/** * Adds or edits a review to the material on this server from a client of another server. * Use this request only as a POST request, the body must be a JSON-object that carries all the * necessary variables. * @param $material_id : ID of the item on this server. */ public function add_review_action($material_id) { if (Request::isPost()) { $public_key_hash = $_SERVER['HTTP_' . str_replace("-", "_", strtoupper($GLOBALS['LERNMARKTPLATZ_HEADER_PUBLIC_KEY_HASH']))]; $signature = base64_decode($_SERVER['HTTP_' . str_replace("-", "_", strtoupper($GLOBALS['LERNMARKTPLATZ_HEADER_SIGNATURE']))]); $host = LernmarktplatzHost::findOneBySQL("MD5(public_key) = ?", array($public_key_hash)); if ($host && !$host->isMe()) { $body = file_get_contents('php://input'); if ($host->verifySignature($body, $signature)) { $data = studip_utf8decode(json_decode($body, true)); $material = new LernmarktplatzMaterial($material_id); if ($material->isNew() || $material['host_id']) { throw new Exception("Unknown material."); } $user = LernmarktplatzUser::findOneBySQL("host_id = ? AND foreign_user_id = ?", array($host->getId(), $data['user']['user_id'])); if (!$user) { $user = new LernmarktplatzUser(); $user['host_id'] = $host->getId(); $user['foreign_user_id'] = $data['user']['user_id']; } $user['name'] = $data['user']['name']; $user['avatar'] = $data['user']['avatar']; $user['description'] = $data['user']['description'] ?: null; $user->store(); $review = LernmarktplatzReview::findOneBySQL("material_id = ? AND user_id = ? AND host_id = ?", array($material_id, $user->getId(), $host->getId())); if (!$review) { $review = new LernmarktplatzReview(); $review['user_id'] = $user->getId(); $review['foreign_review_id'] = $data['data']['foreign_review_id']; $review['host_id'] = $host->getId(); } $review['material_id'] = $material_id; $review['review'] = $data['data']['review']; $review['rating'] = $data['data']['rating']; $review['mkdate'] = $data['data']['mkdate']; $review['chdate'] = $data['data']['chdate']; $review->store(); echo "stored "; } else { throw new Exception("Wrong signature, sorry."); } } $this->render_text(""); } else { throw new Exception("USE POST TO PUSH."); } }