jan/e59-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update file editpage.php

Browse Source
This commit is contained in:
Jan BELLON 2024-03-12 12:44:19 +00:00
parent 4bdffcc98f
commit bb785cbff4
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
html/editpage.php
View File

@ -57,9 +57,10 @@ if (isset($_FILES['miniature']) && $_FILES['miniature']['error'] == 0 && isset($
imagedestroy($imageResized);
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
$req = $bdd->prepare("UPDATE articles SET image = :image WHERE ID = :article");
$req = $bdd->prepare("UPDATE articles SET image = :image WHERE ID = :article AND auteur = :user_id");
$req->bindParam(":image", $webPath);
$req->bindParam(":article", $_GET['article']);
$req->bindParam(":user_id", $_SESSION['userid']);
if($req->execute()) {
$status = "Miniature mise à jour";
} else {
@ -76,8 +77,9 @@ if(isset($fichier)) {
if(isset($_GET['article']) && isset($_POST['deletefile']) && $_POST['deletefile'] == "Supprimer") {
if(unlink($fichier)) {
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
$upload = $bdd->prepare("DELETE FROM articles WHERE ID = :filename");
$upload = $bdd->prepare("DELETE FROM articles WHERE ID = :filename AND auteur = :user_id");
$upload->bindParam(':filename', $filename);
$upload->bindParam(':auteur', $_SESSION['userid']);
if($upload->execute()) {
header("Location: editpage.php");
echo "Fichier supprimé";
@ -95,12 +97,13 @@ if(isset($fichier)) {
if(isset($_POST['article-classification']) && isset($_POST['article-image']) && isset($_POST['article-resume']) && isset($_GET['article'])) {
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
$req = $bdd->prepare("UPDATE articles SET classification = :classification, titre = :titre, image = :image, resume = :resume WHERE ID = :article");
$req = $bdd->prepare("UPDATE articles SET classification = :classification, titre = :titre, image = :image, resume = :resume WHERE ID = :article AND auteur = :user_id");
$req->bindParam(':classification', $_POST['article-classification']);
$req->bindParam(':titre', htmlspecialchars($_POST['article-titre']));
$req->bindParam(':image', htmlspecialchars($_POST['article-image']));
$req->bindParam(':resume', nl2br($_POST['article-resume']));
$req->bindParam(':article', $_GET['article']);
$req->bindParam(':user_id', $_SESSION['userid']);
if($req->execute()) {
$status = "Informations mises à jour";
} else {
@ -173,8 +176,9 @@ if(isset($fichier)) {
echo "<div><div class='button'><a href='news.php?article=" . $filename . "'>Voir l'article</a></div>";
if(isset($_GET['article'])) {
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
$req = $bdd->prepare("SELECT classification, titre, image, resume FROM articles WHERE ID = :article");
$req = $bdd->prepare("SELECT classification, titre, image, resume FROM articles WHERE ID = :article AND auteur = :user_id");
$req->bindParam(":article", $_GET['article']);
$req->bindParam(":user_id", $_SESSION['userid']);
$req->execute();
$resultat = $req->fetchAll(PDO::FETCH_ASSOC);