Refactoring part 2

Starting to move some functionality such as the session and database connection into singleton classes to manage them. Functions for modifying posts and threads are being put in one place as well.

7 files changed, 152 insertions, 94 deletions

diff --git a/includes/Database.php b/includes/Database.php
index 3308e4c..cdaa0f8 100644
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -21,7 +21,7 @@ class Database
 		}
 	}
 
-	public static function get(): ?Database
+	public static function get()
 	{
 		if (self::$instance == null) {
 			self::$instance = new Database();
@@ -30,8 +30,41 @@ class Database
 		return self::$instance;
 	}
 
-	public function query(string $sql)
+	public function query(string $sql, string $types = "", ...$vars): array
 	{
-		mysqli_query($this->sql_connection, $sql);
+		$stmt = mysqli_stmt_init($this->sql_connection);
+
+		if (!mysqli_stmt_prepare($stmt, $sql)) {
+			trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection));
+		}
+
+		mysqli_stmt_bind_param($stmt, $types, ...$vars);
+		mysqli_stmt_execute($stmt);
+
+		$result = array();
+		$db_result = mysqli_stmt_get_result($stmt);
+
+		if (mysqli_num_rows($db_result) > 0) {
+			while ($row = mysqli_fetch_assoc($db_result)) {
+				array_push($result, $row);
+			}
+		}
+
+		mysqli_free_result($db_result);
+		mysqli_stmt_close($stmt);
+
+		return $result;
+	}
+
+	/**
+	 * Returns the auto generated ID of the last query.
+	 * This function is just a wrapper for mysqli_insert_id.
+	 * In the future, it might be better to return different
+	 * values in the query function depending on the type of
+	 * SQL query.
+	 */
+	public function get_last_id()
+	{
+		return mysqli_insert_id($this->sql_connection);
 	}
 }
\ No newline at end of file
diff --git a/includes/Session.php b/includes/Session.php
index d97e7c5..7e17527 100644
--- a/includes/Session.php
+++ b/includes/Session.php
@@ -9,10 +9,8 @@ class Session
 		session_start();
 	}
 
-	public static function get(): ?Session
+	public static function get()
 	{
-		session_start();
-
 		if (self::$instance == null) {
 			self::$instance = new Session();
 		}
@@ -25,7 +23,7 @@ class Session
 		$_SESSION['signed_in'] = true;
 	}
 
-	public function is_signed_in()
+	public function is_signed_in(): bool
 	{
 		return isset($_SESSION['signed_in']);
 	}
@@ -42,7 +40,7 @@ class Session
 		$result = new User();
 
 		if (isset($_SESSION['user_id'])) {
-			$result->get_by_id($_GET['id'], $dbc);
+			$result->get_by_id($_SESSION['user_id']);
 		} else {
 			$result = null;
 		}
diff --git a/includes/functions_insert.php b/includes/functions_insert.php
deleted file mode 100644
index 4f60701..0000000
--- a/includes/functions_insert.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-// This file may be replaced by a MVC controller later on
-
-function insert_thread($dbc, $thread_subject, $thread_cat, $thread_author) {
-	$sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
-	$stmt = mysqli_stmt_init($dbc);
-
-	if (!mysqli_stmt_prepare($stmt, $sql)) {
-		die('Could not create thread due to internal error: ' . mysqli_error($dbc));
-	}
-
-	mysqli_stmt_bind_param($stmt, "sii", $thread_subject, $thread_cat, $thread_author);
-	mysqli_stmt_execute($stmt);
-	mysqli_stmt_close($stmt);
-}
-
-function insert_post($dbc, $post_content, $post_thread, $post_author, $post_category) {
-	$sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
-	$stmt = mysqli_stmt_init($dbc);
-
-	if (!mysqli_stmt_prepare($stmt, $sql)) {
-		die('Could not create post due to internal error: ' . mysqli_error($dbc));
-	}
-
-	mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author);
-	mysqli_stmt_execute($stmt);
-	mysqli_stmt_close($stmt);
-
-	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = " . $post_category . ";";
-	mysqli_query($dbc, $sql);
-
-	$sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = " . $post_thread . ";";
-	mysqli_query($dbc, $sql);
-}
diff --git a/includes/functions_post.php b/includes/functions_post.php
index 5bc8c2a..0176c76 100644
--- a/includes/functions_post.php
+++ b/includes/functions_post.php
@@ -1,57 +1,72 @@
 <?php
-include_once 'Session.php';
-include_once 'model/User.php';
+include_once './includes/Session.php';
+include_once './includes/Database.php';
+include_once './includes/model/User.php';
 
