public function discussion_action($review_id) { if (Navigation::hasItem("/lernmarktplatz/overview")) { Navigation::activateItem("/lernmarktplatz/overview"); } $this->review = new LernmarktplatzReview($review_id); if (Request::isPost() && Request::get("comment")) { $comment = new LernmarktplatzComment(); $comment['review_id'] = $review_id; $comment['comment'] = Request::get("comment"); $comment['user_id'] = $GLOBALS['user']->id; $comment->store(); } }
/** * Adds or edits a comment to the material on this server from a client of another server. * Use this request only as a POST request, the body must be a JSON-object that carries all the * necessary variables. * The review_id is the foreign_review_id if the host_hash is not empty or the review_id if the host_hash is empty. * @param $material_id : ID of the item on this server. */ public function add_comment_action($review_id, $host_hash = null) { if (Request::isPost()) { $public_key_hash = $_SERVER['HTTP_' . str_replace("-", "_", strtoupper($GLOBALS['LERNMARKTPLATZ_HEADER_PUBLIC_KEY_HASH']))]; //MD5_HASH_OF_RSA_PUBLIC_KEY $signature = base64_decode($_SERVER['HTTP_' . str_replace("-", "_", strtoupper($GLOBALS['LERNMARKTPLATZ_HEADER_SIGNATURE']))]); //BASE64_RSA_SIGNATURE $host = LernmarktplatzHost::findOneBySQL("MD5(public_key) = ?", array($public_key_hash)); if ($host && !$host->isMe()) { $body = file_get_contents('php://input'); if ($host->verifySignature($body, $signature)) { if ($host_hash) { /*$review = LernmarktplatzReview::findOneBySQL("INNER JOIN lernmarktplatz_hosts ON (lernmarktplatz_hosts.host_id = lernmarktplatz_reviews.host_id) WHERE foreign_review_id = :id AND MD5(lernmarktplatz_hosts.public_key) = :host_hash", array( 'id' => $review_id, 'host_hash' => $host_hash ));*/ $review = LernmarktplatzReview::findOneByForeign_review_id($review_id); } else { $review = LernmarktplatzReview::find($review_id); } if (!$review) { throw new Exception("Unknown material."); } $data = studip_utf8decode(json_decode($body, true)); $user = LernmarktplatzUser::findOneBySQL("host_id = ? AND foreign_user_id = ?", array($host->getId(), $data['user']['user_id'])); if (!$user) { $user = new LernmarktplatzUser(); $user['host_id'] = $host->getId(); $user['foreign_user_id'] = $data['user']['user_id']; } $user['name'] = $data['user']['name']; $user['avatar'] = $data['user']['avatar']; $user['description'] = $data['user']['description'] ?: null; $user->store(); $comment = new LernmarktplatzComment(); $comment['user_id'] = $user->getId(); $comment['foreign_comment_id'] = $data['data']['foreign_comment_id']; $comment['host_id'] = $host->getId(); $comment['review_id'] = $review->getId(); $comment['comment'] = $data['data']['comment']; $comment['mkdate'] = $data['data']['mkdate']; $comment['chdate'] = $data['data']['chdate']; $comment->store(); echo "stored "; } else { throw new Exception("Wrong signature, sorry."); } } $this->render_text(""); } else { throw new Exception("USE POST TO PUSH."); } }