diff options
| author | cflip <36554078+cflip@users.noreply.github.com> | 2021-04-08 11:03:17 -0600 |
|---|---|---|
| committer | cflip <36554078+cflip@users.noreply.github.com> | 2021-04-08 11:03:17 -0600 |
| commit | 117f875d6287b03131e75a839e563b05b15ecd48 (patch) | |
| tree | 48920fdb4bafd42070a119a5ef30a43784bb35ac | |
| parent | cbda5f04202771699339bf417dc0f08ce95bbca7 (diff) | |
Add ability to delete your posts
| -rw-r--r-- | includes/manage_post.php | 46 | ||||
| -rw-r--r-- | model/Post.php | 13 |
2 files changed, 57 insertions, 2 deletions
diff --git a/includes/manage_post.php b/includes/manage_post.php new file mode 100644 index 0000000..fedc70e --- /dev/null +++ b/includes/manage_post.php @@ -0,0 +1,46 @@ +<?php + +function delete_post($dbc, $post) { + $sql = "DELETE FROM posts WHERE post_id = $post->id"; + mysqli_query($dbc, $sql); + + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; + mysqli_query($dbc, $sql); +} + +include_once 'db_inc.php'; +include_once '../model/Post.php'; + +session_start(); + +if ($_SERVER['REQUEST_METHOD'] == 'GET') { + $action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING); + $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); + + $post = new Post(); + $post->get_from_database($id, $dbc); + + if (!isset($_SESSION['signed_in'])) { + echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; + header("Location: /viewthread.php?id=" . $post->thread->id); + return; + } + + + if ($_SESSION['user_id'] != $post->author->id) { + echo "You can't manage another user's post!"; + header("Location: /viewthread.php?id=" . $post->thread->id); + return; + } + + switch ($action) { + case 'delete': + delete_post($dbc, $post); + break; + case 'edit': + edit_post(); + break; + } + + header("Location: /viewthread.php?id=" . $post->thread->id); +} diff --git a/model/Post.php b/model/Post.php index 91cd3be..308b5ac 100644 --- a/model/Post.php +++ b/model/Post.php @@ -15,7 +15,7 @@ function add_quote($dbc, $thread_id, $matches) { $reply = mysqli_fetch_assoc($result); if (empty($reply)) { - return '<blockquote>Invalid quote!</blockquote>'; + return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>'; } $id = $id + 1; @@ -59,7 +59,16 @@ class Post { } function display_content($dbc) { - echo '<div class="header"><b>#' . $this->id . '</b> Posted by <a href="viewuser.php?id='. $this->author->id.'">' . $this->author->name . '</a> on ' . date('m/d/Y g:ia', strtotime($this->date)) . '<br></div>'; + echo '<div class="header"><b>#' . $this->id . '</b>'; + echo ' Posted by <a href="viewuser.php?id='. $this->author->id . '">' . $this->author->name . '</a>'; + echo ' on ' . date('m/d/Y g:ia', strtotime($this->date)); + if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { + echo '<span style="float:right;">'; + echo '[<a href="includes/manage_post.php?action=edit&id=' . $this->id . '">Edit</a>] '; + echo '[<a href="includes/manage_post.php?action=delete&id=' . $this->id . '">Delete</a>]'; + echo'</span>'; + } + echo '</div>'; $post_content = $this->content; $thread_id = $this->id; |