-function delete_post($post)
+function create_post($post_content, $post_thread, $post_category)
 {
 	// User must be signed in
 	if (!Session::get()->is_signed_in()) {
-		trigger_error('You must be signed in to delete a post!');
+		trigger_error('You must be signed in to create a post');
+		return;
 	}
 
-	// User must have permission to delete the post
-	$current_user = Session::get()->get_current_user();
-	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
-		trigger_error("You don't have sufficient permissions to delete this post.");
-	}
+	$user = Session::get()->get_current_user();
 
-	// TODO: The post must not be locked
+	// Insert the post into the database
+	$sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
+	Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id);
 
-	// TODO: The post must have not been around for a certain amount of time
+	// Increment the category's post count
+	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;";
+	Database::get()->query($sql, "i", $post_category);
 
-	// Delete the post from the database
-	Database::get()->query("DELETE FROM posts WHERE post_id = $post->id");
-
-	// Decrement the post count of the category
-	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";";
-	mysqli_query($dbc, $sql);
+	// Set the last post date of the parent thread
+	$sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;";
+	Database::get()->query($sql, "i", $post_thread);
 }
 
-function edit_post($post, $post_content)
+function edit_post(Post $post, string $post_content)
 {
 	// User must be signed in
 	if (!Session::get()->is_signed_in()) {
 		trigger_error('You must be signed in to edit this post!');
+		return;
 	}
 
 	// User must have permission to edit the post
 	$current_user = Session::get()->get_current_user();
-	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+	if ($current_user->id != $post->author->id) {
 		trigger_error("You don't have sufficient permissions to edit this post.");
+		return;
 	}
 
 	// Set the post content and the post edit date
 	$sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
-	$stmt = mysqli_stmt_init($dbc);
+	Database::get()->query($sql, "si", $post_content, $post->id);
+}
 
-	if (!mysqli_stmt_prepare($stmt, $sql)) {
-		trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc));
+function delete_post(Post $post)
+{
+	// User must be signed in
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to delete a post!');
+		return;
+	}
+
+	// User must have permission to delete the post
+	$current_user = Session::get()->get_current_user();
+	if ($current_user->id != $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+		trigger_error("You don't have sufficient permissions to delete this post.");
+		return;
 	}
 
-	mysqli_stmt_bind_param($stmt, "si", $post_content, $id);
-	mysqli_stmt_execute($stmt);
-	mysqli_stmt_close($stmt);
+	// TODO: The post must not be locked
+	// TODO: The post must have not been around for a certain amount of time
+
+	// Delete the post from the database
+	Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $post->id);
 
