soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause list($whereclause,$condition) = getWhereclauselvl2("",$permission,$partner,''); //QUERY AND VERIFY ALLOWED if (isAllowed('marketing',$profile,$permission,'U') === 1){ // Get JSON input $input = json_decode(file_get_contents('php://input'), true); $file_id = $input['file_id'] ?? ''; $folder_id = $input['folder_id'] ?? ''; $tags = $input['tags'] ?? []; $title = $input['title'] ?? ''; if (empty($file_id)) { echo json_encode(['success' => false, 'error' => 'File ID is required']); exit; } try { // Update file $update_sql = 'UPDATE `marketing_files` SET `title` = ?, `folder_id` = ? WHERE `id` = ? AND `accounthierarchy` LIKE ?'; $stmt = $pdo->prepare($update_sql); $stmt->execute([ $title, $folder_id ?: null, $file_id, $condition ]); if ($stmt->rowCount() === 0) { echo json_encode(['success' => false, 'error' => 'File not found or access denied']); exit; } // Update tags - first remove existing $pdo->prepare('DELETE FROM `marketing_file_tags` WHERE `file_id` = ?')->execute([$file_id]); // Insert new tags if (!empty($tags)) { $tag_sql = 'INSERT IGNORE INTO `marketing_tags` (`tag_name`) VALUES (?)'; $tag_stmt = $pdo->prepare($tag_sql); $file_tag_sql = 'INSERT INTO `marketing_file_tags` (`file_id`, `tag_id`) SELECT ?, id FROM marketing_tags WHERE tag_name = ?'; $file_tag_stmt = $pdo->prepare($file_tag_sql); foreach ($tags as $tag) { $tag_stmt->execute([trim($tag)]); $file_tag_stmt->execute([$file_id, trim($tag)]); } } echo json_encode(['success' => true, 'message' => 'File updated successfully']); } catch (Exception $e) { echo json_encode(['success' => false, 'error' => 'Update failed: ' . $e->getMessage()]); } } else { echo json_encode(['success' => false, 'error' => 'Insufficient permissions']); } ?>