Galleries/PHPGallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-05-29 14:53:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

This will never work

Browse source
This commit is contained in:
Michał Gdula 2022-08-07 10:59:27 +01:00
parent 6a60375904
commit 9fd86cb3fc
2 changed files with 31 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

81
app/image/edit_description.php
View file

@ -1,17 +1,4 @@
<?php
/*
|-------------------------------------------------------------
| Check if user has edit permitions
|-------------------------------------------------------------
| This is repetetive, but I'm worried people will find a way
| around the front-end protection (if any), so best to do a
| second check.
|
| I also want to add that this is probably a very long and
| poor way of doing the check, so I'm sorry for anyone who has
| the unfortunate task of reading this code.
|-------------------------------------------------------------
*/
$conn_ip = "localhost";
$conn_username = "uwu";
$conn_password = "fennec621";
@ -21,56 +8,26 @@ $conn = mysqli_connect($conn_ip, $conn_username, $conn_password , $conn_database
if ($conn->connect_error) {
// Send notification that connection couldn't be made
}
function image_privilage($id) {
$session_id = $_SESSION['id'];
if (isset($session_id) || !empty($session_id)) {
if ($session_id == $id) {
return True;
if (isset($_POST['submit'])) {
// getting ready forSQL asky asky
$sql = "UPDATE swag_table SET alt=? WHERE id=?";
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
// Setting parameters
$param_alt = $_POST['description'];
$param_id = $_POST['id'];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
echo "sniffleAdd('Info','Description has been updated successfully! You may need to refresh the page to see the new information.','var(--green)')";
} else {
return False;
echo "sniffleAdd('Error','An error occured on the servers','var(--red)')";
}
} else {
return False;
}
}
function get_image_info($conn, $id) {
// Setting SQL query
$sql = "SELECT * FROM swag_table WHERE id = ".$id;
// Getting results
$query = mysqli_query($conn, $sql);
// Fetching associated info
$image_array = mysqli_fetch_assoc($query);
return($image_array);
}
// Get image ID to search up
$image_post_id = $_POST['image_id'];
$image_info = get_image_info($conn, $image_post_id);
if (isset($_POST['description'])) {
// If privilaged, continue
if (image_privilage($image_info['id'])) {
// getting ready forSQL asky asky
$sql = "UPDATE swag_table SET alt=? WHERE id=?";
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
// Setting parameters
$param_alt = $_POST['description'];
$param_id = $image_post_id;
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
echo "<script>sniffleAdd('Info','Description has been updated successfully! You may need to refresh the page to see the new information.','var(--green)')</script>";
} else {
echo "<script>sniffleAdd('Error','An error occured on the servers','var(--red)')</script>";
}
}
} else {
echo "<script>sniffleAdd('Error','You do not have access to this','var(--red)')</script>";
}
}
?>