diff options
| -rw-r--r-- | cgi/modapi.py | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/cgi/modapi.py b/cgi/modapi.py index c2301ab..4c008de 100644 --- a/cgi/modapi.py +++ b/cgi/modapi.py @@ -75,10 +75,29 @@ def api_process(self, path_split): news = FetchAll( "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC") values['news'] = news - elif method == 'reports': - reports = FetchAll( - "SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` ORDER BY `timestamp` DESC") - values['reports'] = reports + elif method == 'post': + if 'id' in formdata.keys(): + id = formdata.get('id') + post = FetchOne("SELECT * FROM `posts` WHERE `id` = '" + + _mysql.escape_string(id) + "'") + values['post'] = post + if 'parentid' in formdata.keys(): + id = formdata.get('id') + post = FetchAll("SELECT * FROM `posts` WHERE `parentid` = '" + + _mysql.escape_string(id) + "'") + values['posts'] = post + elif method == 'reports': # /cgi/manage/reports/ignore + if len(path_split) > 3: + if path_split[3] == 'ignore': + report_id = formdata.get("id") + UpdateDb("DELETE FROM `reports` WHERE `id` = '" + + _mysql.escape_string(report_id)+"'") + else: + values['state']: "error" + else: + reports = FetchAll( + "SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` ORDER BY `timestamp` DESC") + values['reports'] = reports elif method == 'logs': logs = FetchAll("SELECT * FROM `logs` ORDER BY `timestamp` DESC") values['logs'] = logs |