From 5be90d8e95945f68134ed7534065173e5cfeddc7 Mon Sep 17 00:00:00 2001
From: bruno <bruno@brn.systems>
Date: Thu, 22 Feb 2024 10:05:09 +0100
Subject: [PATCH] Add article creation

---
 endpoints/newsarticle.php | 16 ++++++++++++++++
 lib/account.php           |  6 ++++--
 lib/newsarticle.php       | 19 ++++++++++++++++++-
 3 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 endpoints/newsarticle.php

diff --git a/endpoints/newsarticle.php b/endpoints/newsarticle.php
new file mode 100644
index 0000000..099094b
--- /dev/null
+++ b/endpoints/newsarticle.php
@@ -0,0 +1,16 @@
+<?php
+
+require_once "lib/newsarticle.php";
+
+function endpoint($endpoint_data): array
+{
+
+    return match ($endpoint_data["action"]) {
+        "getNewsArticles" => getNewsArticles(),
+        "addNewsArticle" => addNewsArticle(
+            $endpoint_data["title"],
+            $endpoint_data["body"]
+        ),
+        default => ["Status" => "Fail", "message" => "Invalid action"],
+    };
+}
\ No newline at end of file
diff --git a/lib/account.php b/lib/account.php
index f47f0d7..8a3ee77 100644
--- a/lib/account.php
+++ b/lib/account.php
@@ -89,10 +89,11 @@ function verifyPassword($userID, $password): bool
 function UpdateSession(): void
 {
     global $mysqli;
-    $stmt = $mysqli->prepare("SELECT FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount, ClassID, FavoriteColor FROM Users WHERE ID = ? AND isActivated = 1");
+    $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount, ClassID, FavoriteColor FROM Users WHERE ID = ? AND isActivated = 1");
     $stmt->bind_param("i", $_SESSION["ID"]);
     $stmt->execute();
 
+    $id = 0;
     $first_name = "";
     $last_name = "";
     $nickname = "";
@@ -103,10 +104,11 @@ function UpdateSession(): void
     $favorite_color = 0;
     $lastLoginAt = null;
     $loginCount = 0;
-    $stmt->bind_result($first_name, $last_name, $nickname, $email, $minecraft_nickname, $privilege_level, $lastLoginAt, $loginCount, $class_id, $favorite_color);
+    $stmt->bind_result($id, $first_name, $last_name, $nickname, $email, $minecraft_nickname, $privilege_level, $lastLoginAt, $loginCount, $class_id, $favorite_color);
     $stmt->fetch();
     $stmt->close();
 
+    $_SESSION["id"] = $id;
     $_SESSION["first_name"] = $first_name;
     $_SESSION["last_name"] = $last_name;
     $_SESSION["nickname"] = $nickname;
diff --git a/lib/newsarticle.php b/lib/newsarticle.php
index 2289a24..6e96d04 100644
--- a/lib/newsarticle.php
+++ b/lib/newsarticle.php
@@ -6,7 +6,7 @@ function getNewsArticles() :array
 
         $articles = [];
         if (isLoggedIn()) {
-            $result = $mysqli->query("SELECT NewsArticles.ID, NewsArticles.WrittenAt, NewsArticles.WrittenBy, NewsArticles.Title, NewsArticles.Body, NewsArticles.FileList Users.Nickname FROM NewsArticles INNER JOIN Users ON NewsArticles.WrittenBy = Users.ID; ");
+            $result = $mysqli->query("SELECT NewsArticles.ID, NewsArticles.WrittenAt, NewsArticles.WrittenBy, NewsArticles.Title, NewsArticles.Body, NewsArticles.FileList, Users.Nickname FROM NewsArticles INNER JOIN Users ON NewsArticles.WrittenBy = Users.ID; ");
 
             // Check if the query executed Successfully
             if ($result) {
@@ -17,4 +17,21 @@ function getNewsArticles() :array
         }
 
         return $articles;
+}
+
+function addNewsArticle($title="Nazov", $body="Obsah") :array
+{
+    global $mysqli;
+
+    $output = ["Status" => "Fail"]; // Default Status is "Fail"
+    if (isLoggedIn()) {
+        $query = $mysqli->prepare("INSERT INTO NewsArticles (WrittenBy, Title, Body, FileList) VALUES (?, ?, ?, ?);");
+        $query->bind_params("issi", $_SESSION["id"], htmlspecialchars($title), htmlspecialchars($body), 0);
+        $query->execute();
+        if ($query->affected_rows > 0) {
+            $output["Status"] = "Success";
+        }
+    }
+    $query->close();
+    return $output;
 }
\ No newline at end of file