diff options
| author | ilotterytea <iltsu@alright.party> | 2025-12-09 16:50:07 +0500 |
|---|---|---|
| committer | ilotterytea <iltsu@alright.party> | 2025-12-09 16:50:07 +0500 |
| commit | 8925a9526a1d3eac914030b3069713f56c37e55a (patch) | |
| tree | 2811f088ab13168658d8ac8ba9f15d01ffb49249 /emotesets/deleditor.php | |
| parent | 77c7d534f46392f62b56305ec8b71eecff3b9221 (diff) | |
feat: emoteset editors
Diffstat (limited to 'emotesets/deleditor.php')
| -rw-r--r-- | emotesets/deleditor.php | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/emotesets/deleditor.php b/emotesets/deleditor.php new file mode 100644 index 0000000..0476f37 --- /dev/null +++ b/emotesets/deleditor.php @@ -0,0 +1,59 @@ +<?php +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php"; +include "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php"; +include "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php"; +include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php"; + +if (!authorize_user(true)) { + return; +} + +$d = $_POST; +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + $d = $_GET; +} + +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_emoteset_own"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + +if (!isset($d["id"], $d["username"])) { + generate_alert("/emotesets/", "Not enough POST fields"); + exit; +} + +$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']); + +// checking emoteset +$emote_set_id = $d["id"]; +$stmt = $db->prepare("SELECT id FROM emote_sets WHERE id = ? AND owner_id = ?"); +$stmt->execute([$emote_set_id, $_SESSION['user_id']]); +if ($stmt->rowCount() == 0) { + generate_alert("/emotes", "Emoteset not found", 404); + exit; +} +$emote_set = $stmt->fetch(PDO::FETCH_ASSOC); + +// get user by username +$user_name = $d['username']; +$stmt = $db->prepare("SELECT id FROM users WHERE username = ?"); +$stmt->execute([$user_name]); +if ($stmt->rowCount() == 0) { + generate_alert("/404.php", "Username $user_name does not exist", 403); + exit; +} +$user_id = $stmt->fetch(PDO::FETCH_ASSOC)['id']; + +// checking if user has already acquired emote set +$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE user_id = ? AND emote_set_id = ?"); +$stmt->execute([$user_id, $emote_set_id]); +if ($stmt->rowCount() == 0) { + generate_alert("/404.php", "User $user_name has not acquired this emoteset.", 404); + exit; +} + +$db->prepare('DELETE FROM acquired_emote_sets WHERE user_id = ? AND emote_set_id = ?') + ->execute([$user_id, $emote_set_id]); + +generate_alert("/emotesets/?id=$emote_set_id", "User $user_name can not edit this emoteset anymore.", 200);
\ No newline at end of file |