41 lines
1.1 KiB
PHP
41 lines
1.1 KiB
PHP
<?php
|
|
require_once '../includes/db.php';
|
|
require_once '../includes/auth.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
if (!isLoggedIn()) {
|
|
echo json_encode(['success' => false, 'error' => 'Login required']);
|
|
exit;
|
|
}
|
|
|
|
$comment_id = (int)($_POST['comment_id'] ?? 0);
|
|
if (!$comment_id) {
|
|
echo json_encode(['success' => false, 'error' => 'Invalid data']);
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
// Check ownership or moderator status
|
|
$stmt = $pdo->prepare("SELECT user_id FROM comments WHERE id = ?");
|
|
$stmt->execute([$comment_id]);
|
|
$comment = $stmt->fetch();
|
|
|
|
if (!$comment) {
|
|
echo json_encode(['success' => false, 'error' => 'Comment not found']);
|
|
exit;
|
|
}
|
|
|
|
if ($comment['user_id'] != $_SESSION['user_id'] && !isModerator()) {
|
|
echo json_encode(['success' => false, 'error' => 'Unauthorized']);
|
|
exit;
|
|
}
|
|
|
|
$pdo->prepare("DELETE FROM comments WHERE id = ?")->execute([$comment_id]);
|
|
logEvent('comment', "Comment deleted: ID $comment_id by user " . $_SESSION['username']);
|
|
echo json_encode(['success' => true]);
|
|
} catch (Exception $e) {
|
|
echo json_encode(['success' => false, 'error' => 'DB error']);
|
|
}
|
|
?>
|