diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/manage_post.php | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/includes/manage_post.php b/includes/manage_post.php new file mode 100644 index 0000000..fedc70e --- /dev/null +++ b/includes/manage_post.php @@ -0,0 +1,46 @@ +<?php + +function delete_post($dbc, $post) { + $sql = "DELETE FROM posts WHERE post_id = $post->id"; + mysqli_query($dbc, $sql); + + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; + mysqli_query($dbc, $sql); +} + +include_once 'db_inc.php'; +include_once '../model/Post.php'; + +session_start(); + +if ($_SERVER['REQUEST_METHOD'] == 'GET') { + $action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING); + $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); + + $post = new Post(); + $post->get_from_database($id, $dbc); + + if (!isset($_SESSION['signed_in'])) { + echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; + header("Location: /viewthread.php?id=" . $post->thread->id); + return; + } + + + if ($_SESSION['user_id'] != $post->author->id) { + echo "You can't manage another user's post!"; + header("Location: /viewthread.php?id=" . $post->thread->id); + return; + } + + switch ($action) { + case 'delete': + delete_post($dbc, $post); + break; + case 'edit': + edit_post(); + break; + } + + header("Location: /viewthread.php?id=" . $post->thread->id); +} |