Example #1
0
 // initialization
 $user = init($_GET);
 // force authentication
 $userID = auth($user['username'], $user['password'], false);
 // check if required parameters are set
 if (isset($_GET['messageID'])) {
     $messageID = intval(base64_decode(trim($_GET['messageID'])));
     // prepare temporary array for comments
     $comments = array();
     // get the parent message's data
     $parentMessageData = Database::selectFirst("SELECT user_id FROM messages WHERE id = " . intval($messageID));
     if (empty($parentMessageData)) {
         $parentMessageData = array('user_id' => NULL);
     }
     // get the public IDs for all users in this comments thread
     $publicUserIDs = UserIDsInThread::get($messageID);
     // mark this comments thread as read
     Database::update("UPDATE subscriptions SET counter = 0 WHERE message_id = " . intval($messageID) . " AND user_id = " . intval($userID));
     // check if the authenticating user is an admin user
     $isAdmin = in_array($userID, unserialize(CONFIG_ADMIN_USER_IDS));
     // get the comments for the given message
     $commentsQuery = "SELECT id, user_id, text_encrypted, comment_secret, private_to_user, time_inserted FROM comments WHERE message_id = " . intval($messageID);
     // the content must either not have been deleted (flagged through reports) or the authenticating user must be the author of the content themself
     $commentsQuery .= " AND (deleted = 0 OR user_id = " . intval($userID) . ")";
     // unless the authenticating user has administrator privileges and those permissions allow the inspection of private conversations
     if (!$isAdmin || !CONFIG_ADMINS_READ_PRIVATE) {
         // the content must either be public or the authenticating user must be the designated sender/recipient from the private conversation
         $commentsQuery .= " AND (private_to_user IS NULL OR private_to_user = "******" OR user_id = " . intval($userID) . ")";
     }
     // the items are sorted by freshness and the total number is limited as set in the configuration
     $commentsQuery .= " ORDER BY time_inserted DESC LIMIT 0, " . CONFIG_COMMENTS_PER_PAGE;
Example #2
0
            if (isset($privateToUser)) {
                // update the date of the latest activity
                Database::update("UPDATE messages SET time_active = " . time() . " WHERE id = " . intval($messageID));
            } else {
                // increase the comments count by one, update the score and update the date of the latest activity
                Database::update("UPDATE messages SET comments_count = comments_count+1, score = " . getScoreUpdateSQL() . ", time_active = " . time() . " WHERE id = " . intval($messageID));
            }
            // get the existing degree (if any) or 3 (default)
            $degree = getDegree($userID, $messageID);
            // subscribe to the comments thread (if not done already)
            Database::insert("INSERT IGNORE INTO subscriptions (message_id, user_id, degree) VALUES (" . intval($messageID) . ", " . intval($userID) . ", " . intval($degree) . ")");
            // if this is a private reply
            if (isset($privateToUser)) {
                // notify the recipient of the private reply that there is a new comment
                Database::update("UPDATE subscriptions SET counter = counter+1 WHERE message_id = " . intval($messageID) . " AND user_id = " . intval($privateToUser));
            } else {
                // notify all other subscribers that there is a new comment
                Database::update("UPDATE subscriptions SET counter = counter+1 WHERE message_id = " . intval($messageID) . " AND user_id != " . intval($userID));
            }
            // create a public ID for this user that is unique within this thread (only)
            UserIDsInThread::create($messageID, $userID);
            respond(array('status' => 'ok', 'commentID' => base64_encode($commentID), 'commentTime' => $commentTime, 'ownerInThread' => UserIDsInThread::getByUser($messageID, $userID), 'privateRecipientInThread' => $privateRecipientInThread));
        } else {
            respond(array('status' => 'bad_request'));
        }
    } else {
        respond(array('status' => 'bad_request'));
    }
} else {
    respond(array('status' => 'bad_request'));
}