blob: 4cd9872b7e90c7d23af868a738ea70370a5cf8c6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
<?php
use mystic\forum\orm\Attachment;
use mystic\forum\orm\Post;
use mystic\forum\orm\Topic;
use mystic\forum\orm\User;
use mystic\forum\orm\UserPermissions;
use mystic\forum\utils\RequestUtils;
if (!$currentUser) {
http_response_code(403);
msg_error("You need to be logged in to delete posts!");
exit;
}
$formId = "deletepost";
$postId = RequestUtils::getRequiredField("post", $formId);
$item = new Post();
$item->id = $postId;
if (!$db->fetch($item) || $item->deleted) {
http_response_code(404);
msg_error("No post exists with this id");
exit;
}
$postAuthor = new User();
$postAuthor->id = $item->authorId;
if (!$db->fetch($postAuthor))
$postAuthor = null;
$topic = new Topic();
$topic->id = $item->topicId;
if (!$db->fetch($topic))
$topic = null;
$canDelete = ($currentUser->id === $postAuthor?->id && $postAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST))
|| ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST));
if (!$canDelete) {
http_response_code(403);
msg_error("You don't have permission to delete this post");
exit;
}
$attachments = $db->fetchCustom(Attachment::class, 'WHERE post_id = $1', [ $item->id ]);
$confirm = $_POST["confirm"] ?? null;
if ($confirm !== null) {
$expectedConfirm = base64_encode(hash("sha256", "confirm" . $item->id, true));
if ($confirm !== $expectedConfirm) {
http_response_code(400);
msg_error("Invalid confirmation");
exit;
}
$item->deleted = true;
$item->content = "";
if (!$db->update($item)) {
http_response_code(500);
msg_error("Failed to delete post");
exit;
}
foreach ($attachments as $attachment) {
if (!$db->delete($attachment)) {
http_response_code(500);
msg_error("Failed to delete attachment");
exit;
}
}
header("Location: ?_action=viewtopic&topic=" . urlencode($item->topicId));
} else {
render("delete_post.twig", [
"post" => $item,
"postAuthor" => $postAuthor,
"topicAuthor" => null,
"attachments" => $attachments,
"topic" => $topic,
]);
}
|