diff options
| -rw-r--r-- | change_passw.php | 67 | ||||
| -rw-r--r-- | create_thread.php | 4 | ||||
| -rw-r--r-- | includes/Database.php | 30 | ||||
| -rw-r--r-- | includes/Session.php | 6 | ||||
| -rw-r--r-- | includes/db_inc.php | 14 | ||||
| -rw-r--r-- | includes/functions_category.php | 17 | ||||
| -rw-r--r-- | includes/functions_display.php | 2 | ||||
| -rw-r--r-- | includes/functions_post.php | 87 | ||||
| -rw-r--r-- | includes/functions_thread.php | 16 | ||||
| -rw-r--r-- | includes/functions_user.php | 21 | ||||
| -rw-r--r-- | includes/model/Category.php | 111 | ||||
| -rw-r--r-- | includes/model/Post.php | 100 | ||||
| -rw-r--r-- | includes/model/Thread.php | 114 | ||||
| -rw-r--r-- | includes/model/User.php | 36 | ||||
| -rw-r--r-- | includes/reply_inc.php | 21 | ||||
| -rw-r--r-- | index.php | 8 | ||||
| -rw-r--r-- | manage_post.php | 11 | ||||
| -rw-r--r-- | moderate.php | 3 | ||||
| -rw-r--r-- | register.php | 41 | ||||
| -rw-r--r-- | search.php | 9 | ||||
| -rw-r--r-- | signin.php | 25 | ||||
| -rw-r--r-- | viewcategory.php | 12 | ||||
| -rw-r--r-- | viewthread.php | 14 | ||||
| -rw-r--r-- | viewuser.php | 3 |
24 files changed, 351 insertions, 421 deletions
diff --git a/change_passw.php b/change_passw.php index aa8de88..9f39742 100644 --- a/change_passw.php +++ b/change_passw.php @@ -1,26 +1,9 @@ -<?php include_once 'header.php';?> - -<section> <?php - // FIXME - if (!isset($_SESSION) or empty($_SESSION['signed_in']) or !$_SESSION['signed_in']) { - echo '<h2>You must be logged in to change your password.</h2>'; - } else { - echo ' - <h2>Change your password</h2> - <form action="change_passw.php" method="post"> - <label for="user_pass">Password: </label><br> - <input type="password" name="user_pass"><br> - <label for="user_pass_check">Re-enter password: </label><br> - <input type="password" name="user_pass_check"><br> - <input type="submit" name="submit"> - </form> - <br>'; - } -?> +include_once './includes/Session.php'; +include_once './includes/model/User.php'; +include_once './includes/functions_user.php'; -<?php -include_once 'includes/db_inc.php'; +session_start(); if ($_SERVER['REQUEST_METHOD'] == 'POST' and $_SESSION['signed_in']) { $errors = array(); @@ -48,24 +31,36 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' and $_SESSION['signed_in']) { } echo '</ul>'; } else { - $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create account due to internal error: ' . mysqli_error($dbc)); - } - $pass_hash = password_hash($user_pass, PASSWORD_DEFAULT); - - mysqli_stmt_bind_param($stmt, "ss", $pass_hash, $_SESSION['user_id']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - + change_password(Session::get()->get_current_user(), $pass_hash); echo 'Password successfully changed!'; } } ?> +<!DOCTYPE html> +<html lang="en"> +<head> + <title>Change your password - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> +</head> +<body> +<?php +include_once './includes/templates/header.php'; -</section> - -<?php include_once 'footer.php';?> +if (!Session::get()->is_signed_in()) { + echo '<h2>You must be logged in to change your password.</h2>'; +} else { + echo ' + <h2>Change your password</h2> + <form action="change_passw.php" method="post"> + <label for="user_pass">Password: </label><br> + <input type="password" name="user_pass"><br> + <label for="user_pass_check">Re-enter password: </label><br> + <input type="password" name="user_pass_check"><br> + <input type="submit" name="submit"> + </form> + <br>'; +} +?> +</body> +</html> diff --git a/create_thread.php b/create_thread.php index 534b0ab..2ed323d 100644 --- a/create_thread.php +++ b/create_thread.php @@ -20,10 +20,10 @@ if (!Session::get()->is_signed_in()) { <input type="text" name="thread_subject"><br> <label for="thread_cat">Category: </label><br> <?php - include_once './includes/db_inc.php'; + include_once './includes/functions_category.php'; include_once './includes/model/Category.php'; - $categories = get_all_categories($dbc); + $categories = get_all_categories(); if (count($categories) == 0) { echo 'There are no categories to post to!'; diff --git a/includes/Database.php b/includes/Database.php index cdaa0f8..4950ae3 100644 --- a/includes/Database.php +++ b/includes/Database.php @@ -32,17 +32,30 @@ class Database public function query(string $sql, string $types = "", ...