diff options
| author | Minteck <contact@minteck.org> | 2022-05-22 18:16:34 +0200 |
|---|---|---|
| committer | Minteck <contact@minteck.org> | 2022-05-22 18:16:34 +0200 |
| commit | bc4d21ddbc50a4295ad1be0f4797b09895a65fea (patch) | |
| tree | f915c08fba577daf766628657558ce480790b06f /ajax | |
| download | multisocial-bc4d21ddbc50a4295ad1be0f4797b09895a65fea.tar.gz multisocial-bc4d21ddbc50a4295ad1be0f4797b09895a65fea.tar.bz2 multisocial-bc4d21ddbc50a4295ad1be0f4797b09895a65fea.zip | |
Diffstat (limited to 'ajax')
| -rw-r--r-- | ajax/favorite/index.php | 38 | ||||
| -rw-r--r-- | ajax/original/index.php | 16 |
2 files changed, 54 insertions, 0 deletions
diff --git a/ajax/favorite/index.php b/ajax/favorite/index.php new file mode 100644 index 0000000..14eb0e4 --- /dev/null +++ b/ajax/favorite/index.php @@ -0,0 +1,38 @@ +<?php + +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.locked.php"; global $_PROFILE; + +if (!isset($_GET['u'])) header("HTTP/1.1 500 Internal Server Error") and die(); +if (!isset($_GET['p'])) header("HTTP/1.1 500 Internal Server Error") and die(); +if (!isset($_GET['s'])) header("HTTP/1.1 500 Internal Server Error") and die(); + +$user = preg_replace("/\.+/mi", ".", preg_replace("/[^a-z\d]+/mi", ".", substr(str_replace("\"", "''", strip_tags($_GET['u'])), 0, 30))); +if ($user === ".") header("HTTP/1.1 500 Internal Server Error") and die("Permission denied"); +if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/" . $user) || $user === "system" || $user === "users.json" || str_contains($user, "multisocial")) header("HTTP/1.1 500 Internal Server Error") and die("No such user"); + +$posts = array_filter(scandir($_SERVER['DOCUMENT_ROOT'] . "/data/" . $user . "/posts"), function ($item) { + return str_ends_with($item, ".json"); +}); + +if (!in_array($_GET['p'] . ".json", $posts)) header("HTTP/1.1 500 Internal Server Error") and die("No such post"); +if (!is_numeric($_GET['s'])) header("HTTP/1.1 500 Internal Server Error") and die("Invalid status"); +$status = (bool)$_GET['s']; +$post = $_GET['p']; + +if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json")) file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json", "[]"); + +$favorites = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json"), true); + +if ($status) { + if (!in_array($user . "/" . $post, $favorites)) { + $favorites[] = $user . "/" . $post; + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json", json_encode($favorites)); + } +} else { + if (in_array($user . "/" . $post, $favorites)) { + unset($favorites[array_search($user . "/" . $post, $favorites)]); + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json", json_encode($favorites)); + } +} + +die("1");
\ No newline at end of file diff --git a/ajax/original/index.php b/ajax/original/index.php new file mode 100644 index 0000000..d3a3f91 --- /dev/null +++ b/ajax/original/index.php @@ -0,0 +1,16 @@ +<?php + +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.locked.php"; global $_PROFILE; + +if (!isset($_GET['p'])) header("HTTP/1.1 500 Internal Server Error") and die(); + +$user = $_PROFILE['mmsp_username']; + +$posts = array_filter(scandir($_SERVER['DOCUMENT_ROOT'] . "/data/" . $user . "/posts"), function ($item) { + return str_ends_with($item, ".json"); +}); + +if (!in_array($_GET['p'] . ".json", $posts)) header("HTTP/1.1 500 Internal Server Error") and die("No such post"); +$post = $_GET['p']; + +die(json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/" . $user . "/posts/" . $post . ".json"), true)["contents"]);
\ No newline at end of file |