$result['message'] = getUnAuthorizeMessage(); } encode($result); } else { if ($_GET["action"] == "delete_post" && isset($_GET["threadId"]) && isset($_POST["api"])) { require "connect.php"; $result = array(); $threadId = mysql_real_escape_string($_GET["threadId"]); $api = mysql_real_escape_string($_POST["api"]); $androidId = mysql_real_escape_string($_POST["androidId"]); $userId = mysql_real_escape_string($_POST["userId"]); $postId = mysql_real_escape_string($_POST["postId"]); if (checkUserIsModerator($api, $userId, $androidId)) { mysql_query("DELETE FROM post WHERE threadId = '{$threadId}' AND id='{$postId}'") or die(mysql_error()); if (mysql_affected_rows() > 0) { $result["success"] = 1; } else { $result["success"] = 0; $result["message"] = "Nothing changed"; } } else { $result['success'] = 0; $result['message'] = getUnAuthorizeMessage(); } encode($result); } else { echo "No response"; } } } }
$data[] = array("id" => $row["id"], "replies" => $row["replies"], "title" => $row["title"], "dateCreated" => $row["dateCreated"], "user" => array("id" => $row["userId"], "username" => $row["username"]), "category" => array("name" => $row["name"], "id" => $row["categoryId"], "color" => $row["color"])); } $result["data"] = $data; } encode($result); mysql_close($con); } else { if ($_GET["action"] == "submit_thread") { include "connect.php"; $result = array(); $categoryId = mysql_real_escape_string($_POST["categoryId"]); $api = mysql_real_escape_string($_POST["api"]); $androidId = mysql_real_escape_string($_POST["androidId"]); $userId = mysql_real_escape_string($_POST["userId"]); $title = mysql_real_escape_string($_POST["title"]); $text = mysql_real_escape_string($_POST["text"]); $checkUser = mysql_query("SELECT * FROM device WHERE api = '{$api}' AND userId='{$userId}' AND androidId='{$androidId}'") or die(mysql_error()); if (mysql_num_rows($checkUser) > 0) { mysql_query("INSERT INTO thread (title, userId, categoryId) VALUES ('{$title}', '{$userId}', '{$categoryId}')") or die(mysql_error()); mysql_query("INSERT INTO post (threadId, userId, text) VALUES ('" . mysql_insert_id() . "', '{$userId}', '{$text}')") or die(mysql_error()); $result["success"] = 1; } else { $result["success"] = 0; $result["message"] = getUnAuthorizeMessage(); } encode($result); mysql_close($con); } else { echo "No response"; } }