<?php use mystic\forum\orm\Topic; use mystic\forum\orm\User; use mystic\forum\orm\UserPermissions; use mystic\forum\utils\RequestUtils; if (!$currentUser) { http_response_code(403); msg_error(__("You need to be logged in to delete topics!")); exit; } $formId = "deletetopic"; $topicId = RequestUtils::getRequiredField("topic", $formId); $topic = new Topic(); $topic->id = $topicId; if (!$db->fetch($topic)) { http_response_code(404); msg_error(__("No topic exists with this id")); exit; } $topicAuthor = new User(); $topicAuthor->id = $topic->createdBy; if (!$db->fetch($topicAuthor)) $topicAuthor = null; $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_TOPIC)) || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_TOPIC)); if (!$canEdit) { http_response_code(403); msg_error(__("You don't have permission to delete this topic")); exit; } $confirm = $_POST["confirm"] ?? null; if ($confirm !== null) { $expectedConfirm = base64_encode(hash("sha256", "confirm" . $topic->id, true)); if ($confirm !== $expectedConfirm) { http_response_code(400); msg_error(__("Invalid confirmation")); exit; } if (!$db->delete($topic)) { http_response_code(500); msg_error(__("Failed to delete topic")); exit; } header("Location: ."); } else { render("delete_topic.twig", [ "topic" => $topic, "topicAuthor" => $topicAuthor, ]); }