feat: moderation system

author: ilotterytea <iltsu@alright.party> 2025-06-08 01:37:19 +0400
committer: ilotterytea <iltsu@alright.party> 2025-06-08 01:37:19 +0400
commit: 9a58eaae53bdd2a4fcdd66b1eb852c7db7970de9 (patch)
tree: 8e83f5144674501a7e4c1739f4abc583ef78e065 /public/delete.php
parent: 371d863870520da9a4f3383d7c52e1720c074d03 (diff)
1 files changed, 13 insertions, 5 deletions
diff --git a/public/delete.php b/public/delete.php
index b716796..453e0b3 100644
--- a/public/delete.php
+++ b/public/delete.php
@@ -1,17 +1,20 @@
 <?php
 include_once $_SERVER['DOCUMENT_ROOT'] . '/../config.php';
 include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/utils.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/file.php';
+
+session_start();
 
 if (!FILE_DELETION) {
     json_response(null, 'File deletion is not allowed!', 403);
     exit();
 }
 
-$file_id = $_GET['f'] ?: null;
-$password = $_GET['key'] ?: null;
+$file_id = $_GET['f'] ?? null;
+$password = $_GET['key'] ?? null;
 
-if (!isset($file_id, $password)) {
-    json_response(null, "Fields 'f' and 'key' must be set!", 400);
+if (!isset($file_id)) {
+    json_response(null, "File ID must be set!", 400);
     exit();
 }
 
@@ -41,7 +44,12 @@ if (!array_key_exists('password', $metadata)) {
     exit();
 }
 
-if (!password_verify($password, $metadata['password'])) {
+if (!isset($_SESSION['is_moderator']) && !isset($password)) {
+    json_response(null, "Field 'key' must be set!", 400);
+    exit();
+}
+
+if (!isset($_SESSION['is_moderator']) && !password_verify($password, $metadata['password'])) {
     json_response(null, "Bad password", 401);
     exit();
 }
author	ilotterytea <iltsu@alright.party>	2025-06-08 01:37:19 +0400
committer	ilotterytea <iltsu@alright.party>	2025-06-08 01:37:19 +0400
commit	9a58eaae53bdd2a4fcdd66b1eb852c7db7970de9 (patch)
tree	8e83f5144674501a7e4c1739f4abc583ef78e065 /public/delete.php
parent	371d863870520da9a4f3383d7c52e1720c074d03 (diff)