/**
* Create a comment
*
**/
function save()
{
$out = array();
// Sanitize
$serial_number = post('serial_number');
$section = post('section');
$text = post('text');
$html = post('html');
if ($serial_number and $section and $text) {
if (authorized_for_serial($serial_number)) {
$comment = new Comment_model();
$comment->retrieve_record($serial_number, 'section=?', array($section));
$comment->serial_number = $serial_number;
$comment->section = $section;
$comment->text = $text;
$comment->html = $html;
$comment->user = $_SESSION['user'];
$comment->timestamp = time();
$comment->save();
$out['status'] = 'saved';
} else {
$out['status'] = 'error';
$out['msg'] = 'Not authorized for this serial';
}
} else {
$out['status'] = 'error';
$out['msg'] = 'Missing data';
}
$obj = new View();
$obj->view('json', array('msg' => $out));
}
