path: root/includes/functions_post.php

<?php
include_once 'Session.php';
include_once 'model/User.php';

function delete_post($post)
{
	// User must be signed in
	if (!Session::get()->is_signed_in()) {
		trigger_error('You must be signed in to delete a post!');
	}

	// User must have permission to delete the post
	$current_user = Session::get()->get_current_user();
	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
		trigger_error("You don't have sufficient permissions to delete this post.");
	}

	// TODO: The post must not be locked

	// TODO: The post must have not been around for a certain amount of time

	// Delete the post from the database
	Database::get()->query("DELETE FROM posts WHERE post_id = $post->id");

	// Decrement the post count of the category
	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";";
	mysqli_query($dbc, $sql);
}

function edit_post($post, $post_content)
{
	// User must be signed in
	if (!Session::get()->is_signed_in()) {
		trigger_error('You must be signed in to edit this post!');
	}

	// User must have permission to edit the post
	$current_user = Session::get()->get_current_user();
	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
		trigger_error("You don't have sufficient permissions to edit this post.");
	}

	// Set the post content and the post edit date
	$sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
	$stmt = mysqli_stmt_init($dbc);

	if (!mysqli_stmt_prepare($stmt, $sql)) {
		trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc));
	}

	mysqli_stmt_bind_param($stmt, "si", $post_content, $id);
	mysqli_stmt_execute($stmt);
	mysqli_stmt_close($stmt);

	// Redirect to the post's thread page
	header("Location: /viewthread.php?id=" . $post->thread->id);
}