diff options
Diffstat (limited to 'src/app')
| -rw-r--r-- | src/app/Controllers/EditorController.php | 37 | ||||
| -rw-r--r-- | src/app/Views/editor/index.php | 15 |
2 files changed, 51 insertions, 1 deletions
diff --git a/src/app/Controllers/EditorController.php b/src/app/Controllers/EditorController.php index 7cfb9b9..c7dd9fc 100644 --- a/src/app/Controllers/EditorController.php +++ b/src/app/Controllers/EditorController.php @@ -31,6 +31,8 @@ class EditorController // Map filesystem paths to URL paths the browser can load $overlays = array_map(static fn($path) => '/assets/overlays/' . basename($path), $overlayFiles); + $userPosts = $this->post->findByUserId($_SESSION['user_id']); + $content = __DIR__ . '/../Views/editor/index.php'; include __DIR__ . '/../Views/layouts/main.php'; } @@ -102,7 +104,40 @@ class EditorController $relativePath = 'uploads/posts/' . basename($outputPath); $this->post->create($_SESSION['user_id'], $relativePath); - echo json_encode(['success' => true, 'redirect' => '/gallery']); + echo json_encode(['success' => true, 'redirect' => '/editor']); + } + + public function destroy(string $id): void + { + if (!isset($_SESSION['user_id'])) { + header('Location: /login'); + return; + } + + if (!Csrf::validate($_POST['csrf_token'] ?? '')) { + Flash::set('error', 'Invalid CSRF token.'); + header('Location: /editor'); + return; + } + + $post = $this->post->findById((int) $id); + + // Only the post owner can delete it + if (!$post || $post['user_id'] !== $_SESSION['user_id']) { + Flash::set('error', 'Post not found.'); + header('Location: /editor'); + return; + } + + // Delete the image file from disk + $filePath = \dirname(__DIR__, 2) . '/' . $post['image_path']; + if (file_exists($filePath)) { + unlink($filePath); + } + + $this->post->delete((int) $id); + Flash::set('success', 'Post deleted.'); + header('Location: /editor'); } /** diff --git a/src/app/Views/editor/index.php b/src/app/Views/editor/index.php index 624002a..7f2c258 100644 --- a/src/app/Views/editor/index.php +++ b/src/app/Views/editor/index.php @@ -46,4 +46,19 @@ <button id="btn-save" class="btn" disabled>Save post</button> </div> </div> + + <?php if (!empty($userPosts)): ?> + <h2 class="my-posts-title">My posts</h2> + <div class="my-posts-grid"> + <?php foreach ($userPosts as $post): ?> + <div class="my-post"> + <img src="/<?= htmlspecialchars($post['image_path']) ?>" alt="My post"> + <form method="POST" action="/editor/delete/<?= $post['id'] ?>" class="delete-form"> + <?= \App\Csrf::field() ?> + <button type="submit" class="btn-delete" onclick="return confirm('Delete this post?')">Delete</button> + </form> + </div> + <?php endforeach; ?> + </div> + <?php endif; ?> </div> |