public static function create($thread_id, $title, $content, $date, $time, $author_id, $input_type)
{
$db = getDatabase();
// (1) insert into post_22
$dt = new DateTime();
$current_timestamp = $dt->getTimestamp();
$q = "INSERT INTO post_" . $thread_id . " (" . self::KEY_TITLE . "," . self::KEY_CONTENT . "," . self::KEY_DATE . "," . self::KEY_TIME . "," . self::KEY_AUTHOR . "," . self::KEY_INPUT_TYPE . "," . self::KEY_MODIFIED_TIME . "," . self::KEY_CREATED_TIME . " " . ")VALUES(" . ":title," . ":content," . ":date," . ":time," . ":author_id," . ":input_type," . $current_timestamp . "," . $current_timestamp . " " . ")";
try {
$stmt = $db->prepare($q);
$stmt->bindParam(':title', $title);
$stmt->bindParam(':content', $content);
$stmt->bindParam(':date', $date);
$stmt->bindParam(':time', $time);
$stmt->bindParam(':author_id', $author_id);
$stmt->bindParam(':input_type', $input_type);
$stmt->execute();
$lastInsertId = $db->lastInsertId(self::KEY_ID);
// (2) update post_list update time & date
$thread = new Thread();
$thread->initWithId($thread_id);
$thread->updateUpdateTime($time, $date, $current_timestamp);
// (3) get the last insert post
$post = new Post();
$post->initWithId($thread_id, $lastInsertId);
return $post;
} catch (PDOException $ex) {
Utils::HandlePDOException($ex);
}
return null;
}
public static function delete($thread_id, $post_id)
{
// begin
if ($_SESSION[KEY_SESSION][Account::KEY_USERNAME] == "guest") {
Utils::showNoPermissionPage();
die;
}
// end
$thread = new Thread();
$thread->initWithId($thread_id);
$post = $thread->getPostById($post_id);
if (!empty($_GET["confirm"]) && $_GET["confirm"] == "true") {
// delete post, if current person is thread's host, delete thread as well
if ($post->getAuthor()->getId() == $_SESSION[KEY_SESSION][Account::KEY_ID]) {
$redirect_to = "/thread/";
// it means host thread
if ($post->isHost()) {
$thread->delete();
$post->delete();
} else {
$post->delete();
$latest_update = Post::getLastModifiedPost($thread_id)->getModifiedTime();
$dt = new DateTime();
$dt->setTimestamp($latest_update);
$update_time = $dt->format("g:iA");
$update_date = $dt->format("Y/m/d");
$thread->updateUpdateTime($update_time, $update_date, $latest_update);
$redirect_to .= $thread_id;
}
header("Location: " . $redirect_to);
die;
} else {
// you are not the owner of the post, you don't have the permission to alter
Utils::showNoPermissionPage();
include VIEWS_PATH . "private-nav.php";
include VIEWS_PATH . "thread/thread.php";
die;
}
} else {
// get request
$thread->initWithId($thread_id);
$post = $thread->getPostById($post_id);
}
$permission = $thread->getPermission();
if (!self::checkingPermission($thread_id, $post_id, $permission) || !($_SESSION[KEY_SESSION][Account::KEY_ID] == $post->getAuthor()->getId())) {
Utils::showNoPermissionPage();
return;
}
$content = "delete.php";
include VIEWS_PATH . "private-nav.php";
include VIEWS_PATH . "thread/thread.php";
}