// initialization $user = init($_GET); // force authentication $userID = auth($user['username'], $user['password'], false); // check if required parameters are set if (isset($_GET['messageID'])) { $messageID = intval(base64_decode(trim($_GET['messageID']))); // prepare temporary array for comments $comments = array(); // get the parent message's data $parentMessageData = Database::selectFirst("SELECT user_id FROM messages WHERE id = " . intval($messageID)); if (empty($parentMessageData)) { $parentMessageData = array('user_id' => NULL); } // get the public IDs for all users in this comments thread $publicUserIDs = UserIDsInThread::get($messageID); // mark this comments thread as read Database::update("UPDATE subscriptions SET counter = 0 WHERE message_id = " . intval($messageID) . " AND user_id = " . intval($userID)); // check if the authenticating user is an admin user $isAdmin = in_array($userID, unserialize(CONFIG_ADMIN_USER_IDS)); // get the comments for the given message $commentsQuery = "SELECT id, user_id, text_encrypted, comment_secret, private_to_user, time_inserted FROM comments WHERE message_id = " . intval($messageID); // the content must either not have been deleted (flagged through reports) or the authenticating user must be the author of the content themself $commentsQuery .= " AND (deleted = 0 OR user_id = " . intval($userID) . ")"; // unless the authenticating user has administrator privileges and those permissions allow the inspection of private conversations if (!$isAdmin || !CONFIG_ADMINS_READ_PRIVATE) { // the content must either be public or the authenticating user must be the designated sender/recipient from the private conversation $commentsQuery .= " AND (private_to_user IS NULL OR private_to_user = "******" OR user_id = " . intval($userID) . ")"; } // the items are sorted by freshness and the total number is limited as set in the configuration $commentsQuery .= " ORDER BY time_inserted DESC LIMIT 0, " . CONFIG_COMMENTS_PER_PAGE;
if (isset($privateToUser)) { // update the date of the latest activity Database::update("UPDATE messages SET time_active = " . time() . " WHERE id = " . intval($messageID)); } else { // increase the comments count by one, update the score and update the date of the latest activity Database::update("UPDATE messages SET comments_count = comments_count+1, score = " . getScoreUpdateSQL() . ", time_active = " . time() . " WHERE id = " . intval($messageID)); } // get the existing degree (if any) or 3 (default) $degree = getDegree($userID, $messageID); // subscribe to the comments thread (if not done already) Database::insert("INSERT IGNORE INTO subscriptions (message_id, user_id, degree) VALUES (" . intval($messageID) . ", " . intval($userID) . ", " . intval($degree) . ")"); // if this is a private reply if (isset($privateToUser)) { // notify the recipient of the private reply that there is a new comment Database::update("UPDATE subscriptions SET counter = counter+1 WHERE message_id = " . intval($messageID) . " AND user_id = " . intval($privateToUser)); } else { // notify all other subscribers that there is a new comment Database::update("UPDATE subscriptions SET counter = counter+1 WHERE message_id = " . intval($messageID) . " AND user_id != " . intval($userID)); } // create a public ID for this user that is unique within this thread (only) UserIDsInThread::create($messageID, $userID); respond(array('status' => 'ok', 'commentID' => base64_encode($commentID), 'commentTime' => $commentTime, 'ownerInThread' => UserIDsInThread::getByUser($messageID, $userID), 'privateRecipientInThread' => $privateRecipientInThread)); } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); }