37223-vm/delete_project.php

<?php
session_start();
header('Content-Type: application/json');

if (!isset($_SESSION['user_id'])) {
    http_response_code(401);
    echo json_encode(['error' => 'User not authenticated']);
    exit;
}

require_once 'db/config.php';

$project_id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if (!$project_id) {
    http_response_code(400);
    echo json_encode(['error' => 'Project ID is required.']);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['error' => 'POST method required.']);
    exit;
}

try {
    $pdo = db();
    
    // Begin a transaction
    $pdo->beginTransaction();

    // Verify project ownership
    $stmt = $pdo->prepare("SELECT id FROM projects WHERE id = ? AND user_id = ?");
    $stmt->execute([$project_id, $_SESSION['user_id']]);
    $project = $stmt->fetch();

    if (!$project) {
        http_response_code(404);
        $pdo->rollBack();
        echo json_encode(['error' => 'Project not found or permission denied.']);
        exit;
    }

    // Delete associated scenes first to maintain integrity
    $stmt = $pdo->prepare("DELETE FROM scenes WHERE project_id = ?");
    $stmt->execute([$project_id]);

    // Now, delete the project
    $stmt = $pdo->prepare("DELETE FROM projects WHERE id = ?");
    $stmt->execute([$project_id]);

    if ($stmt->rowCount() > 0) {
        $pdo->commit();
        echo json_encode(['success' => 'Project and all its scenes were deleted successfully.']);
    } else {
        $pdo->rollBack();
        http_response_code(500); // Should not happen if ownership check passed
        echo json_encode(['error' => 'Failed to delete project.']);
    }

} catch (PDOException $e) {
    if ($pdo->inTransaction()) {
        $pdo->rollBack();
    }
    http_response_code(500);
    // error_log("Database error: " . $e->getMessage());
    echo json_encode(['error' => 'Database error during project deletion.']);
}