public function indexAction() { header('content-type: application/json'); header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: POST'); $valid = true; $errors = []; if (CommentModel::exists($this->pdo, htmlentities($_POST['id']))) { $id = htmlentities($_POST['id']); } else { return json_encode($errors['id'] = '<span class="errors">Cet article n\'existe pas</span>'); } $content = trim(htmlentities($_POST['content'])); $timestamp = time(); if (!isset($content) || empty($content)) { $errors['content'] = '<span class="errors">Non saisi</span>'; $valid = false; } elseif (strlen($content) > 200) { $errors['content'] = '<span class="errors">200 caractères max</span>'; $valid = false; } $errors['valid'] = $valid; if ($valid) { CommentModel::edit($this->pdo, $id, $content, $timestamp); } echo json_encode($errors); }
public function indexAction() { if (empty(explode('/', $_SERVER['REQUEST_URI'], 4)[2])) { header('Location: /'); exit; } else { $id = explode('/', $_SERVER['REQUEST_URI'], 4)[2]; } if (CommentModel::exists($this->pdo, $id)) { if ($_SESSION['auth']['username'] === CommentModel::getAuthor($this->pdo, $id)) { include '../app/views/editcomment.php'; return; } } else { header('Location: /404'); exit; } }
public function indexAction() { if (empty(explode('/', $_SERVER['REQUEST_URI'], 4)[2])) { header('Location: /'); exit; } else { $article_id = explode('/', $_SERVER['REQUEST_URI'], 4)[2]; } if (CommentModel::exists($this->pdo, $article_id)) { if ($_SESSION['auth']['username'] === CommentModel::getAuthor($this->pdo, $article_id) || $_SESSION['auth']['permissions'] === 'superadmin') { CommentModel::delete($this->pdo, $article_id); header('Location: /'); exit; } } else { header('Location: /404'); exit; } }