$vars): array { - $stmt = mysqli_stmt_init($this->sql_connection); + $result = array(); - if (!mysqli_stmt_prepare($stmt, $sql)) { - trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection)); - } + if ($types == "") { + // No types were provided, preparing a statement is not necessary + $db_result = mysqli_query($this->sql_connection, $sql); + } else { + $stmt = mysqli_stmt_init($this->sql_connection); - mysqli_stmt_bind_param($stmt, $types, ...$vars); - mysqli_stmt_execute($stmt); + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Internal error: ' . mysqli_error($this->sql_connection)); + return $result; + } - $result = array(); - $db_result = mysqli_stmt_get_result($stmt); + mysqli_stmt_bind_param($stmt, $types, ...$vars); + mysqli_stmt_execute($stmt); + + $db_result = mysqli_stmt_get_result($stmt); + + mysqli_stmt_close($stmt); + } + + if (!$db_result) { + return $result; + } if (mysqli_num_rows($db_result) > 0) { while ($row = mysqli_fetch_assoc($db_result)) { @@ -51,7 +64,6 @@ class Database } mysqli_free_result($db_result); - mysqli_stmt_close($stmt); return $result; } diff --git a/includes/Session.php b/includes/Session.php index 7e17527..a9c1dc7 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -18,9 +18,11 @@ class Session return self::$instance; } - public function sign_in() + public function sign_in(User $user) { $_SESSION['signed_in'] = true; + $_SESSION['user_id'] = $user->id; + $_SESSION['user_name'] = $user->name; } public function is_signed_in(): bool @@ -30,8 +32,6 @@ class Session public function get_current_user() { - include_once 'db_inc.php'; - // There is no current user if (!$this->is_signed_in()) { return null; diff --git a/includes/db_inc.php b/includes/db_inc.php deleted file mode 100644 index b7c361d..0000000 --- a/includes/db_inc.php +++ /dev/null @@ -1,14 +0,0 @@ -<?php -$cfg_ini = parse_ini_file('config.ini', true); -$dbcfg = $cfg_ini['mysql_credentials']; - -$db_server = $dbcfg['server']; -$db_user = $dbcfg['user']; -$db_pass = $dbcfg['password']; -$db_database = $dbcfg['database']; - -$dbc = mysqli_connect($db_server, $db_user, $db_pass, $db_database); - -if (!$dbc) { - die("Database connection error: " . mysqli_connect_error()); -} diff --git a/includes/functions_category.php b/includes/functions_category.php new file mode 100644 index 0000000..808708c --- /dev/null +++ b/includes/functions_category.php @@ -0,0 +1,17 @@ +<?php + +function get_all_categories(): array +{ + $sql = "SELECT cat_id FROM categories ORDER BY cat_id;"; + $result = Database::get()->query($sql); + + $categories = array(); + + foreach ($result as $row) { + $category = new Category(); + $category->get_from_database($row['cat_id']); + array_push($categories, $category); + } + + return $categories; +}
\ No newline at end of file diff --git a/includes/functions_display.php b/includes/functions_display.php index bf9ed64..47ba188 100644 --- a/includes/functions_display.php +++ b/includes/functions_display.php @@ -93,7 +93,7 @@ function display_posts($dbc, $thread_id, $sql_result) { $post_content = $row['post_content']; $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace YouTube URLs with embedded YouTube videos. diff --git a/includes/functions_post.php b/includes/functions_post.php index 0176c76..97fc622 100644 --- a/includes/functions_post.php +++ b/includes/functions_post.php @@ -3,6 +3,22 @@ include_once './includes/Session.php'; include_once './includes/Database.php'; include_once './includes/model/User.php'; +function get_all_posts(): array +{ + $sql = "SELECT post_id FROM posts"; + $result = Database::get()->query($sql); + + $posts = array(); + + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); + } + + return $posts; +} + function create_post($post_content, $post_thread, $post_category) { // User must be signed in @@ -26,6 +42,77 @@ function create_post($post_content, $post_thread, $post_category) Database::get()->query($sql, "i", $post_thread); } +function create_quote(int $id): string +{ + $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + $reply = $result[0]; + + if (empty($reply)) { + return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>'; + } + + return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>'; +} + +function format_post_content(string $post_content) +{ + $post_content = preg_replace_callback('/>#\d+/', function ($matches) { + $result = ""; + foreach ($matches as $match) { + $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); + $result .