public function make() { $post_id = (int) system::getInstance()->get('id'); $user_id = (int) user::getInstance()->get('id'); $message = system::getInstance()->nohtml(system::getInstance()->post('message')); // thank unknown tester for detect XSS vuln $time_between_posts = extension::getInstance()->getConfig('wall_post_delay', 'user', 'components', 'int'); if ($post_id > 0 && $user_id > 0 && system::getInstance()->length($message) > 0 && permission::getInstance()->have('global/write')) { $stmt = database::getInstance()->con()->prepare("SELECT time FROM " . property::getInstance()->get('db_prefix') . "_user_wall_answer WHERE poster = ? ORDER BY id DESC LIMIT 1"); $stmt->bindParam(1, $user_id, PDO::PARAM_INT); $stmt->execute(); $res = $stmt->fetch(); $last_post_time = $res['time']; $stmt = null; $current_time = time(); if ($current_time - $last_post_time >= $time_between_posts) { $stmt = database::getInstance()->con()->prepare("INSERT INTO " . property::getInstance()->get('db_prefix') . "_user_wall_answer (wall_post_id, poster, message, time) VALUES(?, ?, ?, ?)"); $stmt->bindParam(1, $post_id, PDO::PARAM_INT); $stmt->bindParam(2, $user_id, PDO::PARAM_INT); $stmt->bindParam(3, $message, PDO::PARAM_STR); $stmt->bindParam(4, $current_time, PDO::PARAM_INT); $stmt->execute(); $stmt = null; } } api::getInstance()->call('front', 'wallview')->make(); // refresh list }
public function make() { $obj = api::getInstance()->call('front', 'commentedit'); if (is_object($obj)) { $comment_id = (int) system::getInstance()->post('comment_id'); if (!$obj->canEdit($comment_id)) { return null; } $comment_text = system::getInstance()->nohtml(system::getInstance()->post('comment_text'), true); if ($comment_id > 0 && strlen($comment_text) > 0) { $stmt = database::getInstance()->con()->prepare("UPDATE " . property::getInstance()->get('db_prefix') . "_mod_comments set comment = ? where id = ?"); $stmt->bindParam(1, $comment_text, PDO::PARAM_STR); $stmt->bindParam(2, $comment_id, PDO::PARAM_INT); $stmt->execute(); $stmt = null; } } }
/** |==========================================================| |========= @copyright Pyatinskii Mihail, 2013-2014 ========| |================= @website: www.ffcms.ru =================| |========= @license: GNU GPL V3, file: license.txt ========| |==========================================================| */ // system are not installed or file is missed if (!file_exists(root . "/config.php")) { if (loader !== 'install') { exit; } } else { require_once root . '/config.php'; } \engine\property::getInstance()->init(); // processing of URI for multi-language and friendly url's date_default_timezone_set(\engine\property::getInstance()->get('time_zone')); // default timezone from configs \engine\language::getInstance()->init(); \engine\database::getInstance()->init(); // init database PDO connect \engine\user::getInstance()->init(); \engine\router::getInstance()->init(); \engine\extension::getInstance()->init(); // init extension controller \engine\template::getInstance()->init(); // check ip/user is fully blocked? \engine\ban::getInstance()->init(); \engine\api::getInstance()->make(); // echo enteries