like and subscribe (no comment yet)
This commit is contained in:
parent
9cfe9520b4
commit
238cfcce82
43
src/endpoints/misc/likeItem.cr
Normal file
43
src/endpoints/misc/likeItem.cr
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
require "uri"
|
||||||
|
require "base64"
|
||||||
|
require "crypto/bcrypt/password"
|
||||||
|
|
||||||
|
include CrystalGauntlet
|
||||||
|
|
||||||
|
CrystalGauntlet.endpoints["/likeGJItem211.php"] = ->(body : String): String {
|
||||||
|
params = URI::Params.parse(body)
|
||||||
|
puts params.inspect
|
||||||
|
|
||||||
|
if !params.has_key?("itemID")
|
||||||
|
return "-1"
|
||||||
|
end
|
||||||
|
|
||||||
|
item_id = params["itemID"].to_i
|
||||||
|
|
||||||
|
type = 1
|
||||||
|
if params.has_key?("type")
|
||||||
|
type = params["type"].to_i
|
||||||
|
end
|
||||||
|
|
||||||
|
table = ""
|
||||||
|
column = ""
|
||||||
|
case type
|
||||||
|
when 1
|
||||||
|
table = "levels"
|
||||||
|
column = "id"
|
||||||
|
else # type 2 = comment, type 3 = account comments
|
||||||
|
return "-1"
|
||||||
|
end
|
||||||
|
|
||||||
|
is_like = 1
|
||||||
|
if params.has_key?("isLike")
|
||||||
|
is_like = params["isLike"]
|
||||||
|
end
|
||||||
|
|
||||||
|
sign = is_like == 1 ? '+' : '-'
|
||||||
|
|
||||||
|
# note: formatting them like this is not a security vulnerability as the only possibilities for table, sign
|
||||||
|
# and column are already known and not controlled directly by user input
|
||||||
|
DATABASE.exec "update #{table} set likes = likes #{sign} 1 where #{column} = ?", item_id
|
||||||
|
"1"
|
||||||
|
}
|
Loading…
Reference in a new issue