diff options
| -rw-r--r-- | controllers/list.php | 33 | ||||
| -rw-r--r-- | models/archivelist.php | 7 | ||||
| -rw-r--r-- | views/global/router.php | 1 | ||||
| -rw-r--r-- | views/list/delete/index.php | 40 | ||||
| -rw-r--r-- | views/list/delete/meta.php | 4 |
5 files changed, 85 insertions, 0 deletions
diff --git a/controllers/list.php b/controllers/list.php index 07db6c5..c2e72a0 100644 --- a/controllers/list.php +++ b/controllers/list.php @@ -80,3 +80,36 @@ function on_put() { header('Location: /list/' . $list->LID); exit(); } + +function on_delete() { + global $TOKEN; + global $METHOD; + global $list_status; + + $list = null; + try { + $list = Database\ArchiveList::fromDB($METHOD['lid']); + } + catch(Exception $e) { + $list_status = "This list doesn't exist!"; + return; + } + + try { + $user = Database\Cookie::fromDB($TOKEN); + $author = Database\User::fromDBuid($list->AuthorUID); + if ($author->UID !== $user->UID) { + $list_status = "You're not the owner of this list! You have no permission to delete it!"; + return; + } + } + catch(Exception $e) { + $list_status = "Either your cookie is invalid or the author of this list has deleted their account!"; + return; + } + + $list->delete(); + + header('Location: /'); + exit(); +} diff --git a/models/archivelist.php b/models/archivelist.php index bf734e0..7a76475 100644 --- a/models/archivelist.php +++ b/models/archivelist.php @@ -49,4 +49,11 @@ class ArchiveList extends Table { "LID = \"$this->LID\"" ); } + + function delete() { + Table::_delete( + 'ArchiveLists', + "LID = \"$this->LID\"" + ); + } } diff --git a/views/global/router.php b/views/global/router.php index ea3799f..18adfca 100644 --- a/views/global/router.php +++ b/views/global/router.php @@ -30,6 +30,7 @@ function route_view() { case '/list/update': return '/list/update'; case '/list/new': return '/list/new'; case '/list/add': return '/list/add'; + case '/list/delete': return '/list/delete'; } switch ($root) { diff --git a/views/list/delete/index.php b/views/list/delete/index.php new file mode 100644 index 0000000..7d5bf5b --- /dev/null +++ b/views/list/delete/index.php @@ -0,0 +1,40 @@ +<?php + require_login(); + + $list = null; + $author = null; + $user = null; + + try { + $list = Database\ArchiveList::fromDB($_GET['lid'] ?? -1); + $author = Database\User::fromDBuid($list->AuthorUID); + $user = Database\Cookie::fromDB($TOKEN); + } + catch(Exception $e) {} +?> + +<?php if ($list !== null && $user->UID === $author->UID): ?> + + <h1>Are you sure you want to delete <?= $user->Username ?>'s "<?= $list->Name ?>"?</h1> + + <form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin"> + <input type="hidden" name="method" value="DELETE"> + <?php if (isset($list_status)): ?> + <?php if ($list_status !== ""): ?> + <p class="item error"><span> + <strong>Error:</strong> <?= $list_status ?> + </span></p> + <?php endif; ?> + <?php endif; ?> + + <input type="hidden" name="lid" value="<?= $_GET['lid'] ?>"> + <input type="submit" value="Delete forever!"> + </form> + +<?php elseif ($list === null): ?> + <h2>No list with identifier <?= $_GET['lid'] ?> exists!</h2> + +<?php else: ?> + <h2>You have no permission to delete <?= $user->Username ?>'s "<?= $list->Name ?>"!</h2> + +<?php endif; ?> diff --git a/views/list/delete/meta.php b/views/list/delete/meta.php new file mode 100644 index 0000000..2e07b80 --- /dev/null +++ b/views/list/delete/meta.php @@ -0,0 +1,4 @@ +<?php + +$title = 'Delete a list of archives'; +$controller = 'list'; |