public List <Thread> Post(string query, [FromForm] string sessionid, [FromForm] int quantity) { List <Thread> response = new List <Thread>(); if (query == null) { return(response); } query = query.Trim(); query = String.Format("%{0}%", query); SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]); con.Open(); string cmdText = "select top " + quantity + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid where threads.title like @query or threads.content like @query "; if (sessionid == null || !(Program.users.TryGetValue(sessionid, out User user) && user.mod > 0)) { cmdText += " and hidden=0 "; } cmdText += "order by threads.mtime desc;"; SqlCommand command = new SqlCommand(cmdText, con); command.Parameters.AddWithValue("query", query); SqlDataReader reader = command.ExecuteReader(); response = ThreadController.GetThreadsFromReader(reader, sessionid, quantity, false); reader.Dispose(); con.Close(); return(response); }
public Dictionary <string, object> Post(int threadid, [FromForm] string title, [FromForm] string content, [FromForm] int topicid, [FromForm] long attachid, [FromForm] string sessionid) { Dictionary <string, object> response = new Dictionary <string, object>(); if (!Program.users.TryGetValue(sessionid, out User user)) { response.Add("status", 1); response.Add("msg", "Invalid session"); return(response); } if (!user.canpost || user.banned) { response.Add("status", 4); response.Add("msg", "You are not allowed to edit threads"); return(response); } if (ThreadController.IsLocked(threadid)) { response.Add("status", 5); response.Add("msg", "This thread is locked from further modifications"); return(response); } SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]); con.Open(); SqlCommand command = new SqlCommand("UPDATE threads SET threads.title=@title, threads.content=@content, threads.topicid=@topicid, threads.attachid=@attachid , threads.mtime=@mtime WHERE threads.threadid=@threadid and threads.creator_id = @uid;", con); command.Parameters.AddWithValue("title", title); command.Parameters.AddWithValue("content", content); command.Parameters.AddWithValue("topicid", topicid); command.Parameters.AddWithValue("uid", user.uid); if (attachid == 0) { command.Parameters.AddWithValue("attachid", DBNull.Value); } else { command.Parameters.AddWithValue("attachid", attachid); } // Do this in SQL DB to prevent time difference if located on separate systems DateTime mtime = DateTime.UtcNow; command.Parameters.AddWithValue("mtime", mtime); command.Parameters.AddWithValue("threadid", threadid); if (command.ExecuteNonQuery() > 0) { response.Add("status", 0); response.Add("mtime", mtime); } con.Close(); return(response); }
public IActionResult Post(int quantity, [FromForm] string after, [FromForm] string sessionid) { string cmdText; if (sessionid == null) { cmdText = "select top " + quantity + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid where hidden=0 "; if (after != null) { cmdText += "and mtime < @after "; } } else { if (Program.users.TryGetValue(sessionid, out User user) && user.mod > 0) { cmdText = "select" + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid "; if (after != null) { cmdText += "where mtime < @after "; } if (user.banned) { Dictionary <string, object> error = new Dictionary <string, object>(); error.Add("status", 4); error.Add("msg", "You are banned from doing this"); return(new ObjectResult(error)); } } else { return(StatusCode(401)); } } cmdText += "order by threads.mtime desc;"; List <Thread> response = new List <Thread>(); SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]); con.Open(); SqlCommand command = new SqlCommand(cmdText, con); if (after != null) { command.Parameters.AddWithValue("after", Program.FromJavaTimestamp(Convert.ToInt64(after))); } response = ThreadController.GetThreadsFromReader(command.ExecuteReader(), sessionid, quantity, sessionid != null); con.Close(); return(new ObjectResult(response)); }
internal static bool IsLocked(long commentid) { bool result = true; SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]); con.Open(); SqlCommand command = new SqlCommand("SELECT comments.locked, comments.threadid FROM comments WHERE commentid = " + commentid, con); SqlDataReader reader = command.ExecuteReader(); if (reader.Read()) { result = reader.GetBoolean(0); } if (!result) { result = ThreadController.IsLocked(reader.GetInt64(1)); } reader.Dispose(); con.Close(); return(result); }
public Dictionary <string, object> Post(string operation, [FromForm] long threadid, [FromForm] string content, [FromForm] string sessionid, [FromForm] long commentid) { Dictionary <string, object> response = new Dictionary <string, object>(); if (!Program.users.TryGetValue(sessionid, out User user)) { response.Add("status", 1); response.Add("msg", "Invalid session"); return(response); } if (!user.cancomment || user.banned) { response.Add("status", 4); response.Add("msg", "You are not allowed to comment"); return(response); } SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]); con.Open(); SqlCommand command; SqlDataReader reader; if (operation == "edit" || operation == "reply") { if (IsLocked(commentid)) { response.Add("status", 5); response.Add("msg", "This comment is locked from further modifications"); return(response); } command = new SqlCommand("SELECT creator_id, threadid FROM comments WHERE commentid = " + commentid, con); reader = command.ExecuteReader(); if (reader.Read()) { if (threadid != reader.GetInt64(1)) { response.Add("status", 3); response.Add("msg", "Invalid thread"); reader.Dispose(); con.Close(); return(response); } if (operation == "edit") { if (reader.GetInt64(0) == user.uid) { command = new SqlCommand(Program.COMMENT_TEMP_DDL + "UPDATE comments SET content=@content OUTPUT UPDATED.commentid, UPDATED.ctime, UPDATED.mtime, UPDATED.parent INTO @t WHERE commentid = @commentid; SELECT * FROM @t;", con); } else { response.Add("status", 1); response.Add("msg", "Invalid session"); reader.Dispose(); con.Close(); return(response); } } else { command = new SqlCommand(Program.COMMENT_TEMP_DDL + "INSERT INTO comments (threadid, content, creator_id, parent) OUTPUT INSERTED.commentid, INSERTED.ctime, INSERTED.mtime, INSERTED.parent INTO @t VALUES (@threadid, @content, @creator_id, @commentid); SELECT * FROM @t;", con); command.Parameters.AddWithValue("threadid", reader.GetInt64(1)); command.Parameters.AddWithValue("creator_id", user.uid); } command.Parameters.AddWithValue("commentid", commentid); } else { response.Add("status", 2); response.Add("msg", "Invalid parent comment id"); return(response); } reader.Dispose(); } else { if (ThreadController.IsLocked(threadid)) { response.Add("status", 5); response.Add("msg", "This thread is locked from further modifications"); return(response); } command = new SqlCommand(Program.COMMENT_TEMP_DDL + "INSERT INTO comments (threadid, content, creator_id) OUTPUT INSERTED.commentid, INSERTED.ctime, INSERTED.mtime, INSERTED.parent INTO @t VALUES (@threadid, @content, @creator_id); SELECT * FROM @t;", con); command.Parameters.AddWithValue("threadid", threadid); command.Parameters.AddWithValue("creator_id", user.uid); } command.Parameters.AddWithValue("content", content); reader = command.ExecuteReader(); if (reader.Read()) { response.Add("status", 0); if (operation == "reply") { response.Add("parent", commentid); } response.Add("ctime", Program.ToUnixTimestamp(reader.GetDateTime(1))); response.Add("mtime", Program.ToUnixTimestamp(reader.GetDateTime(2))); response.Add("commentid", reader.GetInt64(0)); } reader.Dispose(); con.Close(); return(response); }