= create_quote($id); + } + return $result; + }, $post_content); + + $result = $post_content; + + // Replace newline characters with HTML <br> tags + $result = nl2br($result); + + // Replace YouTube URLs with embedded YouTube videos. + $result = preg_replace( + "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i", + '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result); + + // Replace Image URLs with embedded images. + $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result); + + // Replace other URLs with links. + return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result); +} + +/** + * Get the post content from the database and return it as a string ready for HTML display + */ +function get_post_content(Post $post): string +{ + // Build the header + $result = '<div class="header" id="p' . $post->id . '"><b>#' . $post->id . '</b>'; + $result .= ' Posted by <a href="viewuser.php?id=' . $post->author->id . '">' . $post->author->name . '</a>'; + $result .= ' on ' . date('m/d/Y g:ia', strtotime($post->date_created)); + + // If the post has a edit date, display it + if (!is_null($post->date_edited)) { + $result .= ' <small>edited ' . date('m/d/Y g:ia', strtotime($post->date_edited)) . '</small>'; + } + + // Append a manage post button if the user is signed in and is the post's creator + if (Session::get()->is_signed_in() && Session::get()->get_current_user()->id == $post->author->id) { + $result .= '<span style="float:right;">'; + $result .= '[<a href="manage_post.php?id=' . $post->id . '">Edit/Delete</a>]'; + $result .= '</span>'; + } + $result .= '</div>'; + + // Append the formatted post content + $result .= '<span class="post-content">' . format_post_content($post->content) . '</span>'; + + return $result; +} + function edit_post(Post $post, string $post_content) { // User must be signed in diff --git a/includes/functions_thread.php b/includes/functions_thread.php index 62efca9..61b8e59 100644 --- a/includes/functions_thread.php +++ b/includes/functions_thread.php @@ -2,6 +2,22 @@ include_once './includes/Database.php'; include_once './includes/Session.php'; +function get_all_threads(): array +{ + $sql = "SELECT thread_id FROM threads"; + $result = Database::get()->query($sql); + + $threads = array(); + + foreach ($result as $row) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id']); + array_push($threads, $thread); + } + + return $threads; +} + function create_thread($subject, $category) { if (!Session::get()->is_signed_in()) { diff --git a/includes/functions_user.php b/includes/functions_user.php new file mode 100644 index 0000000..b2069a2 --- /dev/null +++ b/includes/functions_user.php @@ -0,0 +1,21 @@ +<?php + +function username_exists(string $username): bool +{ + $sql = "SELECT * FROM users WHERE user_name = ?;"; + $result = Database::get()->query($sql, "s", $username); + + return !empty($result); +} + +function register_user(string $username, string $pass_hash) +{ + $sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());"; + Database::get()->query($sql, "ss", $username, $pass_hash); +} + +function change_password(User $user, string $pass_hash) +{ + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; + Database::get()->query($sql, "si", $pass_hash, $user->id); +}
\ No newline at end of file diff --git a/includes/model/Category.php b/includes/model/Category.php index b7c46d9..ed53bdc 100644 --- a/includes/model/Category.php +++ b/includes/model/Category.php @@ -2,102 +2,55 @@ include_once 'Thread.php'; -class Category { +class Category +{ public $id = 0; public $name = 'Unknown'; public $description = 'This category does not exist'; public $thread_count = 0; public $post_count = 0; - function get_from_database($id, $dbc) { - $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get category: ' . mysqli_error($dbc); - } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->name = $row['cat_name']; - $this->description = $row['cat_description']; - $this->thread_count = $row['cat_thread_count']; - $this->post_count = $row['cat_post_count']; - } + function get_from_database($id): bool + { + $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - mysqli_free_result($result); - return 1; + + $this->id = $id; + $this->name = $result[0]['cat_name']; + $this->description = $result[0]['cat_description']; + $this->thread_count = $result[0]['cat_thread_count']; + $this->post_count = $result[0]['cat_post_count']; + + return true; } - function get_threads($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get threads from category: ' . mysqli_error($dbc); - } - + function get_threads(): array + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC"; + $result = Database::get()->query($sql, "i", $this->id); $threads = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } + foreach ($result as $row) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id']); + array_push($threads, $thread); } - mysqli_free_result($result); return $threads; } - function get_latest_thread($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get thread from category: ' . mysqli_error($dbc); - } - - $thread = null; - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - } - } + function get_latest_thread(): Thread + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); + + $thread = new Thread(); + $thread->get_from_database($result[0]['thread_id']); - mysqli_free_result($result); return $thread; } } - -function get_all_categories($dbc) { - $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get categories: ' . mysqli_error($dbc); - } - - $categories = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $category = new Category(); - $category->get_from_database($row['cat_id'], $dbc); - array_push($categories, $category); - } - } - - mysqli_free_result($result); - return $categories; -}
\ No newline at end of file diff --git a/includes/model/Post.php b/includes/model/Post.php index 34d6a79..86373b6 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -2,27 +2,8 @@ include_once 'Thread.php'; -function add_quote($dbc, $thread_id, $matches) { - foreach ($matches as $match) { - $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); - $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - return '<blockquote></blockquote>'; - } - - $reply = mysqli_fetch_assoc($result); - - if (empty($reply)) { - return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>'; - } - - return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id .'">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>'; - } -} - -class Post { +class Post +{ public $id; public $content; public $date_created; @@ -30,39 +11,33 @@ class Post { public $thread; public $author; - function get_from_database($id, $dbc) { - // TODO: Potential SQL injection risk? - $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get post: ' . mysqli_error($dbc); + function get_from_database($id): bool + { + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->content = $row['post_content']; - $this->date_created = $row['post_date_created']; - $this->date_edited = $row['post_date_edited']; - $this->thread = new Thread(); - $this->thread->get_from_database($row['post_thread'], $dbc); + $this->id = $id; + $this->content = $result[0]['post_content']; + $this->date_created = $result[0]['post_date_created']; + $this->date_edited = $result[0]['post_date_edited']; - $this->author = new User(); - $this->author->get_by_id($row['post_author'], $dbc); - } - } + $this->thread = new Thread(); + $this->thread->get_from_database($result[0]['post_thread']); + + $this->author = new User(); + $this->author->get_by_id($result[0]['post_author']); - mysqli_free_result($result); - return 1; + return true; } - function display_content($dbc) { + function display_content($dbc) + { echo '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>'; - echo ' Posted by <a href="viewuser.php?id='. $this->author->id . '">' . $this->author->name . '</a>'; + echo ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>'; echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); if (!is_null($this->date_edited)) { echo ' <small>edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . '</small>'; @@ -70,22 +45,22 @@ class Post { if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { echo '<span style="float:right;">'; echo '[<a href="manage_post.php?id=' . $this->id . '">Edit/Delete</a>] '; - echo'</span>'; + echo '</span>'; } echo '</div>'; $post_content = $this->content; $thread_id = $this->id; - $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace newline characters with HTML <br> tags $post_content = nl2br($post_content); // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( + $post_content = preg_replace( "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $post_content); // Replace Image URLs with embedded images. @@ -96,26 +71,3 @@ class Post { echo '<span class="post-content">' . $post_content . '</span>'; } } - -function get_all_posts($dbc) { - $sql = "SELECT post_id FROM posts"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get posts: ' . mysqli_error($dbc); - } - - $posts = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } - } - - mysqli_free_result($result); - return $posts; -} diff --git a/includes/model/Thread.php b/includes/model/Thread.php index a9dc690..cfe10d6 100644 --- a/includes/model/Thread.php +++ b/includes/model/Thread.php @@ -4,7 +4,8 @@ include_once 'Category.php'; include_once 'User.php'; include_once 'Post.php'; -class Thread { +class Thread +{ public $id = 0; public $subject = 'Unknown thread'; public $date_created = 0; @@ -12,100 +13,53 @@ class Thread { public $category; public $author; - function get_from_database($id, $dbc) { - $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - die('Error trying to display thread page: ' . mysqli_error($dbc)); + function get_from_database($id): bool + { + $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->subject = $row['thread_subject']; - $this->date_created = $row['thread_date_created']; - $this->date_lastpost = $row['thread_date_lastpost']; - $this->category = new Category(); - $this->category->get_from_database($row['thread_category'], $dbc); + $this->id = $id; + $this->subject = $result[0]['thread_subject']; + $this->date_created = $result[0]['thread_date_created']; + $this->date_lastpost = $result[0]['thread_date_lastpost']; - $this->author = new User(); - $this->author->get_by_id($row['thread_author'], $dbc); - } - } + $this->category = new Category(); + $this->category->get_from_database($result[0]['thread_category']); - mysqli_free_result($result); - return 1; + $this->author = new User(); + $this->author->get_by_id($result[0]['thread_author']); + + return true; } - function get_posts($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get posts from thread: ' . mysqli_error($dbc); - } - + function get_posts(): array + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ?"; + $result = Database::get()->query($sql, "i", $this->id); + $posts = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); } - mysqli_free_result($result); return $posts; } - function get_latest_post($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get post from category: ' . mysqli_error($dbc); - } - - $post = null; + function get_latest_post(): Post + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ? ORDER BY post_date_created DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - } - } + $post = new Post(); + $post->get_from_database($result[0]['post_id']); - mysqli_free_result($result); return $post; } } - -function get_all_threads($dbc) { - $sql = "SELECT thread_id FROM threads"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get threads: ' . mysqli_error($dbc); - } - - $threads = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } - } - - mysqli_free_result($result); - return $threads; -} diff --git a/includes/model/User.php b/includes/model/User.php index c780ff0..f2bd23d 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -7,44 +7,36 @@ class User { public $id; public $name = 'Unknown'; + public $password; public $date = 0; public $level = 0; - function get_by_name($name, $dbc) + function get_by_name($name): bool { - $sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?"; - $stmt = mysqli_stmt_init($dbc); + $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?"; + $result = Database::get()->query($sql, "s", $name); - if (!mysqli_stmt_prepare($stmt, $sql)) { - echo 'Failed to get user: ' . mysqli_error($dbc); + if (empty($result)) { + return false; } - mysqli_stmt_bind_param($stmt, "s", $name); - mysqli_stmt_execute($stmt); - - $result = mysqli_stmt_get_result($stmt); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $row['user_id']; - $this->name = $name; - $this->date = $row['user_date']; - $this->level = $row['user_level']; - } - } + $this->id = $result[0]['user_id']; + $this->name = $name; + $this->password = $result[0]['user_pass']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; - mysqli_free_result($result); - mysqli_stmt_close($stmt); + return true; } function get_by_id($id) { - $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;"; + $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;"; $result = Database::get()->query($sql, "i", $id); $this->id = $id; $this->name = $result[0]['user_name']; + $this->password = $result[0]['user_pass']; $this->date = $result[0]['user_date']; $this->level = $result[0]['user_level']; } diff --git a/includes/reply_inc.php b/includes/reply_inc.php index cf7a839..588b59f 100644 --- a/includes/reply_inc.php +++ b/includes/reply_inc.php @@ -1,10 +1,8 @@ <?php +include_once 'functions_post.php'; session_start(); -include_once 'db_inc.php'; -include_once 'functions_inc.php'; - if ($_SERVER['REQUEST_METHOD'] != 'POST') { die('This file cannot be called directly.'); } @@ -13,19 +11,12 @@ if (!isset($_SESSION['signed_in'])) { die('You must be