diff options
Diffstat (limited to 'manage_post.php')
| -rw-r--r-- | manage_post.php | 80 |
1 files changed, 0 insertions, 80 deletions
diff --git a/manage_post.php b/manage_post.php deleted file mode 100644 index 99f0ad4..0000000 --- a/manage_post.php +++ /dev/null @@ -1,80 +0,0 @@ -<?php -include_once './includes/functions_post.php'; -include_once './includes/model/Post.php'; - -session_start(); - -if ($_SERVER['REQUEST_METHOD'] == 'GET') { - $current = new Post(); - - if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { - http_response_code(404); - include_once './includes/templates/404.php'; - die(); - } else { - $result = $current->get_from_database($_GET['id']); - if ($result == 0) { - http_response_code(404); - include_once './includes/templates/404.php'; - die(); - } - } -} else { - $id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT); - $delete = filter_input(INPUT_POST, 'delete', FILTER_SANITIZE_STRING); - $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); - - $post = new Post(); - $post->get_from_database($id); - - if (strcasecmp($delete, "on") == 0) { - delete_post($post); - } else { - edit_post($post, $post_content); - } - - header("Location: /viewthread.php?id=" . $post->thread->id); -} -?> -<!DOCTYPE html> -<html lang="en"> -<head> - <title>Manage a post - cflip.net forum</title> - <link rel="stylesheet" href="/styles/style.css"> -</head> -<body> -<?php include('includes/templates/header.php'); ?> -<h1>Manage a post</h1> -<?php -echo get_post_content($current); -echo '<hr>'; - -$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); - -if (!Session::get()->is_signed_in()) { - echo '<p class="error">You must be <a href="signin.php">signed in</a> to manage a post.</p>'; - return; -} - -// Admin users should be able to delete posts, but they should not be able to edit them -// Or should they?? -if (Session::get()->get_current_user()->id != $current->author->id) { - echo '<p class="error">You can\'t manage another user\'s post!</p>'; - return; -} - -// TODO: Disallow editing/deleting posts if they have been around for a while -?> -<form action="manage_post.php" method="post"> - <h3>Edit post</h3> - <input type="hidden" name="id" value="<?= $current->id ?>"> - <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> - <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> - <p> - <input type="checkbox" id="delete" name="delete"> - <label for="delete">Delete this post</label> - </p> - <input type="submit" value="Apply Changes"> -</form> -</body> -</html> |