-	// Redirect to the post's thread page
-	header("Location: /viewthread.php?id=" . $post->thread->id);
+	// Decrement the post count of the category
+	Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $post->thread->category->id);
 }
diff --git a/includes/functions_thread.php b/includes/functions_thread.php
new file mode 100644
index 0000000..62efca9
--- /dev/null
+++ b/includes/functions_thread.php
@@ -0,0 +1,51 @@
+<?php
+include_once './includes/Database.php';
+include_once './includes/Session.php';
+
+function create_thread($subject, $category)
+{
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to create a thread');
+		return 0;
+	}
+
+	$user = Session::get()->get_current_user();
+
+	// Insert the new thread into the database
+	$sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
+	Database::get()->query($sql, "sii", $subject, $category, $user->id);
+
+	// Get the ID of the thread we just created
+	$thread_id = Database::get()->get_last_id();
+
+	// Increment the category's thread count
+	$sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = ?;";
+	Database::get()->query($sql, "i", $category);
+
+	return $thread_id;
+}
+
+function delete_thread($thread)
+{
+	// User must be signed in
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to delete a thread.');
+		return;
+	}
+
+	// User must be a moderator to delete a thread
+	$current_user = Session::get()->get_current_user();
+	if ($current_user->level != USER_LEVEL_MODERATOR) {
+		trigger_error("You must be a moderator to delete this post.");
+		return;
+	}
+
+	// TODO: The post must not be locked
+	// TODO: The post must have not been around for a certain amount of time
+
+	// Delete the thread from the database
+	Database::get()->query("DELETE FROM threads WHERE thread_id = ?", "i", $thread->id);
+
+	// Decrement the thread count of the category
+	Database::get()->query("UPDATE categories SET `cat_thread_count` = `cat_thread_count` - '1' WHERE cat_id = ?", "i", $thread->category->id);
+}
\ No newline at end of file
diff --git a/includes/model/User.php b/includes/model/User.php
index 1c48afb..c780ff0 100644
--- a/includes/model/User.php
+++ b/includes/model/User.php
@@ -1,14 +1,17 @@
 <?php
+include_once './includes/Database.php';
 
 const USER_LEVEL_MODERATOR = 1;
 
-class User {
+class User
+{
 	public $id;
 	public $name = 'Unknown';
 	public $date = 0;
 	public $level = 0;
 
-	function get_by_name($name, $dbc) {
+	function get_by_name($name, $dbc)
+	{
 		$sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?";
 		$stmt = mysqli_stmt_init($dbc);
 
@@ -35,25 +38,14 @@ class User {
 		mysqli_stmt_close($stmt);
 	}
 
-	function get_by_id($id, $dbc) {
-		$sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = " . mysqli_real_escape_string($dbc, $id);
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Failed to get user: ' . mysqli_error($dbc);
-		}
-	
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $id;
-				$this->name = $row['user_name'];
-				$this->date = $row['user_date'];
-				$this->level = $row['user_level'];
-			}
-		}
-	
-		mysqli_free_result($result);
-	}
+	function get_by_id($id)
+	{
+		$sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;";
+		$result = Database::get()->query($sql, "i", $id);
 
+		$this->id = $id;
+		$this->name = $result[0]['user_name'];
+		$this->date = $result[0]['user_date'];
+		$this->level = $result[0]['user_level'];
+	}
 }
\ No newline at end of file
diff --git a/includes/templates/header.php b/includes/templates/header.php
index 4eb17e3..35d9848 100644
--- a/includes/templates/header.php
+++ b/includes/templates/header.php
@@ -5,8 +5,12 @@
 [<a href="/create_thread.php">Create a thread</a>]
 <span style="float:right;">
 	<?php
-	if (isset($_SESSION['signed_in'])) {
-		echo '[<a href="viewuser.php?id='. $_SESSION['user_id'] .'">' . $_SESSION['user_name'] . '\'s Profile</a>] [<a href="includes/signout_inc.php">Log out</a>]';
+	include_once './includes/Session.php';
+	include_once './includes/model/User.php';
+
+	if (Session::get()->is_signed_in()) {
+		$user = Session::get()->get_current_user();
+		echo '[<a href="viewuser.php?id=' . $user->id . '">' . $user->name . '\'s Profile</a>] [<a href="includes/signout_inc.php">Log out</a>]';
 	} else {
 		echo '[<a href="signin.php">Sign in</a>] or [<a href="register.php">Register an account</a>]';
 	}