From 79ea99ee8cf0c387606087fc9cc9c379512ccd9c Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Wed, 14 Apr 2021 18:18:29 -0600 Subject: Add post editing page (#12) --- manage_post.php | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ model/Post.php | 3 +- 2 files changed, 114 insertions(+), 2 deletions(-) create mode 100644 manage_post.php diff --git a/manage_post.php b/manage_post.php new file mode 100644 index 0000000..8c6129b --- /dev/null +++ b/manage_post.php @@ -0,0 +1,113 @@ +id"; + mysqli_query($dbc, $sql); + + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; + mysqli_query($dbc, $sql); +} + +session_start(); + +if ($_SERVER['REQUEST_METHOD'] == 'GET') { + $current = new Post(); + + if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { + http_response_code(404); + include_once 'templates/404.php'; + die(); + } else { + $result = $current->get_from_database($_GET['id'], $dbc); + if ($result == 0) { + http_response_code(404); + include_once 'templates/404.php'; + die(); + } + } +} else { + $id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT); + $delete = filter_input(INPUT_POST, 'delete', FILTER_SANITIZE_STRING); + $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); + + $post = new Post(); + $post->get_from_database($id, $dbc); + + if (!isset($_SESSION['signed_in'])) { + echo 'You must be signed in to manage a post.'; + goto end; + } + + + if ($_SESSION['user_id'] != $post->author->id) { + echo "You can't manage another user's post!"; + goto end; + } + + if (strcasecmp($delete, "on") == 0) { + delete_post($dbc, $post); + } else { + $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create post due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "si", $post_content, $id); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + } + + end: + header("Location: /viewthread.php?id=" . $post->thread->id); +} +?> + + + + Manage a post - cflip.net forum + + + + +

Manage a post

+ display_content($dbc); + echo '
'; + + $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); + + if (!isset($_SESSION['signed_in'])) { + echo 'You must be signed in to manage a post.'; + return; + } + + $current_user = new User(); + $current_user->get_by_id($_SESSION['user_id'], $dbc); + + // Admin users should be able to delete posts, but they should not be able to edit them + // Or should they?? + if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) { + echo "You can't manage another user's post!"; + return; + } + + // TODO: Disallow editing/deleting posts if they have been around for a while + ?> +
+

Edit post

+ + +

Edited posts will show a timestamp above the post showing when the last edit was made.

+

+ + +

+ +
+ + diff --git a/model/Post.php b/model/Post.php index d7aba72..34d6a79 100644 --- a/model/Post.php +++ b/model/Post.php @@ -69,8 +69,7 @@ class Post { } if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { echo ''; - echo '[Edit] '; - echo '[Delete]'; + echo '[Edit/Delete] '; echo''; } echo ''; -- cgit v1.2.3