signed in to reply to a thread.'); } -$reply_content = filter_var($_POST['reply_content'], FILTER_SANITIZE_STRING); -$reply_to = $_GET['reply_to']; -$post_author = $_SESSION['user_id']; - -$sql = "INSERT INTO posts(post_content, post_date, post_thread, post_author) VALUES(?, NOW(), ?, ?)"; -$stmt = mysqli_stmt_init($dbc); +$reply_content = filter_input(INPUT_POST, 'reply_content', FILTER_SANITIZE_STRING); +$thread_id = filter_input(INPUT_POST, 'reply_to', FILTER_SANITIZE_NUMBER_INT); -if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Failed to process statement: ' . mysqli_error($dbc)); -} +$thread = new Thread(); +$thread->get_from_database($thread_id); -mysqli_stmt_bind_param($stmt, "sii", $reply_content, $reply_to, $post_author); -mysqli_stmt_execute($stmt); -mysqli_stmt_close($stmt); +create_post($reply_content, $thread_id, $thread->category); header("Location: ../thread.php?id=" . $_GET['reply_to']);
\ No newline at end of file @@ -27,13 +27,13 @@ <th>Latest Thread</th> </tr> <?php - include('includes/db_inc.php'); - include('includes/model/Category.php'); + include_once './includes/functions_category.php'; + include_once './includes/model/Category.php'; - $categories = get_all_categories($dbc); + $categories = get_all_categories(); foreach ($categories as $category) { - $latest_thread = $category->get_latest_thread($dbc); + $latest_thread = $category->get_latest_thread(); echo '<tr>'; echo '<td>'; diff --git a/manage_post.php b/manage_post.php index 9e04dd4..99f0ad4 100644 --- a/manage_post.php +++ b/manage_post.php @@ -1,7 +1,6 @@ <?php -include('includes/db_inc.php'); -include('includes/functions_post.php'); -include('includes/model/Post.php'); +include_once './includes/functions_post.php'; +include_once './includes/model/Post.php'; session_start(); @@ -13,7 +12,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { include_once './includes/templates/404.php'; die(); } else { - $result = $current->get_from_database($_GET['id'], $dbc); + $result = $current->get_from_database($_GET['id']); if ($result == 0) { http_response_code(404); include_once './includes/templates/404.php'; @@ -26,7 +25,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); $post = new Post(); - $post->get_from_database($id, $dbc); + $post->get_from_database($id); if (strcasecmp($delete, "on") == 0) { delete_post($post); @@ -47,7 +46,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { <?php include('includes/templates/header.php'); ?> <h1>Manage a post</h1> <?php -$current->display_content($dbc); +echo get_post_content($current); echo '<hr>'; $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); diff --git a/moderate.php b/moderate.php index 3b8d05d..68bf1b9 100644 --- a/moderate.php +++ b/moderate.php @@ -1,5 +1,4 @@ <?php -include_once './includes/db_inc.php'; include_once './includes/functions_thread.php'; include_once './includes/Session.php'; include_once './includes/model/User.php'; @@ -15,7 +14,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($user->level == USER_LEVEL_MODERATOR) { if (strcasecmp($delete, "on") == 0) { $thread = new Thread(); - $thread->get_from_database($thread_id, $dbc); + $thread->get_from_database($thread_id); delete_thread($thread); header("Location: /"); diff --git a/register.php b/register.php index 050878e..02fbe58 100644 --- a/register.php +++ b/register.php @@ -20,31 +20,7 @@ <br> <?php -include_once 'includes/db_inc.php'; - -function username_exists($dbc, $user_name) -{ - $sql = "SELECT * FROM users WHERE user_name = ?;"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die("Error: " . mysqli_error($dbc)); - } - - mysqli_stmt_bind_param($stmt, "s", $user_name); - mysqli_stmt_execute($stmt); - - $result = mysqli_stmt_get_result($stmt); - - if ($row = mysqli_fetch_assoc($result)) { - return $row; - } else { - $result = false; - return $result; - } - - mysqli_stmt_close($stmt); -} +include_once './includes/functions_user.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $errors = array(); @@ -64,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { $errors[] = "Your username must be 30 characters or less."; } - if (username_exists($dbc, $user_name) !== false) { + if (username_exists($user_name) !