The following files exists in this folder. Click to view.
Foogler_blog/pages
PAuthor.php
PCommentProcess.php
PDeleteCommentProcess.php
PDeletePost.php
PDeletePostProcess.php
PEditPost.php
PEditPostProcess.php
PErDiagramme.php
PIndex.php
PInstall.php
PInstallProcess.php
PNewPost.php
PNewPostProcess.php
PRssFeed.php
PShowPost.php
PStatistics.php
PValidate.php
login/
<?php
//--------------------------
// PDeletePostProcess.php
//
// Handles process for deleting post
//--------------------------
//Note: The tags aren't deleted at the moment
//Checks that user is logged in
if(!isset($_SESSION['accountUser'])) {
require_once("login/PLogin.php");
exit;
} else if($_SESSION['accountUser'] == "guest" ) {
die("Sorry, you don't have the priviliges for doing this...");
}
//--------------------------
//Handles GET variables
$chosenPost = isset($_GET['id']) ? $_GET['id'] : '';
//--------------------------
//DB stuff
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE); //New DB object
if (mysqli_connect_error()) {
echo "Connect failed: ".mysqli_connect_error()."<br>";
exit();
}
$mysqli->set_charset("utf8");
//Prevent SQL injections
$chosenPost = $mysqli->real_escape_string($chosenPost);
//----------------------
//SQL query
$tablePost = DB_PREFIX . 'Post';
$tableTag = DB_PREFIX . 'Tag';
$tablePostTag = DB_PREFIX . 'PostTag';
$query = <<<END
--
-- Deletes post
--
DELETE FROM {$tablePost}
WHERE idPost = {$chosenPost}
LIMIT 1;
--
-- Deletes all post + tag combinations for the post
--
DELETE FROM {$tablePostTag}
WHERE PostTag_idPost = {$chosenPost};
END;
$mysqli->multi_query($query) or die("Could not query database" . $mysqli->errno .":" . $mysqli->error); //Performs query
//Checks if error
if ($mysqli->errno) {
$html .= "<p>Stopped receiving results: {$mysqli->errno} ({$mysqli->error})</p>";
}
$mysqli->close(); //Closes DB connection
//---------------------
//Redirects to first page
header("Location:" . WS_SITELINK . "?p=index");
exit;