39 lines
1.5 KiB
PHP
39 lines
1.5 KiB
PHP
<?php
|
|
require_once __DIR__ . '/auth.php';
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
|
|
if ($id <= 0) { header('Location: /admin/dashboard.php'); exit; }
|
|
$stmt = $pdo->prepare('SELECT id, titre FROM articles WHERE id = :id');
|
|
$stmt->execute(['id' => $id]);
|
|
$article = $stmt->fetch();
|
|
if (!$article) { header('Location: /admin/dashboard.php'); exit; }
|
|
$errors = [];
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
if (!verify_csrf($_POST['csrf'] ?? '')) { $errors[] = 'Jeton CSRF invalide.'; }
|
|
if (empty($errors)) {
|
|
$stmt = $pdo->prepare('DELETE FROM articles WHERE id = :id');
|
|
$stmt->execute(['id' => $id]);
|
|
flash_set('success', 'Article supprimé.');
|
|
header('Location: /admin/dashboard.php'); exit;
|
|
}
|
|
}
|
|
$token = csrf_token();
|
|
?>
|
|
<!doctype html>
|
|
<html><head><meta charset="utf-8"><title>Supprimer</title>
|
|
<link rel="stylesheet" href="/public/assets/style.css"></head>
|
|
<body>
|
|
<h1>Supprimer l'article</h1>
|
|
<p>Voulez-vous vraiment supprimer l'article « <?php echo esc($article['titre']); ?> » ?</p>
|
|
<?php if ($errors): ?><ul class="message error"><?php foreach($errors as $e) echo "<li>".esc($e)."</li>"; ?></ul><?php endif; ?>
|
|
<form method="post" id="deleteForm">
|
|
<input type="hidden" name="csrf" value="<?php echo $token; ?>">
|
|
<button type="submit">Oui, supprimer</button>
|
|
<a href="/admin/dashboard.php">Annuler</a>
|
|
</form>
|
|
<script>
|
|
document.getElementById('deleteForm').addEventListener('submit', function(e){
|
|
if(!confirm('Confirmer la suppression ?')) e.preventDefault();
|
|
});
|
|
</script>
|
|
</body></html>
|