Galleries/PHPGallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-05-14 07:32:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Group deleting

Browse source
This commit is contained in:
Michał Gdula 2022-09-24 17:07:22 +00:00
parent 89bab971f3
commit 8ecd3f5921
2 changed files with 129 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

191
app/image/group.php
View file

@ -6,9 +6,11 @@ include dirname(__DIR__) . "/app.php";
use App\Account; use App\Account;
use App\Image; use App\Image;
use App\Group;
$user_info = new Account(); $user_info = new Account();
$image_info = new Image(); $image_info = new Image();
$group_info = new Group();
$user_ip = $user_info->get_ip(); $user_ip = $user_info->get_ip();
@ -20,109 +22,76 @@ $user_ip = $user_info->get_ip();
|------------------------------------------------------------- |-------------------------------------------------------------
*/ */
if (isset($_POST['group_submit'])) { if (isset($_POST['group_submit'])) {
$sql = "SELECT author FROM groups WHERE id= ?"; $query = $group_info->get_group_info($conn, $_POST['group_id']);
if ($stmt = mysqli_prepare($conn, $sql)) { if ($_SESSION['id'] == $query['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
// Bind variables to the prepared statement as parameters $sql = "UPDATE groups SET image_list = ? WHERE id = ?";
mysqli_stmt_bind_param($stmt, "i", $param_user_id);
$param_user_id = $_POST['group_id']; // Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_images, $param_id);
$stmt->execute(); // Setting parameters
$query = $stmt->get_result(); $param_images = implode(" ", $_POST['group_images']);
$param_id = $_POST['group_id'];
if ($_SESSION['id'] == $query || $user_info->is_admin($conn, $_SESSION['id'])) { // Attempt to execute the prepared statement
$sql = "UPDATE groups SET image_list = ? WHERE id = ?"; if (mysqli_stmt_execute($stmt)) {
?>
// Checking if databse is doing ok <script>
if ($stmt = mysqli_prepare($conn, $sql)) { sniffleAdd('Success!!!', 'Updates the image group! Redirecting.... soon', 'var(--green)', 'assets/icons/check.svg');
mysqli_stmt_bind_param($stmt, "si", $param_images, $param_id); setTimeout(function() {
window.location.href = "group.php?id=<?php echo $_POST['group_id']; ?>";
// Setting parameters }, 2000);
$param_images = implode(" ", $_POST['group_images']); </script>
$param_id = $_POST['group_id']; <?php
} else {
// Attempt to execute the prepared statement ?>
if (mysqli_stmt_execute($stmt)) { <script>
?> sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--red)', 'assets/icons/cross.svg');
<script> </script>
sniffleAdd('Success!!!', 'Updates the image group! Redirecting.... soon', 'var(--green)', 'assets/icons/check.svg'); <?php
setTimeout(function() {
window.location.href = "group.php?id=<?php echo $_POST['group_id']; ?>";
}, 2000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--red)', 'assets/icons/cross.svg');
</script>
<?php
}
} }
} else {
?>
<script>
sniffleAdd('Gwa Gwa', 'You\'re not privilaged enough to do thissss!', 'var(--red)', 'assets/icons/cross.svg');
</script>
<?php
} }
} else {
?>
<script>
sniffleAdd('Gwa Gwa', 'You\'re not privilaged enough to do thissss!', 'var(--red)', 'assets/icons/cross.svg');
</script>
<?php
} }
} }
/* /*
|------------------------------------------------------------- |-------------------------------------------------------------
| Edit Description | Edit title
|------------------------------------------------------------- |-------------------------------------------------------------
| This script took probably over 24hours to write, mostly |
| because of my stupidity. But it (mostly) works now which is
| good. Reason for all the includes and session_start is due
| to the need of checking if the person owns the image. If this
| check is not done, someone could come by and just edit the
| Jquery code on the front-end and change the image ID. Which
| isnt too great :p
|------------------------------------------------------------- |-------------------------------------------------------------
*/ */
if (isset($_POST['title_submit'])) { if (isset($_POST['title_submit'])) {
$sql = "SELECT author FROM groups WHERE id= ?"; $query = $group_info->get_group_info($conn, $_POST['group_id']);
