id = $postId; if (!$db->fetch($item) || $item->deleted) { http_response_code(404); msg_error("No post exists with this id"); exit; } $postAuthor = new User(); $postAuthor->id = $item->authorId; if (!$db->fetch($postAuthor)) $postAuthor = null; $topic = new Topic(); $topic->id = $item->topicId; if (!$db->fetch($topic)) $topic = null; $canDelete = ($currentUser->id === $postAuthor?->id && $postAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST)) || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST)); if (!$canDelete) { http_response_code(403); msg_error("You don't have permission to delete this post"); exit; } $attachments = $db->fetchCustom(Attachment::class, 'WHERE post_id = $1', [ $item->id ]); $confirm = $_POST["confirm"] ?? null; if ($confirm !== null) { $expectedConfirm = base64_encode(hash("sha256", "confirm" . $item->id, true)); if ($confirm !== $expectedConfirm) { http_response_code(400); msg_error("Invalid confirmation"); exit; } $item->deleted = true; $item->content = ""; if (!$db->update($item)) { http_response_code(500); msg_error("Failed to delete post"); exit; } foreach ($attachments as $attachment) { if (!$db->delete($attachment)) { http_response_code(500); msg_error("Failed to delete attachment"); exit; } } header("Location: ?_action=viewtopic&topic=" . urlencode($item->topicId)); } else { render("delete_post.twig", [ "post" => $item, "postAuthor" => $postAuthor, "topicAuthor" => null, "attachments" => $attachments, "topic" => $topic, ]); }