Exemple #1
0
<?php

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-type: application/json");
header("access-control-allow-origin: *");
$method = $_SERVER['REQUEST_METHOD'];
//// REST Decoder
// evaluate method
switch ($method) {
    case 'PUT':
        UpdateComments();
        break;
    case 'POST':
        SaveComments();
        break;
    case 'GET':
        GetComments();
        break;
    case 'HEAD':
        echo "HEAD";
        break;
    case 'DELETE':
        DeleteComments();
        break;
    case 'OPTIONS':
        echo "OPTIONS";
        break;
    default:
Exemple #2
0
        return;
    }
    //Verify as site admin
    $res = mysql_query('
		SELECT Sites.AdminEmail, Sites.SiteID
		FROM Sites
		JOIN Comments ON Comments.SiteID=Sites.SiteID
		WHERE Comments.CommentID=' . $cid) or die('<div class="commentError">' . mysql_error() . '</div>');
    $row = mysql_fetch_assoc($res);
    if (!$row) {
        die('<div class="commentError">No comment found.</div>');
    }
    if ($row['AdminEmail'] != $session['Email']) {
        die('<div class="commentError">No comment found.</div>');
    }
    $res = @mysql_query('UPDATE Comments
		SET
		VerifiedIP=\'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\',
		VerifiedDate=NOW(),
		CommentEmail=\'\'
		WHERE CommentID=' . $cid . '
		AND VerifiedIP IS NULL
	') or die('<div class="commentError">' . mysql_error() . '</div>');
    if (mysql_affected_rows() === 1) {
        UpdateComments($c['SiteID'], $c['Page']);
        header('Location: ' . service_url . '/dashboard/?sid=' . intval($row['SiteID']));
        return;
    }
    die('<div class="commentError">No comment found.</div>');
}
die('<div class="commentError">Unknown action.</div>');
Exemple #3
0
//Save Comment
if ($session && $commentEmail === $session['Email']) {
    //Already verified poster
    $res = @mysql_query('INSERT INTO Comments (SiteID, Page, PageUrl, CommentIP, CommentDate, CommentText, CommentEmail, VerifiedIP, VerifiedDate)
	VALUES
		(' . $sid . ',
		\'' . mysql_real_escape_string($page) . '\',
		\'' . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . '\',
		\'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\',
		NOW(),
		\'' . mysql_real_escape_string($commentText) . '\',
		\'' . mysql_real_escape_string($commentEmail) . '\',
		\'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\',
		NOW()
	)') or die('<div class="commentError">' . mysql_error() . '</div>');
    UpdateComments($sid, $page);
    echo '<div class="commentOk">Comment posted.</div>';
} else {
    //Non verified comment
    $res = @mysql_query('INSERT INTO Comments (SiteID, Page, PageUrl, CommentIP, CommentDate, CommentText, CommentEmail)
	VALUES
		(' . $sid . ',
		\'' . mysql_real_escape_string($page) . '\',
		\'' . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . '\',
		\'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\',
		NOW(),
		\'' . mysql_real_escape_string($commentText) . '\',
		\'' . mysql_real_escape_string($commentEmail) . '\'
	)') or die('<div class="commentError">' . mysql_error() . '</div>');
    $id = mysql_insert_id();
    if ($commentEmail) {