include_once '../../app/services/session.php'; include_once '../../app/services/HttpService.php'; include_once '../../app/services/AuthenticationService.php'; include_once '../../app/services/SanitationService.php'; include_once '../../app/services/ArticleService.php'; include_once '../../app/services/CommentService.php'; include_once '../../app/models/comment.php'; $method = $_SERVER['REQUEST_METHOD']; if ($method == "POST") { // Check user role if (!AuthenticationService::can_write_comment()) { HttpService::return_unauthorized(); } // Validate data $article_id = SanitationService::convertHtml($_POST['article-id']); $text = SanitationService::convertHtml($_POST['comment']); // Save comment $comments = new CommentService(); $comment = $comments->add_comment_to_article($article_id, $text); // Generate view data $user = $comment->user; $date = date("F d, Y", $comment->creation_date); $text = $comment->text; // Return comment to client include '../../app/views/comments/show.php'; exit; } if ($method == 'DELETE') { // Get form data parse_str($_SERVER['QUERY_STRING'], $post_vars); if (isset($post_vars['cid'])) {
include_once '../../app/services/ArticleService.php'; include_once '../../app/services/SanitationService.php'; include_once '../../app/services/HttpService.php'; // Parse parameters from request $title = isset($_POST['title']) ? $_POST['title'] : null; $keywords = isset($_POST['keywords']) ? $_POST['keywords'] : null; $content = isset($_POST['content']) ? $_POST['content'] : null; $user = $_SESSION['username']; // Validate required parameters if (!isset($title, $content, $user)) { HttpService::return_bad_request(); } // Sanitize user input $title = SanitationService::convertHtml($title); $keywords = SanitationService::convertHtml($keywords); $content = SanitationService::convertHtml($content); // Save article $articles = ArticleService::get_instance(); $articles->add_article($user, $title, $keywords, $content); // Redirect to articles HttpService::redirect_to('/articles/'); } // GET - Show form if ($method == "GET") { $page_title = "New Article"; $form_action = '/articles/new'; $id = ''; $title = ''; $keywords = ''; $author = $_SESSION['username']; $content = '';