1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
<?php
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
if (!authorize_user(true)) {
generate_alert("/account", "Not authorized", 403);
exit;
}
if (!isset($_POST["id"])) {
generate_alert("/emotes", "Emote ID is not specified");
exit;
}
$emote_id = $_POST["id"];
$user_id = $_SESSION["user_id"];
$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
$stmt = $db->prepare("SELECT uploaded_by, code FROM emotes WHERE id = ?");
$stmt->execute([$emote_id]);
if ($row = $stmt->fetch()) {
if ($row["uploaded_by"] === $user_id) {
$unlink = intval($_POST["unlink"] ?? "0") == 1;
if ($unlink) {
$stmt = $db->prepare("UPDATE emotes SET uploaded_by = NULL WHERE id = ? AND uploaded_by = ?");
$stmt->execute([$emote_id, $user_id]);
generate_alert("/emotes/?id=$emote_id", 'Your authorship has been removed for the emote "' . $row["code"] . '"', 200);
} else {
$stmt = $db->prepare("DELETE FROM emotes WHERE id = ? AND uploaded_by = ?");
$stmt->execute([$emote_id, $user_id]);
$path = $_SERVER["DOCUMENT_ROOT"] . "/static/userdata/emotes/$emote_id";
array_map("unlink", glob("$path/*.*"));
rmdir($path);
generate_alert("/emotes", 'Emote "' . $row["code"] . '" has been removed from the servers', 200);
}
} else {
generate_alert("/emotes", "You don't own the emote \"" . $row["code"] . "\"", 403);
}
} else {
generate_alert("/emotes", "Emote ID $emote_id not found", 404);
}
|
