File: /home/httpd/html/nyloncams.com/public_html/includes/api.comments.php
<?php
session_start();
include '../admin/db.php';
$action = $_REQUEST['action'];
$res = array();
switch ($action) {
case 'add-comment':
$performer_name = mysqli_real_escape_string($dblink, $_REQUEST['performer_name']);
$performer_site = (int) $_REQUEST['performer_site'];
$comment = str_replace(array('"',"'"), array('”','’'), $_REQUEST['comment']);
$comment = strip_tags(mysqli_real_escape_string($dblink, $comment));
$parent = (int) $_REQUEST['parent'];
if($_SESSION['userid']){
if($comment == ''){
$res['status'] = 'error';
$res['info'] = "The comment field is empty. Please write a comment.";
}
if($res['status'] != 'error'){
if(strlen($comment) > $max_comment_lenght){
$res['status'] = 'error';
$res['info'] = "The maximum length of a comment is $max_comment_lenght.";
}
}
if($res['status'] != 'error'){
$now = time() - 60;
$throttle = dbQuery("SELECT record_num FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND userid = '{$_SESSION['userid']}' AND timestamp > '$now'",false);
$throttle = (is_array($throttle)) ? $throttle : array();
if(count($throttle) > 0) {
$res['status'] = 'error';
$res['info'] = "You may only post a comment once every 60 seconds.";
}
}
if($res['status'] != 'error'){
$checkPerformer = dbQuery("SELECT username FROM performers WHERE username = '$performer_name' AND site = '$performer_site'", false);
if(is_array($checkPerformer)){
mysqli_query($dblink, "INSERT INTO comments SET userid = '{$_SESSION['userid']}', name = '{$_SESSION['username']}', comment = '$comment', performer_name = '$performer_name', performer_site = '$performer_site', timestamp = '".time()."', ip = '".$_SERVER['REMOTE_ADDR']."', parent = '$parent'");
$res['status'] = 'success';
$res['info'] = "Comment added.";
$insert_id = mysqli_insert_id($dblink);
$res['status'] = 'success';
$res['info'] = "Comment added.";
$res['result'] = array(
'id' => $insert_id,
'username' => $_SESSION['username'],
'dateAdded' => 'Now',
'comment' => $comment
);
} else {
$res['status'] = 'error';
$res['info'] = "The specified performer does not exist.";
}
}
} else {
$res['status'] = 'error';
$res['info'] = "Commenting available only for logged in users.";
}
break;
case 'edit-comment':
$comment_id = (int) $_REQUEST['comment_id'];
$comment = str_replace(array('"',"'"), array('”','’'), $_REQUEST['comment']);
$comment = strip_tags(mysqli_real_escape_string($dblink, $comment));
if(!$_SESSION['userid']){
$res['status'] = 'error';
$res['info'] = "Unauthorized!";
}
if($res['status'] != 'error'){
if(strlen($comment) > $max_comment_lenght){
$res['status'] = 'error';
$res['info'] = "The maximum length of a comment is $max_comment_lenght.";
}
}
if($res['status'] != 'error'){
$checkComment = dbQuery("SELECT record_num FROM comments WHERE userid = '{$_SESSION['userid']}' AND record_num = '$comment_id'", false);
$checkComment = (is_array($checkComment)) ? $checkComment : array();
if(count($checkComment) > 0){
dbQuery("UPDATE comments SET comment = '$comment' WHERE userid = '{$_SESSION['userid']}' AND record_num = '$comment_id'", false);
$res['status'] = 'success';
$res['info'] = "Comment updated.";
$res['comment'] = $comment;
} else {
$res['status'] = 'error';
$res['info'] = "Unauthorized!";
}
}
break;
case 'reply-comment':
$performer_name = mysqli_real_escape_string($dblink, $_REQUEST['performer_name']);
$performer_site = (int) $_REQUEST['performer_site'];
$comment = str_replace(array('"',"'"), array('”','’'), $_REQUEST['comment']);
$comment = strip_tags(mysqli_real_escape_string($dblink, $comment));
$parent = (int) $_REQUEST['parent'];
if(!$_SESSION['userid']){
$res['status'] = 'error';
$res['info'] = "Unauthorized!";
}
if($res['status'] != 'error'){
if($comment == ''){
$res['status'] = 'error';
$res['info'] = "The comment field is empty. Please write a comment.";
}
if($res['status'] != 'error'){
if(strlen($comment) > $max_comment_lenght){
$res['status'] = 'error';
$res['info'] = "The maximum length of a comment is $max_comment_lenght.";
}
}
if($res['status'] != 'error'){
$now = time() - 60;
$throttle = dbQuery("SELECT record_num FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND userid = '{$_SESSION['userid']}' AND timestamp > '$now'",false);
$throttle = (is_array($throttle)) ? $throttle : array();
if(count($throttle) > 0) {
$res['status'] = 'error';
$res['info'] = "You may only post a comment once every 60 seconds.";
}
}
if($res['status'] != 'error'){
$checkPerformer = dbQuery("SELECT username FROM performers WHERE username = '$performer_name' AND site = '$performer_site'", false);
$checkCommentParent = dbQuery("SELECT record_num FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND record_num = '$parent'", false);
if(is_array($checkPerformer) && is_array($checkCommentParent)){
