// initialization $user = init($_GET); // force authentication $userID = auth($user['username'], $user['password'], false); // check if required parameters are set if (isset($_GET['messageID'])) { $messageID = intval(base64_decode(trim($_GET['messageID']))); // prepare temporary array for comments $comments = array(); // get the parent message's data $parentMessageData = Database::selectFirst("SELECT user_id FROM messages WHERE id = " . intval($messageID)); if (empty($parentMessageData)) { $parentMessageData = array('user_id' => NULL); } // get the public IDs for all users in this comments thread $publicUserIDs = UserIDsInThread::get($messageID); // mark this comments thread as read Database::update("UPDATE subscriptions SET counter = 0 WHERE message_id = " . intval($messageID) . " AND user_id = " . intval($userID)); // check if the authenticating user is an admin user $isAdmin = in_array($userID, unserialize(CONFIG_ADMIN_USER_IDS)); // get the comments for the given message $commentsQuery = "SELECT id, user_id, text_encrypted, comment_secret, private_to_user, time_inserted FROM comments WHERE message_id = " . intval($messageID); // the content must either not have been deleted (flagged through reports) or the authenticating user must be the author of the content themself $commentsQuery .= " AND (deleted = 0 OR user_id = " . intval($userID) . ")"; // unless the authenticating user has administrator privileges and those permissions allow the inspection of private conversations if (!$isAdmin || !CONFIG_ADMINS_READ_PRIVATE) { // the content must either be public or the authenticating user must be the designated sender/recipient from the private conversation $commentsQuery .= " AND (private_to_user IS NULL OR private_to_user = "******" OR user_id = " . intval($userID) . ")"; } // the items are sorted by freshness and the total number is limited as set in the configuration $commentsQuery .= " ORDER BY time_inserted DESC LIMIT 0, " . CONFIG_COMMENTS_PER_PAGE;