Galleries/PHPGallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-05-14 07:32:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Group deleting

Browse source
This commit is contained in:
Michał Gdula 2022-09-24 17:07:22 +00:00
parent 89bab971f3
commit 8ecd3f5921
2 changed files with 129 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
app/image/group.php
View file

@ -6,9 +6,11 @@ include dirname(__DIR__) . "/app.php";
use App\Account; use App\Account;
use App\Image; use App\Image;
use App\Group;
$user_info = new Account(); $user_info = new Account();
$image_info = new Image(); $image_info = new Image();
$group_info = new Group();
$user_ip = $user_info->get_ip(); $user_ip = $user_info->get_ip();
@ -20,18 +22,9 @@ $user_ip = $user_info->get_ip();
|------------------------------------------------------------- |-------------------------------------------------------------
*/ */
if (isset($_POST['group_submit'])) { if (isset($_POST['group_submit'])) {
$sql = "SELECT author FROM groups WHERE id= ?"; $query = $group_info->get_group_info($conn, $_POST['group_id']);
if ($stmt = mysqli_prepare($conn, $sql)) { if ($_SESSION['id'] == $query['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_user_id);
$param_user_id = $_POST['group_id'];
$stmt->execute();
$query = $stmt->get_result();
if ($_SESSION['id'] == $query || $user_info->is_admin($conn, $_SESSION['id'])) {
$sql = "UPDATE groups SET image_list = ? WHERE id = ?"; $sql = "UPDATE groups SET image_list = ? WHERE id = ?";
// Checking if databse is doing ok // Checking if databse is doing ok
@ -67,35 +60,19 @@ if (isset($_POST['group_submit'])) {
</script> </script>
<?php <?php
} }
}
} }
/* /*
|------------------------------------------------------------- |-------------------------------------------------------------
| Edit Description | Edit title
|------------------------------------------------------------- |-------------------------------------------------------------
| This script took probably over 24hours to write, mostly |
| because of my stupidity. But it (mostly) works now which is
| good. Reason for all the includes and session_start is due
| to the need of checking if the person owns the image. If this
| check is not done, someone could come by and just edit the
| Jquery code on the front-end and change the image ID. Which
| isnt too great :p
|------------------------------------------------------------- |-------------------------------------------------------------
*/ */
if (isset($_POST['title_submit'])) { if (isset($_POST['title_submit'])) {
$sql = "SELECT author FROM groups WHERE id= ?"; $query = $group_info->get_group_info($conn, $_POST['group_id']);
if ($stmt = mysqli_prepare($conn, $sql)) { if ($_SESSION['id'] == $query['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_user_id);
$param_user_id = $_POST['group_id'];
$stmt->execute();
$query = $stmt->get_result();
if ($_SESSION['id'] == $query || $user_info->is_admin($conn, $_SESSION['id'])) {
// getting ready forSQL asky asky // getting ready forSQL asky asky
$sql = "UPDATE groups SET group_name = ? WHERE id = ?"; $sql = "UPDATE groups SET group_name = ? WHERE id = ?";
@ -139,7 +116,6 @@ if (isset($_POST['title_submit'])) {
</script> </script>
<?php <?php
} }
}
} }
if (isset($_POST['new_group_submit'])) { if (isset($_POST['new_group_submit'])) {
@ -164,3 +140,48 @@ if (isset($_POST['new_group_submit'])) {
<?php <?php
} }
} }
if (isset($_POST['group_delete'])) {
$query = $group_info->get_group_info($conn, $_POST['group_id']);
if ($_SESSION['id'] == $query['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
$sql = "DELETE FROM groups WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $_POST['group_id']);
if ($stmt->execute()) {
?>
<script>
sniffleAdd('Goodbye!', 'Successfully deleted image group! You shall be yeeted in a moment', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
setTimeout(function(){window.location.href = "group.php";}, 2000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Ouchie', 'Something went wrong while deleting the image group', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Ouchie', 'Something went wrong while deleting the image group', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied!!!', 'You do not have the right permitions to delete this group', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}

23
group.php
View file

@ -61,7 +61,28 @@
if ($_GET['mode'] == "edit") { if ($_GET['mode'] == "edit") {
if ($_SESSION['id'] == $group['author'] || $user_info->is_admin($conn, $_SESSION['id'])) { if ($_SESSION['id'] == $group['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
echo "<button class='btn btn-bad'>Delete</button>"; echo "<button id='deleteGroup' class='btn btn-bad'>Delete</button>";
?>
<script>
$('#deleteGroup').click(function() {
var header = "Are you surrrrrre?";
var description = "The images will still be up, but all your hard work setting this group up will be gone!";
var actionBox = "<form id='titleForm' method='POST'>\
<button id='deleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete group</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#titleForm").submit(function(event) {
event.preventDefault();
var deleteSubmit = $("#deleteSubmit").val();
$("#sniffle").load("app/image/group.php", {
group_id: <?php echo $_GET['id']; ?>,
group_delete: deleteSubmit
});
});
});
</script>
<?php
echo "<button id='editTitle' class='btn btn-bad'>Update title</button>"; echo "<button id='editTitle' class='btn btn-bad'>Update title</button>";
?> ?>