id";
mysqli_query($dbc, $sql);
$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";";
mysqli_query($dbc, $sql);
}
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
$current = new Post();
if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
http_response_code(404);
include_once 'templates/404.php';
die();
} else {
$result = $current->get_from_database($_GET['id'], $dbc);
if ($result == 0) {
http_response_code(404);
include_once 'templates/404.php';
die();
}
}
} else {
$id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
$delete = filter_input(INPUT_POST, 'delete', FILTER_SANITIZE_STRING);
$post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING);
$post = new Post();
$post->get_from_database($id, $dbc);
if (!isset($_SESSION['signed_in'])) {
echo 'You must be signed in to manage a post.';
goto end;
}
if ($_SESSION['user_id'] != $post->author->id) {
echo "You can't manage another user's post!";
goto end;
}
if (strcasecmp($delete, "on") == 0) {
delete_post($dbc, $post);
} else {
$sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
$stmt = mysqli_stmt_init($dbc);
if (!mysqli_stmt_prepare($stmt, $sql)) {
die('Could not create post due to internal error: ' . mysqli_error($dbc));
}
mysqli_stmt_bind_param($stmt, "si", $post_content, $id);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
}
end:
header("Location: /viewthread.php?id=" . $post->thread->id);
}
?>
Manage a post - cflip.net forum
Manage a post
display_content($dbc);
echo '';
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
if (!isset($_SESSION['signed_in'])) {
echo 'You must be signed in to manage a post.';
return;
}
$current_user = new User();
$current_user->get_by_id($_SESSION['user_id'], $dbc);
// Admin users should be able to delete posts, but they should not be able to edit them
// Or should they??
if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) {
echo "You can't manage another user's post!";
return;
}
// TODO: Disallow editing/deleting posts if they have been around for a while
?>