<?php
use Utils\Database\OcDb;
$rootpath = __DIR__ . '/../';
require_once __DIR__ . '/../lib/common.inc.php';
if (!isset($_SESSION['user_id'])) {
print 'no hacking please!';
exit;
}
$logDateTime = str_replace('_', ' ', $_REQUEST['datetime']);
$q = '
UPDATE `PowerTrail_comments`
SET `commentText`=:1,
`logDateTime`=:2
WHERE
`id` =:3 AND
`PowerTrailId` = :4 AND
`userId` =:5
';
$text = htmlspecialchars($_REQUEST['text']);
$db = OcDb::instance();
$db->multiVariableQuery($q, $text, $logDateTime, $_REQUEST['commentId'], $_REQUEST['ptId'], $_REQUEST['callingUser']);
sendEmail::emailOwners($_REQUEST['ptId'], '', $logDateTime, $text, 'editComment');
<?php
$rootpath = __DIR__ . '/../';
require_once __DIR__ . '/../lib/common.inc.php';
if (!isset($_SESSION['user_id'])) {
print 'no hacking please! F**k You!';
exit;
}
$text = htmlspecialchars($_REQUEST['text']);
$dateTime = new DateTime($_REQUEST['datetime']);
$user = new lib\Objects\User\User(array('userId' => (int) $usr['userid']));
$powerTrail = new lib\Objects\PowerTrail\PowerTrail(array('id' => (int) $_REQUEST['projectId']));
$log = new lib\Objects\PowerTrail\Log();
$result = $log->setPowerTrail($powerTrail)->setDateTime($dateTime)->setUser($user)->setType((int) $_REQUEST['type'])->setText($text)->storeInDb();
if ($result) {
sendEmail::emailOwners($powerTrail->getId(), $log->getType(), $dateTime->format('Y-m-d H:i'), $text, 'newComment');
}
$resultArray = array('result' => $result);
echo json_encode($resultArray);
<?php
$rootpath = __DIR__ . '/../';
require_once __DIR__ . '/../lib/common.inc.php';
if (!isset($_SESSION['user_id'])) {
print 'no hacking please!';
exit;
}
$powerTrailId = (int) $_REQUEST['ptId'];
$commentId = (int) $_REQUEST['commentId'];
$callingUser = (int) $_REQUEST['callingUser'];
if ($callingUser != $_SESSION['user_id']) {
print 'wrong user!';
exit;
}
//get selected comment and check if it is $callingUser comment.
$commentDbRow = powerTrailBase::getSingleComment($commentId);
// check if user is owner of selected power Trail
if (powerTrailBase::checkIfUserIsPowerTrailOwner($_SESSION['user_id'], $powerTrailId) == 1 || $commentDbRow['userId'] == $callingUser) {
$query = 'UPDATE `PowerTrail_comments` SET `deleted` = 1 WHERE `id` = :1';
$db = \lib\Database\DataBaseSingleton::Instance();
$db->multiVariableQuery($query, $commentId);
if ($commentDbRow['commentType'] == 2) {
print '2';
$q = 'UPDATE `PowerTrail` SET `PowerTrail`.`conquestedCount`= (SELECT COUNT(*) FROM `PowerTrail_comments` WHERE `PowerTrail_comments`.`PowerTrailId` = :1 AND `PowerTrail_comments`.`commentType` = 2 AND `PowerTrail_comments`.`deleted` = 0 ) WHERE `PowerTrail`.`id` = :1 ';
$db->multiVariableQuery($q, $powerTrailId);
}
sendEmail::emailOwners($powerTrailId, $commentDbRow['commentType'], $commentDbRow['logDateTime'], $commentDbRow['commentText'], 'delComment', $commentDbRow['userId'], $_REQUEST['delReason']);
}
