mirror of
https://github.com/Fluffy-Bean/image-gallery.git
synced 2024-12-29 10:56:12 +00:00
This will never work
This commit is contained in:
parent
6a60375904
commit
9fd86cb3fc
|
@ -1,17 +1,4 @@
|
|||
<?php
|
||||
/*
|
||||
|-------------------------------------------------------------
|
||||
| Check if user has edit permitions
|
||||
|-------------------------------------------------------------
|
||||
| This is repetetive, but I'm worried people will find a way
|
||||
| around the front-end protection (if any), so best to do a
|
||||
| second check.
|
||||
|
|
||||
| I also want to add that this is probably a very long and
|
||||
| poor way of doing the check, so I'm sorry for anyone who has
|
||||
| the unfortunate task of reading this code.
|
||||
|-------------------------------------------------------------
|
||||
*/
|
||||
$conn_ip = "localhost";
|
||||
$conn_username = "uwu";
|
||||
$conn_password = "fennec621";
|
||||
|
@ -21,56 +8,26 @@ $conn = mysqli_connect($conn_ip, $conn_username, $conn_password , $conn_database
|
|||
if ($conn->connect_error) {
|
||||
// Send notification that connection couldn't be made
|
||||
}
|
||||
function image_privilage($id) {
|
||||
$session_id = $_SESSION['id'];
|
||||
if (isset($session_id) || !empty($session_id)) {
|
||||
if ($session_id == $id) {
|
||||
return True;
|
||||
|
||||
|
||||
if (isset($_POST['submit'])) {
|
||||
// getting ready forSQL asky asky
|
||||
$sql = "UPDATE swag_table SET alt=? WHERE id=?";
|
||||
|
||||
// Checking if databse is doing ok
|
||||
if ($stmt = mysqli_prepare($conn, $sql)) {
|
||||
mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
|
||||
|
||||
// Setting parameters
|
||||
$param_alt = $_POST['description'];
|
||||
$param_id = $_POST['id'];
|
||||
|
||||
// Attempt to execute the prepared statement
|
||||
if (mysqli_stmt_execute($stmt)) {
|
||||
echo "sniffleAdd('Info','Description has been updated successfully! You may need to refresh the page to see the new information.','var(--green)')";
|
||||
} else {
|
||||
return False;
|
||||
echo "sniffleAdd('Error','An error occured on the servers','var(--red)')";
|
||||
}
|
||||
} else {
|
||||
return False;
|
||||
}
|
||||
}
|
||||
function get_image_info($conn, $id) {
|
||||
// Setting SQL query
|
||||
$sql = "SELECT * FROM swag_table WHERE id = ".$id;
|
||||
// Getting results
|
||||
$query = mysqli_query($conn, $sql);
|
||||
// Fetching associated info
|
||||
$image_array = mysqli_fetch_assoc($query);
|
||||
|
||||
return($image_array);
|
||||
}
|
||||
|
||||
|
||||
// Get image ID to search up
|
||||
$image_post_id = $_POST['image_id'];
|
||||
$image_info = get_image_info($conn, $image_post_id);
|
||||
|
||||
if (isset($_POST['description'])) {
|
||||
// If privilaged, continue
|
||||
if (image_privilage($image_info['id'])) {
|
||||
// getting ready forSQL asky asky
|
||||
$sql = "UPDATE swag_table SET alt=? WHERE id=?";
|
||||
|
||||
// Checking if databse is doing ok
|
||||
if ($stmt = mysqli_prepare($conn, $sql)) {
|
||||
mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
|
||||
|
||||
// Setting parameters
|
||||
$param_alt = $_POST['description'];
|
||||
$param_id = $image_post_id;
|
||||
|
||||
// Attempt to execute the prepared statement
|
||||
if (mysqli_stmt_execute($stmt)) {
|
||||
echo "<script>sniffleAdd('Info','Description has been updated successfully! You may need to refresh the page to see the new information.','var(--green)')</script>";
|
||||
} else {
|
||||
echo "<script>sniffleAdd('Error','An error occured on the servers','var(--red)')</script>";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
echo "<script>sniffleAdd('Error','You do not have access to this','var(--red)')</script>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
66
image.php
66
image.php
|
@ -68,11 +68,7 @@ if (image_privilage($image['author']) || is_admin($_SESSION['id'])) {
|
|||
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Fira+Code:wght@500&display=swap">
|
||||
|
||||
<!-- JQuery -->
|
||||
<script
|
||||
src="https://code.jquery.com/jquery-3.6.0.min.js"
