public List <Thread> Post(string query, [FromForm] string sessionid, [FromForm] int quantity)
{
List <Thread> response = new List <Thread>();
if (query == null)
{
return(response);
}
query = query.Trim();
query = String.Format("%{0}%", query);
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
string cmdText = "select top " + quantity + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid where threads.title like @query or threads.content like @query ";
if (sessionid == null || !(Program.users.TryGetValue(sessionid, out User user) && user.mod > 0))
{
cmdText += " and hidden=0 ";
}
cmdText += "order by threads.mtime desc;";
SqlCommand command = new SqlCommand(cmdText, con);
command.Parameters.AddWithValue("query", query);
SqlDataReader reader = command.ExecuteReader();
response = ThreadController.GetThreadsFromReader(reader, sessionid, quantity, false);
reader.Dispose();
con.Close();
return(response);
}
public IActionResult Post(int quantity, [FromForm] string after, [FromForm] string sessionid)
{
string cmdText;
if (sessionid == null)
{
cmdText = "select top " + quantity + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid where hidden=0 ";
if (after != null)
{
cmdText += "and mtime < @after ";
}
}
else
{
if (Program.users.TryGetValue(sessionid, out User user) && user.mod > 0)
{
cmdText = "select" + ThreadController.columns + "from threads left join attachments on threads.attachid=attachments.attachid ";
if (after != null)
{
cmdText += "where mtime < @after ";
}
if (user.banned)
{
Dictionary <string, object> error = new Dictionary <string, object>();
error.Add("status", 4);
error.Add("msg", "You are banned from doing this");
return(new ObjectResult(error));
}
}
else
{
return(StatusCode(401));
}
}
cmdText += "order by threads.mtime desc;";
List <Thread> response = new List <Thread>();
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
SqlCommand command = new SqlCommand(cmdText, con);
if (after != null)
{
command.Parameters.AddWithValue("after", Program.FromJavaTimestamp(Convert.ToInt64(after)));
}
response = ThreadController.GetThreadsFromReader(command.ExecuteReader(), sessionid, quantity, sessionid != null);
con.Close();
return(new ObjectResult(response));
}
