49 lines
1.6 KiB
PHP
49 lines
1.6 KiB
PHP
<?php
|
|
require_once '../includes/db.php';
|
|
require_once '../includes/auth.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
if (!isLoggedIn()) {
|
|
echo json_encode(['success' => false, 'error' => 'Login required']);
|
|
exit;
|
|
}
|
|
|
|
$video_id = (int)($_POST['video_id'] ?? 0);
|
|
$comment_text = trim($_POST['comment'] ?? '');
|
|
|
|
if (!$video_id || empty($comment_text)) {
|
|
echo json_encode(['success' => false, 'error' => 'Invalid data']);
|
|
exit;
|
|
}
|
|
|
|
// Profanity Filter
|
|
$bad_words = ['damn', 'hell', 'crap', 'shit', 'fuck', 'ass', 'bitch']; // Basic list, user can expand
|
|
$is_flagged = false;
|
|
$filtered_text = $comment_text;
|
|
|
|
foreach ($bad_words as $word) {
|
|
$pattern = '/\b' . preg_quote($word, '/') . '\b/i';
|
|
if (preg_match($pattern, $comment_text)) {
|
|
$is_flagged = true;
|
|
$filtered_text = preg_replace($pattern, str_repeat('*', strlen($word)), $filtered_text);
|
|
}
|
|
}
|
|
|
|
try {
|
|
$stmt = $pdo->prepare("INSERT INTO comments (video_id, user_id, comment_text, is_reported) VALUES (?, ?, ?, ?)");
|
|
if ($stmt->execute([$video_id, $_SESSION['user_id'], $filtered_text, $is_flagged ? 1 : 0])) {
|
|
// Log the comment
|
|
$v_stmt = $pdo->prepare("SELECT title FROM videos WHERE id = ?");
|
|
$v_stmt->execute([$video_id]);
|
|
$title = $v_stmt->fetchColumn();
|
|
logEvent('comment', "Commented on $title: $filtered_text" . ($is_flagged ? " [FLAGGED]" : ""));
|
|
echo json_encode(['success' => true]);
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => 'Database error']);
|
|
}
|
|
} catch (Exception $e) {
|
|
echo json_encode(['success' => false, 'error' => $e->getMessage()]);
|
|
}
|
|
?>
|