From 6e4fbb75ec44b932e191746134bfd8b80312f5c4 Mon Sep 17 00:00:00 2001
From: ENGO150 <v.smejkal06@gmail.com>
Date: Sat, 25 May 2024 17:10:52 +0200
Subject: [PATCH] created api for archiving posts

---
 res/forum/api/archive_post.php | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 res/forum/api/archive_post.php

diff --git a/res/forum/api/archive_post.php b/res/forum/api/archive_post.php
new file mode 100644
index 0000000..2642242
--- /dev/null
+++ b/res/forum/api/archive_post.php
@@ -0,0 +1,26 @@
+<?php
+
+include("../../global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+
+if ($out -> num_rows != 1)
+{
+    fail:
+    echo "nope";
+    header("Location: ../../../index.php");
+    return;
+}
+
+if (!isset($_GET["username"])) return;
+if (!isset($_GET["post_id"])) return;
+
+$safe_username = mysqli_real_escape_string($database, $_GET["username"]);
+$safe_post_id = mysqli_real_escape_string($database, $_GET["post_id"]);
+
+$id = (($database -> query("SELECT id FROM user WHERE username=\"" . $safe_username . "\"")) -> fetch_assoc())["id"];
+
+$database -> query("UPDATE post SET archived=1 WHERE author=" . $id . " AND photo_id=" . $safe_post_id);
\ No newline at end of file