get_ip(); /* |------------------------------------------------------------- | Delete image |------------------------------------------------------------- | This is the scarries code I written. I hate writing anything | like this, please help |------------------------------------------------------------- */ if (isset($_POST['submit_delete'])) { // Get all image info $image_array = $image_info->get_image_info($conn, $_POST['id']); // If user owns image or has the ID of 1 if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) { // Delete from table $sql = "DELETE FROM images WHERE id = ?"; if ($stmt = mysqli_prepare($conn, $sql)) { mysqli_stmt_bind_param($stmt, "i", $param_id); // Setting parameters $param_id = $_POST['id']; // Attempt to execute the prepared statement if (mysqli_stmt_execute($stmt)) { // See if image is in the directory if (is_file(dirname(__DIR__)."/images/".$image_array['imagename'])) { unlink(dirname(__DIR__)."/images/".$image_array['imagename']); } // Delete thumbnail if exitsts if (is_file(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename'])) { unlink(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename']); } // Delete preview if exitsts if (is_file(dirname(__DIR__)."/images/previews/".$image_array['imagename'])) { unlink(dirname(__DIR__)."/images/previews/".$image_array['imagename']); } // TP user to the homepage with a success message mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted image ".$_POST['id']."')"); ?> get_image_info($conn, $_POST['id']); // If user owns image or has the ID of 1 if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) { // getting ready forSQL asky asky $sql = "UPDATE images SET alt=? WHERE id=?"; // Checking if databse is doing ok if ($stmt = mysqli_prepare($conn, $sql)) { mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id); // Setting parameters $param_alt = $_POST['input']; $param_id = $_POST['id']; // Attempt to execute the prepared statement if (mysqli_stmt_execute($stmt)) { ?> get_image_info($conn, $_POST['id']); // If user owns image or has the ID of 1 if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) { // Clean input $tags_string = $make_stuff->tags(trim($_POST['input'])); // getting ready forSQL asky asky $sql = "UPDATE images SET tags=? WHERE id=?"; // Checking if databse is doing ok if ($stmt = mysqli_prepare($conn, $sql)) { mysqli_stmt_bind_param($stmt, "si", $param_tags, $param_id); // Setting parameters $param_tags = $tags_string; $param_id = $_POST['id']; // Attempt to execute the prepared statement if (mysqli_stmt_execute($stmt)) { ?> is_admin($conn, $_SESSION['id'])) { // getting ready forSQL asky asky $sql = "UPDATE images SET author=? WHERE id=?"; // Checking if databse is doing ok if ($stmt = mysqli_prepare($conn, $sql)) { mysqli_stmt_bind_param($stmt, "si", $param_author, $param_id); // Setting parameters $param_author = $_POST['input']; $param_id = $_POST["id"]; // Attempt to execute the prepared statement if (mysqli_stmt_execute($stmt)) { ?>