Changeset 456174
- Timestamp:
- 10/26/2011 10:54:29 PM (14 years ago)
- Location:
- reflect/trunk/php
- Files:
-
- 2 edited
-
api.php (modified) (1 diff)
-
models.php (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
reflect/trunk/php/api.php
r372069 r456174 16 16 17 17 if (!class_exists("ReflectBulletsAPI")) { 18 class ReflectBulletsAPI { 19 20 function get_data(){ 21 global $wpdb; 22 $data = array(); 23 24 $comments = json_decode(str_replace('\\', '', $_GET['comments'])); 25 26 foreach ($comments as $comment_id){ 27 $bullets = array(); 28 $res = $wpdb->get_results("SELECT bullet_id, bullet_rev FROM " . $wpdb->prefix . "reflect_bullet_current WHERE comment_id = $comment_id"); 29 30 foreach ($res as $cur_bullet){ 31 $bullet = $wpdb->get_row("SELECT bullet_id as id, timestamp as ts, user as u, text as txt FROM " . $wpdb->prefix . "reflect_bullet_revision WHERE id = $cur_bullet->bullet_rev"); 32 $bullet->highlights = $wpdb->get_results("SELECT element_id as eid FROM " . $wpdb->prefix . "reflect_highlight WHERE bullet_rev = $cur_bullet->bullet_rev"); 33 34 $cur_responses = $wpdb->get_results("SELECT response_id, response_rev FROM " . $wpdb->prefix . "reflect_response_current WHERE bullet_id = $bullet->id"); 35 $responses = array(); 36 foreach ($cur_responses as $cur_response){ 37 $response = $wpdb->get_row("SELECT response_id as id,timestamp as ts,user as u,text as txt, signal as sig FROM " . $wpdb->prefix . "reflect_response_revision WHERE id = $cur_response->response_rev"); 38 $response->rev = $cur_response->response_rev; 39 $responses[$response->id] = $response; 40 } 41 $bullet->responses = $responses; 42 $bullet->rev = $cur_bullet->bullet_rev; 43 $bullets[$bullet->id] = $bullet; 44 } 45 $data[$comment_id] = $bullets; 46 } 47 48 49 $json_encoded = json_encode($data); 50 return $json_encoded; 51 52 } 53 54 55 function delete_bullet(){ 56 global $wpdb; 18 class ReflectBulletsAPI { 19 20 function get_data(){ 21 global $wpdb; 22 global $current_user; 23 24 $data = array(); 25 26 $comments = json_decode(str_replace('\\', '', $_GET['comments'])); 27 28 foreach ($comments as $comment_id){ 29 $bullets = array(); 30 $res = $wpdb->get_results("SELECT bullet_id, bullet_rev FROM " . $wpdb->prefix . "reflect_bullet_current WHERE comment_id = $comment_id"); 31 32 foreach ($res as $cur_bullet){ 33 $bullet = $wpdb->get_row("SELECT bullet_id as id, timestamp as ts, user as u, text as txt, rating_zen, rating_gold, rating_sun, rating_troll, rating_graffiti, rating FROM " . $wpdb->prefix . "reflect_bullet_revision WHERE id = $cur_bullet->bullet_rev"); 34 $bullet->ratings = array( 35 'zen' => $bullet->rating_zen, 36 'gold' => $bullet->rating_gold, 37 'sun' => $bullet->rating_sun, 38 'troll' => $bullet->rating_troll, 39 'graffiti' => $bullet->rating_graffiti, 40 'rating' => $bullet->rating 41 ); 42 if ( is_user_logged_in() ){ 43 $db_ratings = $wpdb->get_results("SELECT bullet_id, rating FROM " . $wpdb->prefix . "reflect_rating WHERE bullet_id = $bullet->id AND user_id = $current_user->ID"); 44 foreach ($db_ratings as $db_rating) { 45 $bullet->my_rating = $db_rating->rating; 46 $bullet->ratings[$db_rating->rating] -= 1; 47 } 48 } 49 $highlights = $wpdb->get_results("SELECT element_id as eid FROM " . $wpdb->prefix . "reflect_highlight WHERE bullet_rev = $cur_bullet->bullet_rev"); 50 $bullet->highlights = array(); 51 foreach ($highlights as $highlight) { 52 $bullet->highlights[] = $highlight->eid; 53 } 54 55 $db_response = $wpdb->get_row("SELECT response_id, response_rev FROM " . $wpdb->prefix . "reflect_response_current WHERE bullet_id = $bullet->id"); 56 57 $bullet->response = $db_response ? $wpdb->get_row("SELECT response_id as id, id as rev, timestamp as ts, user as u, text as txt, signal as sig FROM " . $wpdb->prefix . "reflect_response_revision WHERE id = $db_response->response_rev") : Null; 58 59 $bullet->rev = $cur_bullet->bullet_rev; 60 $bullets[$bullet->id] = $bullet; 61 } 62 $data[$comment_id] = $bullets; 63 } 64 65 66 $json_encoded = json_encode($data); 67 return $json_encoded; 68 69 } 70 71 72 function delete_bullet(){ 73 global $wpdb; 74 75 $bullet_id = $_POST['bullet_id']; 76 return $wpdb->query("DELETE FROM " . $wpdb->prefix . "reflect_bullet_current WHERE bullet_id = $bullet_id"); 77 } 78 79 function delete_response(){ 80 global $wpdb; 81 82 $response_id = $_POST['response_id']; 83 return $wpdb->query("DELETE FROM " . $wpdb->prefix . "reflect_response_current WHERE response_id = $response_id"); 84 } 85 86 function add_response(){ 87 global $wpdb; 88 global $current_user; 89 90 if (!is_user_logged_in()){ 91 $user = 'Anonymous'; 92 } else { 93 $user = $current_user->display_name; 94 } 95 96 //$comment_id = $_POST['comment_id']; 97 $bullet_id = $_POST['bullet_id']; 98 $response_text = $_POST['text']; 99 if($response_text == '') return ''; 100 101 $signal = (int)$_POST['signal']; 102 103 $modify = isset($_POST['response_id']); 104 if($modify){ 105 //modifying existing 106 $response_id = $_POST['response_id']; 107 $cur_response = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "reflect_response_current WHERE response_id = $response_id"); 108 //$response = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "reflect_response_revision WHERE response_rev = $cur_response->response_rev"); 109 }else{ 110 //$res = $wpdb->get_row("SELECT id FROM " . $wpdb->prefix . "reflect_bullet WHERE comment_id = $comment_id AND text = '$bullet_text'"); 111 //if($res) return ''; 112 $response_id = (int)$wpdb->get_var( $wpdb->prepare( "SELECT MAX(response_id) FROM " . $wpdb->prefix . "reflect_response_revision" ) ) + 1; 113 } 114 115 //$res = $wpdb->get_row("SELECT id FROM " . $wpdb->prefix . "reflect_response WHERE bullet_id = $bullet_id AND text = '$response_text'"); 116 117 $params = array( 118 'response_id' => (int)$response_id, 119 'bullet_id' => (int)$bullet_id, 120 'user' => $user, 121 'user_id' => $current_user->ID, 122 'text' => wp_kses($response_text, NULL), 123 'signal' => $signal 124 ); 125 126 $wpdb->insert( $wpdb->prefix . 'reflect_response_revision', $params ); 127 $response_rev = $wpdb->insert_id; 128 129 130 if($modify){ 131 $wpdb->update($wpdb->prefix . 'reflect_response_current', 132 array( 'response_rev' => $response_rev ), 133 array( 'response_id' => $response_id ) ); 134 }else{ 135 $params = array( 136 'response_rev' => (int)$response_rev, 137 'response_id' => (int)$response_id, 138 'bullet_id' => (int)$bullet_id, 139 ); 140 141 $wpdb->insert( $wpdb->prefix . 'reflect_response_current', $params ); 142 } 143 144 $resp = json_encode(array("insert_id"=>$response_id, "u"=>$user, "rev_id" => $response_rev, "sig"=>$signal)); 57 145 58 $bullet_id = $_POST['bullet_id']; 59 return $wpdb->query("DELETE FROM " . $wpdb->prefix . "reflect_bullet_current WHERE bullet_id = $bullet_id"); 60 } 61 62 function delete_response(){ 63 global $wpdb; 146 return $resp; 147 } 148 149 function add_bullet(){ 150 global $wpdb; 151 global $current_user; 152 153 if (!is_user_logged_in()){ 154 $user = 'Anonymous'; 155 } else { 156 $user = $current_user->display_name; 157 } 158 159 $comment_id = $_POST['comment_id']; 160 $bullet_text = $_POST['text']; 161 if($bullet_text == '') return ''; 162 163 $modify = isset($_POST['bullet_id']); 164 if($modify){ 165 //modifying existing 166 $bullet_id = $_POST['bullet_id']; 167 $cur_bullet = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "reflect_bullet_current WHERE bullet_id = $bullet_id"); 168 } else { 169 $bullet_id = (int)$wpdb->get_var( $wpdb->prepare( "SELECT MAX(bullet_id) FROM " . $wpdb->prefix . "reflect_bullet_revision" ) ) + 1; 170 } 171 172 $params = array( 173 'comment_id' => (int)$comment_id, 174 'bullet_id' => (int)$bullet_id, 175 'user' => $user, 176 'text' => wp_kses($_POST['text'], NULL), 177 'user_id' => $current_user->ID 178 ); 179 180 $wpdb->insert( $wpdb->prefix . 