diff options
Diffstat (limited to 'manage_post.php')
| -rw-r--r-- | manage_post.php | 86 |
1 files changed, 36 insertions, 50 deletions
diff --git a/manage_post.php b/manage_post.php index 3f9a9b3..9e04dd4 100644 --- a/manage_post.php +++ b/manage_post.php @@ -10,13 +10,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } else { $result = $current->get_from_database($_GET['id'], $dbc); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } } @@ -28,68 +28,54 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { $post = new Post(); $post->get_from_database($id, $dbc); - if (!isset($_SESSION['signed_in'])) { - echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; - goto end; - } - - if ($_SESSION['user_id'] != $post->author->id) { - echo "You can't manage another user's post!"; - goto end; - } - if (strcasecmp($delete, "on") == 0) { - delete_post($dbc, $post); + delete_post($post); } else { - edit_post(); + edit_post($post, $post_content); } - end: header("Location: /viewthread.php?id=" . $post->thread->id); } ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>Manage a post - cflip.net forum</title> - <link rel="stylesheet" href="/styles/style.css"> + <title>Manage a post - cflip.net forum</title> + <link rel="stylesheet" href="/styles/style.css"> </head> <body> - <?php include_once 'templates/header.php' ?> - <h1>Manage a post</h1> - <?php - $current->display_content($dbc); - echo '<hr>'; +<?php include('includes/templates/header.php'); ?> +<h1>Manage a post</h1> +<?php +$current->display_content($dbc); +echo '<hr>'; - $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); +$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); - if (!isset($_SESSION['signed_in'])) { - echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; - return; - } - - $current_user = new User(); - $current_user->get_by_id($_SESSION['user_id'], $dbc); +if (!Session::get()->is_signed_in()) { + echo '<p class="error">You must be <a href="signin.php">signed in</a> to manage a post.</p>'; + return; +} - // Admin users should be able to delete posts, but they should not be able to edit them - // Or should they?? - if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) { - echo "You can't manage another user's post!"; - return; - } +// Admin users should be able to delete posts, but they should not be able to edit them +// Or should they?? +if (Session::get()->get_current_user()->id != $current->author->id) { + echo '<p class="error">You can\'t manage another user\'s post!</p>'; + return; +} - // TODO: Disallow editing/deleting posts if they have been around for a while - ?> - <form action="manage_post.php" method="post"> - <h3>Edit post</h3> - <input type="hidden" name="id" value="<?= $current->id ?>"> - <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> - <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> - <p> - <input type="checkbox" id="delete" name="delete"> - <label for="delete">Delete this post</label> - </p> - <input type="submit" value="Apply Changes"> - </form> +// TODO: Disallow editing/deleting posts if they have been around for a while +?> +<form action="manage_post.php" method="post"> + <h3>Edit post</h3> + <input type="hidden" name="id" value="<?= $current->id ?>"> + <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> + <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> + <p> + <input type="checkbox" id="delete" name="delete"> + <label for="delete">Delete this post</label> + </p> + <input type="submit" value="Apply Changes"> +</form> </body> </html> |