function DBSaveComment($cid, $parentPost, $parentComment, $content, $user_id, $deleted)
{
$date = getTime();
global $db;
$stmt = $db->stmt_init();
if ($stmt->prepare('CALL Check_Comment_Owner(?, ?)')) {
$stmt->bind_param('ii', $cid, $user_id);
$stmt->execute();
$stmt->bind_result($result);
$stmt->fetch();
$stmt->close();
if ($result == 0 || $cid == -1) {
$db->next_result();
$stmt = $db->stmt_init();
if ($stmt->prepare('CALL Save_User_Comment(?, ?, ?, ?, ?, ?,?,?)')) {
$stmt->bind_param('iiissiii', $cid, $parentPost, $parentComment, $user_id, $content, $deleted, $date, $date);
$stmt->execute();
$stmt->bind_result($comment['parentComment'], $comment['comment_no'], $comment['user_id'], $comment['user_name'], $comment['content'], $comment['date'], $comment['deleted']);
$stmt->fetch();
$stmt->close();
$commentId = $comment['comment_no'];
if ($commentId > 0) {
$encoded_comment_id = str_replace("/", "SLASH", fnEncrypt("c" . $commentId));
$user_dir = "../tmp/" . $user_id . "/";
$target_dir = "../upload/" . $encoded_comment_id . "/";
$files = directory_to_array($user_dir);
// if there are more than 0 files in the ../tmp/[UserID] directory
if (sizeof($files) > 0) {
// if ../upload/[UserID] direcoty does not exists, create the directory
if (!(file_exists($target_dir) && is_dir($target_dir))) {
@mkdir($target_dir, 0777, true);
} else {
//delete all files
}
$index = 0;
while ($file = $files[$index++]) {
$filesize = filesize($file);
$filealias = end(explode("/", $file));
$fileextension = end(explode(".", $filealias));
$filename = substr($filealias, 14);
$fileDirectory = $target_dir . $filename;
$fileAddress = publicUrl . "/upload/" . $encoded_comment_id . "/" . $filename;
//DB Save
$result = DBSaveUploadFile($fileextension, -1, $commentId, $filesize, $fileDirectory, $fileAddress);
//Check Image is in the DOM
$doc = new DOMDocument();
@$doc->loadHTML(mb_convert_encoding($content, 'HTML-ENTITIES', 'UTF-8'));
$tags = $doc->getElementsByTagName('img');
foreach ($tags as $tag) {
$source = $tag->getAttribute('src');
if ($source == $user_dir . $filealias) {
$tag->removeAttribute('src');
$tag->setAttribute('src', $fileDirectory);
}
}
$newContent = @$doc->saveHTML('body');
$newContent = str_replace('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">', '', $newContent);
$db->next_result();
$stmt = $db->stmt_init();
//htmlspecialchars($title, ENT_HTML401, 'UTF-8', false)
if ($stmt->prepare('CALL Save_User_Comment(?, ?, ?, ?, ?, ?,?,?)')) {
$stmt->bind_param('iiissiii', $commentId, $parentPost, $parentComment, $user_id, $content, $deleted, $date, $date);
$stmt->execute();
$stmt->bind_result($comment['parentComment'], $comment['comment_no'], $comment['user_id'], $comment['user_name'], $comment['content'], $comment['date'], $comment['deleted']);
$stmt->fetch();
$stmt->close();
}
//Move file from /tmp/ to /upload/
rename($file, $user_dir . $filename);
copy($user_dir . $filename, $target_dir . $filename);
unlink($user_dir . $filename);
}
}
}
$returnArray = array();
$dateFormatted = format_date($comment['date']);
$returnArray['commentId'] = $comment['comment_no'];
$returnArray['deleted'] = false;
$returnArray['parentCommentId'] = $comment['parentComment'];
$returnArray['canEdit'] = true;
$returnArray['canComment'] = true;
$returnArray['authorUserId'] = $comment['user_id'];
$returnArray['author'] = $comment['user_name'];
$returnArray['authorEmail'] = $comment['author_email'];
$returnArray['content'] = $comment['content'];
$returnArray['date'] = $comment['date'];
$returnArray['date'] = $dateFormatted[1];
$returnArray['children'] = array();
}
}
}
return json_encode_unescaped($returnArray);
}
function DBSavePost($post_id, $pinned, $boardName, $title, $content, $user_id, $added_tags, $deleted_tags, $addedFiles, $deletedFiles)
{
//echo json_encode_unescaped($addedFiles);
$date = getTime();
global $db;
$stmt = $db->stmt_init();
if ($pinned && $_SESSION['UserLevel'] > exec_level) {
$pinned = false;
}
if ($stmt->prepare('CALL Check_Post_Owner(?,?)')) {
$stmt->bind_param('ii', $post_id, $user_id);
$stmt->execute();
$stmt->bind_result($result);
$stmt->fetch();
