diff options
Diffstat (limited to 'manage_post.php')
| -rw-r--r-- | manage_post.php | 113 |
1 files changed, 40 insertions, 73 deletions
diff --git a/manage_post.php b/manage_post.php index 8c6129b..99f0ad4 100644 --- a/manage_post.php +++ b/manage_post.php @@ -1,15 +1,6 @@ <?php - -include_once 'includes/db_inc.php'; -include_once 'model/Post.php'; - -function delete_post($dbc, $post) { - $sql = "DELETE FROM posts WHERE post_id = $post->id"; - mysqli_query($dbc, $sql); - - $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; - mysqli_query($dbc, $sql); -} +include_once './includes/functions_post.php'; +include_once './includes/model/Post.php'; session_start(); @@ -18,13 +9,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } else { - $result = $current->get_from_database($_GET['id'], $dbc); + $result = $current->get_from_database($_GET['id']); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } } @@ -34,80 +25,56 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); $post = new Post(); - $post->get_from_database($id, $dbc); - - if (!isset($_SESSION['signed_in'])) { - echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; - goto end; - } - - - if ($_SESSION['user_id'] != $post->author->id) { - echo "You can't manage another user's post!"; - goto end; - } + $post->get_from_database($id); if (strcasecmp($delete, "on") == 0) { - delete_post($dbc, $post); + delete_post($post); } else { - $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create post due to internal error: ' . mysqli_error($dbc)); - } - - mysqli_stmt_bind_param($stmt, "si", $post_content, $id); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + edit_post($post, $post_content); } - end: header("Location: /viewthread.php?id=" . $post->thread->id); } ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>Manage a post - cflip.net forum</title> - <link rel="stylesheet" href="/styles/style.css"> + <title>Manage a post - cflip.net forum</title> + <link rel="stylesheet" href="/styles/style.css"> </head> <body> - <?php include_once 'templates/header.php' ?> - <h1>Manage a post</h1> - <?php - $current->display_content($dbc); - echo '<hr>'; - - $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); +<?php include('includes/templates/header.php'); ?> +<h1>Manage a post</h1> +<?php +echo get_post_content($current); +echo '<hr>'; - if (!isset($_SESSION['signed_in'])) { - echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; - return; - } +$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); - $current_user = new User(); - $current_user->get_by_id($_SESSION['user_id'], $dbc); +if (!Session::get()->is_signed_in()) { + echo '<p class="error">You must be <a href="signin.php">signed in</a> to manage a post.</p>'; + return; +} - // Admin users should be able to delete posts, but they should not be able to edit them - // Or should they?? - if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) { - echo "You can't manage another user's post!"; - return; - } +// Admin users should be able to delete posts, but they should not be able to edit them +// Or should they?? +if (Session::get()->get_current_user()->id != $current->author->id) { + echo '<p class="error">You can\'t manage another user\'s post!</p>'; + return; +} - // TODO: Disallow editing/deleting posts if they have been around for a while - ?> - <form action="manage_post.php" method="post"> - <h3>Edit post</h3> - <input type="hidden" name="id" value="<?= $current->id ?>"> - <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> - <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> - <p> - <input type="checkbox" id="delete" name="delete"> - <label for="delete">Delete this post</label> - </p> - <input type="submit" value="Apply Changes"> - </form> +// TODO: Disallow editing/deleting posts if they have been around for a while +?> +<form action="manage_post.php" method="post"> + <h3>Edit post</h3> + <input type="hidden" name="id" value="<?= $current->id ?>"> + <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> + <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> + <p> + <input type="checkbox" id="delete" name="delete"> + <label for="delete">Delete this post</label> + </p> + <input type="submit" value="Apply Changes"> +</form> </body> </html> |