2026-01-24 16:59:29 -05:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* API endpoint for updating a comment
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// Disable error display in the output
|
|
|
|
|
ini_set('display_errors', 0);
|
|
|
|
|
error_reporting(E_ALL);
|
|
|
|
|
|
|
|
|
|
// Apply rate limiting
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
|
|
|
|
|
RateLimitMiddleware::apply('api');
|
|
|
|
|
|
|
|
|
|
// Start output buffering
|
|
|
|
|
ob_start();
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
require_once dirname(__DIR__) . '/config/config.php';
|
2026-01-30 14:39:13 -05:00
|
|
|
require_once dirname(__DIR__) . '/helpers/Database.php';
|
2026-01-24 16:59:29 -05:00
|
|
|
require_once dirname(__DIR__) . '/models/CommentModel.php';
|
|
|
|
|
require_once dirname(__DIR__) . '/models/AuditLogModel.php';
|
|
|
|
|
|
|
|
|
|
// Check authentication via session
|
|
|
|
|
session_start();
|
|
|
|
|
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
|
|
|
|
|
throw new Exception("Authentication required");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CSRF Protection
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'PUT') {
|
|
|
|
|
$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
|
|
|
|
|
if (!CsrfMiddleware::validateToken($csrfToken)) {
|
|
|
|
|
http_response_code(403);
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$currentUser = $_SESSION['user'];
|
|
|
|
|
$userId = $currentUser['user_id'];
|
|
|
|
|
$isAdmin = $currentUser['is_admin'] ?? false;
|
|
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
// Use centralized database connection
|
|
|
|
|
$conn = Database::getConnection();
|
2026-01-24 16:59:29 -05:00
|
|
|
|
|
|
|
|
// Get POST/PUT data
|
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
|
|
|
|
|
|
if (!$data || !isset($data['comment_id']) || !isset($data['comment_text'])) {
|
|
|
|
|
throw new Exception("Missing required fields: comment_id, comment_text");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$commentId = (int)$data['comment_id'];
|
|
|
|
|
$commentText = trim($data['comment_text']);
|
|
|
|
|
$markdownEnabled = isset($data['markdown_enabled']) && $data['markdown_enabled'];
|
|
|
|
|
|
|
|
|
|
if (empty($commentText)) {
|
|
|
|
|
throw new Exception("Comment text cannot be empty");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Initialize models
|
|
|
|
|
$commentModel = new CommentModel($conn);
|
|
|
|
|
$auditLog = new AuditLogModel($conn);
|
|
|
|
|
|
|
|
|
|
// Update comment
|
|
|
|
|
$result = $commentModel->updateComment($commentId, $commentText, $markdownEnabled, $userId, $isAdmin);
|
|
|
|
|
|
|
|
|
|
// Log the update if successful
|
|
|
|
|
if ($result['success']) {
|
|
|
|
|
$auditLog->log(
|
|
|
|
|
$userId,
|
|
|
|
|
'update',
|
|
|
|
|
'comment',
|
|
|
|
|
(string)$commentId,
|
|
|
|
|
['comment_text_preview' => substr($commentText, 0, 100)]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Discard any unexpected output
|
|
|
|
|
ob_end_clean();
|
|
|
|
|
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
echo json_encode($result);
|
|
|
|
|
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
ob_end_clean();
|
2026-01-30 18:56:29 -05:00
|
|
|
error_log("Update comment API error: " . $e->getMessage());
|
2026-01-24 16:59:29 -05:00
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
echo json_encode([
|
|
|
|
|
'success' => false,
|
2026-01-30 18:56:29 -05:00
|
|
|
'error' => 'An internal error occurred'
|
2026-01-24 16:59:29 -05:00
|
|
|
]);
|
|
|
|
|
}
|
