From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Fri, 23 Apr 2021 18:43:12 -0600
Subject: Refactoring part 1

---
 includes/functions_post.php | 57 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 includes/functions_post.php

(limited to 'includes/functions_post.php')

diff --git a/includes/functions_post.php b/includes/functions_post.php
new file mode 100644
index 0000000..5bc8c2a
--- /dev/null
+++ b/includes/functions_post.php
@@ -0,0 +1,57 @@
+<?php
+include_once 'Session.php';
+include_once 'model/User.php';
+
+function delete_post($post)
+{
+	// User must be signed in
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to delete a post!');
+	}
+
+	// User must have permission to delete the post
+	$current_user = Session::get()->get_current_user();
+	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+		trigger_error("You don't have sufficient permissions to delete this post.");
+	}
+
+	// TODO: The post must not be locked
+
+	// TODO: The post must have not been around for a certain amount of time
+
+	// Delete the post from the database
+	Database::get()->query("DELETE FROM posts WHERE post_id = $post->id");
+
+	// Decrement the post count of the category
+	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";";
+	mysqli_query($dbc, $sql);
+}
+
+function edit_post($post, $post_content)
+{
+	// User must be signed in
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to edit this post!');
+	}
+
+	// User must have permission to edit the post
+	$current_user = Session::get()->get_current_user();
+	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+		trigger_error("You don't have sufficient permissions to edit this post.");
+	}
+
+	// Set the post content and the post edit date
+	$sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
+	$stmt = mysqli_stmt_init($dbc);
+
+	if (!mysqli_stmt_prepare($stmt, $sql)) {
+		trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc));
+	}
+
+	mysqli_stmt_bind_param($stmt, "si", $post_content, $id);
+	mysqli_stmt_execute($stmt);
+	mysqli_stmt_close($stmt);
+
+	// Redirect to the post's thread page
+	header("Location: /viewthread.php?id=" . $post->thread->id);
+}
-- 
cgit v1.2.3