/** * Create a comment * **/ function save() { $out = array(); // Sanitize $serial_number = post('serial_number'); $section = post('section'); $text = post('text'); $html = post('html'); if ($serial_number and $section and $text) { if (authorized_for_serial($serial_number)) { $comment = new Comment_model(); $comment->retrieve_record($serial_number, 'section=?', array($section)); $comment->serial_number = $serial_number; $comment->section = $section; $comment->text = $text; $comment->html = $html; $comment->user = $_SESSION['user']; $comment->timestamp = time(); $comment->save(); $out['status'] = 'saved'; } else { $out['status'] = 'error'; $out['msg'] = 'Not authorized for this serial'; } } else { $out['status'] = 'error'; $out['msg'] = 'Missing data'; } $obj = new View(); $obj->view('json', array('msg' => $out)); }