View file api/writecomment.php

World Fastest and Cheapest Hosting
Buy Cheapest Web Domains
File size: 2.29Kb 
<?php
require_once '../system/function.php';

header('Access-Control-Allow-Origin: *');
header('Content-Type: application/json; charset=utf8');
header('Access-Control-Max-Age: 600');
header('Access-Control-Allow-Methods: POST, OPTIONS');

$time_interval = 1;
$max_requests = 2;
$fast_request_check = (@$_SESSION['last_session_request'] > time() - $time_interval);

if (!isset($_SESSION)) {
	$_SESSION['last_session_request'] = time();
	$_SESSION['request_count'] = 1;
} elseif ($fast_request_check && ($_SESSION['request_count'] < $max_requests) or $fast_request_check) {
	$_SESSION['request_count']++;
echo '{
	"data": {
		"error": "Bad Request",
		"message": "Too Many Requests"
	},
	"success": false,
	"status": 429
}';
exit;
} else {
	$_SESSION['last_session_request'] = time();
	$_SESSION['request_count'] = 1;

if (isset($_POST)) {

$id = abs(intval(@$_POST['id']));
$author = input(@$_POST['author']);
$text = input(@$_POST['text']);
$usrId = input(@$_POST['userid']);

if (empty($id)) {
echo '{
	"data": {
		"error": "Bad Request",
		"message": "Missing file id"
	},
	"success": false,
	"status": 400
}';
exit;
}

if (mb_strlen($author) == 0) {
echo '{
	"data": {
		"error": "Bad Request",
		"message": "Enter name"
	},
	"success": false,
	"status": 400
}';
exit;
}

if (mb_strlen($text) == 0) {
echo '{
	"data": {
		"error": "Bad Request",
		"message": "Enter text"
	},
	"success": false,
	"status": 400
}';
exit;
}

if (isset($user)) {
	$user_comm = $user['id'];
} elseif (isset($usrId) and $usrId != 0) {
	$user_comm = $usrId;
} else {
	$user_comm = 0;
}

$write = "INSERT INTO `komm` (user, file, name, komm, ip, ua, time) VALUES('$user_comm', '$id', '$author', '$text', '$ip', '$ua', ".time().")";
$db->query($write);
$sql = $db->insert_id;

$userPhoto = $user_comm != 0 ? file_exists(H.'/modules/users/photos/'.$user_comm.'.png') ? 'https://'.$_SERVER['HTTP_HOST'].'/modules/users/photos/'.$user_comm.'.png' : 'https://'.$_SERVER['HTTP_HOST'].'/assets/img/user_api.png' : 'https://'.$_SERVER['HTTP_HOST'].'/assets/img/user_api.png';

echo '{
	"data": {
		"id": '.$sql.',
		"file": '.$id.',
		"author": '.json_encode($author, JSON_UNESCAPED_UNICODE).',
		"userPhoto": "'.$userPhoto.'",
		"text": '.json_encode($text, JSON_UNESCAPED_UNICODE).',
		"like": 0,
		"time": '.time().'
	},
	"success": true,
	"status": 200
}';
exit;

}

}