'reflect_bullet_revision', $params ); 181 $bullet_rev = $wpdb->insert_id; 182 183 if (isset($_POST['highlights'])){ 184 $highlights = json_decode(str_replace('\\', '', $_POST['highlights'])); 185 foreach ($highlights as $value){ 186 $params = array( 187 'bullet_id' => $bullet_id, 188 'bullet_rev' => $bullet_rev, 189 'element_id' => $value, 190 ); 191 $wpdb->insert( $wpdb->prefix . "reflect_highlight", $params); 192 } 193 } 64 194 65 $response_id = $_POST['response_id']; 66 return $wpdb->query("DELETE FROM " . $wpdb->prefix . "reflect_response_current WHERE response_id = $response_id"); 67 } 68 69 function add_response(){ 70 global $wpdb; 71 global $current_user; 72 73 if (!is_user_logged_in()){ 74 $user = 'Anonymous'; 75 } else { 76 $user = $current_user->display_name; 77 } 78 79 //$comment_id = $_POST['comment_id']; 80 $bullet_id = $_POST['bullet_id']; 81 $response_text = $_POST['text']; 82 if($response_text == '') return ''; 83 84 $signal = (int)$_POST['signal']; 85 86 $modify = isset($_POST['response_id']); 87 if($modify){ 88 //modifying existing 89 $response_id = $_POST['response_id']; 90 $cur_response = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "reflect_response_current WHERE response_id = $response_id"); 91 //$response = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "reflect_response_revision WHERE response_rev = $cur_response->response_rev"); 92 }else{ 93 //$res = $wpdb->get_row("SELECT id FROM " . $wpdb->prefix . "reflect_bullet WHERE comment_id = $comment_id AND text = '$bullet_text'"); 94 //if($res) return ''; 95 $response_id = (int)$wpdb->get_var( $wpdb->prepare( "SELECT MAX(response_id) FROM " . $wpdb->prefix . "reflect_response_revision" ) ) + 1; 96 } 97 98 //$res = $wpdb->get_row("SELECT id FROM " . $wpdb->prefix . "reflect_response WHERE bullet_id = $bullet_id AND text = '$response_text'"); 99 100 $params = array( 101 'response_id' => (int)$response_id, 102 'bullet_id' => (int)$bullet_id, 103 'user' => $user, 104 'text' => wp_kses($response_text, NULL), 105 'signal' => $signal 106 ); 107 108 $wpdb->insert( $wpdb->prefix . 'reflect_response_revision', $params ); 109 $response_rev = $wpdb->insert_id; 110 111 112 if($modify){ 113 $wpdb->update($wpdb->prefix . 'reflect_response_current', 114 array( 'response_rev' => $response_rev ), 115 array( 'response_id' => $response_id ) ); 116 }else{ 117 $params = array( 118 'response_rev' => (int)$response_rev, 119 'response_id' => (int)$response_id, 120 'bullet_id' => (int)$bullet_id, 121 ); 122 123 $wpdb->insert( $wpdb->prefix . 'reflect_response_current', $params ); 124 } 125 126 $resp = json_encode(array("insert_id"=>$response_id, "u"=>$user, "rev_id" => $response_rev, "sig"=>$signal)); 127 128 return $resp; 129 } 130 131 function add_bullet(){ 132 global $wpdb; 133 global $current_user; 134 135 if (!is_user_logged_in()){ 136 $user = 'Anonymous'; 137 } else { 138 $user = $current_user->display_name; 139 } 140 141 $comment_id = $_POST['comment_id']; 142 $bullet_text = $_POST['text']; 143 if($bullet_text == '') return ''; 144 145 $modify = isset($_POST['bullet_id']); 146 if($modify){ 147 //modifying existing 148 $bullet_id = $_POST['bullet_id']; 149 $cur_bullet = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "reflect_bullet_current WHERE bullet_id = $bullet_id"); 150 //$bullet = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "reflect_bullet_revision WHERE bullet_rev = $cur_bullet->bullet_rev"); 151 152 }else{ 153 //$res = $wpdb->get_row("SELECT id FROM " . $wpdb->prefix . "reflect_bullet WHERE comment_id = $comment_id AND text = '$bullet_text'"); 154 //if($res) return ''; 155 $bullet_id = (int)$wpdb->get_var( $wpdb->prepare( "SELECT MAX(bullet_id) FROM " . $wpdb->prefix . "reflect_bullet_revision" ) ) + 1; 156 } 157 158 $params = array( 159 'comment_id' => (int)$comment_id, 160 'bullet_id' => (int)$bullet_id, 161 'user' => $user, 162 'text' => wp_kses($_POST['text'], NULL) 163 ); 164 165 $wpdb->insert( $wpdb->prefix . 