personal-website/docs/www/blog/post_comment.php

158 lines
3.9 KiB
PHP
Raw Normal View History

2024-08-21 23:06:32 +02:00
<?php
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
include_once($COMMONS."/header.php");
include_once($COMMONS."/blog_utils.php");
/**
* Send a comment to the database.
* If the poster is not signed in, send "NULL" (as a string) as the $posterID
* The same goes for $parentId (that is the parent comment,
* if this one is a response)
* Returns: GUID PK of the newly added comment.
*/
function send_comment($conn, $blogId, $posterId, $content, $parentId) {
// If content is empty, do not post
if(empty($content)) {
return "";
}
// Get a uuid for the comment
$stmt = $conn->prepare("SELECT UUID()");
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$uuid = $result["UUID()"];
// Prepare the statemtnt
$stmt = $conn->prepare("INSERT INTO blogpost_comments
( comment_id, parent_id, blogpost_id, poster_id, content) VALUES
(:comment_id, :parent_id, :blogpost_id, :poster_id, :content);");
// Bind all the parameters
$stmt->bindValue(":comment_id", $uuid, PDO::PARAM_STR);
$stmt->bindValue(":parent_id", $parentId == "NULL"
? NULL : $parentId, PDO::PARAM_STR);
$stmt->bindValue(":blogpost_id", $blogId, PDO::PARAM_STR);
$stmt->bindValue(":poster_id", $posterId == "NULL"
? NULL : $posterId, PDO::PARAM_STR);
$stmt->bindValue(":content", $content, PDO::PARAM_STR);
// Execute the statement
$stmt->execute();
return $uuid;
}
// If request is not POST, show request info.
if(strcmp($_SERVER["REQUEST_METHOD"], "POST") != 0)
{
display_header("Post Comment");
printf("
<article>
<h2>Post Comment</h2>
<p>
Request this page with POST supplying following arguments:
</p>
<table>
<tr>
<td>
<b>Argument</b>
</td>
<td>
<b>Comment</b>
</td>
</tr>
<tr>
<td>
referer
</td>
<td>
URL, from which this page was requested,
after adding the comment into the database,
the page will redirect back to the referer.
</td>
</tr>
<tr>
<td>
blogpost_id
</td>
<td>
GUID of the blogpost, under which the comment was posted.
</td>
</tr>
<tr>
<td>
content
</td>
<td>
Content of the comment.
</td>
</tr>
<tr>
<td>
parent_id (optional)
</td>
<td>
GUID of the parent comment of the comment to be posted.
</td>
</tr>
</table>
<p>
Note: takes the SESSION variable \"current_user\" into account, if set.
</p>
</article>
");
include_once($COMMONS."/footer.php");
die();
}
// Check DB connection
if($conn == null){
header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
die();
}
// If one of the needed parameters isn't set, show 400
if(!
(isset($_POST["referer"]) && isset($_POST["blogpost_id"]) &&
isset($_POST["content"])))
{
header($_SERVER["SERVER_PROTOCOL"]." 400: Bad Request", true, 400);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/400.php");
die;
}
// Get the input arguments
$referer = sanitize_input($_POST["referer"]);
$blogpost_id = sanitize_input($_POST["blogpost_id"]);
$content = sanitize_input($_POST["content"]);
$parent_id = isset($_POST["parent_id"]) ?
sanitize_input($_POST["parent_id"]) : "NULL";
$poster_id = isset($_SESSION["current_user"]) ?
sanitize_input($_SESSION["current_user"]->user_id) : "NULL";
// Send the comment to the database
$commentId = send_comment($conn, $blogpost_id, $poster_id, $content,
$parent_id);
// Get the address of the blogpost
$blogAddress = get_blogpost_address($conn, $blogpost_id);
// Try to open the file to which to render the blogpost.
if (!($fp = fopen("article/".$blogAddress.".php", 'w'))) {
header($_SERVER["SERVER_PROTOCOL"]." 500 Could not open file for writing",
true, 505);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/500.php");
die();
}
// Attempt to regenerate the blogpost
$blogRendered = generate_article($conn, $fp, $blogpost_id);
// Redirect back to the referrer.
header("Location: ".$referer."#comment-".$commentId);
?>