function editPostBox($mysqli, $post_id)
{
/**
* Box with default messages from database
*/
if (\MCBlog\DB\login_check()) {
$post_info = \MCBlog\DB\get_post_info($post_id, $mysqli);
$post_topic = \MCBlog\Utils\br2es($post_info['post_topic']);
$post_text = \MCBlog\Utils\br2es($post_info['post_text']);
if ($post_info and $post_text and $post_id) {
return '<h2>Edit Post</h2><br>
<form id=\'post-form\' method=\'post\' action=\'/model/edit_posts.php?post_id=' . $post_id . '\'>
<h4>Title:</h4>
<input type=\'text\' name=\'post-topic\' value=\'' . $post_topic . '\' class=\'boxsizingBorder\'>
<br><br>
<h4>Content:</h4>
<textarea name=\'post-text\' class=\'boxsizingBorder\' rows=10 form=\'post-form\'>' . $post_text . '</textarea>
<br><br>
<input type=\'submit\' value=\'Confirm\'>
<a href=\'/view/posts.php\'>Cancel</a>
</form>';
} else {
return '<h2>Post is not found</h2>
<p>Click <a href=\'/index.php\'>here</a> to return to home page</p>';
}
} else {
return '<h2>Only admin can edit the posts.</h2>
<p>Click <a href=\'/index.php\'>here</a> to return to home page</p>';
}
}
<?php
/**
* Only admin is able to edit posts
*/
include_once $_SERVER['DOCUMENT_ROOT'] . '/config.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/../globals.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/model/db.php';
MCBlog\DB\sec_session_start();
if (MCBlog\DB\login_check()) {
$post_id = intval($_GET['post_id']);
// Connect to MySQL database
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
if ($mysqli->connect_errno) {
exit;
}
$inputTopic = $_POST['post-topic'];
$inputText = $_POST['post-text'];
$procText = nl2br($inputText);
$datetime = new DateTime(NULL, new DateTimeZone('Asia/Singapore'));
$datetime_str = $datetime->format('Y-m-d H:i:s');
if (!($stmt = $mysqli->prepare('UPDATE posts
SET topic = ?, content = ?, datetime = STR_TO_DATE(?, \'%Y-%m-%d %H:%i:%s\')
WHERE post_id = ?;'))) {
exit;
}
if (!$stmt->bind_param('sssi', $inputTopic, $procText, $datetime_str, $post_id)) {
exit;
}
if (!$stmt->execute()) {
exit;
function get_posts_html_array($mysqli)
{
$posts = \MCBlog\DB\get_all_posts($mysqli);
// sort array based on last modified date
function cmp($a, $b)
{
$timestamp_a = strtotime($a['post_datetime']);
$timestamp_b = strtotime($b['post_datetime']);
if ($timestamp_a == $timestamp_b) {
return 0;
}
return $timestamp_a < $timestamp_b ? -1 : 1;
}
if (!usort($posts, "MCBlog\\DB\\cmp")) {
echo 'Sorting by timestamp failed.';
}
$result_array = array();
for ($i = count($posts) - 1; $i >= 0; $i--) {
$post_id = $posts[$i]['post_id'];
$post_topic = $posts[$i]['post_topic'];
$post_text = $posts[$i]['post_text'];
$post_datetime = $posts[$i]['post_datetime'];
// Check login status. If user is logged in as admin, s/he will see the EDIT/DELETE hypertexts
array_push($result_array, '<div class=\'post-container\'><legend><h3 class=\'post-topic\'>' . $post_topic . '</h3>
</legend>' . \MCBlog\Utils\createEditDeleteStrings(\MCBlog\DB\login_check(), $post_id) . '<p class=\'post-datetime\'>' . 'Last edit at: ' . $post_datetime . '</p><br><br><p class=\'post-content\'>' . $post_text . '</p></div><br><br>');
}
return $result_array;
}
