Grupowanie komentarzy
This commit is contained in:
@@ -5,8 +5,41 @@ header('Content-Type: application/json');
|
||||
// Dołączamy połączenie do bazy (upewnij się, że plik db_connect.php istnieje i ma poprawne dane)
|
||||
require_once 'db_connect.php';
|
||||
|
||||
session_start();
|
||||
|
||||
$action = $_GET['action'] ?? '';
|
||||
|
||||
// 0. AUTORYZACJA (LOGOWANIE)
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $action === 'auth') {
|
||||
$input = json_decode(file_get_contents('php://input'), true);
|
||||
$pass = $input['password'] ?? '';
|
||||
|
||||
// $PROTOTYPE_PASSWORD jest zdefiniowane w db_connect.php
|
||||
if (isset($PROTOTYPE_PASSWORD) && $pass === $PROTOTYPE_PASSWORD) {
|
||||
$_SESSION['prototype_auth'] = true;
|
||||
echo json_encode(['status' => 'success']);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Nieprawidłowe hasło']);
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// 0. SPRAWDZENIE SESJI (Opcjonalne dla list, wymagane dla add)
|
||||
function isAuthorized()
|
||||
{
|
||||
return !empty($_SESSION['prototype_auth']);
|
||||
}
|
||||
|
||||
// 0.5 SPRAWDZENIE STANU AUTORYZACJI (GET) - dla frontendowego odtworzenia sesji
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'GET' && $action === 'check_auth') {
|
||||
if (isAuthorized()) {
|
||||
echo json_encode(['status' => 'success']);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Brak sesji']);
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// 1. POBIERANIE KOMENTARZY (GET)
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'GET' && $action === 'list') {
|
||||
$pagePath = $_GET['page_path'] ?? '';
|
||||
@@ -20,6 +53,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET' && $action === 'list') {
|
||||
$stmt = $pdo->prepare("SELECT * FROM prototype_comments WHERE page_path = ? ORDER BY created_at DESC");
|
||||
$stmt->execute([$pagePath]);
|
||||
$comments = $stmt->fetchAll();
|
||||
|
||||
// XSS PROTECTION: Escaping danych przed wysłaniem
|
||||
foreach ($comments as &$c) {
|
||||
$c['author'] = htmlspecialchars($c['author'] ?? '', ENT_QUOTES, 'UTF-8');
|
||||
$c['comment'] = htmlspecialchars($c['comment'] ?? '', ENT_QUOTES, 'UTF-8');
|
||||
// Selector musi zostać oryginalny, bo JS go używa do querySelector!
|
||||
// $c['dom_selector'] = htmlspecialchars($c['dom_selector'] ?? '', ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
|
||||
echo json_encode(['status' => 'success', 'data' => $comments]);
|
||||
} catch (PDOException $e) {
|
||||
echo json_encode(['status' => 'error', 'message' => $e->getMessage()]);
|
||||
@@ -29,6 +71,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET' && $action === 'list') {
|
||||
|
||||
// 2. DODAWANIE KOMENTARZA (POST)
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $action === 'add') {
|
||||
// Wymagana autoryzacja
|
||||
if (!isAuthorized()) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Brak autoryzacji. Odśwież stronę i podaj hasło.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Odczyt danych JSON z body requestu
|
||||
$input = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
@@ -52,4 +100,55 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && $action === 'add') {
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// 3. ROZWIĄZYWANIE KOMENTARZA (POST)
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $action === 'resolve') {
|
||||
if (!isAuthorized()) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Brak autoryzacji']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$input = json_decode(file_get_contents('php://input'), true);
|
||||
$id = $input['id'] ?? 0;
|
||||
|
||||
if (!$id) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Brak ID']);
|
||||
exit;
|
||||
}
|
||||
|
||||
try {
|
||||
// Zmieniamy flagę is_resolved na 1
|
||||
$stmt = $pdo->prepare("UPDATE prototype_comments SET is_resolved = 1 WHERE id = ?");
|
||||
$stmt->execute([$id]);
|
||||
echo json_encode(['status' => 'success']);
|
||||
} catch (PDOException $e) {
|
||||
echo json_encode(['status' => 'error', 'message' => $e->getMessage()]);
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// 4. USUWANIE KOMENTARZA (POST)
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $action === 'delete') {
|
||||
if (!isAuthorized()) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Brak autoryzacji']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$input = json_decode(file_get_contents('php://input'), true);
|
||||
$id = $input['id'] ?? 0;
|
||||
|
||||
if (!$id) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Brak ID']);
|
||||
exit;
|
||||
}
|
||||
|
||||
try {
|
||||
$stmt = $pdo->prepare("DELETE FROM prototype_comments WHERE id = ?");
|
||||
$stmt->execute([$id]);
|
||||
echo json_encode(['status' => 'success']);
|
||||
} catch (PDOException $e) {
|
||||
echo json_encode(['status' => 'error', 'message' => $e->getMessage()]);
|
||||
}
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user