if ($stmt = mysqli_prepare($conn, $sql)) { if ($_SESSION['id'] == $query['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
// Bind variables to the prepared statement as parameters // getting ready forSQL asky asky
mysqli_stmt_bind_param($stmt, "i", $param_user_id); $sql = "UPDATE groups SET group_name = ? WHERE id = ?";
$param_user_id = $_POST['group_id']; // Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_title, $param_id);
$stmt->execute(); // Setting parameters
$query = $stmt->get_result(); $param_title = $_POST['group_title'];
$param_id = $_POST['group_id'];
if ($_SESSION['id'] == $query || $user_info->is_admin($conn, $_SESSION['id'])) { // Attempt to execute the prepared statement
// getting ready forSQL asky asky if (mysqli_stmt_execute($stmt)) {
$sql = "UPDATE groups SET group_name = ? WHERE id = ?"; ?>
<script>
// Checking if databse is doing ok sniffleAdd('Success!!!', 'The title has been updated successfully! You may need to refresh the page to see the new information.', 'var(--green)', 'assets/icons/check.svg');
if ($stmt = mysqli_prepare($conn, $sql)) { flyoutClose();
mysqli_stmt_bind_param($stmt, "si", $param_title, $param_id); </script>
<?php
// Setting parameters
$param_title = $_POST['group_title'];
$param_id = $_POST['group_id'];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'The title has been updated successfully! You may need to refresh the page to see the new information.', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else { } else {
?> ?>
<script> <script>
@ -134,11 +103,18 @@ if (isset($_POST['title_submit'])) {
} else { } else {
?> ?>
<script> <script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--red)', 'assets/icons/cross.svg'); sniffleAdd('Error :c', 'An error occured on the servers', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose(); flyoutClose();
</script> </script>
<?php <?php
} }
} else {
?>
<script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
} }
} }
@ -164,3 +140,48 @@ if (isset($_POST['new_group_submit'])) {
<?php <?php
} }
} }
if (isset($_POST['group_delete'])) {
$query = $group_info->get_group_info($conn, $_POST['group_id']);
if ($_SESSION['id'] == $query['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
$sql = "DELETE FROM groups WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $_POST['group_id']);
if ($stmt->execute()) {
?>
<script>
sniffleAdd('Goodbye!', 'Successfully deleted image group! You shall be yeeted in a moment', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
setTimeout(function(){window.location.href = "group.php";}, 2000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Ouchie', 'Something went wrong while deleting the image group', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Ouchie', 'Something went wrong while deleting the image group', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied!!!', 'You do not have the right permitions to delete this group', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}

23
group.php
View file

@ -61,7 +61,28 @@
if ($_GET['mode'] == "edit") { if ($_GET['mode'] == "edit") {
if ($_SESSION['id'] == $group['author'] || $user_info->is_admin($conn, $_SESSION['id'])) { if ($_SESSION['id'] == $group['author'] || $user_info->is_admin($conn, $_SESSION['id'])) {
echo "<button class='btn btn-bad'>Delete</button>"; echo "<button id='deleteGroup' class='btn btn-bad'>Delete</button>";
?>
<script>
$('#deleteGroup').click(function() {
var header = "Are you surrrrrre?";
var description = "The images will still be up, but all your hard work setting this group up will be gone!";
var actionBox = "<form id='titleForm' method='POST'>\
<button id='deleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete group</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#titleForm").submit(function(event) {
event.preventDefault();
var deleteSubmit = $("#deleteSubmit").val();
$("#sniffle").load("app/image/group.php", {
group_id: <?php echo $_GET['id']; ?>,
group_delete: deleteSubmit
});
});
});
</script>
<?php
echo "<button id='editTitle' class='btn btn-bad'>Update title</button>"; echo "<button id='editTitle' class='btn btn-bad'>Update title</button>";
?> ?>