$stmt->close();
if ($result == 0 || $post_id == -1) {
$db->next_result();
$stmt = $db->stmt_init();
//htmlspecialchars($title, ENT_HTML401, 'UTF-8', false)
if ($stmt->prepare('CALL Save_Post(?,?,?,?,?,?,?,?)')) {
$stmt->bind_param('isiissii', $post_id, $boardName, $user_id, $pinned, $title, $content, $date, $date);
$stmt->execute();
$post_id_out = NULL;
$stmt->bind_result($post_id_out);
$stmt->fetch();
$stmt->close();
if ($added_tags != null) {
for ($t = 0; $t < sizeof($added_tags); $t++) {
DBSavePostTag($post_id_out, $added_tags[$t], "Save");
}
}
if ($deleted_tags != null) {
for ($t = 0; $t < sizeof($deleted_tags); $t++) {
DBSavePostTag($post_id_out, $deleted_tags[$t], "Delete");
}
}
if ($post_id_out > 0) {
$encoded_post_id = str_replace("/", "SLASH", fnEncrypt("p" . $post_id_out));
$user_dir = "../tmp/" . $user_id . "/";
$target_dir = "../upload/" . $encoded_post_id . "/";
// if there are more than 0 files in the ../tmp/[UserID] directory
if (sizeof($addedFiles) > 0) {
$currentfiles = directory_to_array($user_dir);
$index = 0;
while ($existingFile = $currentfiles[$index++]) {
$alias = end(split("/", $existingFile));
$array = split("-", $alias);
$fileTime = $array[0] / 1000;
$time = getTime();
if ($time - $fileTime > 86400) {
unlink($existingFile);
}
}
// if ../upload/[UserID] direcoty does not exists, create the directory
if (!(file_exists($target_dir) && is_dir($target_dir))) {
@mkdir($target_dir, 0777, true);
}
$index = 0;
while ($file = $addedFiles[$index++]['file']) {
$filesize = filesize($user_dir . $file['alias']);
$filealias = $file['alias'];
$fileextension = end(explode(".", $filealias));
$filename = $file['name'];
//echo "{filealias:" . $filealias . "\n filename:" . $filename ."}";
$filename_no_ext = substr($filename, 0, strlen($filename) - strlen($fileextension) - 1);
$oldfilename = $filename;
$fileSufix = '';
$fileCounter = 1;
while (file_exists($target_dir . $filename)) {
$filename = $filename_no_ext . '(' . $fileCounter . ').' . $fileextension;
$fileCounter++;
}
$fileDirectory = $target_dir . $filename;
$fileAddress = publicUrl . "/upload/" . $encoded_post_id . "/" . $filename;
//DB Save
$result = DBSaveUploadFile($fileextension, $post_id_out, -1, $filesize, $fileDirectory, $fileAddress, $filename);
//Check Image is in the DOM
$doc = new DOMDocument();
@$doc->loadHTML(mb_convert_encoding(str_replace("&", "&", $content), 'HTML-ENTITIES', 'UTF-8'));
$tags = $doc->getElementsByTagName('img');
foreach ($tags as $tag) {
$source = $tag->getAttribute('src');
//echo "\r\noriginal source: " . $source;
// BYUNGHOON: !==false, ===false is the proper+safe way to check strpos
if (strpos($source, $filealias) !== false && strpos($source, "\\/upload\\/") === false) {
$tag->removeAttribute('src');
$tag->setAttribute('src', $fileAddress);
//echo "fileaddress: " . $fileAddress . " \t";
}
}
$newContent = @$doc->saveHTML();
$newContent = str_replace('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">', '', $newContent);
$newContent = str_replace("&", "&", $newContent);
$content = $newContent;
$db->next_result();
$stmt = $db->stmt_init();
//htmlspecialchars($title, ENT_HTML401, 'UTF-8', false)
if ($stmt->prepare('CALL Save_Post(?,?,?,?,?,?,?,?)')) {
$stmt->bind_param('isiissii', $post_id_out, $boardName, $user_id, $pinned, $title, $content, $date, $date);
$stmt->execute();
$post_id_out = NULL;
$stmt->bind_result($post_id_out);
$stmt->fetch();
$stmt->close();
}
//Move file from /tmp/ to /upload/
rename($user_dir . $filealias, $user_dir . $filename);
copy($user_dir . $filename, $target_dir . $filename);
unlink($user_dir . $filename);
}
}
}
if ($deletedFiles != null) {
foreach ($deletedFiles as $filename) {
$encoded_post_id = str_replace("/", "SLASH", fnEncrypt("p" . $post_id_out));
$target_dir = "../upload/" . $encoded_post_id . "/" . $filename;
if (file_exists($target_dir)) {
unlink($target_dir);
}
$db->next_result();
$stmt = $db->stmt_init();
if ($stmt->prepare('CALL Delete_Post_File(?, ?)')) {
$stmt->bind_param('is', $post_id, $filename);
$stmt->execute();
$stmt->close();
}
}
}
return $post_id_out;
}
}
}
return -1;
}