mysqli_query($dblink, "INSERT INTO comments SET userid = '{$_SESSION['userid']}', name = '{$_SESSION['username']}', comment = '$comment', performer_name = '$performer_name', performer_site = '$performer_site', timestamp = '".time()."', ip = '".$_SERVER['REMOTE_ADDR']."', parent = '$parent'");
$res['status'] = 'success';
$res['info'] = "Comment added.";
$insert_id = mysqli_insert_id($dblink);
$res['status'] = 'success';
$res['info'] = "Comment added.";
$res['result'] = array(
'id' => $insert_id,
'username' => $_SESSION['username'],
'dateAdded' => 'Now',
'comment' => $comment
);
} else {
$res['status'] = 'error';
$res['info'] = "The specified performer does not exist.";
}
}
}
break;
case 'vote-comment':
if(!is_numeric($_REQUEST['comment_id'])){
$res['status'] = 'error';
$res['info'] = "Invalid comment id.";
}
if($res['status'] != 'error'){
$comment_id = (int) ($_REQUEST['comment_id']);
$checkVoted = dbQuery("SELECT comment_id FROM comments_likes WHERE comment_id = '$comment_id' AND ip = '{$_SERVER['REMOTE_ADDR']}'", false);
$checkVoted = (is_array($checkVoted)) ? $checkVoted : array();
if(count($checkVoted) > 0){
dbQuery("DELETE FROM comments_likes WHERE comment_id = '$comment_id' AND ip = '{$_SERVER['REMOTE_ADDR']}'", false);
$res['status'] = 'removed';
} else {
dbQuery("INSERT INTO comments_likes SET comment_id = '$comment_id', ip = '{$_SERVER['REMOTE_ADDR']}'", false);
$res['status'] = 'added';
}
}
break;
case 'remove-comment':
$comment_id = (int) ($_REQUEST['comment_id']);
if(!$_SESSION['userid']){
$res['status'] = 'error';
$res['info'] = "Unauthorized!";
}
if($res['status'] != 'error'){
$checkComment = dbQuery("SELECT record_num FROM comments WHERE userid = '{$_SESSION['userid']}' AND record_num = '$comment_id'", false);
$checkComment = (is_array($checkComment)) ? $checkComment : array();
if(count($checkComment) > 0){
dbQuery("DELETE FROM comments WHERE userid = '{$_SESSION['userid']}' AND record_num = '$comment_id'", false);
dbQuery("DELETE FROM comments WHERE parent = '$comment_id'", false);
dbQuery("DELETE FROM comments_likes WHERE comment_id = '$comment_id'", false);
$res['status'] = 'success';
$res['info'] = "Comment removed.";
} else {
$res['status'] = 'error';
$res['info'] = "Unauthorized!";
}
}
break;
case 'get-comments':
$performer_name = mysqli_real_escape_string($dblink, $_REQUEST['performer_name']);
$performer_site = (int) $_REQUEST['performer_site'];
$from = (int) $_REQUEST['from'];
$limit = (int) $_REQUEST['limit'];
$sortby = mysqli_real_escape_string($dblink, $_REQUEST['sort']);
if($sortby == 'newest'){
$andOrder = " ORDER BY timestamp DESC ";
} elseif($sortby == 'oldest'){
$andOrder = " ORDER BY timestamp ASC ";
} elseif($sortby == 'popular'){
$andOrder = " ORDER BY likes DESC ";
} else {
$andOrder = " ORDER BY timestamp DESC ";
}
$total_results = dbRow("SELECT COUNT(record_num) AS amount FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND parent = '0'", false);
$total_results = $total_results['amount'];
$results = dbQuery("SELECT comments.*, (SELECT COUNT(comment_id) FROM comments_likes WHERE comments_likes.comment_id = comments.record_num) AS likes FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND parent = '0' $andOrder LIMIT $from, $limit", false);
$results = (is_array($results)) ? $results : array();
if(count($results) > 0){
$items = array();
foreach ($results as $item) {
$item['added'] = datediff('n',$item['timestamp'],time(),true).' ago';
if($_SESSION['userid'] && $_SESSION['userid'] == $item['userid']){
$item['owner'] = 1;
} else {
$item['owner'] = 0;
}
if($_SESSION['userid']){
$item['show_reply'] = true;
} else {
$item['show_reply'] = false;
}
$replies_arr = array();
$replies = dbQuery("SELECT comments.*, (SELECT COUNT(comment_id) FROM comments_likes WHERE comments_likes.comment_id = comments.record_num) AS likes FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND parent = '{$item['record_num']}' ORDER BY timestamp DESC", false);
$replies = (is_array($replies)) ? $replies : array();
foreach ($replies as $reply) {
$reply['added'] = datediff('n',$reply['timestamp'],time(),true).' ago';
if($_SESSION['userid'] && $_SESSION['userid'] == $reply['userid']){
$reply['owner'] = 1;
} else {
$reply['owner'] = 0;
}
if($_SESSION['userid']){
$reply['show_reply'] = true;
} else {
$reply['show_reply'] = false;
}
$replies_arr[] = $reply;
}
$item['replies'] = $replies_arr;
$items[] = $item;
}
$res['status'] = 'success';
$res['total_results'] = $total_results;
$res['results'] = $items;
} else {
$res['status'] = 'success';
$res['info'] = 'No comments where found.';
$res['total_results'] = 0;
$res['results'] = false;
}
break;
default:
$res['status'] = 'error';
$res['info'] = 'Unknown command.';
break;
}
echo json_encode($res);
exit();
?>