requirePostDataFields('oldhash', 'newhash'); $oldhash = $_POST['oldhash']; $newhash = $athena . '/' . htmlentities(substr($_POST['newhash'], 0, 36)); if (!$loggedin) { dieJSON(array('error' => true, 'errorDesc' => 'Not logged in', 'hash' => $oldhash)); } if (preg_match('/\\/.*?[^\\w\\-]/', $newhash) || !strlen($_POST['newhash'])) { dieJSON(array('error' => true, 'errorDesc' => 'Malformed hash supplied', 'hash' => $oldhash)); } if ($athena !== hashOwner($oldhash) && $oldhash !== 'null') { dieJSON(array('error' => true, 'errorDesc' => 'Bad owner or hash', 'hash' => $oldhash)); } if (CourseRoadDB::hashExists($newhash)) { dieJSON(array('error' => true, 'errorDesc' => 'New hash is already taken', 'hash' => $oldhash)); } CourseRoadDB::changeRoadHash($oldhash, $newhash, $athena); dieJSON(array('success' => true, 'hash' => $newhash)); } // And when the user adds a comment if (isset($_POST['setRoadComment'])) { requireCSRF(); requirePostDataFields('hash', 'comment'); $hash = $_POST['hash']; $comment = htmlentities(substr($_POST['comment'], 0, 100)); if (!$loggedin) { dieJSON(array('error' => true, 'errorDesc' => 'Not logged in', 'hash' => $oldhash)); } if ($athena !== hashOwner($hash) && $hash !== 'null') { dieJSON(array('error' => true, 'errorDesc' => 'Bad owner or hash', 'hash' => $oldhash)); } CourseRoadDB::setRoadComment($hash, $comment, $athena);