isBanned()) { echo render_info('You have been banned, check your profile for more information.', 403); return; } if($currentUserInfo->isSilenced()) { echo render_info('You have been silenced, check your profile for more information.', 403); return; } $comments = $msz->getComments(); $commentPerms = $currentUserInfo->commentPerms(); $commentId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT); $commentMode = (string)filter_input(INPUT_GET, 'm'); $commentVote = (int)filter_input(INPUT_GET, 'v', FILTER_SANITIZE_NUMBER_INT); if(!empty($commentId)) { try { $commentInfo = $comments->getPostById($commentId); } catch(RuntimeException $ex) { echo render_info('Post not found.', 404); return; } $categoryInfo = $comments->getCategoryByPost($commentInfo); } if($commentMode !== 'create' && empty($commentInfo)) { echo render_error(400); return; } switch($commentMode) { case 'pin': case 'unpin': if(!$commentPerms['can_pin'] && !$categoryInfo->isOwner($currentUserInfo)) { echo render_info("You're not allowed to pin comments.", 403); break; } if($commentInfo->isDeleted()) { echo render_info("This comment doesn't exist!", 400); break; } if($commentInfo->isReply()) { echo render_info("You can't pin replies!", 400); break; } $isPinning = $commentMode === 'pin'; if($isPinning) { if($commentInfo->isPinned()) { echo render_info('This comment is already pinned.', 400); break; } $comments->pinPost($commentInfo); } else { if(!$commentInfo->isPinned()) { echo render_info("This comment isn't pinned yet.", 400); break; } $comments->unpinPost($commentInfo); } redirect($redirect . '#comment-' . $commentInfo->getId()); break; case 'vote': if(!$commentPerms['can_vote'] && !$categoryInfo->isOwner($currentUserInfo)) { echo render_info("You're not allowed to vote on comments.", 403); break; } if($commentInfo->isDeleted()) { echo render_info("This comment doesn't exist!", 400); break; } if($commentVote > 0) $comments->addPostPositiveVote($commentInfo, $currentUserInfo); elseif($commentVote < 0) $comments->addPostNegativeVote($commentInfo, $currentUserInfo); else $comments->removePostVote($commentInfo, $currentUserInfo); redirect($redirect . '#comment-' . $commentInfo->getId()); break; case 'delete': if(!$commentPerms['can_delete'] && !$categoryInfo->isOwner($currentUserInfo)) { echo render_info("You're not allowed to delete comments.", 403); break; } if($commentInfo->isDeleted()) { echo render_info( $commentPerms['can_delete_any'] ? 'This comment is already marked for deletion.' : "This comment doesn't exist.", 400 ); break; } $isOwnComment = $commentInfo->getUserId() === (string)$currentUserInfo->getId(); $isModAction = $commentPerms['can_delete_any'] && !$isOwnComment; if(!$isModAction && !$isOwnComment) { echo render_info("You're not allowed to delete comments made by others.", 403); break; } $comments->deletePost($commentInfo); if($isModAction) { $msz->createAuditLog('COMMENT_ENTRY_DELETE_MOD', [ $commentInfo->getId(), $commentUserId = $commentInfo->getUserId(), '', ]); } else { $msz->createAuditLog('COMMENT_ENTRY_DELETE', [$commentInfo->getId()]); } redirect($redirect); break; case 'restore': if(!$commentPerms['can_delete_any']) { echo render_info("You're not allowed to restore deleted comments.", 403); break; } if(!$commentInfo->isDeleted()) { echo render_info("This comment isn't in a deleted state.", 400); break; } $comments->restorePost($commentInfo); $msz->createAuditLog('COMMENT_ENTRY_RESTORE', [ $commentInfo->getId(), $commentUserId = $commentInfo->getUserId(), '', ]); redirect($redirect . '#comment-' . $commentInfo->getId()); break; case 'create': if(!$commentPerms['can_comment'] && !$categoryInfo->isOwner($currentUserInfo)) { echo render_info("You're not allowed to post comments.", 403); break; } if(empty($_POST['comment']) || !is_array($_POST['comment'])) { echo render_info('Missing data.', 400); break; } try { $categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category']) ? (int)$_POST['comment']['category'] : 0; $categoryInfo = $comments->getCategoryById($categoryId); } catch(RuntimeException $ex) { echo render_info('This comment category doesn\'t exist.', 404); break; } if($categoryInfo->isLocked() && !$commentPerms['can_lock']) { echo render_info('This comment category has been locked.', 403); break; } $commentText = !empty($_POST['comment']['text']) && is_string($_POST['comment']['text']) ? $_POST['comment']['text'] : ''; $commentReply = (string)(!empty($_POST['comment']['reply']) && is_string($_POST['comment']['reply']) ? (int)$_POST['comment']['reply'] : 0); $commentLock = !empty($_POST['comment']['lock']) && $commentPerms['can_lock']; $commentPin = !empty($_POST['comment']['pin']) && $commentPerms['can_pin']; if($commentLock) { if($categoryInfo->isLocked()) $comments->unlockCategory($categoryInfo); else $comments->lockCategory($categoryInfo); } if(strlen($commentText) > 0) { $commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText); } else { if($commentPerms['can_lock']) { echo render_info('The action has been processed.', 400); } else { echo render_info('Your comment is too short.', 400); } break; } if(mb_strlen($commentText) > 5000) { echo render_info('Your comment is too long.', 400); break; } if($commentReply > 0) { try { $parentInfo = $comments->getPostById($commentReply); } catch(RuntimeException $ex) {} if(!isset($parentInfo) || $parentInfo->isDeleted()) { echo render_info('The comment you tried to reply to does not exist.', 404); break; } } $commentInfo = $comments->createPost( $categoryInfo, $parentInfo ?? null, $currentUserInfo, $commentText, $commentPin ); redirect($redirect . '#comment-' . $commentInfo->getId()); break; default: echo render_info('Not found.', 404); }