From 132d2c3a344a82afaa3f0f41a5034e6ef4089ab7 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Sun, 1 Mar 2026 03:27:28 +0000
Subject: [PATCH] Add delete message action to staff portal

Adds a Delete button to each message card in the staff inbox so staff
can remove spam or dead-end submissions. Confirmation dialog (via
JS confirm()) prevents accidental deletions. Implementation:

- POST handler: DELETE FROM contacts WHERE id = ? (parameterized)
- .btn--danger CSS variant (red-tinted, matches dark theme)
- Delete button rendered in every message footer alongside existing
  Mark as read action

https://claude.ai/code/session_015wpwmheufcxkBuXivrSHhd
---
 www/pages/admin-inbox.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/www/pages/admin-inbox.php b/www/pages/admin-inbox.php
index c4b8f76..1bca2fa 100644
--- a/www/pages/admin-inbox.php
+++ b/www/pages/admin-inbox.php
@@ -96,6 +96,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['mark_all_read'])) {
     exit;
 }
 
+// Delete a single message
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_message'])) {
+    $db->prepare("DELETE FROM contacts WHERE id = ?")->execute([(int)$_POST['delete_message']]);
+    header('Location: /staff-portal');
+    exit;
+}
+
 // ── Fetch messages ────────────────────────────────────────────────────────
 $messages    = $db->query("SELECT * FROM contacts ORDER BY created_at DESC")->fetchAll();
 $unread_count = (int)$db->query("SELECT COUNT(*) FROM contacts WHERE is_read = 0")->fetchColumn();
@@ -140,6 +147,8 @@ function h(string $s): string { return htmlspecialchars($s, ENT_QUOTES); }
         .btn--primary:hover { background: #1d4ed8; }
         .btn--ghost    { background: transparent; color: #94a3b8; border: 1px solid #1e2d4a; }
         .btn--ghost:hover { background: #1e2d4a; color: #e2e8f0; }
+        .btn--danger   { background: transparent; color: #f87171; border: 1px solid #450a0a; }
+        .btn--danger:hover { background: #450a0a; color: #fca5a5; }
         .btn--sm { padding: .3rem .65rem; font-size: .78rem; }
 
         /* ── Container ── */
@@ -232,6 +241,10 @@ function h(string $s): string { return htmlspecialchars($s, ENT_QUOTES); }
                             <button class="btn btn--primary btn--sm">Mark as read</button>
                         </form>
                     <?php endif; ?>
+                    <form method="post" onsubmit="return confirm('Delete message from <?= h(addslashes($m['name'])) ?>? This cannot be undone.')">
+                        <input type="hidden" name="delete_message" value="<?= (int)$m['id'] ?>">
+                        <button class="btn btn--danger btn--sm">Delete</button>
+                    </form>
                 </div>
             </div>
         <?php endforeach; ?>