<?php use mystic\forum\orm\Topic; use mystic\forum\orm\TopicLogMessage; use mystic\forum\orm\User; use mystic\forum\orm\UserPermissions; use mystic\forum\utils\RequestUtils; $topicId = $_POST["topic"] ?? null; if ($topicId === null) { http_response_code(400); msg_error(__("Missing topic id")); exit; } RequestUtils::setFormErrorDestination($dest = "./?_action=viewtopic&topic=" . urlencode($topicId)); $dest = "Location: $dest"; if (!$currentUser) { http_response_code(403); msg_error(__("You need to be logged in to lock topics!")); exit; } $formId = "locktopic"; $locked = RequestUtils::getRequiredField("locked", $formId); if ($locked === "true") { $locked = true; } elseif ($locked === "false") { $locked = false; } else RequestUtils::triggerFormError("Invalid value", $formId); $topic = new Topic(); $topic->id = $topicId; if (!$db->fetch($topic)) { http_response_code(404); msg_error(__("No topic exists with this id")); exit; } $topicAuthor = new User(); $topicAuthor->id = $topic->createdBy; if (!$db->fetch($topicAuthor)) $topicAuthor = null; $canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_TOPIC)) || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_TOPIC)); if (!$canEdit) { http_response_code(403); msg_error(__("You don't have permission to lock or unlock this topic")); exit; } $topic->isLocked = $locked; $log = new TopicLogMessage(); $log->id = $db->generateId(); $log->topicId = $topic->id; $log->authorId = $currentUser->id; $log->params = []; $log->type = $locked ? TopicLogMessage::LOCKED : TopicLogMessage::UNLOCKED; $log->postDate = new \DateTimeImmutable(); $db->insert($log); if (!$db->update($topic)) { http_response_code(500); msg_error(__("Failed to lock or unlock topic")); exit; } header($dest);