Marijn postdelete #178
20
website/public/API/deletePost.php
Normal file
20
website/public/API/deletePost.php
Normal file
@@ -0,0 +1,20 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
require_once "../../queries/post.php";
|
||||
require_once "../../queries/user.php";
|
||||
|
||||
if (isset($_SESSION["userID"]) and
|
||||
getRoleByID($_SESSION["userID"]) != 'frozen' and
|
||||
getRoleByID($_SESSION["userID"]) != 'banned') {
|
||||
|
||||
if (empty($_POST["postID"]) or empty($_SESSION["userID"])) {
|
||||
header('HTTP/1.1 500 Non enough arguments');
|
||||
}
|
||||
|
||||
deletePost($_POST["postID"], $_SESSION["userID"]);
|
||||
return;
|
||||
|
||||
} else {
|
||||
echo "frozen";
|
||||
}
|
||||
@@ -61,19 +61,9 @@ $(document).ready(function () {
|
||||
});
|
||||
|
||||
$(window).on("load", function() {
|
||||
$(".modal-close").click(function () {
|
||||
$(".modal").hide();
|
||||
scrollbarMargin(0, 'auto');
|
||||
$('#modal-response').hide();
|
||||
$('.modal-default').show();
|
||||
});
|
||||
$(".modal-close").click(function (){closeModal()});
|
||||
|
||||
// http://stackoverflow.com/questions/9439725/javascript-how-to-detect-if-browser-window-is-scrolled-to-bottom
|
||||
// $(window).on("scroll", function () {
|
||||
// if ((window.innerHeight + window.pageYOffset) >= document.body.offsetHeight) {
|
||||
// loadMorePosts(userID, groupID, postAmount, postLimit);
|
||||
// }
|
||||
// });
|
||||
window.onscroll = function(ev) {
|
||||
if($(window).scrollTop() + $(window).height() == $(document).height() ) {
|
||||
loadMorePosts(userID, groupID, postAmount, postLimit);
|
||||
@@ -81,6 +71,13 @@ $(window).on("load", function() {
|
||||
};
|
||||
});
|
||||
|
||||
function closeModal() {
|
||||
$(".modal").hide();
|
||||
scrollbarMargin(0, 'auto');
|
||||
$('#modal-response').hide();
|
||||
$('.modal-default').show();
|
||||
}
|
||||
|
||||
$(window).resize(function() {
|
||||
clearTimeout(window.resizedFinished);
|
||||
window.resizeFinished = setTimeout(function() {
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
|
||||
function postComment(buttonValue) {
|
||||
formData = $("#newcommentform").serializeArray();
|
||||
formData.push({name: "button", value: buttonValue});
|
||||
@@ -20,3 +21,19 @@ function postComment(buttonValue) {
|
||||
$('#modal-response').html(fancyText(data));
|
||||
});
|
||||
}
|
||||
|
||||
function deletePost(postID) {
|
||||
var formData = [{name: "postID", value: postID}];
|
||||
$.post(
|
||||
"API/deletePost.php",
|
||||
formData
|
||||
).done(function (response) {
|
||||
if (response == "frozen") {
|
||||
alert("Je account is bevroren, dus je kan geen posts verwijderen. Contacteer een admin als je denkt dat dit onjuist is.");
|
||||
}
|
||||
});
|
||||
closeModal();
|
||||
masonry(masonryMode);
|
||||
|
||||
|
||||
}
|
||||
@@ -84,3 +84,20 @@
|
||||
height: 24px;
|
||||
width: 24px;
|
||||
}
|
||||
|
||||
.deleteButton {
|
||||
background-color: firebrick;
|
||||
|
||||
}
|
||||
|
||||
.deleteButton i {
|
||||
display: inline-block;
|
||||
}
|
||||
|
||||
.deleteButton:hover span {
|
||||
display: inline-block;
|
||||
}
|
||||
|
||||
.deleteButton span {
|
||||
display: none;
|
||||
}
|
||||
@@ -243,3 +243,56 @@ function deleteNietSlecht(int $postID, int $userID) {
|
||||
$stmt->execute();
|
||||
return $stmt->rowCount();
|
||||
}
|
||||
|
||||
function deletePost(int $postID, int $userID) {
|
||||
if (checkPermissionOnPost($postID, $userID)) {
|
||||
$stmt = prepareQuery("
|
||||
DELETE FROM
|
||||
`post`
|
||||
WHERE
|
||||
`postID` = :postID
|
||||
");
|
||||
$stmt->bindParam(":postID", $postID);
|
||||
$stmt->execute();
|
||||
}
|
||||
}
|
||||
|
||||
function checkPermissionOnPost(int $postID, int $userID) : bool {
|
||||
$getGroupID = prepareQuery("
|
||||
SELECT
|
||||
`author`,
|
||||
`groupID`
|
||||
FROM
|
||||
`post`
|
||||
WHERE
|
||||
`postID` = :postID
|
||||
");
|
||||
$getGroupID->bindParam(":postID", $postID);
|
||||
$getGroupID->execute();
|
||||
$postinfo = $getGroupID->fetch();
|
||||
|
||||
if ($postinfo["groupID"] == null) {
|
||||
// User post
|
||||
return ($userID == $postinfo["author"]);
|
||||
} else {
|
||||
// Group post
|
||||
$roleInGroup = getRoleInGroup($userID, $postinfo["groupID"]);
|
||||
return ($roleInGroup == "mod" or $roleInGroup == "admin");
|
||||
}
|
||||
}
|
||||
|
||||
function getRoleInGroup(int $userID, int $groupID) {
|
||||
$stmt = prepareQuery("
|
||||
SELECT
|
||||
`role`
|
||||
FROM
|
||||
`group_member`
|
||||
WHERE
|
||||
`userID` = :userID AND
|
||||
`groupID` = :groupID
|
||||
");
|
||||
$stmt->bindParam(":userID", $userID);
|
||||
$stmt->bindParam(":groupID", $groupID);
|
||||
$stmt->execute();
|
||||
return $stmt->fetch()["role"];
|
||||
}
|
||||
|
||||
@@ -6,7 +6,14 @@ session_start();
|
||||
?>
|
||||
<div class='post-header header'>
|
||||
<h4><?=$post['title']?></h4>
|
||||
<form method="post" onclick=""><span class="delete-post">verwijder post</span><br /></form>
|
||||
<?php if (checkPermissionOnPost($postID, $_SESSION["userID"])) {?>
|
||||
<button class="deleteButton"
|
||||
onclick="deletePost('<?=$postID?>')"
|
||||
type="submit">
|
||||
<i class="fa fa-trash"></i>
|
||||
<span>Verwijder post</span>
|
||||
</button><br />
|
||||
<?php } ?>
|
||||
<span class='postinfo'>
|
||||
gepost door <?=$fullname?>,
|
||||
<span class='posttime' title='<?=$post['creationdate']?>'>
|
||||
|
||||
Reference in New Issue
Block a user