|
||||
integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4="
|
||||
crossorigin="anonymous">
|
||||
</script>
|
||||
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
|
||||
|
||||
<!-- Sniffle script! -->
|
||||
<script src="Sniffle/sniffle.js"></script>
|
||||
|
@ -123,35 +119,6 @@ if (image_privilage($image['author']) || is_admin($_SESSION['id'])) {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Description confirm
|
||||
*/
|
||||
if (isset($_POST['description_confirm']) && $privilaged) {
|
||||
// Unset all the variables, needed by flyout
|
||||
unset($header, $content, $action);
|
||||
|
||||
// getting ready forSQL asky asky
|
||||
$sql = "UPDATE swag_table SET alt=? WHERE id=?";
|
||||
|
||||
// Checking if databse is doing ok
|
||||
if ($stmt = mysqli_prepare($conn, $sql)) {
|
||||
mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
|
||||
|
||||
// Setting parameters
|
||||
$param_alt = $_POST['update_alt'];
|
||||
$param_id = $image["id"];
|
||||
|
||||
// Attempt to execute the prepared statement
|
||||
if (mysqli_stmt_execute($stmt)) {
|
||||
header("Location:image.php?id=".$image["id"]."&update=success");
|
||||
} else {
|
||||
header("Location:image.php?id=".$image["id"]."&update=error");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Tags Confirm
|
||||
*/
|
||||
|
@ -340,37 +307,28 @@ if (image_privilage($image['author']) || is_admin($_SESSION['id'])) {
|
|||
|-------------------------------------------------------------
|
||||
| Edit description
|
||||
|-------------------------------------------------------------
|
||||
| As the name suggests, this edits the description, this
|
||||
| Uses the following variables:
|
||||
| editDescriptionButton
|
||||
| editDescriptionConfirm
|
||||
| editDescriptionInput
|
||||
| editDescriptionSubmit
|
||||
|-------------------------------------------------------------
|
||||
-->
|
||||
<button id='descriptionButton' class='btn alert-low space-top-small'><img class='svg' src='assets/icons/edit.svg'>Edit description</button>
|
||||
<script>
|
||||
$('#descriptionButton').click(function(){
|
||||
var header = "Enter new Description/Alt";
|
||||
var description = "Whatcha gonna put in there 👀";
|
||||
var actionBox = "<form id='descriptionConfirm' action='app/image/edit_description.php' method='POST'>\
|
||||
<input id='descriptionInput' class='btn alert-default space-bottom' type='text' placeholder='Description/Alt for image'>\
|
||||
<button id='descriptionSubmit' class='btn alert-low'><img class='svg' src='assets/icons/edit.svg'>Update information</button>\
|
||||
var actionBox = "<form id='descriptionConfirm'>\
|
||||
<input id='descriptionInput' class='btn alert-default space-bottom' type='text' name='descriptionInput' placeholder='Description/Alt for image'>\
|
||||
<button id='descriptionSubmit' class='btn alert-low' type='submit name='descriptionSubmit''><img class='svg' src='assets/icons/edit.svg'>Update information</button>\
|
||||
</form>\
|
||||
<div id='descriptionErrorHandling'></div>";
|
||||
flyoutShow(header, description, actionBox);
|
||||
});
|
||||
|
||||
$(document).ready(function() {
|
||||
$("#editDescriptionConfirm").submit(function(event) {
|
||||
event.preventDefault();
|
||||
var descriptionInput = $("#descriptionInput").val();
|
||||
var descriptionSubmit = $("descriptionSubmit").val();
|
||||
$("#descriptionErrorHandling").load("app/image/edit_description.php", {
|
||||
image_id: <?php echo $_GET['id']; ?>,
|
||||
description: descriptionInput,
|
||||
submit: descriptionSubmit
|
||||
})
|
||||
$("#descriptionConfirm").submit(function(event) {
|
||||
event.preventDefault();
|
||||
var descriptionInput = $("#descriptionInput").val();
|
||||
var descriptionSubmit = $("#descriptionSubmit").val();
|
||||
$("#descriptionErrorHandling").load("app/image/edit_description.php", {
|
||||
id: <?php echo $_GET['id']; ?>,
|
||||
description: descriptionInput,
|
||||
submit: descriptionSubmit
|
||||
});
|
||||
});
|
||||
</script>
|
||||
|
|
Loading…
Reference in a new issue