delete.php

   1 <?php
   2
   3 require 'includes/config.inc.php';
   4 require INCLUDES_PATH.'prepend.php';
   5
   6 if (empty($_GET['id'])) {
   7         die('id is needed');
   8 }
   9
  10 $id = intval($_GET['id']);
  11
  12 if (isset($_POST['password']) && PASSWORD != sha1($_POST['password'])) {
  13         header('Location: index.php');
  14 } elseif (isset($_POST['password']) && PASSWORD == sha1($_POST['password'])) {
  15         $pdo = new PDO(DBH);
  16
  17     $dq = $pdo->query('SELECT COUNT(*) FROM news WHERE id='.$pdo->quote($id),PDO::FETCH_UNIQUE);
  18     $re = $dq->fetch();
  19
  20     if ($re == 1) {
  21         $pdo->prepare('DELETE FROM news WHERE id=?');
  22         $dq->execute(array(intval($_POST['id'])));
  23         unlink('cache/n-'.$id);
  24     }
  25 }
  26 ?>
  27 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  28 <html>
  29 <head>
  30 <title>Delete a news</title>
  31 </head>
  32 <body>
  33 <form action="delete.php" method="post">
  34 <input type="hidden" name="id" value="<?php echo $id ?>" />
  35 <p>
  36 <strong>Password:</strong> <input type='password' name='password' size='20'/><br />
  37 <input type="submit" value="Delete" />
  38 </p>
  39 </form>
  40 </body>
  41 </html>