2 files changed, 59 insertions, 0 deletions

diff --git a/moderate.php b/moderate.php
new file mode 100644
index 0000000..afeefa1
--- /dev/null
+++ b/moderate.php
@@ -0,0 +1,33 @@
+<?php
+
+include_once 'includes/db_inc.php';
+include_once 'model/User.php';
+
+session_start();
+
+function delete_thread($dbc, $thread_id) {
+	$sql = "DELETE FROM threads WHERE thread_id = $thread_id;";
+	mysqli_query($dbc, $sql);
+}
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_SESSION['signed_in'])) {
+	$thread_id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
+	$delete = filter_input(INPUT_POST, "delete", FILTER_SANITIZE_STRING);
+	
+	$user = new User();
+	$user->get_by_id($_SESSION['user_id'], $dbc);
+
+	if ($user->level > 0) {
+		if (strcasecmp($delete, "on") == 0) {
+			delete_thread($dbc, $thread_id);
+
+			header("Location: /");
+			exit();
+		}
+	}
+
+	header("Location: viewthread.php?id=$thread_id");
+	exit();
+}
+
+header("Location: /");
\ No newline at end of file
diff --git a/viewthread.php b/viewthread.php
index 64750a5..e1961fc 100644
--- a/viewthread.php
+++ b/viewthread.php
@@ -31,6 +31,32 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
 	created by <b><?= $current->author->name; ?></b>
 	in <b><?= $current->category->name; ?></b>
 	<abbr title="<?= date('M d, Y g:ia', strtotime($current->date_created));?>">3 days ago</abbr>
+<?php
+include_once 'model/User.php';
+
+if (isset($_SESSION['signed_in'])) {
+	$user = new User();
+	$user->get_by_id($_SESSION['user_id'], $dbc);
+
+	if ($user->level > 0) {
+		echo '
+		<form action="moderate.php" method="post">
+			<p>
+			<b>Moderator Options</b>
+			<input type="number" name="id" value="' . $current->id . '">
+			<input type="checkbox" id="delete" name="delete">
+			<label for="delete">Delete thread</label>
+			<input type="checkbox" id="lock" name="lock">
+			<label for="lock">Locked</label>
+			<input type="checkbox" id="pin" name="pin">
+			<label for="pin">Pinned</label>
+			<input type="submit" value="Update thread">
+			</p>
+		</form>
+		';
+	}
+}
+?>
 	<hr>
 	<?php
 		$posts = $current->get_posts($dbc);