From 688a68042c6248597d298618ad267a38a29da9c2 Mon Sep 17 00:00:00 2001
From: bruno <bruno@brn.systems>
Date: Fri, 26 Apr 2024 09:46:10 +0200
Subject: [PATCH] Fix

---
 lib/meme.php   | 13 ++++++-------
 lib/upload.php | 18 ++++++++++--------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/lib/meme.php b/lib/meme.php
index 8ef9c23..1659544 100644
--- a/lib/meme.php
+++ b/lib/meme.php
@@ -18,16 +18,14 @@ function addMeme(string $title, string $memeText, int $imageID): array
     return $output;
 }
 
-function renderMeme(int $id, string $title, string $textContent, string $createdAt, string $filePath, string $userNickname): string
+function renderMeme(int $id, int $authorId, string $title, string $textContent, string $createdAt, string $filePath, string $userNickname, string $meme_template): string
 {
-    global $routerConfig;
-    $meme_template = file_get_contents($routerConfig['template_dir'] . "meme.html");
 
     $meme_out = str_replace('__TEMPLATE_MEME_TITLE__', htmlspecialchars($title), $meme_template);
     $meme_out = str_replace('__TEMPLATE_MEME_AUTHOR__', htmlspecialchars($userNickname), $meme_out);
     $meme_out = str_replace('__TEMPLATE_MEME_DATE__', htmlspecialchars($createdAt), $meme_out);
     $meme_out = str_replace('__TEMPLATE_MEME_IMAGE__', '/' . htmlspecialchars($filePath), $meme_out);
-    $meme_out = str_replace('__TEMPLATE_MEME_DELETE_BUTTON__', isModerator() ? "<button onclick=\"deleteMeme($id);\"><i class='ri-delete-bin-line'></i></button>" : '', $meme_out);
+    $meme_out = str_replace('__TEMPLATE_MEME_DELETE_BUTTON__', (isModerator() || $_SESSION['ID'] == $authorId) ? "<button onclick=\"deleteMeme($id);\"><i class='ri-delete-bin-line'></i></button>" : '', $meme_out);
 
 
     return str_replace('__TEMPLATE_MEME_TEXT__', htmlspecialchars($textContent), $meme_out);
@@ -37,10 +35,11 @@ function renderMemeGallery(): string
 {
     global $mysqli;
     global $routerConfig;
-    $stmtlist = $mysqli->prepare('SELECT Memes.ID, Memes.Title, Memes.TextContent, Memes.CreatedAt, Files.Path, Files.Type, Users.Nickname FROM Memes INNER JOIN Users ON Memes.AuthorID = Users.ID INNER JOIN Files ON Memes.FileID = Files.ID');
+    $stmtlist = $mysqli->prepare('SELECT Memes.ID, Memes.Title, Memes.TextContent, Memes.CreatedAt, Memes.AuthorID, Files.Path, Files.Type, Users.Nickname FROM Memes INNER JOIN Users ON Memes.AuthorID = Users.ID INNER JOIN Files ON Memes.FileID = Files.ID');
 
     // Execute the prepared statement
     $memeID = 0;
+    $authorID = 0;
     $title = "";
     $textContent = "";
     $filePath = "";
@@ -48,7 +47,7 @@ function renderMemeGallery(): string
     $userNickname = "";
     $createdAt = "";
     // Bind the result variables
-    $stmtlist->bind_result($memeID, $title, $textContent, $createdAt, $filePath, $fileType, $userNickname);
+    $stmtlist->bind_result($memeID, $title, $textContent, $createdAt, $authorID, $filePath, $fileType, $userNickname);
     $stmtlist->execute();
 
     $meme_gallery_template = file_get_contents($routerConfig['template_dir'] . 'meme_gallery.html');
@@ -57,7 +56,7 @@ function renderMemeGallery(): string
     $memes_out = '';
     while ($stmtlist->fetch()) {
         if (str_starts_with($fileType, 'image')) {
-            $memes_out .= renderMeme($memeID, $title, $textContent, $createdAt, $filePath, $userNickname);
+            $memes_out .= renderMeme($memeID, $authorID, $title, $textContent, $createdAt, $filePath, $userNickname, file_get_contents($routerConfig['template_dir'] . "meme.html"));
         }
     }
     $meme_gallery_out = str_replace('__TEMPLATE_MEMES_HERE__', $memes_out, $meme_gallery_template);
diff --git a/lib/upload.php b/lib/upload.php
index e62e918..b2c7741 100644
--- a/lib/upload.php
+++ b/lib/upload.php
@@ -78,8 +78,11 @@ function listFiles($onlyMine = true): array
 {
     $output = ["Status" => "Fail"];
     require_once "lib/account.php";
-    if (($onlyMine && isLoggedIn()) || (!$onlyMine && isModerator())) {
+    if (isLoggedIn()) {
         global $mysqli;
+        if (!$onlyMine && !isModerator()) {
+            $onlyMine = true;
+        }
         $query = "SELECT ID, Path, Type, UploadedAt, UploadedBy FROM Files";
 
         if ($onlyMine) {
@@ -173,7 +176,7 @@ function getUploadPath($type = "unknown", $filename = "hehe"): string
 
 function fileExists(int $fileId, bool $onlyMine = true): bool|string
 {
-    if(!$fileId) {
+    if (!$fileId) {
         return false;
     }
     global $mysqli;
@@ -192,10 +195,9 @@ function fileExists(int $fileId, bool $onlyMine = true): bool|string
     $stmtfileexists->bind_result($id, $filePath);
     $stmtfileexists->execute();
     $stmtfileexists->fetch();
-    if ($id != -1){
+    if ($id != -1) {
         return $filePath;
-    }
-    else {
+    } else {
         return false;
     }
 }
@@ -223,7 +225,7 @@ function addToGroup(int $groupId, int $fileId): array
     return $output;
 }
 
-function getImageURL(int $imageFileID) :string
+function getImageURL(int $imageFileID): string
 {
     global $mysqli;
     $path = "";
@@ -236,11 +238,11 @@ function getImageURL(int $imageFileID) :string
 
 }
 
-function deleteFile(int $fileID) :string
+function deleteFile(int $fileID): string
 {
     global $mysqli;
     $out = ["Status" => "Fail"];
-    if(isLoggedIn()) {
+    if (isLoggedIn()) {
         $file_location = fileExists($fileID, !isAdmin());
         $query = !isAdmin() ? 'DELETE FROM Files WHERE ID = ? AND UploadedBy = ?' : 'DELETE FROM Files WHERE ID = ?';
         $stmtDelete = $mysqli->prepare($query);