-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathindividual_story.php
More file actions
77 lines (66 loc) · 2.21 KB
/
individual_story.php
File metadata and controls
77 lines (66 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
require "database.php";
session_start();
// Display the story and all it's comments
if (isset($_GET['post_id'])) {
$stmt = $mysqli->prepare("SELECT post_timestamp, post, post_id, username FROM posts WHERE post_id = ?");
if(!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->bind_param('d', $_GET["post_id"]);
$stmt->execute();
$stmt->bind_result($post_timestamp, $post, $post_id, $username);
$stmt->fetch();
$stmt->close();
// Display te story, who posted it, and when.
printf("<pre>%s</pre>Posted by %s at %s<br>",
htmlentities($post),
htmlentities($username),
htmlentities($post_timestamp)
);
// Display the add comment, delete, and edit links depending on the type of user.
if($_SESSION['logged_in']) {
echo "<a href=commententry.php?post_id=" . $post_id . ">Add a comment!</a><br>";
if ($_SESSION['admin'] or $username == $_SESSION['username']) {
echo "<a href=delete_post.php?post_id=" . $post_id . ">Delete</a><br>";
}
if ($username == $_SESSION['username']) {
echo "<a href=edit_post.php?post_id=" . $post_id . ">Edit</a>";
}
}
$stmt = $mysqli->prepare("SELECT comment_timestamp, comment, comment_id, username FROM comments WHERE post_id = ? ORDER BY comment_timestamp DESC");
if(!$stmt){
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->bind_param('d', $_GET["post_id"]);
$stmt->execute();
$stmt->bind_result($comment_timestamp, $comment, $comment_id, $username);
// Display each comment.
echo "<ul>";
while($stmt->fetch()){
printf("<li><pre>%s</pre>Posted by %s at %s</li>\n",
htmlentities($comment),
htmlentities($username),
htmlentities($comment_timestamp)
);
// Display the delete and edit buttons depending on the user.
if ($_SESSION['logged_in']) {
if ($_SESSION['admin'] or $username == $_SESSION['username']) {
echo "<a href=delete_comment.php?comment_id=" . $comment_id . "&post_id=" . $post_id . ">Delete</a><br>";
}
if ($username == $_SESSION['username']) {
echo "<a href=edit_comment.php?comment_id=" . $comment_id . "&post_id=" . $post_id . ">Edit</a>";
}
}
}
echo "</ul></li>\n";
$stmt->close();
}
else {
header("Location: main.php");
exit;
}
?>
<a href="main.php">Back to main board</a>