'reflect_bullet_revision', $params ); 166 $bullet_rev = $wpdb->insert_id; 167 168 if (isset($_POST['highlights'])){ 169 $highlights = json_decode(str_replace('\\', '', $_POST['highlights'])); 170 foreach ($highlights as $value){ 171 $params = array( 172 'bullet_id' => $bullet_id, 173 'bullet_rev'=> $bullet_rev, 174 'element_id' => $value->eid, 175 ); 176 177 $wpdb->insert( $wpdb->prefix . "reflect_highlight", $params); 178 179 } 180 } 195 if ($modify) { 196 $wpdb->update($wpdb->prefix . 'reflect_bullet_current', 197 array( 'bullet_rev' => $bullet_rev ), 198 array( 'bullet_id' => $bullet_id ) ); 199 } else { 200 $params = array( 201 'bullet_rev' => (int)$bullet_rev, 202 'comment_id' => (int)$comment_id, 203 'bullet_id' => (int)$bullet_id, 204 ); 205 206 $wpdb->insert( $wpdb->prefix . 'reflect_bullet_current', $params ); 207 208 $comment = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "comments WHERE comment_id = $comment_id"); 209 $post = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "posts WHERE id = $comment->comment_post_ID"); 210 $post_title = $post->post_title; 211 $link = $post->guid; 212 $comment_author = $comment->comment_author; 213 $bullet_text = str_replace("\\'", "'", $bullet_text); 214 try { 215 $from = get_bloginfo('admin_email'); 216 $subject = "$user summarized a comment you wrote in \"$post_title\""; 217 $message = "Hi $comment_author,\n\n$user believes that you made the following point:\n\n\"$bullet_text\"\n\nTo verify whether this is accurate or not, please visit $link and login.\n\nThanks!"; 218 $headers = "From: $from" . "\r\n" . 219 "Reply-To: $from" . "\r\n" . 220 'X-Mailer: PHP/' . phpversion(); 221 mail($comment->comment_author_email, $subject, $message, $headers); 222 } catch (Exception $e) {} 223 } 224 return json_encode(array("insert_id"=>$bullet_id, "u"=>$user, "rev_id" => $bullet_rev)); 225 } 226 227 function post_rating() { 228 global $wpdb; 229 global $current_user; 230 231 $comment_id = $_POST['comment_id']; 232 $bullet_id = $_POST['bullet_id']; 233 $bullet_rev = $_POST['bullet_rev']; 234 $rating = $_POST['rating']; 235 $is_delete = $_POST['is_delete']; 236 237 $uid = $current_user->ID; 238 239 #TODO: server side permission check for this operation... 240 #my $commenter = $slashdb->sqlSelect('uid', 'comments', "cid = $comment_id"); 241 #my $summarizer = $slashdb->sqlSelect('user_id', 'reflect_bullet_revision', "id = $bullet_rev"); 242 #if($commenter == $uid 243 # || $user_info->{is_anon} 244 # || $summarizer == $uid ) { 245 # return "rejected"; 246 #} 247 248 $wpdb->query("DELETE FROM " . $wpdb->prefix . "reflect_rating WHERE bullet_id = $bullet_id AND user_id = $uid"); 249 250 if($is_delete == 'false') { 251 $rating_params = array( 252 'comment_id' => $comment_id, 253 'bullet_id' => $bullet_id, 254 'bullet_rev' => $bullet_rev, 255 'rating' => $rating, 256 'user_id' => $uid 257 ); 258 $wpdb->insert( $wpdb->prefix . "reflect_rating", $rating_params); 259 } 260 261 $ratings = $wpdb->get_results("SELECT rating, count(*) as cnt FROM " . $wpdb->prefix . "reflect_rating WHERE bullet_id=$bullet_id GROUP BY rating"); 262 263 $update_obj = array( 264 'rating_zen' => 0, 265 'rating_gold' => 0, 266 'rating_sun' => 0, 267 'rating_troll' => 0, 268 'rating_graffiti' => 0 269 ); 270 $high_cnt = 0; 271 foreach ($ratings as $row) { 272 $row_rating = $row->rating; 273 $update_obj["rating_" . $row_rating] = $row->cnt; 274 if($row->cnt > $high_cnt){ 275 $high_cnt = $row->cnt; 276 $high_rating = $row->rating; 277 } 278 } 279 280 $update_obj["rating"] = $high_cnt > 0 ? $high_rating : Null; 281 282 283 $db_bullet = $wpdb->get_row("SELECT bullet_rev FROM " . $wpdb->prefix . "reflect_bullet_current WHERE bullet_id = $bullet_id"); 284 285 $wpdb->update($wpdb->prefix . 