forked from dalmuete/Asclepieia
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdelete_comment.php
34 lines (30 loc) · 1.24 KB
/
delete_comment.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
// Assuming you've included necessary configurations and database connections
session_start(); // Start the session
if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_SESSION['username'])) {
$commentID = $_POST['commentID'];
$loggedInUsername = $_SESSION['username'];
// Fetch comment details from the database
$stmt = $pdo->prepare("SELECT username FROM comment WHERE commentID = ?");
$stmt->execute([$commentID]);
$comment = $stmt->fetch(PDO::FETCH_ASSOC);
if ($comment && $comment['username'] === $loggedInUsername) {
// User is the owner of the comment, proceed with deletion
$deleteStmt = $pdo->prepare("DELETE FROM comment WHERE commentID = ?");
$deleteStmt->execute([$commentID]);
// Redirect to the blog view page after deletion
header("Location: view_blog.php?blogID=" . $blogID);
exit();
} else {
// If user is not the owner, handle unauthorized access
// Redirect to a page indicating permission denied
header("Location: permission_denied.php");
exit();
}
} else {
// Handle if the request method is not POST or user is not logged in
// Redirect to an error page or homepage
header("Location: error.php");
exit();
}
?>