1 files changed, 93 insertions, 1 deletions

diff --git a/src/index.php b/src/index.php
index d651400..cc9e99d 100644
--- a/src/index.php
+++ b/src/index.php
@@ -572,6 +572,12 @@ if ($_action === "auth") {
             msg_error("You need to be logged in to add new posts!");
             exit;
         }
+        
+        if ($topic->isLocked) {
+            http_response_code(403);
+            msg_error("This topic is locked!");
+            exit;
+        }
 
         $attachments = reArrayFiles($_FILES["files"]);
 
@@ -658,12 +664,15 @@ if ($_action === "auth") {
                 "postAuthor" => $postAuthor,
                 "topicAuthor" => $topicAuthor,
                 "attachments" => $attachments,
+                "topic" => $topic,
             ]);
         }
 
         _view("view_topic_end");
 
-        if ($currentUser) {
+        if ($topic->isLocked) {
+            _view("view_topic_locked");
+        } elseif ($currentUser) {
             _view("form_addpost");
         } else {
             _view("view_logintoreply");
@@ -709,6 +718,7 @@ if ($_action === "auth") {
         $topic->id = $db->generateId();
         $topic->title = $title;
         $topic->creationDate = new DateTimeImmutable();
+        $topic->isLocked = false;
 
         $db->insert($topic);
 
@@ -1169,6 +1179,12 @@ if ($_action === "auth") {
     if (!$db->fetch($topicAuthor))
         $topicAuthor = null;
 
+    $topic = new Topic();
+    $topic->id = $post->topicId;
+
+    if (!$db->fetch($topic))
+        $topic = null;
+
     $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST))
               || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST));
 
@@ -1217,6 +1233,7 @@ if ($_action === "auth") {
             "postAuthor" => $topicAuthor,
             "topicAuthor" => null,
             "attachments" => $attachments,
+            "topic" => $topic,
         ]);
         _view("template_end", [...getThemeAndLangInfo()]);
     }
@@ -1251,6 +1268,18 @@ if ($_action === "auth") {
     $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_POST))
               || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_POST));
 
+    $topic = new Topic();
+    $topic->id = $post->topicId;
+
+    if (!$db->fetch($topic))
+        $topic = null;
+
+    if ($topic->isLocked) {
+        http_response_code(403);
+        msg_error(__("This topic has been locked"));
+        exit;
+    }
+
     if (!$canEdit) {
         http_response_code(403);
         msg_error(__("You don't have permission to edit this post"));
@@ -1360,6 +1389,12 @@ if ($_action === "auth") {
     if (!$db->fetch($topicAuthor))
         $topicAuthor = null;
 
+    if ($topic->isLocked) {
+        http_response_code(403);
+        msg_error(__("This topic has been locked"));
+        exit;
+    }
+
     $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_TOPIC))
             || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_TOPIC));
 
@@ -1378,6 +1413,63 @@ if ($_action === "auth") {
     }
 
     header("Location: ./?_action=viewtopic&topic=" . urlencode($topicId));
+} elseif ($_action === "locktopic") {
+    RequestUtils::ensureRequestMethod("POST");
+    $topicId = $_POST["topic"] ?? null;
+    if ($topicId === null) {
+        http_response_code(400);
+        msg_error(__("Missing topic id"));
+        exit;
+    }
+    RequestUtils::setFormErrorDestination($dest = "Location: ./?_action=viewtopic&topic=" . urlencode($topicId));
+
+    if (!$currentUser) {
+        http_response_code(403);
+        msg_error(__("You need to be logged in to lock topics!"));
+        exit;
+    }
+
+    $formId = "locktopic";
+    $locked = RequestUtils::getRequiredField("locked", $formId);
+    if ($locked === "true") {
+        $locked = true;
+    } elseif ($locked === "false") {
+        $locked = false;
+    } else RequestUtils::triggerFormError("Invalid value", $formId);
+
+    $topic = new Topic();
+    $topic->id = $topicId;
+
+    if (!$db->fetch($topic)) {
+        http_response_code(404);
+        msg_error(__("No topic exists with this id"));
+        exit;
+    }
+
+    $topicAuthor = new User();
+    $topicAuthor->id = $topic->createdBy;
+
+    if (!$db->fetch($topicAuthor))
+        $topicAuthor = null;
+
+    $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_TOPIC))
+            || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_TOPIC));
+
+    if (!$canEdit) {
+        http_response_code(403);
+        msg_error(__("You don't have permission to lock or unlock this topic"));
+        exit;
+    }
+
+    $topic->isLocked = $locked;
+
+    if (!$db->update($topic)) {
+        http_response_code(500);
+        msg_error(__("Failed to lock or unlock topic"));
+        exit;
+    }
+
+    header($dest);
 } elseif ($_action === "search") {
     $query = $_GET["query"] ?? null;
     if ($query !== null) {