public Dictionary <string, object> Post(int threadid, [FromForm] string title, [FromForm] string content, [FromForm] int topicid, [FromForm] long attachid, [FromForm] string sessionid)
{
Dictionary <string, object> response = new Dictionary <string, object>();
if (!Program.users.TryGetValue(sessionid, out User user))
{
response.Add("status", 1);
response.Add("msg", "Invalid session");
return(response);
}
if (!user.canpost || user.banned)
{
response.Add("status", 4);
response.Add("msg", "You are not allowed to edit threads");
return(response);
}
if (ThreadController.IsLocked(threadid))
{
response.Add("status", 5);
response.Add("msg", "This thread is locked from further modifications");
return(response);
}
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
SqlCommand command = new SqlCommand("UPDATE threads SET threads.title=@title, threads.content=@content, threads.topicid=@topicid, threads.attachid=@attachid , threads.mtime=@mtime WHERE threads.threadid=@threadid and threads.creator_id = @uid;", con);
command.Parameters.AddWithValue("title", title);
command.Parameters.AddWithValue("content", content);
command.Parameters.AddWithValue("topicid", topicid);
command.Parameters.AddWithValue("uid", user.uid);
if (attachid == 0)
{
command.Parameters.AddWithValue("attachid", DBNull.Value);
}
else
{
command.Parameters.AddWithValue("attachid", attachid);
}
// Do this in SQL DB to prevent time difference if located on separate systems
DateTime mtime = DateTime.UtcNow;
command.Parameters.AddWithValue("mtime", mtime);
command.Parameters.AddWithValue("threadid", threadid);
if (command.ExecuteNonQuery() > 0)
{
response.Add("status", 0);
response.Add("mtime", mtime);
}
con.Close();
return(response);
}
internal static bool IsLocked(long commentid)
{
bool result = true;
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
SqlCommand command = new SqlCommand("SELECT comments.locked, comments.threadid FROM comments WHERE commentid = " + commentid, con);
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
result = reader.GetBoolean(0);
}
if (!result)
{
result = ThreadController.IsLocked(reader.GetInt64(1));
}
reader.Dispose();
con.Close();
return(result);
}
public Dictionary <string, object> Post(string operation, [FromForm] long threadid, [FromForm] string content, [FromForm] string sessionid, [FromForm] long commentid)
{
Dictionary <string, object> response = new Dictionary <string, object>();
if (!Program.users.TryGetValue(sessionid, out User user))
{
response.Add("status", 1);
response.Add("msg", "Invalid session");
return(response);
}
if (!user.cancomment || user.banned)
{
response.Add("status", 4);
response.Add("msg", "You are not allowed to comment");
return(response);
}
SqlConnection con = new SqlConnection(Program.Configuration["connectionStrings:splashConString"]);
con.Open();
SqlCommand command;
SqlDataReader reader;
if (operation == "edit" || operation == "reply")
{
if (IsLocked(commentid))
{
response.Add("status", 5);
response.Add("msg", "This comment is locked from further modifications");
return(response);
}
command = new SqlCommand("SELECT creator_id, threadid FROM comments WHERE commentid = " + commentid, con);
reader = command.ExecuteReader();
if (reader.Read())
{
if (threadid != reader.GetInt64(1))
{
response.Add("status", 3);
response.Add("msg", "Invalid thread");
reader.Dispose();
con.Close();
return(response);
}
if (operation == "edit")
{
if (reader.GetInt64(0) == user.uid)
{
command = new SqlCommand(Program.COMMENT_TEMP_DDL + "UPDATE comments SET content=@content OUTPUT UPDATED.commentid, UPDATED.ctime, UPDATED.mtime, UPDATED.parent INTO @t WHERE commentid = @commentid; SELECT * FROM @t;", con);
}
else
{
response.Add("status", 1);
response.Add("msg", "Invalid session");
reader.Dispose();
con.Close();
return(response);
}
}
else
{
command = new SqlCommand(Program.COMMENT_TEMP_DDL + "INSERT INTO comments (threadid, content, creator_id, parent) OUTPUT INSERTED.commentid, INSERTED.ctime, INSERTED.mtime, INSERTED.parent INTO @t VALUES (@threadid, @content, @creator_id, @commentid); SELECT * FROM @t;", con);
command.Parameters.AddWithValue("threadid", reader.GetInt64(1));
command.Parameters.AddWithValue("creator_id", user.uid);
}
command.Parameters.AddWithValue("commentid", commentid);
}
else
{
response.Add("status", 2);
response.Add("msg", "Invalid parent comment id");
return(response);
}
reader.Dispose();
}
else
{
if (ThreadController.IsLocked(threadid))
{
response.Add("status", 5);
response.Add("msg", "This thread is locked from further modifications");
return(response);
}
command = new SqlCommand(Program.COMMENT_TEMP_DDL + "INSERT INTO comments (threadid, content, creator_id) OUTPUT INSERTED.commentid, INSERTED.ctime, INSERTED.mtime, INSERTED.parent INTO @t VALUES (@threadid, @content, @creator_id); SELECT * FROM @t;", con);
command.Parameters.AddWithValue("threadid", threadid);
command.Parameters.AddWithValue("creator_id", user.uid);
}
command.Parameters.AddWithValue("content", content);
reader = command.ExecuteReader();
if (reader.Read())
{
response.Add("status", 0);
if (operation == "reply")
{
response.Add("parent", commentid);
}
response.Add("ctime", Program.ToUnixTimestamp(reader.GetDateTime(1)));
response.Add("mtime", Program.ToUnixTimestamp(reader.GetDateTime(2)));
response.Add("commentid", reader.GetInt64(0));
}
reader.Dispose();
con.Close();
return(response);
}
