예제 #1
0
        public List <Thread> Post(string query, [FromForm] string sessionid, [FromForm] int quantity)
        {
            List <Thread> response = new List <Thread>();

            if (query == null)
            {
                return(response);
            }
            query = query.Trim();
            query = String.Format("%{0}%", query);
            SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);

            con.Open();
            string cmdText = "select top " + quantity + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid where threads.title like @query or threads.content like @query ";

            if (sessionid == null || !(Program.users.TryGetValue(sessionid, out User user) && user.mod > 0))
            {
                cmdText += " and hidden=0 ";
            }
            cmdText += "order by threads.mtime desc;";
            SqlCommand command = new SqlCommand(cmdText, con);

            command.Parameters.AddWithValue("query", query);
            SqlDataReader reader = command.ExecuteReader();

            response = ThreadController.GetThreadsFromReader(reader, sessionid, quantity, false);
            reader.Dispose();
            con.Close();
            return(response);
        }
        public Dictionary <string, object> Post(int threadid, [FromForm] string title, [FromForm] string content, [FromForm] int topicid, [FromForm] long attachid, [FromForm] string sessionid)
        {
            Dictionary <string, object> response = new Dictionary <string, object>();

            if (!Program.users.TryGetValue(sessionid, out User user))
            {
                response.Add("status", 1);
                response.Add("msg", "Invalid session");
                return(response);
            }
            if (!user.canpost || user.banned)
            {
                response.Add("status", 4);
                response.Add("msg", "You are not allowed to edit threads");
                return(response);
            }
            if (ThreadController.IsLocked(threadid))
            {
                response.Add("status", 5);
                response.Add("msg", "This thread is locked from further modifications");
                return(response);
            }
            SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);

            con.Open();
            SqlCommand command = new SqlCommand("UPDATE threads SET threads.title=@title, threads.content=@content, threads.topicid=@topicid, threads.attachid=@attachid , threads.mtime=@mtime WHERE threads.threadid=@threadid and threads.creator_id = @uid;", con);

            command.Parameters.AddWithValue("title", title);
            command.Parameters.AddWithValue("content", content);
            command.Parameters.AddWithValue("topicid", topicid);
            command.Parameters.AddWithValue("uid", user.uid);
            if (attachid == 0)
            {
                command.Parameters.AddWithValue("attachid", DBNull.Value);
            }
            else
            {
                command.Parameters.AddWithValue("attachid", attachid);
            }
            // Do this in SQL DB to prevent time difference if located on separate systems
            DateTime mtime = DateTime.UtcNow;

            command.Parameters.AddWithValue("mtime", mtime);
            command.Parameters.AddWithValue("threadid", threadid);
            if (command.ExecuteNonQuery() > 0)
            {
                response.Add("status", 0);
                response.Add("mtime", mtime);
            }
            con.Close();
            return(response);
        }
예제 #3
0
        public IActionResult Post(int quantity, [FromForm] string after, [FromForm] string sessionid)
        {
            string cmdText;

            if (sessionid == null)
            {
                cmdText = "select top " + quantity + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid where hidden=0 ";
                if (after != null)
                {
                    cmdText += "and mtime < @after ";
                }
            }
            else
            {
                if (Program.users.TryGetValue(sessionid, out User user) && user.mod > 0)
                {
                    cmdText = "select" + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid ";
                    if (after != null)
                    {
                        cmdText += "where mtime < @after ";
                    }
                    if (user.banned)
                    {
                        Dictionary <string, object> error = new Dictionary <string, object>();
                        error.Add("status", 4);
                        error.Add("msg", "You are banned from doing this");
                        return(new ObjectResult(error));
                    }
                }
                else
                {
                    return(StatusCode(401));
                }
            }
            cmdText += "order by threads.mtime desc;";
            List <Thread> response = new List <Thread>();
            SqlConnection con      = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);

            con.Open();
            SqlCommand command = new SqlCommand(cmdText, con);

            if (after != null)
            {
                command.Parameters.AddWithValue("after", Program.FromJavaTimestamp(Convert.ToInt64(after)));
            }
            response = ThreadController.GetThreadsFromReader(command.ExecuteReader(), sessionid, quantity, sessionid != null);
            con.Close();
            return(new ObjectResult(response));
        }
        internal static bool IsLocked(long commentid)
        {
            bool          result = true;
            SqlConnection con    = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);

