function editPostBox($mysqli, $post_id) { /** * Box with default messages from database */ if (\MCBlog\DB\login_check()) { $post_info = \MCBlog\DB\get_post_info($post_id, $mysqli); $post_topic = \MCBlog\Utils\br2es($post_info['post_topic']); $post_text = \MCBlog\Utils\br2es($post_info['post_text']); if ($post_info and $post_text and $post_id) { return '<h2>Edit Post</h2><br> <form id=\'post-form\' method=\'post\' action=\'/model/edit_posts.php?post_id=' . $post_id . '\'> <h4>Title:</h4> <input type=\'text\' name=\'post-topic\' value=\'' . $post_topic . '\' class=\'boxsizingBorder\'> <br><br> <h4>Content:</h4> <textarea name=\'post-text\' class=\'boxsizingBorder\' rows=10 form=\'post-form\'>' . $post_text . '</textarea> <br><br> <input type=\'submit\' value=\'Confirm\'> <a href=\'/view/posts.php\'>Cancel</a> </form>'; } else { return '<h2>Post is not found</h2> <p>Click <a href=\'/index.php\'>here</a> to return to home page</p>'; } } else { return '<h2>Only admin can edit the posts.</h2> <p>Click <a href=\'/index.php\'>here</a> to return to home page</p>'; } }
<?php /** * Only admin is able to edit posts */ include_once $_SERVER['DOCUMENT_ROOT'] . '/config.php'; include_once $_SERVER['DOCUMENT_ROOT'] . '/../globals.php'; include_once $_SERVER['DOCUMENT_ROOT'] . '/model/db.php'; MCBlog\DB\sec_session_start(); if (MCBlog\DB\login_check()) { $post_id = intval($_GET['post_id']); // Connect to MySQL database $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE); if ($mysqli->connect_errno) { exit; } $inputTopic = $_POST['post-topic']; $inputText = $_POST['post-text']; $procText = nl2br($inputText); $datetime = new DateTime(NULL, new DateTimeZone('Asia/Singapore')); $datetime_str = $datetime->format('Y-m-d H:i:s'); if (!($stmt = $mysqli->prepare('UPDATE posts SET topic = ?, content = ?, datetime = STR_TO_DATE(?, \'%Y-%m-%d %H:%i:%s\') WHERE post_id = ?;'))) { exit; } if (!$stmt->bind_param('sssi', $inputTopic, $procText, $datetime_str, $post_id)) { exit; } if (!$stmt->execute()) { exit;
function get_posts_html_array($mysqli) { $posts = \MCBlog\DB\get_all_posts($mysqli); // sort array based on last modified date function cmp($a, $b) { $timestamp_a = strtotime($a['post_datetime']); $timestamp_b = strtotime($b['post_datetime']); if ($timestamp_a == $timestamp_b) { return 0; } return $timestamp_a < $timestamp_b ? -1 : 1; } if (!usort($posts, "MCBlog\\DB\\cmp")) { echo 'Sorting by timestamp failed.'; } $result_array = array(); for ($i = count($posts) - 1; $i >= 0; $i--) { $post_id = $posts[$i]['post_id']; $post_topic = $posts[$i]['post_topic']; $post_text = $posts[$i]['post_text']; $post_datetime = $posts[$i]['post_datetime']; // Check login status. If user is logged in as admin, s/he will see the EDIT/DELETE hypertexts array_push($result_array, '<div class=\'post-container\'><legend><h3 class=\'post-topic\'>' . $post_topic . '</h3> </legend>' . \MCBlog\Utils\createEditDeleteStrings(\MCBlog\DB\login_check(), $post_id) . '<p class=\'post-datetime\'>' . 'Last edit at: ' . $post_datetime . '</p><br><br><p class=\'post-content\'>' . $post_text . '</p></div><br><br>'); } return $result_array; }