_query($sql);

				if (!$result) {
					echo "Could not successfully run query ($sql) from DB: " . mysql_error();
				exit;
				}

				if (mysql_num_rows($result) == 0) {
					echo "No case owner found";
				exit;
				}

				while ($row = mysql_fetch_assoc($result)) {
					$CaseOwner = $row["ActionOwner"];
				}


				// Inserts history into the communications history table
				mysql_query("INSERT INTO communicationshistory (CommID, DateRecorded, TimeRecorded, StatusNotes) 
				VALUES ('$CommID', CURDATE(), NOW(), 'Attachment Saved by $CaseOwner')") or die(mysql_error());


		// header('location: ' . $_SERVER['PHP_SELF']);
		exit();

		} elseif (isset($_FILES['upload'])) {

			// Bail out if the file isn't really an upload.
			if (!is_uploaded_file($_FILES['upload']['tmp_name'])) {
				echo "There was no file uploaded!";
				//header('location: ' . $_SERVER['PHP_SELF']);
			exit; 
			}

			$uploadDir = "upload/";
			$fileName = $_FILES['upload']['name']; 
			$tmpName = $_FILES['upload']['tmp_name']; 
			$fileSize = $_FILES['upload']['size']; 
			$fileType = $_FILES['upload']['type']; 
			$uploaddesc = $_POST['desc'];
			$filePath = $uploadDir . $fileName; 
			$result = move_uploaded_file($tmpName, $filePath); 
				if (!$result) { 
					echo "Error uploading file"; 
				 } 

				if(!get_magic_quotes_gpc()) 
				{ 
					$fileName = addslashes($fileName); 
					$filePath = addslashes($filePath); 
				}  

				$query = "INSERT INTO communicationsattachments (name, type, description, CommID,  size, path ) ". 
				"VALUES ('$fileName', '$fileType', '$uploaddesc', '$CommID', '$fileSize', '$filePath')"; 
				mysql_query($query) or die('Error, query failed : ' . mysql_error());  
				echo "<br>Files uploaded<br>"; 

				// fetch name of case owner based on Mega Case Number
				$sql = "SELECT communications.CommID, communications.ActionOwner
				FROM communications WHERE communications.CommID='$CommID'";
				$result = mysql_query($sql);

				if (!$result) {
					echo "Could not successfully run query ($sql) from DB: " . mysql_error();
				exit;
				}

				if (mysql_num_rows($result) == 0) {
					echo "No case owner found";
				exit;
				}

				while ($row = mysql_fetch_assoc($result)) {
					$CaseOwner = $row["ActionOwner"];
				}


				// Inserts history into the communications history table
				mysql_query("INSERT INTO communicationshistory (CommID, DateRecorded, TimeRecorded, StatusNotes) 
				VALUES ('$CommID', CURDATE(), NOW(), 'Attachment Saved by $CaseOwner')") or die(mysql_error());

		}

		// Default page view: lists stored files
		$sql = "SELECT * FROM communicationsattachments WHERE CommID=$CommID";
		$filelist = @mysql_query($sql);
		if (!$filelist) {
		  exit('Database error: ' . mysql_error());
		}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    
<link href="styles.css" rel="stylesheet" type="text/css" />
<style type="text/css">
body {
background-color: #cad7f6;
}
</style>
<script type="text/javascript">
function refresh_parent(){
    window.parent.location = window.parent.location.href;
}
</script>

</head>
<body>
        <div style="margin:20PX; background-color:#cad7f6; ">
            <form action="" method="post" enctype="multipart/form-data" >
                Upload File:
                <input type="file" name="upload" />
                File Description: (not required)
                <input type="text" name="desc" maxlength="255" />
                <input type="submit" value="Upload" onclick="refresh_parent()"/> 
            <input name="MAX_FILE_SIZE" type="hidden" value="10737418240" />
        </form>
        Files stored in the datebase for CommID <?php echo $CommID; ?> are listed below. You may attach as many files as necessary.<br /><br />
        <table>
            <tr>
                <th>Filename: </th>
                <th>Description: </th>
                <th>Size: </th>
            </tr>
<?php
if (mysql_num_rows($filelist) > 0) {
  		while ($f = mysql_fetch_array($filelist)) {
?>

            <tr valign="top">
                <td width="200px"><?php echo $f['name']; ?> </td> 
                <td width="200px"><?php echo $f['description']; ?> </td> 
                <td><?php echo $f['size']; ?> </td> 
                <td>
                    [<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=dnld&id=<?php echo $f['id']; ?>">Download</a> |
                    <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=del&id=<?php echo $f['id']; ?>" onclick="refresh_parent()">Delete</a>]
                </td>
            </tr>
<?php
}
} else {
?>
		<tr><td colspan="3">No Files!</td></tr>
<?php
}
?>
	</table>
	</div>
</body>
</html>