get_from_database($_GET['id'], $dbc);
if ($result == 0) {
http_response_code(404);
include_once 'templates/404.php';
die();
}
}
} else {
$id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
$delete = filter_input(INPUT_POST, 'delete', FILTER_SANITIZE_STRING);
$post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING);
$post = new Post();
$post->get_from_database($id, $dbc);
if (!isset($_SESSION['signed_in'])) {
echo 'You must be signed in to manage a post.';
goto end;
}
if ($_SESSION['user_id'] != $post->author->id) {
echo "You can't manage another user's post!";
goto end;
}
if (strcasecmp($delete, "on") == 0) {
delete_post($dbc, $post);
} else {
edit_post();
}
end:
header("Location: /viewthread.php?id=" . $post->thread->id);
}
?>
Manage a post - cflip.net forum
Manage a post
display_content($dbc);
echo '';
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
if (!isset($_SESSION['signed_in'])) {
echo 'You must be signed in to manage a post.';
return;
}
$current_user = new User();
$current_user->get_by_id($_SESSION['user_id'], $dbc);
// Admin users should be able to delete posts, but they should not be able to edit them
// Or should they??
if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) {
echo "You can't manage another user's post!";
return;
}
// TODO: Disallow editing/deleting posts if they have been around for a while
?>