svrjs-mods-directory/includes/page_removemod.php

<?php
if (!defined('SVRJS_MOD_DIRECTORY')) die;

$errorMessage = null;
$modRemoved = false;

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['csrf']) {
    $errorMessage = "Potential CSRF attack detected.";
  } else {

    $modPendingUploadDirectory = APP_FSROOT . '/img/mods_pending';
    $pendingCoverImagePathname = isset($modDataToRemove['pending_image_ext']) && $modDataToRemove['pending_image_ext'] ? $modPendingUploadDirectory . '/' . str_replace(['/', '\\'], '', $modDataToRemove['slug']) . '.' . $modDataToDiscard['pending_image_ext'] : null;

    if ($pendingCoverImagePathname && file_exists($pendingCoverImagePathname) && !unlink($pendingCoverImagePathname)) {
      $errorMessage = "An unexpected error occurred while removing the mod.";
    } else {
      $statement = $connection->prepare("DELETE FROM mods_pending WHERE slug = ?");

      if (!$statement) {
        $errorMessage = "An unexpected error occurred while removing the mod.";
      } else {
        $modSlug = $modDataToDiscard['slug'];
        $statement->bind_param('s', $modSlug);
        if (!$statement->execute()) {
          $errorMessage = "An unexpected error occurred while removing the mod.";
        } else {


          $statement = $connection->prepare("UPDATE mods SET is_removed = 1 WHERE slug = ?");

          if (!$statement) {
            $errorMessage = "An unexpected error occurred while removing the mod.";
          } else {
            $modSlug = $modDataToRemove['slug'];
            $statement->bind_param('s', $modSlug);
            if (!$statement->execute()) {
              $errorMessage = "An unexpected error occurred while removing the mod.";
            } else {
              $modRemoved = true;
            }
            $statement->close();
          }
        }
      }
    }
  }
}

if (!$modRemoved) {
  $pageTitle = "Remove mod";
  $pageDescription = "Remove a pending SVR.JS mod in SVR.JS Mods directory.";
} else {
  $pageTitle = "Mod removed";
  $pageDescription = "The mod has been removed.";
}
include 'header.php';
?>
<main class="content">
  <?php if ($modRemoved) { ?>
    <h1>Mod removed</h1>
    <p>The mod has been removed.</p>
    <p><a href="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'pending-mods'); ?>" class="btn">View mods</a></p>
  <?php } else { ?>
    <h1>Remove mod</h1>
    <p>Are you sure to remove the <strong>&ldquo;<?php echo htmlspecialchars($modDataToRemove['name']); ?>&rdquo;</strong> mod?</p>
    <form action="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'remove-mod/' . urlencode($modDataToRemove['slug'])) ?>" method="post" class="form" enctype="multipart/form-data">
      <?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
      <div class="form-block">
        <input type="submit" value="Remove mod">
      </div>
      <input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['csrf']) ?>">
    </form>
  <?php } ?>
</main>
<?php
include 'footer.php';

if ($modRemoved) {
  $moderatorResult = $connection->query("SELECT email AS address, username AS name FROM users WHERE is_moderator = 1;");
  if ($moderatorResult) {
    $moderators = [];
    while ($moderator = $moderatorResult->fetch_assoc()) {
      array_push($moderators, $moderator);
    }
    sendEmail($moderators, 'A mod has been removed', "A mod has been removed:\n\nMod name: " . str_replace(["\r\n", "\r", "\n"], '', $modDataToRemove['name']) . "\nSlug: " . $modDataToRemove['slug'] . "\n\nNo action is required.");
  }
}
?>