diff options
| author | cflip <36554078+cflip@users.noreply.github.com> | 2021-04-24 09:40:20 -0600 |
|---|---|---|
| committer | cflip <36554078+cflip@users.noreply.github.com> | 2021-04-24 09:40:20 -0600 |
| commit | 7c3f2e348c015ea93563d866f89ec8cea9159ea0 (patch) | |
| tree | b7b6b18cf9087f42300f621d15101628a8d214e4 /manage_post.php | |
| parent | 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e (diff) | |
Refactoring part 2
Starting to move some functionality such as the session and database connection into singleton classes to manage them. Functions for modifying posts and threads are being put in one place as well.
Diffstat (limited to 'manage_post.php')
| -rw-r--r-- | manage_post.php | 86 |
1 files changed, 36 insertions, 50 deletions
diff --git a/manage_post.php b/manage_post.php index 3f9a9b3..9e04dd4 100644 --- a/manage_post.php +++ b/manage_post.php @@ -10,13 +10,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } else { $result = $current->get_from_database($_GET['id'], $dbc); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } } @@ -28,68 +28,54 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { $post = new Post(); $post->get_from_database($id, $dbc); - if (!isset($_SESSION['signed_in'])) { - echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; - goto end; - } - - if ($_SESSION['user_id'] != $post->author->id) { - echo "You can't manage another user's post!"; - goto end; - } - if (strcasecmp($delete, "on") == 0) { - delete_post($dbc, $post); + delete_post($post); } else { - edit_post(); + edit_post($post, $post_content); } - end: header("Location: /viewthread.php?id=" . $post->thread->id); } ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>Manage a post - cflip.net forum</title> - <link rel="stylesheet" href="/styles/style.css"> + <title>Manage a post - cflip.net forum</title> + <link rel="stylesheet" href="/styles/style.css"> </head> <body> - <?php include_once 'templates/header.php' ?> - <h1>Manage a post</h1> - <?php - $current->display_content($dbc); - echo '<hr>'; +<?php include('includes/templates/header.php'); ?> +<h1>Manage a post</h1> +<?php +$current->display_content($dbc); +echo '<hr>'; - $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); +$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); - if (!isset($_SESSION['signed_in'])) { - echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; - return; - } - - $current_user = new User(); - $current_user->get_by_id($_SESSION['user_id'], $dbc); +if (!Session::get()->is_signed_in()) { + echo '<p class="error">You must be <a href="signin.php">signed in</a> to manage a post.</p>'; + return; +} - // Admin users should be able to delete posts, but they should not be able to edit them - // Or should they?? - if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) { - echo "You can't manage another user's post!"; - return; - } +// Admin users should be able to delete posts, but they should not be able to edit them +// Or should they?? +if (Session::get()->get_current_user()->id != $current->author->id) { + echo '<p class="error">You can\'t manage another user\'s post!</p>'; + return; +} - // TODO: Disallow editing/deleting posts if they have been around for a while - ?> - <form action="manage_post.php" method="post"> - <h3>Edit post</h3> - <input type="hidden" name="id" value="<?= $current->id ?>"> - <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> - <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> - <p> - <input type="checkbox" id="delete" name="delete"> - <label for="delete">Delete this post</label> - </p> - <input type="submit" value="Apply Changes"> - </form> +// TODO: Disallow editing/deleting posts if they have been around for a while +?> +<form action="manage_post.php" method="post"> + <h3>Edit post</h3> + <input type="hidden" name="id" value="<?= $current->id ?>"> + <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> + <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> + <p> + <input type="checkbox" id="delete" name="delete"> + <label for="delete">Delete this post</label> + </p> + <input type="submit" value="Apply Changes"> +</form> </body> </html> |