'reflect_bullet_revision', 286 $update_obj, 287 array( 'id' => $db_bullet->bullet_rev ) ); 288 289 $resp = json_encode(array("rating" => $high_rating, "deactivate" => false)); 290 if (isset($_POST['callback'])) 291 $resp = $_POST['callback'] + '(' + $resp + ')'; 292 293 294 return $resp; 295 296 } 297 298 function post_response(){ 299 try{ 300 if (isset($_POST['delete']) && $_POST['delete'] == 'true') 301 $verb = 'delete'; 302 else 303 $verb = 'add'; 304 305 if (!$this->has_permission($verb, 'response')) 306 return; 307 308 if ($verb == 'delete') 309 $resp = $this->delete_response(); 310 else{ 311 $resp = $this->add_response(); 312 } 313 } catch(Exception $e) { 314 $resp = $e->getMessage(); 315 } 316 317 if (isset($_POST['callback'])) 318 $resp = $_POST['callback'] + '(' + $resp + ')'; 319 320 return $resp; 321 } 322 323 function post_summary(){ 324 if (isset($_POST['delete']) && $_POST['delete'] == 'true') 325 $verb = 'delete'; 326 else 327 $verb = 'add'; 328 329 330 if (!$this->has_permission($verb, 'bullet')) 331 return; 332 333 if ($verb == 'delete') 334 $resp = $this->delete_bullet(); 335 else 336 $resp = $this->add_bullet(); 337 338 if (isset($_POST['callback'])) 339 $resp = $_POST['callback'] + '(' + $resp + ')'; 340 341 return $resp; 342 } 343 344 function has_permission($verb, $noun){ 345 //anons can post summaries 346 //anons can't delete, unless its their own 347 //no-one can post summaries of their own comments 348 349 /* 350 * variables 351 * 352 * user_level 353 * action [post bullet, delete bullet, modify bullet 354 * comment author 355 */ 356 global $wpdb; 357 global $current_user; 358 359 $comment_id = $_POST['comment_id']; 360 $comment = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "comments WHERE comment_id = $comment_id"); 361 $comment_author = $comment->user_id; 362 363 $bullet_id = $_POST['bullet_id']; 364 $bullet = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "reflect_bullet_revision WHERE bullet_id = $bullet_id"); 365 $bullet_author = $bullet->user_id; 366 367 if(!is_user_logged_in()) { 368 $user_level = -1; 369 $user = NULL; 370 } else { 371 $user_level = $current_user->user_level; 372 $user = $current_user->ID; 373 } 374 375 if($noun == 'bullet'){ 376 if ($verb == 'delete'){ 377 if($bullet_author != $user && $user_level < 2){return false;} 181 378 182 if($modify){ 183 $wpdb->update($wpdb->prefix . 'reflect_bullet_current', 184 array( 'bullet_rev' => $bullet_rev ), 185 array( 'bullet_id' => $bullet_id ) ); 186 }else{ 187 $params = array( 188 'bullet_rev' => (int)$bullet_rev, 189 'comment_id' => (int)$comment_id, 190 'bullet_id' => (int)$bullet_id, 191 ); 192 193 $wpdb->insert( $wpdb->prefix . 'reflect_bullet_current', $params ); 194 195 $comment = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "comments WHERE comment_id = $comment_id"); 196 $post = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "posts WHERE id = $comment->comment_post_ID"); 197 $post_title = $post->post_title; 198 $link = $post->guid; 199 $comment_author = $comment->comment_author; 200 $bullet_text = str_replace("\\'", "'", $bullet_text); 201 try { 202 $from = get_bloginfo('admin_email'); 203 $subject = "$user summarized a comment you wrote in \"$post_title\""; 204 $message = "Hi $comment_author,\n\n$user believes that you made the following point:\n\n\"$bullet_text\"\n\nTo verify whether this is accurate or not, please visit $link and login.