-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdelete_post.php
66 lines (54 loc) · 1.77 KB
/
delete_post.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
session_start();
// Check if the user is logged in
if (!isset($_SESSION["username"])) {
header("Location: index.php");
exit;
}
// Connect to the database
include_once("dbconnect.php");
// Check if the connection was successful
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
// Get the post ID from the query string
if (!isset($_GET["id"])) {
header("Location: manage_posts.php");
exit;
}
$post_id = $_GET["id"];
// Get the current user's ID
$username = $_SESSION["username"];
$sql = "SELECT id FROM users WHERE username = '$username'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_assoc($result);
$user_id = $row["id"];
} else {
die("Error: User not found");
}
// Check if the user is the author of the post
$sql = "SELECT * FROM posts WHERE id = '$post_id' AND author = '$user_id'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1) {
// The user is the author of the post, delete the post and all associated likes and comments
$sql = "DELETE FROM likes WHERE post_id = '$post_id'";
$result = mysqli_query($conn, $sql);
$sql = "DELETE FROM comments WHERE post_id = '$post_id'";
$result = mysqli_query($conn, $sql);
$sql = "DELETE FROM posts WHERE id = '$post_id'";
$result = mysqli_query($conn, $sql);
if (!$result) {
echo "Error deleting post: " . mysqli_error($conn);
} else {
header("Location: manage_posts.php");
exit;
}
} else {
// The user is not the author of the post, redirect them to the manage_posts page
header("Location: manage_posts.php");
exit;
}
// Close the database connection
mysqli_close($conn);
?>