blob: fedc70e5a408daf27161624e0fe2e2f2c15531bc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
<?php
function delete_post($dbc, $post) {
$sql = "DELETE FROM posts WHERE post_id = $post->id";
mysqli_query($dbc, $sql);
$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";";
mysqli_query($dbc, $sql);
}
include_once 'db_inc.php';
include_once '../model/Post.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
$action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING);
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$post = new Post();
$post->get_from_database($id, $dbc);
if (!isset($_SESSION['signed_in'])) {
echo 'You must be <a href="signin.php">signed in</a> to manage a post.';
header("Location: /viewthread.php?id=" . $post->thread->id);
return;
}
if ($_SESSION['user_id'] != $post->author->id) {
echo "You can't manage another user's post!";
header("Location: /viewthread.php?id=" . $post->thread->id);
return;
}
switch ($action) {
case 'delete':
delete_post($dbc, $post);
break;
case 'edit':
edit_post();
break;
}
header("Location: /viewthread.php?id=" . $post->thread->id);
}
|