\n\nThanks!"; 205 $headers = "From: $from" . "\r\n" . 206 'Reply-To: $from' . "\r\n" . 207 'X-Mailer: PHP/' . phpversion(); 208 mail($comment->comment_author_email, $subject, $message, $headers); 209 } catch (Exception $e) {} 210 } 211 return json_encode(array("insert_id"=>$bullet_id, "u"=>$user, "rev_id" => $bullet_rev)); 212 } 213 214 function post_response(){ 215 try{ 216 if (isset($_POST['delete']) && $_POST['delete'] == 'true') 217 $verb = 'delete'; 218 else 219 $verb = 'add'; 220 221 if (!$this->has_permission($verb, 'response')) 222 return; 223 224 if ($verb == 'delete') 225 $resp = $this->delete_response(); 226 else{ 227 $resp = $this->add_response(); 228 } 229 }catch(Exception $e){ 230 $resp = $e->getMessage(); 231 } 379 }elseif ($verb == 'add'){ 380 if($comment_author == $user){return false;} 381 } 382 }elseif($noun == 'response'){ 383 if($verb == 'delete'){ 384 if($comment_author != $user && $user_level < 2 ){return false;} 232 385 233 if (isset($_POST['callback'])) 234 $resp = $_POST['callback'] + '(' + $resp + ')'; 235 236 return $resp; 237 } 238 239 function post_summary(){ 240 if (isset($_POST['delete']) && $_POST['delete'] == 'true') 241 $verb = 'delete'; 242 else 243 $verb = 'add'; 244 245 246 if (!$this->has_permission($verb, 'bullet')) 247 return; 248 249 if ($verb == 'delete') 250 $resp = $this->delete_bullet(); 251 else 252 $resp = $this->add_bullet(); 253 254 if (isset($_POST['callback'])) 255 $resp = $_POST['callback'] + '(' + $resp + ')'; 256 257 return $resp; 258 } 259 260 function has_permission($verb, $noun){ 261 //anons can post summaries 262 //anons can't delete, unless its their own 263 //no-one can post summaries of their own comments 264 265 /* 266 * variables 267 * 268 * user_level 269 * action [post bullet, delete bullet, modify bullet 270 * comment author 271 */ 272 global $wpdb; 273 global $current_user; 274 275 $comment_id = $_POST['comment_id']; 276 $comment = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "comments WHERE comment_id = $comment_id"); 277 $comment_author = $comment->user_id; 278 279 $bullet_id = $_POST['bullet_id']; 280 $bullet = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "reflect_bullet_revision WHERE bullet_id = $bullet_id"); 281 $bullet_author = $bullet->user_id; 282 283 if(!is_user_logged_in()) { 284 $user_level = -1; 285 $user = NULL; 286 } else { 287 $user_level = $current_user->user_level; 288 $user = $current_user->ID; 289 } 290 291 if($noun == 'bullet'){ 292 if ($verb == 'delete'){ 293 if($bullet_author != $user && $user_level < 2){return false;} 294 295 }elseif ($verb == 'add'){ 296 if($comment_author == $user){return false;} 297 } 298 }elseif($noun == 'response'){ 299 if($verb == 'delete'){ 300 if($comment_author != $user && $user_level < 2 ){return false;} 301 302 }elseif($verb == 'add'){ 303 if($comment_author != $user && $user_level < 2 ){return false;} 304 } 305 } 306 307 return true; 308 } 309 310 311 } 386 }elseif($verb == 'add'){ 387 if($comment_author != $user && $user_level < 2 ){return false;} 388 } 389 } 390 391 return true; 392 } 393 } 312 394 } 313 395 314 396 if (class_exists("ReflectBulletsAPI")) { 315 if (!isset($reflect_api)) 316 $reflect_api = new ReflectBulletsAPI(); 317 318 if(!empty($_POST)){ 319 if(isset($_POST['response']) && $_POST['response'] == 'true') 320 echo $reflect_api->post_response(); 321 else 322 echo $reflect_api->post_summary(); 323 } else { 324 echo $reflect_api->get_data(); 325 } 397 if (!isset($reflect_api)) 398 $reflect_api = new ReflectBulletsAPI(); 399 400 if(!empty($_POST) && isset($_POST['operation'])){ 401 if ( $_POST['operation'] == 'response' ) { 402 echo $reflect_api->post_response(); 403 } elseif ( $_POST['operation'] == 'bullet' ) { 404 echo $reflect_api->post_summary(); 405 } elseif ( $_POST['operation'] == 'rate' ) { 406 echo $reflect_api->post_rating(); 407 } 408 } else { 409 echo $reflect_api->get_data(); 410 } 326 411 327 412 } -
