delete

2024-11-12 01:50:48 +01:00 · 2011-01-21 13:14:11 +11:00 · 2011-01-21 13:14:11 +11:00 · ec34fa8076
commit ec34fa8076
parent 8edccdb2aa
2 changed files with 66 additions and 1 deletions
--- a/inc/config.php
+++ b/inc/config.php
@ -84,6 +84,8 @@
 	define('ERROR_YOUAREMUTED', 'You are muted! Expires in %d seconds.', true);
 	define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true);
 	define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true);
+	define('ERROR_NODELETE', 'You didn\'t select anything to delete.', true);
+	define('ERROR_INVALIDPASSWORD', 'Wrong password…', true);
 	define('ERR_INVALIDIMG','Invalid image.', true);
 	define('ERR_FILESIZE',	'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
 	define('ERR_MAXSIZE',	'The file was too big.', true);
--- a/post.php
+++ b/post.php
@ -20,7 +20,70 @@
 		$_POST = strip_array($_POST);
 	}
 	
-	if(isset($_POST['post'])) {
+	if(isset($_POST['delete'])) {
+		// Delete
+		
+		if(	!isset($_POST['board']) ||
+			!isset($_POST['password'])
+			)
+			error(ERROR_BOT);
+		
+		$password = $_POST['password'];
+		
+		if(empty($password))
+			error(ERROR_INVALIDPASSWORD);
+		
+		$delete = Array();
+		foreach($_POST as $post => $value) {
+			if(preg_match('/^delete_(\d+)$/', $post, $m)) {
+				$delete[] = (int)$m[1];
+			}
+		}
+		
+		sql_open();
+		
+		// Check if banned
+		checkBan();
+		
+		if(BLOCK_TOR && isTor())
+			error(ERROR_TOR);
+			
+		// Check if board exists
+		if(!openBoard($_POST['board']))
+			error(ERROR_NOBOARD);
+		
+		if(empty($delete))
+			error(ERROR_NODELETE);
+			
+		foreach($delete as &$id) {
+			$query = prepare(sprintf("SELECT `password` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
+			$query->bindValue(':id', $id, PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			if($post = $query->fetch()) {
+				if(!empty($password) && $post['password'] != $password)
+					error(ERROR_INVALIDPASSWORD);
+					
+				if(isset($_POST['file'])) {
+					// Delete just the file
+					deleteFile($id);
+				} else {
+					// Delete entire post
+					deletePost($id);
+				}
+			}
+		}
+		
+		buildIndex();
+		
+		sql_close();
+		
+		$is_mod = isset($_POST['mod']) && $_POST['mod'];
+		$root = $is_mod ? ROOT . FILE_MOD . '?/' : ROOT;
+		
+		header('Location: ' . $root . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP);
+		
+	} elseif(isset($_POST['post'])) {
 		if(	!isset($_POST['name']) ||
 			!isset($_POST['email']) ||
 			!isset($_POST['subject']) ||