pguzman
663fde3909
Full source for loveandrosary.com: slide-based Rosary/novena/Divine Mercy Chaplet presentation tool with multi-user roles, SVG bead ring, audio uploads, donate strip, and public session profiles. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
65 lines
1.5 KiB
PHP
65 lines
1.5 KiB
PHP
<?php
|
|
/**
|
|
* api/toggle_pin.php
|
|
* POST: toggle is_pinned on a session or novena_group.
|
|
* Admin / superadmin only.
|
|
*
|
|
* POST params:
|
|
* type — 'session' | 'novena'
|
|
* id — integer row ID
|
|
*
|
|
* Returns JSON: {"pinned": true|false}
|
|
*/
|
|
require_once __DIR__ . '/../config/db.php';
|
|
require_once __DIR__ . '/../includes/auth.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
_auth_start();
|
|
|
|
if (!has_role('admin')) {
|
|
http_response_code(403);
|
|
echo json_encode(['error' => 'Permission denied']);
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405);
|
|
echo json_encode(['error' => 'Method not allowed']);
|
|
exit;
|
|
}
|
|
|
|
$type = trim($_POST['type'] ?? '');
|
|
$id = (int)($_POST['id'] ?? 0);
|
|
|
|
if (!in_array($type, ['session', 'novena'], true) || $id < 1) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Invalid parameters']);
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = get_pdo();
|
|
$table = ($type === 'session') ? 'sessions' : 'novena_groups';
|
|
|
|
$sel = $pdo->prepare("SELECT is_pinned FROM {$table} WHERE id = ?");
|
|
$sel->execute([$id]);
|
|
$row = $sel->fetch();
|
|
|
|
if (!$row) {
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Record not found']);
|
|
exit;
|
|
}
|
|
|
|
$new = $row['is_pinned'] ? 0 : 1;
|
|
$upd = $pdo->prepare("UPDATE {$table} SET is_pinned = ? WHERE id = ?");
|
|
$upd->execute([$new, $id]);
|
|
|
|
echo json_encode(['pinned' => (bool)$new]);
|
|
|
|
} catch (PDOException $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'Database error']);
|
|
}
|