public List <Thread> Post(string query, [FromForm] string sessionid, [FromForm] int quantity)
{
List <Thread> response = new List <Thread>();
if (query == null)
{
return(response);
}
query = query.Trim();
query = String.Format("%{0}%", query);
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
string cmdText = "select top " + quantity + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid where threads.title like @query or threads.content like @query ";
if (sessionid == null || !(Program.users.TryGetValue(sessionid, out User user) && user.mod > 0))
{
cmdText += " and hidden=0 ";
}
cmdText += "order by threads.mtime desc;";
SqlCommand command = new SqlCommand(cmdText, con);
command.Parameters.AddWithValue("query", query);
SqlDataReader reader = command.ExecuteReader();
response = ThreadController.GetThreadsFromReader(reader, sessionid, quantity, false);
reader.Dispose();
con.Close();
return(response);
}
public Dictionary <string, object> Post(int threadid, [FromForm] string title, [FromForm] string content, [FromForm] int topicid, [FromForm] long attachid, [FromForm] string sessionid)
{
Dictionary <string, object> response = new Dictionary <string, object>();
if (!Program.users.TryGetValue(sessionid, out User user))
{
response.Add("status", 1);
response.Add("msg", "Invalid session");
return(response);
}
if (!user.canpost || user.banned)
{
response.Add("status", 4);
response.Add("msg", "You are not allowed to edit threads");
return(response);
}
if (ThreadController.IsLocked(threadid))
{
response.Add("status", 5);
response.Add("msg", "This thread is locked from further modifications");
return(response);
}
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
SqlCommand command = new SqlCommand("UPDATE threads SET threads.title=@title, threads.content=@content, threads.topicid=@topicid, threads.attachid=@attachid , threads.mtime=@mtime WHERE threads.threadid=@threadid and threads.creator_id = @uid;", con);
command.Parameters.AddWithValue("title", title);
command.Parameters.AddWithValue("content", content);
command.Parameters.AddWithValue("topicid", topicid);
command.Parameters.AddWithValue("uid", user.uid);
if (attachid == 0)
{
command.Parameters.AddWithValue("attachid", DBNull.Value);
}
else
{
command.Parameters.AddWithValue("attachid", attachid);
}
// Do this in SQL DB to prevent time difference if located on separate systems
DateTime mtime = DateTime.UtcNow;
command.Parameters.AddWithValue("mtime", mtime);
command.Parameters.AddWithValue("threadid", threadid);
if (command.ExecuteNonQuery() > 0)
{
response.Add("status", 0);
response.Add("mtime", mtime);
}
con.Close();
return(response);
}
public IActionResult Post(int quantity, [FromForm] string after, [FromForm] string sessionid)
{
string cmdText;
if (sessionid == null)
{
cmdText = "select top " + quantity + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid where hidden=0 ";
if (after != null)
{
cmdText += "and mtime < @after ";
}
}
else
{
if (Program.users.TryGetValue(sessionid, out User user) && user.mod > 0)
{
cmdText = "select" + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid ";
if (after != null)
{
cmdText += "where mtime < @after ";
}
if (user.banned)
{
Dictionary <string, object> error = new Dictionary <string, object>();
error.Add("status", 4);
error.Add("msg", "You are banned from doing this");
return(new ObjectResult(error));
}
}
else
{
return(StatusCode(401));
}
}
cmdText += "order by threads.mtime desc;";
List <Thread> response = new List <Thread>();
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
SqlCommand command = new SqlCommand(cmdText, con);
if (after != null)
{
command.Parameters.AddWithValue("after", Program.FromJavaTimestamp(Convert.ToInt64(after)));
}
response = ThreadController.GetThreadsFromReader(command.ExecuteReader(), sessionid, quantity, sessionid != null);
con.Close();
return(new ObjectResult(response));
}
internal static bool IsLocked(long commentid)
{
bool result = true;
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
SqlCommand command = new SqlCommand("SELECT comments.locked, comments.threadid FROM comments WHERE commentid = " + commentid, con);
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
result = reader.GetBoolean(0);
}
if (!result)
{
result = ThreadController.IsLocked(reader.GetInt64(1));
}
reader.Dispose();
con.Close();
return(result);
}
public Dictionary <string, object> Post(string operation, [FromForm] long threadid, [FromForm] string content, [FromForm] string sessionid, [FromForm] long commentid)
{
Dictionary <string, object> response = new Dictionary <string, object>();
if (!Program.users.TryGetValue(sessionid, out User user))
{
response.Add("status", 1);
response.Add("msg", "Invalid session");
return(response);
}
if (!user.cancomment || user.banned)
{
response.Add("status", 4);
response.Add("msg", "You are not allowed to comment");
return(response);
}
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
SqlCommand command;
SqlDataReader reader;
if (operation == "edit" || operation == "reply")
{
if (IsLocked(commentid))
{
response.Add("status", 5);
response.Add("msg", "This comment is locked from further modifications");
return(response);
}
command = new SqlCommand("SELECT creator_id, threadid FROM comments WHERE commentid = " + commentid, con);
reader = command.ExecuteReader();
if (reader.Read())
{
if (threadid != reader.GetInt64(1))
{
response.Add("status", 3);
response.Add("msg", "Invalid thread");
reader.Dispose();
con.Close();
return(response);
}
if (operation == "edit")
{
if (reader.GetInt64(0) == user.uid)
{
command = new SqlCommand(Program.COMMENT_TEMP_DDL + "UPDATE comments SET content=@content OUTPUT UPDATED.commentid, UPDATED.ctime, UPDATED.mtime, UPDATED.parent INTO @t WHERE commentid = @commentid; SELECT * FROM @t;", con);
}
else
{
response.Add("status", 1);
response.Add("msg", "Invalid session");
reader.Dispose();
con.Close();
return(response);
}
}
else
{
command = new SqlCommand(Program.COMMENT_TEMP_DDL + "INSERT INTO comments (threadid, content, creator_id, parent) OUTPUT INSERTED.commentid, INSERTED.ctime, INSERTED.mtime, INSERTED.parent INTO @t VALUES (@threadid, @content, @creator_id, @commentid); SELECT * FROM @t;", con);
command.Parameters.AddWithValue("threadid", reader.GetInt64(1));
command.Parameters.AddWithValue("creator_id", user.uid);
}
command.Parameters.AddWithValue("commentid", commentid);
}
else
{
response.Add("status", 2);
response.Add("msg", "Invalid parent comment id");
return(response);
}
reader.Dispose();
}
else
{
if (ThreadController.IsLocked(threadid))
{
response.Add("status", 5);
response.Add("msg", "This thread is locked from further modifications");
return(response);
}
command = new SqlCommand(Program.COMMENT_TEMP_DDL + "INSERT INTO comments (threadid, content, creator_id) OUTPUT INSERTED.commentid, INSERTED.ctime, INSERTED.mtime, INSERTED.parent INTO @t VALUES (@threadid, @content, @creator_id); SELECT * FROM @t;", con);
command.Parameters.AddWithValue("threadid", threadid);
command.Parameters.AddWithValue("creator_id", user.uid);
}
command.Parameters.AddWithValue("content", content);
reader = command.ExecuteReader();
if (reader.Read())
{
response.Add("status", 0);
if (operation == "reply")
{
response.Add("parent", commentid);
}
response.Add("ctime", Program.ToUnixTimestamp(reader.GetDateTime(1)));
response.Add("mtime", Program.ToUnixTimestamp(reader.GetDateTime(2)));
response.Add("commentid", reader.GetInt64(0));
}
reader.Dispose();
con.Close();
return(response);
}
