-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathedit_article.php
More file actions
48 lines (39 loc) · 1.45 KB
/
Copy pathedit_article.php
File metadata and controls
48 lines (39 loc) · 1.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
require_once 'api_config.php';
// Get request body as JSON
$data = getRequestBody();
if(!isset($_SESSION["user_id"]) || !isset($_SESSION["username"])){
sendError('Unauthorized', 403);
}
if($_SERVER["REQUEST_METHOD"] == "PUT" && isset($data["id"])){
$id = trim($data["id"]);
// Validate required fields
if(empty($data['title']) || empty($data['content']) || empty($data['category'])) {
sendError('Title, content, and category are required', 400);
}
// Check if article exists and belongs to user
$check_sql = "SELECT id FROM news WHERE id = $1 AND producer = $2";
$check_result = pg_query_params($conn, $check_sql, array($id, $_SESSION["username"]));
if($check_result && pg_num_rows($check_result) == 0){
sendError('Unauthorized to edit this article', 403);
}
// Update article
$sql = "UPDATE news SET title = $1, content = $2, category = $3 WHERE id = $4 AND producer = $5 RETURNING id, title, content, category, producer, created_at";
$result = pg_query_params($conn, $sql, array(
$data['title'],
$data['content'],
$data['category'],
$id,
$_SESSION["username"]
));
if($result && pg_num_rows($result) > 0){
$updatedArticle = pg_fetch_assoc($result);
sendResponse($updatedArticle);
} else{
sendError('Error updating article', 500);
}
} else {
sendError('Invalid request', 400);
}
pg_close($conn);
?>