diff --git a/endpoints/newsarticle.php b/endpoints/newsarticle.php new file mode 100644 index 0000000..099094b --- /dev/null +++ b/endpoints/newsarticle.php @@ -0,0 +1,16 @@ + getNewsArticles(), + "addNewsArticle" => addNewsArticle( + $endpoint_data["title"], + $endpoint_data["body"] + ), + default => ["Status" => "Fail", "message" => "Invalid action"], + }; +} \ No newline at end of file diff --git a/lib/account.php b/lib/account.php index f47f0d7..8a3ee77 100644 --- a/lib/account.php +++ b/lib/account.php @@ -89,10 +89,11 @@ function verifyPassword($userID, $password): bool function UpdateSession(): void { global $mysqli; - $stmt = $mysqli->prepare("SELECT FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount, ClassID, FavoriteColor FROM Users WHERE ID = ? AND isActivated = 1"); + $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount, ClassID, FavoriteColor FROM Users WHERE ID = ? AND isActivated = 1"); $stmt->bind_param("i", $_SESSION["ID"]); $stmt->execute(); + $id = 0; $first_name = ""; $last_name = ""; $nickname = ""; @@ -103,10 +104,11 @@ function UpdateSession(): void $favorite_color = 0; $lastLoginAt = null; $loginCount = 0; - $stmt->bind_result($first_name, $last_name, $nickname, $email, $minecraft_nickname, $privilege_level, $lastLoginAt, $loginCount, $class_id, $favorite_color); + $stmt->bind_result($id, $first_name, $last_name, $nickname, $email, $minecraft_nickname, $privilege_level, $lastLoginAt, $loginCount, $class_id, $favorite_color); $stmt->fetch(); $stmt->close(); + $_SESSION["id"] = $id; $_SESSION["first_name"] = $first_name; $_SESSION["last_name"] = $last_name; $_SESSION["nickname"] = $nickname; diff --git a/lib/newsarticle.php b/lib/newsarticle.php index 2289a24..6e96d04 100644 --- a/lib/newsarticle.php +++ b/lib/newsarticle.php @@ -6,7 +6,7 @@ function getNewsArticles() :array $articles = []; if (isLoggedIn()) { - $result = $mysqli->query("SELECT NewsArticles.ID, NewsArticles.WrittenAt, NewsArticles.WrittenBy, NewsArticles.Title, NewsArticles.Body, NewsArticles.FileList Users.Nickname FROM NewsArticles INNER JOIN Users ON NewsArticles.WrittenBy = Users.ID; "); + $result = $mysqli->query("SELECT NewsArticles.ID, NewsArticles.WrittenAt, NewsArticles.WrittenBy, NewsArticles.Title, NewsArticles.Body, NewsArticles.FileList, Users.Nickname FROM NewsArticles INNER JOIN Users ON NewsArticles.WrittenBy = Users.ID; "); // Check if the query executed Successfully if ($result) { @@ -17,4 +17,21 @@ function getNewsArticles() :array } return $articles; +} + +function addNewsArticle($title="Nazov", $body="Obsah") :array +{ + global $mysqli; + + $output = ["Status" => "Fail"]; // Default Status is "Fail" + if (isLoggedIn()) { + $query = $mysqli->prepare("INSERT INTO NewsArticles (WrittenBy, Title, Body, FileList) VALUES (?, ?, ?, ?);"); + $query->bind_params("issi", $_SESSION["id"], htmlspecialchars($title), htmlspecialchars($body), 0); + $query->execute(); + if ($query->affected_rows > 0) { + $output["Status"] = "Success"; + } + } + $query->close(); + return $output; } \ No newline at end of file