<?php
if (!isAdmin()) {
http_response_code(403);
require __DIR__ . '/../public/403.php';
return;
}
$pageTitle = "Admin Uploads";
if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'POST') {
$uploadId = (int)($_POST['upload_id'] ?? 0);
$action = $_POST['action'] ?? '';
if ($uploadId > 0) {
if ($action === 'set_status') {
$status = (int)($_POST['status'] ?? 0);
$stmt = $db->prepare('UPDATE uploads SET is_approved = ? WHERE id = ?');
$stmt->bind_param('ii', $status, $uploadId);
$stmt->execute();
} elseif ($action === 'delete') {
$stmt = $db->prepare('DELETE FROM uploads WHERE id = ?');
$stmt->bind_param('i', $uploadId);
$stmt->execute();
}
}
}
$res = $db->query('SELECT u.id, u.image_url, u.quote_text, u.attribution, u.is_approved, u.created_at, m.display_name FROM uploads u JOIN member_profiles m ON m.user_id = u.user_id ORDER BY u.created_at DESC');
$uploads = $res->fetch_all(MYSQLI_ASSOC);
?>
<section class="page-grid">
<div class="card" data-animate-initial>
<div class="muted" style="font-size: 11px; letter-spacing: 0.18em; text-transform: uppercase; margin-bottom: 10px;">
Admin / Uploads
</div>
<a href="<?= url('admin') ?>" class="pill" style="display: inline-flex; align-items: center; gap: 6px; font-size: 11px; margin-bottom: 10px;">
← Back to admin
</a>
<h1 style="font-family: 'Georgia', 'Times New Roman', serif; font-weight: 400; font-size: 24px; margin: 0 0 12px;">
Contributions.
</h1>
</div>
<div class="card" data-animate>
<?php if (!$uploads): ?>
<p class="muted" style="font-size: 13px;">No uploads yet.</p>
<?php else: ?>
<div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(220px, 1fr)); gap: 16px;">
<?php foreach ($uploads as $upload): ?>
<article style="border-radius: 14px; border: 1px solid rgba(0,0,0,0.06); overflow: hidden; background:#000;">
<div style="aspect-ratio: 4/5; background-size: cover; background-position: center; filter: grayscale(30%); background-image: url('<?= htmlspecialchars($upload['image_url'], ENT_QUOTES, 'UTF-8') ?>');"></div>
<div style="padding: 10px 12px 12px; background: #fbf8f4;">
<div class="muted" style="font-size: 11px; margin-bottom: 4px;">
<?= htmlspecialchars($upload['display_name'], ENT_QUOTES, 'UTF-8') ?> ·
<?= htmlspecialchars(date('M j, Y', strtotime($upload['created_at'])), ENT_QUOTES, 'UTF-8') ?>
</div>
<div style="font-size: 13px; margin-bottom: 6px;">
“<?= htmlspecialchars($upload['quote_text'], ENT_QUOTES, 'UTF-8') ?>”
</div>
<?php if (!empty($upload['attribution'])): ?>
<div class="muted" style="font-size: 11px; margin-bottom: 6px;">
<?= htmlspecialchars($upload['attribution'], ENT_QUOTES, 'UTF-8') ?>
</div>
<?php endif; ?>
<div style="display: flex; justify-content: space-between; align-items: center; gap: 6px;">
<form method="post" style="display:inline-flex; gap: 4px; align-items: center;">
<input type="hidden" name="upload_id" value="<?= (int)$upload['id'] ?>">
<input type="hidden" name="action" value="set_status">
<select name="status" style="font-size: 11px; padding: 2px 4px; border-radius: 6px; border: 1px solid rgba(0,0,0,0.12);">
<option value="0"<?= $upload['is_approved'] ? '' : ' selected' ?>>Pending</option>
<option value="1"<?= $upload['is_approved'] ? ' selected' : '' ?>>Approved</option>
</select>
<button type="submit" class="pill" style="font-size: 10px; padding: 4px 8px;">Save</button>
</form>
<form method="post" style="display:inline;" onsubmit="return confirm('Remove this upload from the site? This cannot be undone.');">
<input type="hidden" name="upload_id" value="<?= (int)$upload['id'] ?>">
<input type="hidden" name="action" value="delete">
<button type="submit" class="pill" style="font-size: 10px; padding: 4px 8px;">Remove</button>
</form>
</div>
</div>
</article>
<?php endforeach; ?>
</div>
<?php endif; ?>
</div>
</section>