This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 38
/
Copy pathajaxdiscussion.php
84 lines (58 loc) · 2.5 KB
/
ajaxdiscussion.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?php
include_once 'data.php';
include_once 'functions.php';
if (!empty($_GET['project'])) {
$projectID = intval($_GET['project']);
} elseif (!empty($_POST['project'])) {
$projectID = intval($_POST['project']);
} else {
die();
}
// Check if the user is in this project.
database_connect(IL_DATABASE_PATH, 'library');
$stmt = $dbHandle->prepare("SELECT projects.project as p"
. " FROM projects LEFT OUTER JOIN projectsusers ON projectsusers.projectID=projects.projectID"
. " WHERE projects.projectID=:projectID AND (projectsusers.userID=:userID OR projects.userID=:userID)");
$stmt->bindParam(':userID', $_SESSION['user_id'], PDO::PARAM_INT);
$stmt->bindParam(':projectID', $projectID, PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($result['p'])) {
displayError('You are not authorized to see this project.');
}
$dbHandle = null;
// Modify discussions.
database_connect(IL_DATABASE_PATH, 'discussions');
if(isset($_POST['newmessage']) && !empty($_POST['newmessage'])) {
$stmt = $dbHandle->prepare("INSERT INTO projectdiscussion (projectID, user, timestamp, message) VALUES (:projectID, :user, :timestamp, :message)");
$stmt->bindParam(':projectID', $projectID);
$stmt->bindParam(':user', $user);
$stmt->bindParam(':timestamp', $timestamp);
$stmt->bindParam(':message', $message);
$user = $_SESSION['user'];
$timestamp = time();
$message = $_POST['newmessage'];
$insert = $stmt->execute();
$dbHandle = null;
if ($insert) die('OK');
}
if(isset($_GET['delete'])) {
$delete = $dbHandle->exec("DELETE FROM projectdiscussion WHERE projectID=" . $projectID);
$dbHandle = null;
die('OK');
}
if(isset($_GET['read'])) {
$result = $dbHandle->query("SELECT * FROM projectdiscussion WHERE projectID=" . $projectID . " ORDER BY id DESC LIMIT 100");
$dbHandle = null;
print '<table>';
while($message = $result->fetch(PDO::FETCH_ASSOC)) {
$message['user'] = htmlspecialchars($message['user']);
$message['message'] = htmlspecialchars($message['message']);
$message['message'] = preg_replace('/(https?\:\/\/\S+)/i', '<a href="\\1" target="_blank">\\1</a>', $message['message']);
$message['message'] = nl2br($message['message']);
echo "<div class=\"alternating_row\" style=\"padding:2px\"><b>" . date("M j, Y, h:i:s A", $message['timestamp']) . ", " . $message['user'] . ":</b></div>";
echo "<div style=\"padding:2px 2px 10px 2px\">$message[message]</div>" . PHP_EOL;
}
print '</table>';
}
?>