FabrikaHradekTour/res/forum/api/archive_post.php

<?php

include("../../global.php");
session_start();

if (!isset($_SESSION["username"])) goto fail;

$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");

if ($out -> num_rows != 1)
{
    fail:
    echo "nope";
    header("Location: ../../../index.php");
    return;
}

if (!isset($_GET["username"])) return;
if (!isset($_GET["post_id"])) return;

$safe_username = mysqli_real_escape_string($database, $_GET["username"]);
$safe_post_id = mysqli_real_escape_string($database, $_GET["post_id"]);

$id = (($database -> query("SELECT id FROM user WHERE username=\"" . $safe_username . "\"")) -> fetch_assoc())["id"];

$database -> query("UPDATE post SET archived=1 WHERE author=" . $id . " AND photo_id=\"" . $safe_post_id . "\"");
created api for archiving posts 2024-05-25 17:10:52 +02:00			`<?php`

			`include("../../global.php");`
			`session_start();`

			`if (!isset($_SESSION["username"])) goto fail;`

			`$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");`

			`if ($out -> num_rows != 1)`
			`{`
			`fail:`
			`echo "nope";`
			`header("Location: ../../../index.php");`
			`return;`
			`}`

			`if (!isset($_GET["username"])) return;`
			`if (!isset($_GET["post_id"])) return;`

			`$safe_username = mysqli_real_escape_string($database, $_GET["username"]);`
			`$safe_post_id = mysqli_real_escape_string($database, $_GET["post_id"]);`

			`$id = (($database -> query("SELECT id FROM user WHERE username=\"" . $safe_username . "\"")) -> fetch_assoc())["id"];`

typo fix 2024-05-25 17:17:09 +02:00			`$database -> query("UPDATE post SET archived=1 WHERE author=" . $id . " AND photo_id=\"" . $safe_post_id . "\"");`