<?php header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-type: application/json"); header("access-control-allow-origin: *"); $method = $_SERVER['REQUEST_METHOD']; //// REST Decoder // evaluate method switch ($method) { case 'PUT': UpdateComments(); break; case 'POST': SaveComments(); break; case 'GET': GetComments(); break; case 'HEAD': echo "HEAD"; break; case 'DELETE': DeleteComments(); break; case 'OPTIONS': echo "OPTIONS"; break; default:
return; } //Verify as site admin $res = mysql_query(' SELECT Sites.AdminEmail, Sites.SiteID FROM Sites JOIN Comments ON Comments.SiteID=Sites.SiteID WHERE Comments.CommentID=' . $cid) or die('<div class="commentError">' . mysql_error() . '</div>'); $row = mysql_fetch_assoc($res); if (!$row) { die('<div class="commentError">No comment found.</div>'); } if ($row['AdminEmail'] != $session['Email']) { die('<div class="commentError">No comment found.</div>'); } $res = @mysql_query('UPDATE Comments SET VerifiedIP=\'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\', VerifiedDate=NOW(), CommentEmail=\'\' WHERE CommentID=' . $cid . ' AND VerifiedIP IS NULL ') or die('<div class="commentError">' . mysql_error() . '</div>'); if (mysql_affected_rows() === 1) { UpdateComments($c['SiteID'], $c['Page']); header('Location: ' . service_url . '/dashboard/?sid=' . intval($row['SiteID'])); return; } die('<div class="commentError">No comment found.</div>'); } die('<div class="commentError">Unknown action.</div>');
//Save Comment if ($session && $commentEmail === $session['Email']) { //Already verified poster $res = @mysql_query('INSERT INTO Comments (SiteID, Page, PageUrl, CommentIP, CommentDate, CommentText, CommentEmail, VerifiedIP, VerifiedDate) VALUES (' . $sid . ', \'' . mysql_real_escape_string($page) . '\', \'' . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\', NOW(), \'' . mysql_real_escape_string($commentText) . '\', \'' . mysql_real_escape_string($commentEmail) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\', NOW() )') or die('<div class="commentError">' . mysql_error() . '</div>'); UpdateComments($sid, $page); echo '<div class="commentOk">Comment posted.</div>'; } else { //Non verified comment $res = @mysql_query('INSERT INTO Comments (SiteID, Page, PageUrl, CommentIP, CommentDate, CommentText, CommentEmail) VALUES (' . $sid . ', \'' . mysql_real_escape_string($page) . '\', \'' . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\', NOW(), \'' . mysql_real_escape_string($commentText) . '\', \'' . mysql_real_escape_string($commentEmail) . '\' )') or die('<div class="commentError">' . mysql_error() . '</div>'); $id = mysql_insert_id(); if ($commentEmail) {