34394-vm/delete-client.php

<?php
session_start();
require_once __DIR__ . '/db/config.php';
require_once __DIR__ . '/includes/audit.php';

// If user is not logged in, redirect to login page
if (!isset($_SESSION['user_id'])) {
    header('Location: index.php');
    exit;
}

$displayName = $_SESSION['user_display_name'] ?? 'User';
$clientId = $_GET['client_id'] ?? null;
$client = null;
$error = '';

if (!$clientId) {
    header('Location: dashboard.php');
    exit;
}

$pdo = db();

// Fetch client data to display its name in the confirmation message
try {
    $stmt = $pdo->prepare("SELECT name FROM clients WHERE client_id = ? AND user_id = ?");
    $stmt->execute([$clientId, $_SESSION['user_id']]);
    $client = $stmt->fetch(PDO::FETCH_ASSOC);
    if (!$client) {
        // If client not found or doesn't belong to the user, redirect.
        header('Location: dashboard.php');
        exit;
    }
} catch (PDOException $e) {
    $error = "Error fetching client data: " . $e->getMessage();
}


if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Check for confirmation
    if (isset($_POST['confirm_delete'])) {
        try {
            // The ON DELETE CASCADE constraint will handle associated credentials and notes.
            $stmt = $pdo->prepare("DELETE FROM clients WHERE client_id = ? AND user_id = ?");
            $stmt->execute([$clientId, $_SESSION['user_id']]);

            log_audit_event('client_delete', $_SESSION['user_id'], 'client', $clientId);
            
            // Using session to pass success message
            $_SESSION['success_message'] = "Client '" . htmlspecialchars($client['name']) . "' and all associated data have been deleted.";
            header('Location: dashboard.php?status=client_deleted');
            exit;
        } catch (PDOException $e) {
            $error = "Error deleting client: " . $e->getMessage();
        }
    } else {
        // If not confirmed, just redirect
        header('Location: dashboard.php?client_id=' . $clientId);
        exit;
    }
}

?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Delete Client - ClientManager</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
    <div class="container-fluid">
        <a class="navbar-brand" href="dashboard.php">ClientManager</a>
        <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
            <span class="navbar-toggler-icon"></span>
        </button>
        <div class="collapse navbar-collapse" id="navbarNav">
            <ul class="navbar-nav me-auto">
                <li class="nav-item">
                    <a class="nav-link" href="dashboard.php">Dashboard</a>
                </li>
                <li class="nav-item">
                    <a class="nav-link" href="audit-log.php">Audit Log</a>
                </li>
            </ul>
            <ul class="navbar-nav">
                <li class="nav-item dropdown">
                    <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false">
                        <i class="bi bi-person-circle"></i> <?php echo htmlspecialchars($displayName); ?>
                    </a>
                    <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="navbarDropdown">
                        <li><a class="dropdown-item" href="logout.php">Logout</a></li>
                    </ul>
                </li>
            </ul>
        </div>
    </div>
</nav>

<div class="container mt-4">
    <h2>Delete Client</h2>

    <?php if ($error): ?>
        <div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
    <?php endif; ?>

    <?php if ($client): ?>
    <div class="alert alert-warning">
        <h4>Are you sure?</h4>
        <p>This action will permanently delete the client <strong><?php echo htmlspecialchars($client['name']); ?></strong> and all of their associated credentials and notes. This cannot be undone.</p>
    </div>
    <form action="delete-client.php?client_id=<?php echo htmlspecialchars($clientId); ?>" method="post">
        <button type="submit" name="confirm_delete" class="btn btn-danger">Yes, Delete Everything</button>
        <a href="dashboard.php?client_id=<?php echo htmlspecialchars($clientId); ?>" class="btn btn-secondary">Cancel</a>
    </form>
    <?php else: ?>
        <div class="alert alert-info">Client not found or you do not have permission to delete it.</div>
        <a href="dashboard.php" class="btn btn-primary">Back to Dashboard</a>
    <?php endif; ?>
</div>

<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>