Galleries/PHPGallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-05-14 07:32:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Group deleting

Browse source
This commit is contained in:
Michał Gdula 2022-09-24 17:07:22 +00:00
parent 89bab971f3
commit 8ecd3f5921
2 changed files with 129 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

193
app/image/group.php
View file

@ -6,9 +6,11 @@ include dirname(__DIR__) . "/app.php";
use App\Account;
use App\Image;
use App\Group;
$user_info = new Account();
$image_info = new Image();
$group_info = new Group();
$user_ip = $user_info->get_ip();
@ -20,109 +22,76 @@ $user_ip = $user_info->get_ip();
|-------------------------------------------------------------
*/
if (isset($_POST['group_submit'])) {
$sql = "SELECT author FROM groups WHERE id= ?";
$query = $group_info->get_group_info($conn, $_POST['group_id']);
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_user_id);
if ($_SESSION['id'] == $query['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
$sql = "UPDATE groups SET image_list = ? WHERE id = ?";
$param_user_id = $_POST['group_id'];
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_images, $param_id);
$stmt->execute();
$query = $stmt->get_result();
// Setting parameters
$param_images = implode(" ", $_POST['group_images']);
$param_id = $_POST['group_id'];
if ($_SESSION['id'] == $query || $user_info->is_admin($conn, $_SESSION['id'])) {
$sql = "UPDATE groups SET image_list = ? WHERE id = ?";
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_images, $param_id);
// Setting parameters
$param_images = implode(" ", $_POST['group_images']);
$param_id = $_POST['group_id'];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'Updates the image group! Redirecting.... soon', 'var(--green)', 'assets/icons/check.svg');
setTimeout(function() {
window.location.href = "group.php?id=<?php echo $_POST['group_id']; ?>";
}, 2000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--red)', 'assets/icons/cross.svg');
</script>
<?php
}
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'Updates the image group! Redirecting.... soon', 'var(--green)', 'assets/icons/check.svg');
setTimeout(function() {
window.location.href = "group.php?id=<?php echo $_POST['group_id']; ?>";
}, 2000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--red)', 'assets/icons/cross.svg');
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Gwa Gwa', 'You\'re not privilaged enough to do thissss!', 'var(--red)', 'assets/icons/cross.svg');
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Gwa Gwa', 'You\'re not privilaged enough to do thissss!', 'var(--red)', 'assets/icons/cross.svg');
</script>
<?php
}
}
/*
|-------------------------------------------------------------
| Edit Description
| Edit title
|-------------------------------------------------------------
| This script took probably over 24hours to write, mostly
| because of my stupidity. But it (mostly) works now which is
| good. Reason for all the includes and session_start is due
| to the need of checking if the person owns the image. If this
| check is not done, someone could come by and just edit the
| Jquery code on the front-end and change the image ID. Which
| isnt too great :p
|
|-------------------------------------------------------------
*/
if (isset($_POST['title_submit'])) {
$sql = "SELECT author FROM groups WHERE id= ?";
$query = $group_info->get_group_info($conn, $_POST['group_id']);
if ($_SESSION['id'] == $query['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
// getting ready forSQL asky asky
$sql = "UPDATE groups SET group_name = ? WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_user_id);
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_title, $param_id);
$param_user_id = $_POST['group_id'];
// Setting parameters
$param_title = $_POST['group_title'];
$param_id = $_POST['group_id'];
$stmt->execute();
$query = $stmt->get_result();
if ($_SESSION['id'] == $query || $user_info->is_admin($conn, $_SESSION['id'])) {
// getting ready forSQL asky asky
$sql = "UPDATE groups SET group_name = ? WHERE id = ?";
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_title, $param_id);
// Setting parameters
$param_title = $_POST['group_title'];
$param_id = $_POST['group_id'];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'The title has been updated successfully! You may need to refresh the page to see the new information.', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'The title has been updated successfully! You may need to refresh the page to see the new information.', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
} else {
?>
<script>
@ -134,11 +103,18 @@ if (isset($_POST['title_submit'])) {
} else {
?>
<script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--red)', 'assets/icons/cross.svg');
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
@ -164,3 +140,48 @@ if (isset($_POST['new_group_submit'])) {
<?php
}
}
if (isset($_POST['group_delete'])) {
$query = $group_info->get_group_info($conn, $_POST['group_id']);
if ($_SESSION['id'] == $query['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
$sql = "DELETE FROM groups WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $_POST['group_id']);
if ($stmt->execute()) {
?>
<script>
sniffleAdd('Goodbye!', 'Successfully deleted image group! You shall be yeeted in a moment', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
setTimeout(function(){window.location.href = "group.php";}, 2000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Ouchie', 'Something went wrong while deleting the image group', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Ouchie', 'Something went wrong while deleting the image group', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied!!!', 'You do not have the right permitions to delete this group', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}

23
group.php
View file

@ -61,7 +61,28 @@
if ($_GET['mode'] == "edit") {
if ($_SESSION['id'] == $group['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
echo "<button class='btn btn-bad'>Delete</button>";
echo "<button id='deleteGroup' class='btn btn-bad'>Delete</button>";
?>
<script>
$('#deleteGroup').click(function() {
var header = "Are you surrrrrre?";
var description = "The images will still be up, but all your hard work setting this group up will be gone!";
var actionBox = "<form id='titleForm' method='POST'>\
<button id='deleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete group</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#titleForm").submit(function(event) {
event.preventDefault();
var deleteSubmit = $("#deleteSubmit").val();
$("#sniffle").load("app/image/group.php", {
group_id: <?php echo $_GET['id']; ?>,
group_delete: deleteSubmit
});
});
});
</script>
<?php
echo "<button id='editTitle' class='btn btn-bad'>Update title</button>";
?>