Add ability to delete your posts

1 files changed, 46 insertions, 0 deletions

diff --git a/includes/manage_post.php b/includes/manage_post.php
new file mode 100644
index 0000000..fedc70e
--- /dev/null
+++ b/includes/manage_post.php
@@ -0,0 +1,46 @@
+<?php
+
+function delete_post($dbc, $post) {
+	$sql = "DELETE FROM posts WHERE post_id = $post->id";
+	mysqli_query($dbc, $sql);
+
+	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";";
+	mysqli_query($dbc, $sql);
+}
+
+include_once 'db_inc.php';
+include_once '../model/Post.php';
+
+session_start();
+
+if ($_SERVER['REQUEST_METHOD'] == 'GET') {
+	$action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING);
+	$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
+
+	$post = new Post();
+	$post->get_from_database($id, $dbc);
+
+	if (!isset($_SESSION['signed_in'])) {
+		echo 'You must be <a href="signin.php">signed in</a> to manage a post.';
+		header("Location: /viewthread.php?id=" . $post->thread->id);
+		return;
+	}
+
+
+	if ($_SESSION['user_id'] != $post->author->id) {
+		echo "You can't manage another user's post!";
+		header("Location: /viewthread.php?id=" . $post->thread->id);
+		return;
+	}
+
+	switch ($action) {
+		case 'delete':
+			delete_post($dbc, $post);
+			break;
+		case 'edit':
+			edit_post();
+			break;
+	}
+
+	header("Location: /viewthread.php?id=" . $post->thread->id);
+}