32 lines
922 B
PHP
32 lines
922 B
PHP
|
<?php
|
||
|
|
session_start();
|
||
|
|
include '../db_connect.php';
|
||
|
|
|
||
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||
|
|
if (!isset($_SESSION['user_id'])) {
|
||
|
|
die("Du bist nicht eingeloggt!");
|
||
|
|
}
|
||
|
|
|
||
|
|
$userId = $_SESSION['user_id'];
|
||
|
|
$postId = $_POST['post_id'];
|
||
|
|
|
||
|
|
|
||
|
|
$stmt = $pdo->prepare("SELECT * FROM posts WHERE id = :id AND user_id = :user_id");
|
||
|
|
$stmt->execute([':id' => $postId, ':user_id' => $userId]);
|
||
|
|
$post = $stmt->fetch(PDO::FETCH_ASSOC);
|
||
|
|
|
||
|
|
if (!$post) {
|
||
|
|
die("Post nicht gefunden oder keine Berechtigung, diesen Post zu löschen.");
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
$stmt = $pdo->prepare("DELETE FROM posts WHERE id = :id");
|
||
|
|
$stmt->execute([':id' => $postId]);
|
||
|
|
|
||
|
|
if (!empty($post['image_path']) && file_exists('../' . $post['image_path'])) {
|
||
|
|
unlink('../' . $post['image_path']);
|
||
|
|
}
|
||
|
|
|
||
|
|
header("Location: ../index.php?page=posts");
|
||
|
|
exit;
|
||
|
|
}
|