summaryrefslogtreecommitdiff
path: root/ajax/favorite/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'ajax/favorite/index.php')
-rw-r--r--ajax/favorite/index.php38
1 files changed, 38 insertions, 0 deletions
diff --git a/ajax/favorite/index.php b/ajax/favorite/index.php
new file mode 100644
index 0000000..14eb0e4
--- /dev/null
+++ b/ajax/favorite/index.php
@@ -0,0 +1,38 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.locked.php"; global $_PROFILE;
+
+if (!isset($_GET['u'])) header("HTTP/1.1 500 Internal Server Error") and die();
+if (!isset($_GET['p'])) header("HTTP/1.1 500 Internal Server Error") and die();
+if (!isset($_GET['s'])) header("HTTP/1.1 500 Internal Server Error") and die();
+
+$user = preg_replace("/\.+/mi", ".", preg_replace("/[^a-z\d]+/mi", ".", substr(str_replace("\"", "''", strip_tags($_GET['u'])), 0, 30)));
+if ($user === ".") header("HTTP/1.1 500 Internal Server Error") and die("Permission denied");
+if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/" . $user) || $user === "system" || $user === "users.json" || str_contains($user, "multisocial")) header("HTTP/1.1 500 Internal Server Error") and die("No such user");
+
+$posts = array_filter(scandir($_SERVER['DOCUMENT_ROOT'] . "/data/" . $user . "/posts"), function ($item) {
+ return str_ends_with($item, ".json");
+});
+
+if (!in_array($_GET['p'] . ".json", $posts)) header("HTTP/1.1 500 Internal Server Error") and die("No such post");
+if (!is_numeric($_GET['s'])) header("HTTP/1.1 500 Internal Server Error") and die("Invalid status");
+$status = (bool)$_GET['s'];
+$post = $_GET['p'];
+
+if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json")) file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json", "[]");
+
+$favorites = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json"), true);
+
+if ($status) {
+ if (!in_array($user . "/" . $post, $favorites)) {
+ $favorites[] = $user . "/" . $post;
+ file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json", json_encode($favorites));
+ }
+} else {
+ if (in_array($user . "/" . $post, $favorites)) {
+ unset($favorites[array_search($user . "/" . $post, $favorites)]);
+ file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/" . $_PROFILE['mmsp_username'] . "/settings/favorites.json", json_encode($favorites));
+ }
+}
+
+die("1"); \ No newline at end of file
© Floofi Systems, Some rights reserved. Powered by cgit.