== false) { $errors[] = "The username '" . $user_name . "' has already been taken by another user."; } } @@ -91,19 +67,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { } echo '</ul>'; } else { - $sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create account due to internal error: ' . mysqli_error($dbc)); - } - $pass_hash = password_hash($user_pass, PASSWORD_DEFAULT); - - mysqli_stmt_bind_param($stmt, "ss", $user_name, $pass_hash); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - + register_user($user_name, $pass_hash); echo 'Account successfully registered! You can now <a href="signin.php">sign in</a>'; } } @@ -27,7 +27,8 @@ </form> <hr> <?php -include_once './includes/db_inc.php'; +include_once './includes/functions_thread.php'; +include_once './includes/functions_post.php'; include_once './includes/model/Thread.php'; include_once './includes/model/Post.php'; @@ -36,7 +37,7 @@ if (!isset($_GET['type'])) { } else { switch ($_GET['type']) { case 'thread': - $threads = get_all_threads($dbc); + $threads = get_all_threads(); foreach ($threads as $thread) { echo '<p>'; echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>'; @@ -45,11 +46,11 @@ if (!isset($_GET['type'])) { } break; case 'post': - $posts = get_all_posts($dbc); + $posts = get_all_posts(); foreach ($posts as $post) { echo '<h3>From <a href="viewthread.php?id=' . $post->thread->id . '">' . $post->thread->subject . '</a></h3>'; - $post->display_content($dbc); + echo get_post_content($post); echo '<hr>'; } break; @@ -18,8 +18,6 @@ <?php -include_once 'includes/db_inc.php'; - function validate($data) { $data = trim($data); @@ -50,26 +48,17 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { } echo '</ul>'; } else { - $sql = "SELECT user_id, user_name, user_pass FROM users WHERE user_name = '" . $user_name . "';"; - $result = mysqli_query($dbc, $sql); + $user = new User(); + $result = $user->get_by_name($user_name); if (!$result) { - echo 'An error occurred while signing in: ' . mysqli_error($dbc); + echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>'; } else { - if (mysqli_num_rows($result) == 0) { - echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>'; + if (!password_verify($user_pass, $user->password)) { + echo 'Password does not match!'; } else { - while ($row = mysqli_fetch_assoc($result)) { - if (!password_verify($user_pass, $row['user_pass'])) { - echo 'Password does not match!'; - } else { - $_SESSION['signed_in'] = true; - $_SESSION['user_id'] = $row['user_id']; - $_SESSION['user_name'] = $row['user_name']; - - header("Location: index.php"); - } - } + Session::get()->sign_in($user); + header("Location: index.php"); } } } diff --git a/viewcategory.php b/viewcategory.php index 70733da..852148b 100644 --- a/viewcategory.php +++ b/viewcategory.php @@ -1,6 +1,6 @@ <?php -include('includes/db_inc.php'); -include('includes/model/Category.php'); + +include_once 'includes/model/Category.php'; session_start(); @@ -11,8 +11,8 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { include('includes/templates/404.php'); die(); } else { - $result = $current->get_from_database($_GET['id'], $dbc); - if ($result == 0) { + $result = $current->get_from_database($_GET['id']); + if (!$result) { http_response_code(404); include('includes/templates/404.php'); die(); @@ -37,10 +37,10 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { <th>Latest Post</th> </tr> <?php - $threads = $current->get_threads($dbc); + $threads = $current->get_threads(); foreach ($threads as $thread) { - $latest_post = $thread->get_latest_post($dbc); + $latest_post = $thread->get_latest_post(); echo '<tr>'; echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>'; diff --git a/viewthread.php b/viewthread.php index cc2d221..73a02ef 100644 --- a/viewthread.php +++ b/viewthread.php @@ -1,6 +1,5 @@ <?php -include('includes/db_inc.php'); -include('includes/model/Thread.php'); +include_once 'includes/model/Thread.php'; session_start(); @@ -11,8 +10,9 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { include('includes/templates/404.php'); die(); } else { - $result = $current->get_from_database($_GET['id'], $dbc); - if ($result == 0) { + $result = $current->get_from_database($_GET['id']); + + if (!$result) { http_response_code(404); include('includes/templates/404.php'); die(); @@ -58,10 +58,12 @@ if (Session::get()->is_signed_in()) { ?> <hr> <?php -$posts = $current->get_posts($dbc); +include './includes/functions_post.php'; + +$posts = $current->get_posts(); foreach ($posts as $post) { - $post->display_content($dbc); + echo get_post_content($post); } ?> <hr> diff --git a/viewuser.php b/viewuser.php index 155b814..45f557a 100644 --- a/viewuser.php +++ b/viewuser.php @@ -1,6 +1,5 @@ <?php -include_once 'includes/db_inc.php'; -include_once 'includes/model/User.php'; +include_once './includes/model/User.php'; session_start(); |