            con.Open();
            SqlCommand    command = new SqlCommand("SELECT comments.locked, comments.threadid FROM comments WHERE commentid = " + commentid, con);
            SqlDataReader reader  = command.ExecuteReader();

            if (reader.Read())
            {
                result = reader.GetBoolean(0);
            }
            if (!result)
            {
                result = ThreadController.IsLocked(reader.GetInt64(1));
            }
            reader.Dispose();
            con.Close();
            return(result);
        }
        public Dictionary <string, object> Post(string operation, [FromForm] long threadid, [FromForm] string content, [FromForm] string sessionid, [FromForm] long commentid)
        {
            Dictionary <string, object> response = new Dictionary <string, object>();

            if (!Program.users.TryGetValue(sessionid, out User user))
            {
                response.Add("status", 1);
                response.Add("msg", "Invalid session");
                return(response);
            }
            if (!user.cancomment || user.banned)
            {
                response.Add("status", 4);
                response.Add("msg", "You are not allowed to comment");
                return(response);
            }
            SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);

            con.Open();
            SqlCommand    command;
            SqlDataReader reader;

            if (operation == "edit" || operation == "reply")
            {
                if (IsLocked(commentid))
                {
                    response.Add("status", 5);
                    response.Add("msg", "This comment is locked from further modifications");
                    return(response);
                }
                command = new SqlCommand("SELECT creator_id, threadid FROM comments WHERE commentid = " + commentid, con);
                reader  = command.ExecuteReader();
                if (reader.Read())
                {
                    if (threadid != reader.GetInt64(1))
                    {
                        response.Add("status", 3);
                        response.Add("msg", "Invalid thread");
                        reader.Dispose();
                        con.Close();
                        return(response);
                    }
                    if (operation == "edit")
                    {
                        if (reader.GetInt64(0) == user.uid)
                        {
                            command = new SqlCommand(Program.COMMENT_TEMP_DDL + "UPDATE comments SET content=@content OUTPUT UPDATED.commentid, UPDATED.ctime, UPDATED.mtime, UPDATED.parent INTO @t WHERE commentid = @commentid; SELECT * FROM @t;", con);
                        }
                        else
                        {
                            response.Add("status", 1);
                            response.Add("msg", "Invalid session");
                            reader.Dispose();
                            con.Close();
                            return(response);
                        }
                    }
                    else
                    {
                        command = new SqlCommand(Program.COMMENT_TEMP_DDL + "INSERT INTO comments (threadid, content, creator_id, parent) OUTPUT INSERTED.commentid, INSERTED.ctime, INSERTED.mtime, INSERTED.parent INTO @t VALUES (@threadid, @content, @creator_id, @commentid); SELECT * FROM @t;", con);
                        command.Parameters.AddWithValue("threadid", reader.GetInt64(1));
                        command.Parameters.AddWithValue("creator_id", user.uid);
                    }
                    command.Parameters.AddWithValue("commentid", commentid);
                }
                else
                {
                    response.Add("status", 2);
                    response.Add("msg", "Invalid parent comment id");
                    return(response);
                }
                reader.Dispose();
            }
            else
            {
                if (ThreadController.IsLocked(threadid))
                {
                    response.Add("status", 5);
                    response.Add("msg", "This thread is locked from further modifications");
                    return(response);
                }
                command = new SqlCommand(Program.COMMENT_TEMP_DDL + "INSERT INTO comments (threadid, content, creator_id) OUTPUT INSERTED.commentid, INSERTED.ctime, INSERTED.mtime, INSERTED.parent INTO @t VALUES (@threadid, @content, @creator_id); SELECT * FROM @t;", con);
                command.Parameters.AddWithValue("threadid", threadid);
                command.Parameters.AddWithValue("creator_id", user.uid);
            }
            command.Parameters.AddWithValue("content", content);
            reader = command.ExecuteReader();
            if (reader.Read())
            {
                response.Add("status", 0);
                if (operation == "reply")
                {
                    response.Add("parent", commentid);
                }
                response.Add("ctime", Program.ToUnixTimestamp(reader.GetDateTime(1)));
                response.Add("mtime", Program.ToUnixTimestamp(reader.GetDateTime(2)));
                response.Add("commentid", reader.GetInt64(0));
            }
            reader.Dispose();
            con.Close();
            return(response);
        }