From 238cfcce82b44be0ebefea061a058b10da89e332 Mon Sep 17 00:00:00 2001
From: winter <99384603+hewoicvewse@users.noreply.github.com>
Date: Sat, 31 Dec 2022 03:07:22 +0900
Subject: [PATCH] like and subscribe (no comment yet)

---
 src/endpoints/misc/likeItem.cr | 43 ++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 src/endpoints/misc/likeItem.cr

diff --git a/src/endpoints/misc/likeItem.cr b/src/endpoints/misc/likeItem.cr
new file mode 100644
index 0000000..5b3950f
--- /dev/null
+++ b/src/endpoints/misc/likeItem.cr
@@ -0,0 +1,43 @@
+require "uri"
+require "base64"
+require "crypto/bcrypt/password"
+
+include CrystalGauntlet
+
+CrystalGauntlet.endpoints["/likeGJItem211.php"] = ->(body : String): String {
+  params = URI::Params.parse(body)
+  puts params.inspect
+
+  if !params.has_key?("itemID")
+    return "-1"
+  end
+
+  item_id = params["itemID"].to_i
+
+  type = 1
+  if params.has_key?("type")
+    type = params["type"].to_i
+  end
+
+  table = ""
+  column = ""
+  case type
+  when 1
+    table = "levels"
+    column = "id"
+  else # type 2 = comment, type 3 = account comments
+    return "-1"
+  end
+
+  is_like = 1
+  if params.has_key?("isLike")
+    is_like = params["isLike"]
+  end
+
+  sign = is_like == 1 ? '+' : '-'
+  
+  # note: formatting them like this is not a security vulnerability as the only possibilities for table, sign
+  # and column are already known and not controlled directly by user input
+  DATABASE.exec "update #{table} set likes = likes #{sign} 1 where #{column} = ?", item_id
+  "1"
+}