crystal-gauntlet/src/endpoints/users/deleteProfileComment.cr

require "uri"

include CrystalGauntlet

CrystalGauntlet.endpoints["/deleteGJAccComment20.php"] = ->(body : String): String {
  params = URI::Params.parse(body)
  LOG.debug { params.inspect }

  user_id, account_id = Accounts.auth(params)
  if !(user_id && account_id)
    return "-1"
  end

  comment_id = params["commentID"].to_i

  # kind of a dumb hack, but it works
  target_account_id = DATABASE.scalar("select max(account_id) from account_comments where id = ?", comment_id).as(Int64 | Nil)

  # todo: let mods delete any comment
  if target_account_id && account_id == target_account_id
    DATABASE.exec("delete from account_comments where id = ?", comment_id)
    return "1"
  else
    return "-1"
  end
}
profile comments 2022-12-31 19:29:51 +01:00			`require "uri"`

			`include CrystalGauntlet`

			`CrystalGauntlet.endpoints["/deleteGJAccComment20.php"] = ->(body : String): String {`
			`params = URI::Params.parse(body)`
pretty logs :) 2023-01-02 11:59:37 +01:00			`LOG.debug { params.inspect }`
profile comments 2022-12-31 19:29:51 +01:00
			`user_id, account_id = Accounts.auth(params)`
			`if !(user_id && account_id)`
			`return "-1"`
			`end`

			`comment_id = params["commentID"].to_i`

			`# kind of a dumb hack, but it works`
			`target_account_id = DATABASE.scalar("select max(account_id) from account_comments where id = ?", comment_id).as(Int64 \| Nil)`

			`# todo: let mods delete any comment`
			`if target_account_id && account_id == target_account_id`
			`DATABASE.exec("delete from account_comments where id = ?", comment_id)`
			`return "1"`
			`else`
			`return "-1"`
			`end`
			`}`