reflect/trunk/php/models.php
r372130 r456174 3 3 function reflect_bullets_current() { 4 4 global $wpdb; 5 $table_name = $wpdb->prefix ."reflect_bullet_current";5 $table_name = "reflect_bullet_current"; 6 6 7 $sql = "CREATE TABLE " . $table_name . " ( 8 id mediumint(9) NOT NULL AUTO_INCREMENT, 7 $sql = "id mediumint(9) NOT NULL AUTO_INCREMENT, 9 8 10 11 12 9 bullet_id mediumint(9), 10 comment_id mediumint(9), 11 bullet_rev mediumint(9), 13 12 14 13 PRIMARY KEY id (id), 15 FOREIGN KEY (comment_id) REFERENCES " . $wpdb->prefix . "comments(comment_ID) ON DELETE SET NULL ON UPDATE CASCADE, 16 FOREIGN KEY (bullet_id) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(bullet_id) ON DELETE CASCADE ON UPDATE CASCADE, 17 FOREIGN KEY (bullet_rev) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(id) ON DELETE CASCADE ON UPDATE CASCADE 18 19 );"; 14 FOREIGN KEY (comment_id) REFERENCES " . $wpdb->prefix . "comments(comment_ID) ON DELETE SET NULL ON UPDATE CASCADE, 15 FOREIGN KEY (bullet_id) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(bullet_id) ON DELETE CASCADE ON UPDATE CASCADE, 16 FOREIGN KEY (bullet_rev) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(id) ON DELETE CASCADE ON UPDATE CASCADE"; 17 20 18 return array( "table_name" => $table_name, "sql" => $sql ); 21 19 } 22 20 23 21 function reflect_bullets_revision() { 24 global $wpdb;25 $table_name = $wpdb->prefix ."reflect_bullet_revision";22 global $wpdb; 23 $table_name = "reflect_bullet_revision"; 26 24 27 $sql = "CREATE TABLE " . $table_name . " ( 28 id mediumint(9) NOT NULL AUTO_INCREMENT, 25 $sql = "id mediumint(9) NOT NULL AUTO_INCREMENT, 29 26 30 27 bullet_id mediumint(9) NOT NULL, … … 32 29 timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, 33 30 user tinytext NOT NULL, 34 35 31 user_id mediumint(9), 32 comment_id mediumint(9), 36 33 37 text text NOT NULL, 34 text text NOT NULL, 35 36 rating tinytext, 37 rating_zen mediumint(9), 38 rating_gold mediumint(9), 39 rating_sun mediumint(9), 40 rating_troll mediumint(9), 41 rating_graffiti mediumint(9), 38 42 39 43 PRIMARY KEY id (id), 40 FOREIGN KEY (comment_id) REFERENCES " . $wpdb->prefix . "comments(comment_ID) ON DELETE SET NULL ON UPDATE CASCADE, 41 FOREIGN KEY (user_id) REFERENCES " . $wpdb->prefix . "users(ID) ON DELETE SET NULL ON UPDATE CASCADE 42 43 );"; 44 FOREIGN KEY (comment_id) REFERENCES " . $wpdb->prefix . "comments(comment_ID) ON DELETE SET NULL ON UPDATE CASCADE, 45 FOREIGN KEY (user_id) REFERENCES " . $wpdb->prefix . "users(ID) ON DELETE SET NULL ON UPDATE CASCADE"; 44 46 45 47 return array( "table_name" => $table_name, "sql" => $sql ); 46 48 47 49 } 48 50 49 51 function reflect_highlights() { 50 global $wpdb;51 $table_name = $wpdb->prefix ."reflect_highlight";52 global $wpdb; 53 $table_name = "reflect_highlight"; 52 54 53 $sql = "CREATE TABLE " . $table_name . " ( 54 id mediumint(9) NOT NULL AUTO_INCREMENT, 55 $sql = "id mediumint(9) NOT NULL AUTO_INCREMENT, 55 56 element_id tinytext NOT NULL, 56 57 bullet_id mediumint(9), … … 58 59 59 60 PRIMARY KEY id (id), 60 FOREIGN KEY (bullet_id) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(bullet_id) ON DELETE CASCADE ON UPDATE CASCADE, 61 FOREIGN KEY (bullet_rev) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(id) ON DELETE CASCADE ON UPDATE CASCADE 62 63 );"; 61 FOREIGN KEY (bullet_id) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(bullet_id) ON