id = $postId; if (!$db->fetch($item) || $item->deleted) { http_response_code(404); msg_error("No post exists with this id"); exit; } $topicAuthor = new User(); $topicAuthor->id = $item->authorId; if (!$db->fetch($topicAuthor)) $topicAuthor = null; $topic = new Topic(); $topic->id = $item->topicId; if (!$db->fetch($topic)) $topic = null; $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST)) || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST)); if (!$canEdit) { http_response_code(403); msg_error("You don't have permission to delete this post"); exit; } $attachments = $db->fetchCustom(Attachment::class, 'WHERE post_id = $1', [ $item->id ]); $confirm = $_POST["confirm"] ?? null; if ($confirm !== null) { $expectedConfirm = base64_encode(hash("sha256", "confirm" . $item->id, true)); if ($confirm !== $expectedConfirm) { http_response_code(400); msg_error("Invalid confirmation"); exit; } $item->deleted = true; $item->content = ""; if (!$db->update($item)) { http_response_code(500); msg_error("Failed to delete post"); exit; } foreach ($attachments as $attachment) { if (!$db->delete($attachment)) { http_response_code(500); msg_error("Failed to delete attachment"); exit; } } header("Location: ?_action=viewtopic&topic=" . urlencode($item->topicId)); } else { _view("template_start", ["_title" => __("Delete post")]); _view("template_navigation_start"); _view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]); _view("template_navigation_end"); _view("form_delete_post_confirm", [ "post" => $item, "postAuthor" => $topicAuthor, "topicAuthor" => null, "attachments" => $attachments, "topic" => $topic, ]); _view("template_end", [...getThemeAndLangInfo()]); }