109 lines
3.8 KiB
PHP
109 lines
3.8 KiB
PHP
<?php
|
|
set_include_path('../include/');
|
|
$includepath = TRUE;
|
|
require_once('../connection/SQL.php');
|
|
require_once('../config.php');
|
|
require_once('user.php');
|
|
require_once('security.php');
|
|
require_once('notification.php');
|
|
|
|
$user = validate_user();
|
|
if (!$user->valid) {
|
|
http_response_code(403);
|
|
header("Content-Type: applcation/json");
|
|
echo json_encode(array('status' => 'novalid'));
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_GET['pid'])) {
|
|
http_response_code(404);
|
|
$data = array('status' => 'error');
|
|
} else {
|
|
$pid = $_GET['pid'];
|
|
|
|
$article = cavern_query_result("SELECT * FROM `post` WHERE `pid`='%d'", array($pid));
|
|
if ($article['num_rows'] < 1) {
|
|
http_response_code(404);
|
|
echo json_encode(array('status' => 'nopost', 'id' => $pid));
|
|
exit;
|
|
}
|
|
|
|
$likes_query = process_like($pid, $user);
|
|
|
|
$islike = $likes_query[0];
|
|
$likes = $likes_query[1];
|
|
$likers = $likes_query[2];
|
|
|
|
if (isset($_GET['fetch'])) {
|
|
// fetch likes
|
|
$data = array('status' => 'fetch', 'id' => $pid, 'likes' => $likes, 'likers' => $likers);
|
|
header('Content-Type: application/json');
|
|
echo json_encode($data);
|
|
exit;
|
|
} else if (!$user->islogin) {
|
|
// ask guest to login
|
|
$data = array('status' => 'nologin', 'id' => $pid, 'likes' => $likes, 'likers' => $likers);
|
|
http_response_code(401);
|
|
header('Content-Type: application/json');
|
|
echo json_encode($data);
|
|
exit;
|
|
} else {
|
|
// user like actions
|
|
if (!validate_csrf()) { // csrf attack!
|
|
http_response_code(403);
|
|
header('Content-Type: application/json');
|
|
echo json_encode(array('status' => 'csrf', 'id' => $pid, 'likes' => $likes, 'likers' => $likers));
|
|
exit;
|
|
}
|
|
|
|
if ($islike) {
|
|
// unlike
|
|
$SQL->query("DELETE FROM `like` WHERE `pid`='%d' AND `username`='%s'", array($pid, $user->username));
|
|
$result = process_like($pid, $user);
|
|
$likes = $result[1];
|
|
$likers = $result[2];
|
|
$data = array('status' => FALSE, 'id' => $pid, 'likes' => $likes, 'likers' => $likers);
|
|
} else {
|
|
// like
|
|
$SQL->query("INSERT INTO `like` (`pid`, `username`) VALUES ('%d', '%s')", array($pid, $user->username));
|
|
$result = process_like($pid, $user);
|
|
$likes = $result[1];
|
|
$likers = $result[2];
|
|
$data = array('status' => TRUE, 'id' => $pid, 'likes' => $likes, 'likers' => $likers);
|
|
|
|
/* notification */
|
|
// notify article author
|
|
// we should notify author this only once
|
|
$author = $article['row']['username'];
|
|
$notification_query = cavern_query_result("SELECT * FROM `notification` WHERE `username`='%s' AND `url`='%s' AND `type`='%s'", array($author, "post.php?pid=$pid", "like"));
|
|
if (!($notification_query['num_rows'] > 0) && $user->username !== $author) {
|
|
cavern_notify_user($author, "{{$user->name}}@{$user->username} 推了 [{$article['row']['title']}]", "post.php?pid=$pid", "like");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
function process_like($pid, $user) {
|
|
$islike = false;
|
|
$likers = array();
|
|
$likes_query = cavern_query_result("SELECT * FROM `like` WHERE `pid`='%d'", array($pid));
|
|
|
|
if ($likes_query['num_rows'] < 1){
|
|
$likes = 0;
|
|
} else {
|
|
$likes = $likes_query['num_rows'];
|
|
do {
|
|
$likers[] = $likes_query['row']['username'];
|
|
if ($user->username === $likes_query['row']['username']) {
|
|
$islike = true;
|
|
}
|
|
} while ($likes_query['row'] = $likes_query['query']->fetch_assoc());
|
|
}
|
|
|
|
return array($islike, $likes, array_unique($likers));
|
|
}
|
|
|
|
header('Content-Type: application/json');
|
|
echo json_encode($data);
|
|
exit;
|
|
?>
|