From cf270f3726a8037ebef80888eb510172688e13a7 Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Fri, 30 Apr 2021 09:35:40 +0300
Subject: CRUD bugs

---
 bug/edit.php | 45 +++++++++++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 18 deletions(-)

(limited to 'bug/edit.php')

diff --git a/bug/edit.php b/bug/edit.php
index 7eba339..ad1ea36 100644
--- a/bug/edit.php
+++ b/bug/edit.php
@@ -1,33 +1,42 @@
 <?php
-require 'config.php';
+require '../config.php';
 require_once(TEMPLATES_PATH . "/header.php");
 require_once(TEMPLATES_PATH . "/panel.php");
 require_once(LIBRARY_PATH . "/functions.php");
 
-if(!isset($_GET['id']) || $_GET['id'] == "") {
-    echo "<div id='error'>No bug selected, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
-
-} else if(!isset($_SESSION['user_id']) || $_SESSION['user_id'] == "") {
+if(!session_set()) {
     echo "<div id='error'>Not logged in, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
+    header("Refresh: 2; URL={$config['urls']['base']}");
+    goto footer;
+}
+
+$id = isset($_GET['id']) ? $_GET['id'] : "";
+$title = "";
+$submitter = $_SESSION['user_name'];
+$description = "";
 
-} else {
+if($id != "") {
     $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+    $query = $conn->prepare("SELECT title, description, users.username AS submitter FROM bugs 
+        JOIN users ON bugs.author=users.id WHERE bugs.id=:bug_id");
+    $query->bindParam(':bug_id', $id);
+    $query->execute();
 
-    $query = "SELECT title, description, users.username AS submitter FROM bugs JOIN users ON bugs.author = users.id WHERE bugs.id=$_GET[id]";
-    $result = $conn->query($query)->fetch();
+    $result = $query->fetch();
+    $title = $result['title'];
+    $submitter = $result['submitter'];
+    $description = $result['description'];
+}
 ?>
 
-<form action="update.php?id=<?php echo $_GET['id']; ?>" method="post">
-<p>Title: <input name="title" type="text" value="<?php echo $result['title']; ?>"></p>
-<p>Submitted by: <?php echo $result['submitter']; ?></p>
-<p>Description: <br><textarea name="description" rows=25 cols=80><?php echo $result['description']; ?></textarea></p>
-<input type="submit" value="update" >
+<form action="update.php?id=<?php echo $id; ?>" method="post">
+<input name="id" type="hidden" value="<?php echo $id; ?>">
+<p>Title: <input name="title" type="text" value="<?php echo $title; ?>"></p>
+<p>Submitted by: <?php echo $submitter; ?></p>
+<p>Description: <br><textarea name="description" rows=25 cols=80><?php echo $description; ?></textarea></p>
+<input type="submit" value="submit" >
 </form>
 
 <?php
-}
-
-require_once(TEMPLATES_PATH . "/footer.php");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
 ?>
-- 
cgit v1.2.1