Update 2 files

- /html/upload.php - /html/editpage.php
2024-03-07 17:37:44 +00:00 · 2024-03-07 17:37:44 +00:00 · a447574e6b
commit a447574e6b
parent 827dbcdb39
2 changed files with 23 additions and 2 deletions
--- a/html/editpage.php
+++ b/html/editpage.php
@ -32,6 +32,20 @@ if(isset($_GET['page']) && strpos($_GET['page'], "..") == false) {
 }

 if(isset($fichier)) {
+    if(isset($_GET['article']) && isset($_POST['deletefile']) && $_POST['deletefile'] == "Supprimer") {
+        if(unlink($fichier)) {
+            $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
+            $upload = $bdd->prepare("DELETE FROM articles WHERE ID = :filename");
+            $upload->bindParam(':filename', $filename);
+            if($upload->execute()) {
+                $status = "Fichier supprimé";
+            } else {
+                $status = "Erreur SQL";
+            }
+        } else {
+            die("Erreur : Le fichier n'a pas pu être supprimé");
+        }
+    }
    if(isset($_POST['page-content'])) {
        file_put_contents($fichier, nl2br($_POST['page-content']));
    }
@ -117,6 +131,11 @@ if(isset($fichier)) {
                        ?>
                    </div>
                </form>
+                <form action="?<?php echo $filetypes[$filetype] . "=" . $filename?>" method="post">
+                    <div>
+                        <input type="submit" name="deletefile" value="Supprimer">
+                    </div>
+                </form>
            </div>
        </div>
    </main>
--- a/html/upload.php
+++ b/html/upload.php
@ -16,15 +16,17 @@ if(isset($_POST['page-content'])) {
        $filename = rand(100000, 999999);
    }
    file_put_contents($repertoire . "content/" . $filename, nl2br($_POST['page-content']));
+
+    $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
    $upload = $bdd->prepare("INSERT INTO articles (ID, titre, date, auteur) VALUES (:filename, :titre, :date, :auteur)");
    $upload->bindParam(':filename', $filename);
    $upload->bindParam(':titre', htmlspecialchars($_POST['titre']));
    $upload->bindParam(':auteur', $_SESSION['display_name']);
    $upload->bindParam(':date', date());
    if($upload->execute()) {
-        $status = "Uploaded";
+        $status = "Article Publié";
    } else {
-        $status = "SQL Error";
+        $status = "Erreur SQL";
    }
    header("Location: editpage.php?article=" . $filename);
    exit();