TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ebd7efe21c8dae9a243e85f0e03c76d1cef31ea4
4WDCSA.co.za/src/processors/blog/publish_blog.php

55 lines
1.3 KiB
PHP
Raw Blame History

<?php
$rootPath = dirname(dirname(dirname(__DIR__)));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
session_start();
if (!isset($_SESSION['user_id'])) {
http_response_code(401);
echo "Not authorized";
exit;
}
$article_id = (int)($_POST['id'] ?? 0);
$user_id = $_SESSION['user_id'];
$role = getUserRole();
if ($article_id <= 0) {
http_response_code(400);
echo "Invalid blog ID";
exit;
}
// Check permissions: user must be author or admin
$stmt = $conn->prepare("SELECT author FROM blogs WHERE blog_id = ?");
$stmt->bind_param("i", $article_id);
$stmt->execute();
$result = $stmt->get_result();
$blog = $result->fetch_assoc();
$stmt->close();
if (!$blog) {
http_response_code(404);
echo "Blog not found";
exit;
}
// Allow if user is author or admin
if ($blog['author'] != $user_id && !in_array($role, ['admin', 'superadmin'])) {
http_response_code(403);
echo "Not authorized to publish this blog";
exit;
}
$stmt = $conn->prepare("UPDATE blogs SET status = 'published' WHERE blog_id = ?");
$stmt->bind_param("i", $article_id);
if ($stmt->execute()) {
echo "Published";
} else {
http_response_code(500);
echo "Failed to publish: " . $stmt->error;
}
?>
Reference in New Issue View Git Blame Copy Permalink