DELETE CASCADE ON UPDATE CASCADE, 62 FOREIGN KEY (bullet_rev) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(id) ON DELETE CASCADE ON UPDATE CASCADE"; 64 63 return array( "table_name" => $table_name, "sql" => $sql ); 65 64 66 65 } 67 66 67 function reflect_ratings() { 68 global $wpdb; 69 $table_name = "reflect_rating"; 70 71 $sql = "id mediumint(9) NOT NULL AUTO_INCREMENT, 72 bullet_id mediumint(9), 73 bullet_rev mediumint(9), 74 comment_id mediumint(9), 75 user_id mediumint(9), 76 rating tinytext, 77 timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, 78 79 PRIMARY KEY id (id), 80 FOREIGN KEY (bullet_id) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(bullet_id) ON DELETE CASCADE ON UPDATE CASCADE, 81 FOREIGN KEY (bullet_rev) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(id) ON DELETE CASCADE ON UPDATE CASCADE, 82 FOREIGN KEY (comment_id) REFERENCES " . $wpdb->prefix . "comments(comment_ID) ON DELETE SET NULL ON UPDATE CASCADE, 83 FOREIGN KEY (user_id) REFERENCES " . $wpdb->prefix . "users(ID) ON DELETE SET NULL ON UPDATE CASCADE"; 84 return array( "table_name" => $table_name, "sql" => $sql ); 85 86 } 87 68 88 function reflect_response_current() { 69 global $wpdb;70 $table_name = $wpdb->prefix ."reflect_response_current";89 global $wpdb; 90 $table_name = "reflect_response_current"; 71 91 72 $sql = "CREATE TABLE " . $table_name . " ( 73 id mediumint(9) NOT NULL AUTO_INCREMENT, 92 $sql = "id mediumint(9) NOT NULL AUTO_INCREMENT, 74 93 bullet_id mediumint(9), 75 94 response_id mediumint(9), … … 77 96 78 97 PRIMARY KEY id (id), 79 FOREIGN KEY (bullet_id) REFERENCES " . $wpdb->prefix . "reflect_bullets_current(bullet_id) ON DELETE CASCADE ON UPDATE CASCADE, 80 FOREIGN KEY (response_id) REFERENCES " . $wpdb->prefix . "reflect_response_revision(response_id) ON DELETE CASCADE ON UPDATE CASCADE, 81 FOREIGN KEY (response_rev) REFERENCES " . $wpdb->prefix . "reflect_response_revision(id) ON DELETE CASCADE ON UPDATE CASCADE 82 83 );"; 98 FOREIGN KEY (bullet_id) REFERENCES " . $wpdb->prefix . "reflect_bullets_current(bullet_id) ON DELETE CASCADE ON UPDATE CASCADE, 99 FOREIGN KEY (response_id) REFERENCES " . $wpdb->prefix . "reflect_response_revision(response_id) ON DELETE CASCADE ON UPDATE CASCADE, 100 FOREIGN KEY (response_rev) REFERENCES " . $wpdb->prefix . "reflect_response_revision(id) ON DELETE CASCADE ON UPDATE CASCADE"; 84 101 85 102 return array( "table_name" => $table_name, "sql" => $sql ); … … 88 105 89 106 function reflect_response_revision() { 90 global $wpdb;91 $table_name = $wpdb->prefix ."reflect_response_revision";107 global $wpdb; 108 $table_name = "reflect_response_revision"; 92 109 93 $sql = "CREATE TABLE " . $table_name . " ( 94 id mediumint(9) NOT NULL AUTO_INCREMENT, 110 $sql = "id mediumint(9) NOT NULL AUTO_INCREMENT, 95 111 96 112 response_id mediumint(9) NOT NULL, … … 99 115 timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, 100 116 user tinytext NOT NULL, 101 117 user_id mediumint(9), 102 118 103 119 signal mediumint(9), 104 120 105 121 text text NOT NULL, 106 122 107 123 PRIMARY KEY id (id), 108 FOREIGN KEY (bullet_id) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(bullet_id) ON DELETE CASCADE ON UPDATE CASCADE, 109 FOREIGN KEY (user_id) REFERENCES " . $wpdb->prefix . "users(ID) ON DELETE SET NULL ON UPDATE CASCADE 110 111 );"; 124 FOREIGN KEY (bullet_id) REFERENCES " . $wpdb->prefix . "reflect_bullets_revision(bullet_id) ON DELETE CASCADE ON UPDATE CASCADE, 125 FOREIGN KEY (user_id) REFERENCES " . $wpdb->prefix . "users(ID) ON DELETE SET NULL ON UPDATE CASCADE"; 112 126 113 127 return array( "table_name" => $table_name, "sql" => $sql );
Note: See TracChangeset
for help on using the changeset viewer.