diff options
| author | ilotterytea <iltsu@alright.party> | 2025-12-08 21:53:36 +0500 |
|---|---|---|
| committer | ilotterytea <iltsu@alright.party> | 2025-12-08 21:53:36 +0500 |
| commit | 57472eab3c7b035392c6a5aa240593ecaa7d1ccf (patch) | |
| tree | 9da30829290f225be2dab3d383549cbfda82ed19 /emotes/rate.php | |
| parent | 6541d0f3888862ab049055fd418b700f73eed367 (diff) | |
upd: moved all /public/ files to the root folder
Diffstat (limited to 'emotes/rate.php')
| -rw-r--r-- | emotes/rate.php | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/emotes/rate.php b/emotes/rate.php new file mode 100644 index 0000000..1e8eb67 --- /dev/null +++ b/emotes/rate.php @@ -0,0 +1,63 @@ +<?php +include_once "../../src/alert.php"; +include_once "../../src/utils.php"; +include_once "../../src/config.php"; +include_once "../../src/accounts.php"; + +if (!RATING_ENABLE) { + generate_alert("/404.php", "Emote ratings are disabled", 403); + exit; +} + +if (!authorize_user(true)) { + exit; +} + +if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_rate"]) { + generate_alert("/404.php", "Not enough permissions", 403); + exit; +} + +$id = str_safe($_POST["id"] ?? "0", 32); +$rate = intval(str_safe($_POST["rate"] ?? "0", 2)); + +if ($id == 0 || $rate == 0) { + generate_alert("/emotes" . (isset($_POST["id"]) ? "?id=" . $_POST["id"] : ""), "Not enough POST fields"); + exit; +} + +$db = new PDO(DB_URL, DB_USER, DB_PASS); + +// checking if emote exists +$stmt = $db->prepare("SELECT id FROM emotes WHERE id = ?"); +$stmt->execute([$id]); +if ($stmt->rowCount() != 1) { + generate_alert("/emotes", "Emote ID $id does not exist", 404); + exit; +} + +// checking if user has already given a rate +$stmt = $db->prepare("SELECT id FROM ratings WHERE user_id = ? AND emote_id = ?"); +$stmt->execute([$_SESSION["user_id"], $id]); +if ($stmt->rowCount() != 0) { + generate_alert("/emotes?id=$id", "You have already given a rate for this emote!", 403); + exit; +} + +// giving a rate +$stmt = $db->prepare("INSERT INTO ratings(user_id, emote_id, rate) VALUES (?, ?, ?)"); +$stmt->execute([$_SESSION["user_id"], $id, clamp($rate, -2, 2)]); + +if (CLIENT_REQUIRES_JSON) { + $stmt = $db->prepare("SELECT * FROM ratings WHERE id = ?"); + $stmt->execute([$db->lastInsertId()]); + + json_response([ + "status_code" => 200, + "message" => "Rated!", + "data" => $stmt->fetch(PDO::FETCH_ASSOC) + ]); + exit; +} + +generate_alert("/emotes?id=$id", "Rated!", 200); |