php-gallery/edit.php

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Gallery</title>
  <link rel="stylesheet" href="css/master.css">
  <link href="https://fonts.googleapis.com/css2?family=Rubik" rel="stylesheet">
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lexend+Deca:wght@600&amp;display=swap">
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Fira+Code:wght@500&amp;display=swap">
</head>
<body>
  <?php
  include("ui/header.php");
  include("ui/conn.php");

  if (isset($_POST['id'])) {
    // Getting all image info from table
    $get_image = "SELECT * FROM swag_table WHERE id = ".$_POST['id'];
    $image_results = mysqli_query($conn, $get_image);
    $image = mysqli_fetch_assoc($image_results);

    // Checking if user has edit rights
    if (isset($_SESSION['id']) && $image['author'] == $_SESSION['id'] || $_SESSION['id'] == 1) {
      if (isset($_POST['alt'])) {
        $sql = $conn->prepare("UPDATE swag_table SET alt=? WHERE id=?");
        $sql->bind_param("si", $alt, $id);

        $alt = $_POST['alt'];
        $id = $_POST['id'];

        if ($sql->execute()) {
          header("Location:https://superdupersecteteuploadtest.fluffybean.gay/image.php?id=".$_POST['id']."&update=success");
        } else {
          $error = "Something fuckywucky";
        }
      } else {
        $error = "No description/alt, pls give";
      }
    } else {
      $error = "You do not have edit rights";
    }
  }

  ?>

  <div class="edit-root">
    <h2>Modify Information</h2>
    <p class="space-below">This is a dangerous place to step foot into... tread carefully.</p>
    <form class="flex-down between" method="POST" action="edit.php" enctype="multipart/form-data">
        <input class="btn alert-default space-bottom-large" type="text" name="alt" placeholder="Description/Alt for image">
        <?php echo "<button class='btn alert-default' type='submit' name='id' value=".$_GET["id"]."><img class='svg' src='assets/icons/edit.svg'>Update information</button>"; ?>
    </form>

    <?php
    if (isset($error)) {
      echo "<p class='alert alert-low space-top'>".$error."</p>";
    }
    ?>
  </div>

  <?php include("ui/footer.php"); ?>
</body>
</html>
General cleanup 2022-07-23 14:03:11 +00:00			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<meta charset="utf-8">`
			`<meta name="viewport" content="width=device-width, initial-scale=1.0">`
Basic account system 2022-07-25 15:13:26 +00:00			`<title>Gallery</title>`
General cleanup 2022-07-23 14:03:11 +00:00			`<link rel="stylesheet" href="css/master.css">`
			`<link href="https://fonts.googleapis.com/css2?family=Rubik" rel="stylesheet">`
			`<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lexend+Deca:wght@600&display=swap">`
			`<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Fira+Code:wght@500&display=swap">`
			`</head>`
			`<body>`
Fixing security issues 2022-07-25 17:28:55 +00:00			`<?php`
			`include("ui/header.php");`
			`include("ui/conn.php");`

			`if (isset($_POST['id'])) {`
			`// Getting all image info from table`
			`$get_image = "SELECT * FROM swag_table WHERE id = ".$_POST['id'];`
			`$image_results = mysqli_query($conn, $get_image);`
			`$image = mysqli_fetch_assoc($image_results);`

			`// Checking if user has edit rights`
			`if (isset($_SESSION['id']) && $image['author'] == $_SESSION['id'] \|\| $_SESSION['id'] == 1) {`
			`if (isset($_POST['alt'])) {`
			`$sql = $conn->prepare("UPDATE swag_table SET alt=? WHERE id=?");`
			`$sql->bind_param("si", $alt, $id);`

			`$alt = $_POST['alt'];`
			`$id = $_POST['id'];`

			`if ($sql->execute()) {`
			`header("Location:https://superdupersecteteuploadtest.fluffybean.gay/image.php?id=".$_POST['id']."&update=success");`
			`} else {`
			`$error = "Something fuckywucky";`
			`}`
			`} else {`
			`$error = "No description/alt, pls give";`
			`}`
			`} else {`
			`$error = "You do not have edit rights";`
			`}`
			`}`

			`?>`
General cleanup 2022-07-23 14:03:11 +00:00
			`<div class="edit-root">`
			`<h2>Modify Information</h2>`
Prepared sql for pain 2022-07-24 09:43:54 +00:00			`<p class="space-below">This is a dangerous place to step foot into... tread carefully.</p>`
General cleanup 2022-07-23 14:03:11 +00:00			`<form class="flex-down between" method="POST" action="edit.php" enctype="multipart/form-data">`
Basic account system 2022-07-25 15:13:26 +00:00			`<input class="btn alert-default space-bottom-large" type="text" name="alt" placeholder="Description/Alt for image">`
Prepared sql for pain 2022-07-24 09:43:54 +00:00			`<?php echo "<button class='btn alert-default' type='submit' name='id' value=".$_GET["id"]."><img class='svg' src='assets/icons/edit.svg'>Update information</button>"; ?>`
General cleanup 2022-07-23 14:03:11 +00:00			`</form>`
Prepared sql for pain 2022-07-24 09:43:54 +00:00
General cleanup 2022-07-23 14:03:11 +00:00			`<?php`
Fixing security issues 2022-07-25 17:28:55 +00:00			`if (isset($error)) {`
			`echo "<p class='alert alert-low space-top'>".$error."</p>";`
General cleanup 2022-07-23 14:03:11 +00:00			`}`
			`?>`
			`</div>`

			`<?php include("ui/footer.php"); ?>`
			`</body>`
			`</html>`