blob: 99f0ad405bdde8d55812e5c18d47421e2da27be8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
<?php
include_once './includes/functions_post.php';
include_once './includes/model/Post.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
$current = new Post();
if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
http_response_code(404);
include_once './includes/templates/404.php';
die();
} else {
$result = $current->get_from_database($_GET['id']);
if ($result == 0) {
http_response_code(404);
include_once './includes/templates/404.php';
die();
}
}
} else {
$id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
$delete = filter_input(INPUT_POST, 'delete', FILTER_SANITIZE_STRING);
$post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING);
$post = new Post();
$post->get_from_database($id);
if (strcasecmp($delete, "on") == 0) {
delete_post($post);
} else {
edit_post($post, $post_content);
}
header("Location: /viewthread.php?id=" . $post->thread->id);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Manage a post - cflip.net forum</title>
<link rel="stylesheet" href="/styles/style.css">
</head>
<body>
<?php include('includes/templates/header.php'); ?>
<h1>Manage a post</h1>
<?php
echo get_post_content($current);
echo '<hr>';
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
if (!Session::get()->is_signed_in()) {
echo '<p class="error">You must be <a href="signin.php">signed in</a> to manage a post.</p>';
return;
}
// Admin users should be able to delete posts, but they should not be able to edit them
// Or should they??
if (Session::get()->get_current_user()->id != $current->author->id) {
echo '<p class="error">You can\'t manage another user\'s post!</p>';
return;
}
// TODO: Disallow editing/deleting posts if they have been around for a while
?>
<form action="manage_post.php" method="post">
<h3>Edit post</h3>
<input type="hidden" name="id" value="<?= $current->id ?>">
<textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea>
<p>Edited posts will show a timestamp above the post showing when the last edit was made.</p>
<p>
<input type="checkbox" id="delete" name="delete">
<label for="delete">Delete this post</label>
</p>
<input type="submit" value="Apply Changes">
</form>
</body>
</html>
|
