This will never work

2024-12-28 18:36:22 +00:00 · 2022-08-07 10:59:27 +01:00 · 2022-08-07 10:59:27 +01:00 · 9fd86cb3fc
parent 6a60375904
commit 9fd86cb3fc
2 changed files with 31 additions and 116 deletions
--- a/app/image/edit_description.php
+++ b/app/image/edit_description.php
@ -1,17 +1,4 @@
 <?php
-/*
- |-------------------------------------------------------------
- | Check if user has edit permitions
- |-------------------------------------------------------------
- | This is repetetive, but I'm worried people will find a way
- | around the front-end protection (if any), so best to do a
- | second check.
- |
- | I also want to add that this is probably a very long and
- | poor way of doing the check, so I'm sorry for anyone who has
- | the unfortunate task of reading this code.
- |-------------------------------------------------------------
-*/
 $conn_ip = "localhost";
 $conn_username = "uwu";
 $conn_password = "fennec621";
@ -21,56 +8,26 @@ $conn = mysqli_connect($conn_ip, $conn_username, $conn_password , $conn_database
 if ($conn->connect_error) {
  // Send notification that connection couldn't be made
 }
-function image_privilage($id) {
-  $session_id = $_SESSION['id'];
-  if (isset($session_id) || !empty($session_id)) {
-    if ($session_id == $id) {
-      return True;
+
+
+if (isset($_POST['submit'])) {
+  // getting ready forSQL asky asky
+  $sql = "UPDATE swag_table SET alt=? WHERE id=?";
+
+  // Checking if databse is doing ok
+  if ($stmt = mysqli_prepare($conn, $sql)) {
+    mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
+
+    // Setting parameters
+    $param_alt = $_POST['description'];
+    $param_id = $_POST['id'];
+
+    // Attempt to execute the prepared statement
+    if (mysqli_stmt_execute($stmt)) {
+      echo "sniffleAdd('Info','Description has been updated successfully! You may need to refresh the page to see the new information.','var(--green)')";
    } else {
-      return False;
+      echo "sniffleAdd('Error','An error occured on the servers','var(--red)')";
    }
-  } else {
-    return False;
-  }
-}
-function get_image_info($conn, $id) {
-  // Setting SQL query
-  $sql = "SELECT * FROM swag_table WHERE id = ".$id;
-  // Getting results
-  $query = mysqli_query($conn, $sql);
-  // Fetching associated info
-  $image_array = mysqli_fetch_assoc($query);
-
-  return($image_array);
-}
-
-
-// Get image ID to search up
-$image_post_id = $_POST['image_id'];
-$image_info = get_image_info($conn, $image_post_id);
-
-if (isset($_POST['description'])) {
-  // If privilaged, continue
-  if (image_privilage($image_info['id'])) {
-    // getting ready forSQL asky asky
-    $sql = "UPDATE swag_table SET alt=? WHERE id=?";
-
-    // Checking if databse is doing ok
-    if ($stmt = mysqli_prepare($conn, $sql)) {
-      mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
-
-      // Setting parameters
-      $param_alt = $_POST['description'];
-      $param_id = $image_post_id;
-
-      // Attempt to execute the prepared statement
-      if (mysqli_stmt_execute($stmt)) {
-        echo "<script>sniffleAdd('Info','Description has been updated successfully! You may need to refresh the page to see the new information.','var(--green)')</script>";
-      } else {
-        echo "<script>sniffleAdd('Error','An error occured on the servers','var(--red)')</script>";
-      }
-    }
-  } else {
-    echo "<script>sniffleAdd('Error','You do not have access to this','var(--red)')</script>";
  }
 }
+?>
--- a/image.php
+++ b/image.php
@ -68,11 +68,7 @@ if (image_privilage($image['author']) || is_admin($_SESSION['id'])) {
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Fira+Code:wght@500&amp;display=swap">

  <!-- JQuery -->
-  <script
-    src="https://code.jquery.com/jquery-3.6.0.min.js"
-    integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4="
-    crossorigin="anonymous">
-  </script>
+  <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>

  <!-- Sniffle script! -->
  <script src="Sniffle/sniffle.js"></script>
@ -123,35 +119,6 @@ if (image_privilage($image['author']) || is_admin($_SESSION['id'])) {
    }
  }

-
-  /*
-    Description confirm
-  */
-  if (isset($_POST['description_confirm']) && $privilaged) {
-    // Unset all the variables, needed by flyout
-    unset($header, $content, $action);
-
-    // getting ready forSQL asky asky
-    $sql = "UPDATE swag_table SET alt=? WHERE id=?";
-
-    // Checking if databse is doing ok
-    if ($stmt = mysqli_prepare($conn, $sql)) {
-      mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
-
-      // Setting parameters
-      $param_alt = $_POST['update_alt'];
-      $param_id = $image["id"];
-
-      // Attempt to execute the prepared statement
-      if (mysqli_stmt_execute($stmt)) {
-        header("Location:image.php?id=".$image["id"]."&update=success");
-      } else {
-        header("Location:image.php?id=".$image["id"]."&update=error");
-      }
-    }
-  }
-
-
  /*
    Tags Confirm
  */
@ -340,37 +307,28 @@ if (image_privilage($image['author']) || is_admin($_SESSION['id'])) {
     |-------------------------------------------------------------
     | Edit description
     |-------------------------------------------------------------
-     | As the name suggests, this edits the description, this
-     | Uses the following variables:
-     | editDescriptionButton
-     | editDescriptionConfirm
-     | editDescriptionInput
-     | editDescriptionSubmit
-     |-------------------------------------------------------------
    -->
    <button id='descriptionButton' class='btn alert-low space-top-small'><img class='svg' src='assets/icons/edit.svg'>Edit description</button>
    <script>
      $('#descriptionButton').click(function(){
        var header = "Enter new Description/Alt";
        var description = "Whatcha gonna put in there 👀";
-        var actionBox = "<form id='descriptionConfirm' action='app/image/edit_description.php' method='POST'>\
-        <input id='descriptionInput' class='btn alert-default space-bottom' type='text' placeholder='Description/Alt for image'>\
-        <button id='descriptionSubmit' class='btn alert-low'><img class='svg' src='assets/icons/edit.svg'>Update information</button>\
+        var actionBox = "<form id='descriptionConfirm'>\
+        <input id='descriptionInput' class='btn alert-default space-bottom' type='text' name='descriptionInput' placeholder='Description/Alt for image'>\
+        <button id='descriptionSubmit' class='btn alert-low' type='submit name='descriptionSubmit''><img class='svg' src='assets/icons/edit.svg'>Update information</button>\
        </form>\
        <div id='descriptionErrorHandling'></div>";
        flyoutShow(header, description, actionBox);
      });

-      $(document).ready(function() {
-        $("#editDescriptionConfirm").submit(function(event) {
-          event.preventDefault();
-          var descriptionInput = $("#descriptionInput").val();
-          var descriptionSubmit = $("descriptionSubmit").val();
-          $("#descriptionErrorHandling").load("app/image/edit_description.php", {
-            image_id: <?php echo $_GET['id']; ?>,
-            description: descriptionInput,
-            submit: descriptionSubmit
-          })
+      $("#descriptionConfirm").submit(function(event) {
+        event.preventDefault();
+        var descriptionInput = $("#descriptionInput").val();
+        var descriptionSubmit = $("#descriptionSubmit").val();
+        $("#descriptionErrorHandling").load("app/image/edit_description.php", {
+          id: <?php echo $_GET['id']; ?>,
+          description: descriptionInput,
+          submit: descriptionSubmit
        });
      });
    </script>