|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* A basic comment server. Given an ID it will store a list of names and comment texts against it. |
|
5
|
|
|
* It uses a SQLite3 database for storage. |
|
6
|
|
|
* NB: this class is totally unaware of the existence of xml-rpc or phpxmlrpc. |
|
7
|
|
|
*/ |
|
8
|
|
|
class CommentManager |
|
9
|
|
|
{ |
|
10
|
|
|
protected $dbFile; |
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* @param string $dbFile |
|
14
|
|
|
*/ |
|
15
|
|
|
public function __construct($dbFile) |
|
16
|
|
|
{ |
|
17
|
|
|
$this->dbFile = $dbFile; |
|
18
|
|
|
} |
|
19
|
|
|
|
|
20
|
|
|
protected function createTable($db) |
|
21
|
|
|
{ |
|
22
|
|
|
return $db->exec('CREATE TABLE IF NOT EXISTS comments (msg_id TEXT NOT NULL, name TEXT NOT NULL, comment TEXT NOT NULL)'); |
|
23
|
|
|
} |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* NB: we know for a fact that this will be called with 3 string arguments because of the signature used to register |
|
27
|
|
|
* this method in the dispatch map. But nothing prevents the client from sending empty strings, nor sql-injection attempts! |
|
28
|
|
|
* |
|
29
|
|
|
* @param string $msgID |
|
30
|
|
|
* @param string $name username |
|
31
|
|
|
* @param string $comment comment text |
|
32
|
|
|
* @return int the number of comments for the given message |
|
33
|
|
|
* @throws \Exception |
|
34
|
|
|
*/ |
|
35
|
|
|
public function addComment($msgID, $name, $comment) |
|
36
|
|
|
{ |
|
37
|
|
|
$db = new SQLite3($this->dbFile); |
|
38
|
|
|
$this->createTable($db); |
|
39
|
|
|
|
|
40
|
|
|
$statement = $db->prepare("INSERT INTO comments VALUES(:msg_id, :name, :comment)"); |
|
41
|
|
|
$statement->bindValue(':msg_id', $msgID); |
|
42
|
|
|
$statement->bindValue(':name', $name); |
|
43
|
|
|
$statement->bindValue(':comment', $comment); |
|
44
|
|
|
$statement->execute(); |
|
45
|
|
|
|
|
46
|
|
|
/// @todo this insert-then-count is not really atomic - we should use a transaction |
|
47
|
|
|
|
|
48
|
|
|
$statement = $db->prepare("SELECT count(*) AS tot FROM comments WHERE msg_id = :id"); |
|
49
|
|
|
$statement->bindValue(':id', $msgID); |
|
50
|
|
|
$results = $statement->execute(); |
|
51
|
|
|
$row = $results->fetchArray(SQLITE3_ASSOC); |
|
52
|
|
|
$results->finalize(); |
|
53
|
|
|
$count = $row['tot']; |
|
54
|
|
|
|
|
55
|
|
|
$db->close(); |
|
56
|
|
|
|
|
57
|
|
|
return $count; |
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
|
|
/** |
|
61
|
|
|
* NB: we know for a fact that this will be called with 1 string arguments because of the signature used to register |
|
62
|
|
|
* this method in the dispatch map. But nothing prevents the client from sending empty strings, nor sql-injection attempts! |
|
63
|
|
|
* |
|
64
|
|
|
* @param string $msgID |
|
65
|
|
|
* @return array[] each element is a struct, with elements 'name', 'comment' |
|
66
|
|
|
* @throws \Exception |
|
67
|
|
|
*/ |
|
68
|
|
|
public function getComments($msgID) |
|
69
|
|
|
{ |
|
70
|
|
|
$db = new SQLite3($this->dbFile); |
|
71
|
|
|
$this->createTable($db); |
|
72
|
|
|
|
|
73
|
|
|
$ra = array(); |
|
74
|
|
|
$statement = $db->prepare("SELECT name, comment FROM comments WHERE msg_id = :id ORDER BY rowid"); |
|
75
|
|
|
$statement->bindValue(':id', $msgID); |
|
76
|
|
|
$results = $statement->execute(); |
|
77
|
|
|
while ($row = $results->fetchArray(SQLITE3_ASSOC)) { |
|
78
|
|
|
$ra[] = $row; |
|
79
|
|
|
} |
|
80
|
|
|
$results->finalize(); |
|
81
|
|
|
|
|
82
|
|
|
$db->close(); |
|
83
|
|
|
|
|
84
|
|
|
return $ra; |
|
85
|
|
|
} |
|
86
|
|
|
} |
|
87
|
|
|
|
gggeek /
phpxmlrpc
