35 lines
1.2 KiB
PHP
35 lines
1.2 KiB
PHP
<?php
|
|
require_once '../startup.php';
|
|
|
|
include_once '_posts.php';
|
|
|
|
$postId = isset($_GET['id']) && is_string($_GET['id']) && ctype_digit($_GET['id']) ? (int)$_GET['id'] : 0;
|
|
$mode = isset($_GET['m']) && is_string($_GET['m']) ? $_GET['m'] : '';
|
|
$postInfo = post_info($postId);
|
|
$userInfo = user_info(current_user_id());
|
|
$userActive = !empty($userInfo);
|
|
|
|
if(empty($postInfo))
|
|
die_ex('Post not found.', 404);
|
|
|
|
switch($mode) {
|
|
case 'delete':
|
|
if(!CSRF::verify() || !$userActive || !($userInfo['user_moderator'] || $userInfo['user_id'] === $postInfo['user_id']))
|
|
die_ex('You can\'t delete this post.', 403);
|
|
post_delete($postInfo['post_id']);
|
|
break;
|
|
|
|
case 'restore':
|
|
if(!CSRF::verify() || !$userActive || !$userInfo['user_moderator'])
|
|
die_ex('You can\'t restore this post.', 403);
|
|
post_restore($postInfo['post_id']);
|
|
break;
|
|
|
|
case 'anonymize':
|
|
if(!CSRF::verify() || !$userActive || !$userInfo['user_moderator'])
|
|
die_ex('You can\'t strip the user id of this post.', 403);
|
|
post_anonymize($postInfo['post_id']);
|
|
break;
|
|
}
|
|
|
|
header("Location: /topic/{$postInfo['topic_id']}#p{$postInfo['post_id']}");
|