public function make()
{
$post_id = (int) system::getInstance()->get('id');
$user_id = (int) user::getInstance()->get('id');
$message = system::getInstance()->nohtml(system::getInstance()->post('message'));
// thank unknown tester for detect XSS vuln
$time_between_posts = extension::getInstance()->getConfig('wall_post_delay', 'user', 'components', 'int');
if ($post_id > 0 && $user_id > 0 && system::getInstance()->length($message) > 0 && permission::getInstance()->have('global/write')) {
$stmt = database::getInstance()->con()->prepare("SELECT time FROM " . property::getInstance()->get('db_prefix') . "_user_wall_answer WHERE poster = ? ORDER BY id DESC LIMIT 1");
$stmt->bindParam(1, $user_id, PDO::PARAM_INT);
$stmt->execute();
$res = $stmt->fetch();
$last_post_time = $res['time'];
$stmt = null;
$current_time = time();
if ($current_time - $last_post_time >= $time_between_posts) {
$stmt = database::getInstance()->con()->prepare("INSERT INTO " . property::getInstance()->get('db_prefix') . "_user_wall_answer (wall_post_id, poster, message, time) VALUES(?, ?, ?, ?)");
$stmt->bindParam(1, $post_id, PDO::PARAM_INT);
$stmt->bindParam(2, $user_id, PDO::PARAM_INT);
$stmt->bindParam(3, $message, PDO::PARAM_STR);
$stmt->bindParam(4, $current_time, PDO::PARAM_INT);
$stmt->execute();
$stmt = null;
}
}
api::getInstance()->call('front', 'wallview')->make();
// refresh list
}
public function make()
{
$obj = api::getInstance()->call('front', 'commentedit');
if (is_object($obj)) {
$comment_id = (int) system::getInstance()->post('comment_id');
if (!$obj->canEdit($comment_id)) {
return null;
}
$comment_text = system::getInstance()->nohtml(system::getInstance()->post('comment_text'), true);
if ($comment_id > 0 && strlen($comment_text) > 0) {
$stmt = database::getInstance()->con()->prepare("UPDATE " . property::getInstance()->get('db_prefix') . "_mod_comments set comment = ? where id = ?");
$stmt->bindParam(1, $comment_text, PDO::PARAM_STR);
$stmt->bindParam(2, $comment_id, PDO::PARAM_INT);
$stmt->execute();
$stmt = null;
}
}
}
/**
|==========================================================|
|========= @copyright Pyatinskii Mihail, 2013-2014 ========|
|================= @website: www.ffcms.ru =================|
|========= @license: GNU GPL V3, file: license.txt ========|
|==========================================================|
*/
// system are not installed or file is missed
if (!file_exists(root . "/config.php")) {
if (loader !== 'install') {
exit;
}
} else {
require_once root . '/config.php';
}
\engine\property::getInstance()->init();
// processing of URI for multi-language and friendly url's
date_default_timezone_set(\engine\property::getInstance()->get('time_zone'));
// default timezone from configs
\engine\language::getInstance()->init();
\engine\database::getInstance()->init();
// init database PDO connect
\engine\user::getInstance()->init();
\engine\router::getInstance()->init();
\engine\extension::getInstance()->init();
// init extension controller
\engine\template::getInstance()->init();
// check ip/user is fully blocked?
\engine\ban::getInstance()->init();
\engine\api::getInstance()->make();
// echo enteries
