forked from RmK9/Wanderblog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadmin.php
152 lines (115 loc) · 3.87 KB
/
admin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
require_once 'functions.php';
if (isset($_GET['username']) && isset($_GET['usertype'])) {
changeUserType($_GET['username'], $_GET['usertype']);
} else if(isset($_GET['postid']) && isset($_GET['upvotes'])) {
changeUpvotes($_GET['postid'], $_GET['upvotes']);
} else if(isset($_GET['postid'])){
deleteAllComments($_GET['postid']);
} else {
display();
}
function display(){
$loggedIn = loggedIn();
$oConn = loginToDB();
try{
$adventures = [];
$users = [];
$error = true;
if ($loggedIn['user_group'] === 3) {
//Get adventure data + comment amount for each adventure
$query = $oConn->prepare("SELECT a.*, (SELECT COUNT(*) FROM Pictures WHERE PostID = a.PostID) AS PictureAmount, (SELECT COUNT(*) FROM Comments WHERE PostID = a.PostID) AS CommentAmount FROM Adventures a ORDER BY a.DatePosted ASC");
$query->execute();
$adventures = $query->fetchAll(PDO::FETCH_ASSOC);
$query = $oConn->prepare("SELECT * FROM User;");
$query->execute();
$users = $query->fetchAll(PDO::FETCH_ASSOC);
//$adventuresJson = json_encode(utf8ize($adventures));
$error = false;
}
}
catch (PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
finally{
$oConn = null;
//Templating
require_once 'vendor/autoload.php';
$loader = new Twig_Loader_Filesystem('views');
$twig = new Twig_environment($loader);
$template = $twig->loadTemplate('admin.twig');
echo $template->render(array(
'users' => $users,
'adventures' => $adventures,
'error' => $error,
'loggedIn' => $loggedIn
));
}
}
function changeUserType($username, $userType){
$loggedIn = loggedIn();
$oConn = loginToDB();
try{
if ($loggedIn["user_group"] === 3) {
$query = $oConn->prepare("UPDATE User SET UserType = :userType WHERE Username = :username;");
$query->bindValue(':userType', $userType);
$query->bindValue(':username', $username);
$query->execute();
$selfDestruction = false;
if($username == $loggedIn["username"] && $userType != "admin"){
$_SESSION["user_group"] = $userType;
$selfDestruction = true;
}
echo json_encode(array('selfDestruction' => $selfDestruction));
}
}
catch (PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
echo json_encode(array('fail'));
}
finally{
$oConn = null;
}
}
function changeUpvotes($postId, $upvotes){
$loggedIn = loggedIn();
$oConn = loginToDB();
$upvotes = intval($upvotes);
try{
if ($loggedIn["user_group"] === 3) {
if($upvotes > -1 && $upvotes < 1000){
$query = $oConn->prepare("UPDATE Adventures SET Upvotes = :upvotes WHERE PostID = :postId;");
$query->bindValue(':upvotes', $upvotes);
$query->bindValue(':postId', $postId);
$query->execute();
echo json_encode(array('success'));
}
}
}
catch (PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
echo json_encode(array('fail'));
}
finally{
$oConn = null;
}
}
function deleteAllComments($postId){
$loggedIn = loggedIn();
$oConn = loginToDB();
try{
if($loggedIn['user_group'] === 3){
$query = $oConn->prepare("DELETE FROM Comments WHERE PostID = :postId");
$query->bindValue(':postId', $postId);
$query->execute();
echo json_encode(array('success'));
}
}
catch (PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
echo json_encode(array('fail'));
}
finally{
$oConn = null;
}
}