Update file editpage.php
This commit is contained in:
Jan BELLON
parent
4bdffcc98f
commit
bb785cbff4
@ -57,9 +57,10 @@ if (isset($_FILES['miniature']) && $_FILES['miniature']['error'] == 0 && isset($
|
|||||||
imagedestroy($imageResized);
|
imagedestroy($imageResized);
|
||||||
|
|
||||||
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
|
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
|
||||||
$req = $bdd->prepare("UPDATE articles SET image = :image WHERE ID = :article");
|
$req = $bdd->prepare("UPDATE articles SET image = :image WHERE ID = :article AND auteur = :user_id");
|
||||||
$req->bindParam(":image", $webPath);
|
$req->bindParam(":image", $webPath);
|
||||||
$req->bindParam(":article", $_GET['article']);
|
$req->bindParam(":article", $_GET['article']);
|
||||||
|
$req->bindParam(":user_id", $_SESSION['userid']);
|
||||||
if($req->execute()) {
|
if($req->execute()) {
|
||||||
$status = "Miniature mise à jour";
|
$status = "Miniature mise à jour";
|
||||||
} else {
|
} else {
|
||||||
@ -76,8 +77,9 @@ if(isset($fichier)) {
|
|||||||
if(isset($_GET['article']) && isset($_POST['deletefile']) && $_POST['deletefile'] == "Supprimer") {
|
if(isset($_GET['article']) && isset($_POST['deletefile']) && $_POST['deletefile'] == "Supprimer") {
|
||||||
if(unlink($fichier)) {
|
if(unlink($fichier)) {
|
||||||
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
|
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
|
||||||
$upload = $bdd->prepare("DELETE FROM articles WHERE ID = :filename");
|
$upload = $bdd->prepare("DELETE FROM articles WHERE ID = :filename AND auteur = :user_id");
|
||||||
$upload->bindParam(':filename', $filename);
|
$upload->bindParam(':filename', $filename);
|
||||||
|
$upload->bindParam(':auteur', $_SESSION['userid']);
|
||||||
if($upload->execute()) {
|
if($upload->execute()) {
|
||||||
header("Location: editpage.php");
|
header("Location: editpage.php");
|
||||||
echo "Fichier supprimé";
|
echo "Fichier supprimé";
|
||||||
@ -95,12 +97,13 @@ if(isset($fichier)) {
|
|||||||
if(isset($_POST['article-classification']) && isset($_POST['article-image']) && isset($_POST['article-resume']) && isset($_GET['article'])) {
|
if(isset($_POST['article-classification']) && isset($_POST['article-image']) && isset($_POST['article-resume']) && isset($_GET['article'])) {
|
||||||
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
|
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
|
||||||
|
|
||||||
$req = $bdd->prepare("UPDATE articles SET classification = :classification, titre = :titre, image = :image, resume = :resume WHERE ID = :article");
|
$req = $bdd->prepare("UPDATE articles SET classification = :classification, titre = :titre, image = :image, resume = :resume WHERE ID = :article AND auteur = :user_id");
|
||||||
$req->bindParam(':classification', $_POST['article-classification']);
|
$req->bindParam(':classification', $_POST['article-classification']);
|
||||||
$req->bindParam(':titre', htmlspecialchars($_POST['article-titre']));
|
$req->bindParam(':titre', htmlspecialchars($_POST['article-titre']));
|
||||||
$req->bindParam(':image', htmlspecialchars($_POST['article-image']));
|
$req->bindParam(':image', htmlspecialchars($_POST['article-image']));
|
||||||
$req->bindParam(':resume', nl2br($_POST['article-resume']));
|
$req->bindParam(':resume', nl2br($_POST['article-resume']));
|
||||||
$req->bindParam(':article', $_GET['article']);
|
$req->bindParam(':article', $_GET['article']);
|
||||||
|
$req->bindParam(':user_id', $_SESSION['userid']);
|
||||||
if($req->execute()) {
|
if($req->execute()) {
|
||||||
$status = "Informations mises à jour";
|
$status = "Informations mises à jour";
|
||||||
} else {
|
} else {
|
||||||
@ -173,8 +176,9 @@ if(isset($fichier)) {
|
|||||||
echo "<div><div class='button'><a href='news.php?article=" . $filename . "'>Voir l'article</a></div>";
|
echo "<div><div class='button'><a href='news.php?article=" . $filename . "'>Voir l'article</a></div>";
|
||||||
if(isset($_GET['article'])) {
|
if(isset($_GET['article'])) {
|
||||||
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
|
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
|
||||||
$req = $bdd->prepare("SELECT classification, titre, image, resume FROM articles WHERE ID = :article");
|
$req = $bdd->prepare("SELECT classification, titre, image, resume FROM articles WHERE ID = :article AND auteur = :user_id");
|
||||||
$req->bindParam(":article", $_GET['article']);
|
$req->bindParam(":article", $_GET['article']);
|
||||||
|
$req->bindParam(":user_id", $_SESSION['userid']);
|
||||||
$req->execute();
|
$req->execute();
|
||||||
$resultat = $req->fetchAll(PDO::FETCH_ASSOC);
|
$resultat = $req->fetchAll(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user