forked from anegostudios/vsmoddb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
edit-comment.php
85 lines (63 loc) · 2.57 KB
/
edit-comment.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
if (empty($user)) {
header("Location: /login");
exit();
}
if (!$user['roleid']) {
$view->display("403");
exit();
}
$commentid = empty($_POST["commentid"]) ? 0 : $_POST["commentid"];
if (!empty($_POST["save"])) {
if ($user['actiontoken'] != $_REQUEST['at']) {
$view->assign("reason", "Invalid action token. To prevent CSRF, you can only submit froms directly on the site. If you believe this is an error, please contact Tyron");
$view->display("400");
exit();
}
$isnew = false;
$text = sanitizeHtml($_POST["text"], array('safe'=>1));
if (!$commentid) {
$isnew = true;
$commentid = insert("comment");
update("comment", $commentid, array("userid" => $user['userid'], "assetid" => $_POST["assetid"]));
$con->Execute("update `mod` set comments=(select count(*) from comment where assetid=?) where assetid=?", array($_POST["assetid"], $_POST["assetid"]));
$touserid = $con->getOne("select createdbyuserid from `asset` where assetid=?", array($_POST['assetid']));
if ($user['userid'] != $touserid) {
$notid = insert("notification");
update("notification", $notid, array("userid" => $touserid, "type" => "newcomment", "recordid" => $commentid));
}
preg_match_all("#<span class=\"mention username\">(.*)</span>#Ui", $text, $matches);
foreach ($matches[1] as $name) {
$userid = $con->getOne("select userid from user where name=?", array($name));
if ($userid) {
$notid = insert("notification");
update("notification", $notid, array("userid" => $userid, "type" => "mentioncomment", "recordid" => $commentid));
}
}
logAssetChanges(array("Added a new comment."), $_POST["assetid"]);
} else {
$cmt = $con->getRow("select assetid, userid, text from comment where commentid=?", array($commentid));
$assetid = $cmt['assetid'];
if ($user['userid'] != $cmt['userid'] && $user['rolecode'] != 'admin' && $user['rolecode'] != 'moderator') {
$view->display("403");
exit();
}
$changelog = array("Modified his comment.");
if ($user['userid'] != $cmt['userid']) {
$changelog = array("Modified someone else comment (".$cmt["text"].") => (".$text.")");
}
logAssetChanges($changelog, $assetid);
}
update("comment", $commentid, array("text" => $text));
$row = $con->getRow("
select
comment.*,
user.name as username
from
comment
join user on (comment.userid = user.userid)
where commentid=?
", array($commentid));
$row['created'] = fancyDate($row['created']);
exit(json_encode(array("comment" => $row)));
}