diff --git a/code/edit_post_action.php b/code/edit_post_action.php
index a360b46622af0a4939ac467fd01be2135da41e85..ef41b9f98f84e55e99fb9a404522cc7c80ee337b 100644
--- a/code/edit_post_action.php
+++ b/code/edit_post_action.php
@@ -1,6 +1,7 @@
<?php
session_start();
-if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token'])){
+if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token'])
+ && $_POST['csrf_token'] === $_SESSION['csrf_token'])){
include 'mainviewer.php';
$Judul = $_POST['Judul'];
$Tanggal = $_POST['Tanggal'];
@@ -10,7 +11,6 @@ if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token']) && $_POST['csrf_
echo $_FILES["image"];
if (isset($_FILES["image"])) {
- echo "iya";
$target_dir = "uploads/";
$target_file = $target_dir.basename($_FILES["image"]["name"]);
$uploadOk = 1;
@@ -44,40 +44,42 @@ if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token']) && $_POST['csrf_
} else {
if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["image"]["name"]). " has been uploaded.<br>";
- $con = phpsqlconnection();
+ $con = phpsqlconnection();
- $getpostresult = getspecificpost($con,$postid);
- $row = mysqli_fetch_array($getpostresult);
+ $getpostresult = getspecificpost($con,$postid);
+ $row = mysqli_fetch_array($getpostresult);
- if ($row['Nama'] != $_SESSION['myNama']) {
- echo "Maaf Anda bukan pemilik post ini!";
- } else {
- if (isset($_FILES["image"])) {
- $stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=?, Image=? WHERE Post_Id=?");
- $stmt->bind_param('ssssi', $Judul, $Tanggal, $Konten, $target_file, $postid);
- $stmt->execute();
+ if ($row['Nama'] != $_SESSION['myNama']) {
+ echo "Maaf Anda bukan pemilik post ini!";
+ } else {
+ if (isset($_FILES["image"])) {
+ $stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=?, Image=? WHERE Post_Id=?");
+ $stmt->bind_param('ssssi', $Judul, $Tanggal, $Konten, $target_file, $postid);
+ $stmt->execute();
- // mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid);
- // echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid;
- }
- else {
- $stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=? WHERE Post_Id=?");
- $stmt->bind_param('sssi', $Judul, $Tanggal, $Konten, $postid);
- $stmt->execute();
+ // mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid);
+ // echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid;
+ }
+ else {
+ $stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=? WHERE Post_Id=?");
+ $stmt->bind_param('sssi', $Judul, $Tanggal, $Konten, $postid);
+ $stmt->execute();
- // mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid);
- // echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid;
- }
- header("Location: index.php");
- }
+ // mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid);
+ // echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid;
+ }
+ header("Location: index.php");
+ }
- die();
+ die();
- } else {
- echo "Sorry, there was an error uploading your file.<br>";
- }
+ } else {
+ echo "Sorry, there was an error uploading your file.<br>";
+ }
-}else{
- header("Location: login.php"); /* Redirect browser */
-}
+ }
+ }
+ }else{
+ header("Location: login.php"); /* Redirect browser */
+ }
?>
\ No newline at end of file