37 lines
926 B
PHP
37 lines
926 B
PHP
<?php
|
|
require_once("env.php");
|
|
require_once("session.php");
|
|
require_once("connection.php");
|
|
require_once("functions.php");
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
$_SESSION['message'] = "Not authorized.";
|
|
header("Location: user_blogs.php");
|
|
exit;
|
|
}
|
|
|
|
$token = $_GET['token'];
|
|
// Sanitize the trip_id to prevent SQL injection
|
|
$article_id = intval(decryptData($token, $salt)); // Ensures $trip_id is treated as an integer
|
|
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
if ($article_id <= 0) {
|
|
$_SESSION['message'] = "Invalid blog ID.";
|
|
header("Location: user_blogs.php");
|
|
exit;
|
|
}
|
|
|
|
$stmt = $conn->prepare("UPDATE blogs SET status = 'deleted' WHERE blog_id = ? AND author = ?");
|
|
$stmt->bind_param("ii", $article_id, $user_id);
|
|
|
|
if ($stmt->execute()) {
|
|
$_SESSION['message'] = "Blog deleted!";
|
|
} else {
|
|
$_SESSION['message'] = "Failed to delete blog: " . $stmt->error;
|
|
}
|
|
|
|
header("Location: user_blogs.php");
|
|
exit;
|
|
?>
|