added admin page

Model/NotesModel.php

@@ -43,6 +43,37 @@ class NotesModel extends Database
             return false;
         }
     }
+    public function selectFiles($userid, $isAdmin = false, $sortBy = 'updated_at', $sortOrder = 'DESC')
+    {
+        $pdo = $this->linkDB();
+        $erg = array();
+
+        // Whitelist of allowed sort columns
+        $allowedSortColumns = ['id', 'original_filename', 'stored_filename', 'note_id', 'owner_username', 'uploaded_at', 'file_size'];
+        $allowedSortOrders = ['ASC', 'DESC'];
+        
+        $sortBy = in_array($sortBy, $allowedSortColumns) ? $sortBy : 'uploaded_at';
+        $sortOrder = in_array(strtoupper($sortOrder), $allowedSortOrders) ? strtoupper($sortOrder) : 'DESC';
+        
+        try {
+            if ($isAdmin) {
+                $sql = "SELECT f.*, n.title AS note_title, u.username AS owner_username 
+                    FROM files f 
+                    JOIN notes n ON f.note_id = n.id 
+                    JOIN users u ON n.user_id = u.id 
+                    ORDER BY {$sortBy} {$sortOrder}";
+                $stmt = $pdo->prepare($sql);
+                $stmt->execute();
+            }
+            
+            $erg = $stmt->fetchAll(\PDO::FETCH_ASSOC);
+            return $erg;
+            
+        } catch (PDOException $e) {
+            error_log("Database Error in selectFiles: " . $e->getMessage());
+            return false;
+        }
+    }
 
     function getNoteById($noteId) {
         $pdo = $this->linkDB();
@@ -222,4 +253,38 @@ class NotesModel extends Database
         }
         return ['success' => true, 'message' => 'Files uploaded successfully.', 'fileNames' => $uploadedFileNames];
     }
+
+    public function deleteFile($fileId, $userId) {
+        $pdo = $this->linkDB();
+        if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
+        try {
+            // Delete the local file
+            $stmt = $pdo->prepare("SELECT stored_filename FROM files WHERE id = ?");
+            $stmt->execute([$fileId]);
+            $file = $stmt->fetch();
+            if ($file) {
+                $filePath = $_SERVER['DOCUMENT_ROOT'] . '/EIANotesApp/Uploads/' . $file['stored_filename'];
+                if (file_exists($filePath)) {
+                    unlink($filePath);
+                }
+            }
+            
+            if ($this->isAdmin()) { // Admin can delete any file
+                $stmt = $pdo->prepare("DELETE FROM files WHERE id = ?");
+                $params = [$fileId];
+            } else { // User can only delete their own files
+                $stmt = $pdo->prepare("DELETE FROM files WHERE id = ? AND note_id IN (SELECT id FROM notes WHERE user_id = ?)");
+                $params = [$fileId, $userId];
+            }
+            $stmt->execute($params);
+
+            if ($stmt->rowCount() > 0) {
+                return ['success' => true, 'message' => 'File deleted successfully.'];
+            }
+            return ['success' => false, 'message' => 'File not found or permission denied.'];
+        } catch (PDOException $e) {
+            error_log("Delete File Error: " . $e->getMessage());
+            return ['success' => false, 'message' => 'Failed to delete file.'];
+        }
+    }
 }