diff options
| -rw-r--r-- | create_thread.php | 13 | ||||
| -rw-r--r-- | includes/functions_category.php | 17 | ||||
| -rw-r--r-- | includes/functions_post.php | 159 | ||||
| -rw-r--r-- | includes/functions_thread.php | 67 | ||||
| -rw-r--r-- | includes/functions_user.php | 31 | ||||
| -rw-r--r-- | includes/model/Category.php | 54 | ||||
| -rw-r--r-- | includes/model/Post.php | 174 | ||||
| -rw-r--r-- | includes/model/Thread.php | 101 | ||||
| -rw-r--r-- | includes/model/User.php | 71 | ||||
| -rw-r--r-- | index.php | 5 | ||||
| -rw-r--r-- | register.php | 4 | ||||
| -rw-r--r-- | signin.php | 5 | ||||
| -rw-r--r-- | viewcategory.php | 17 | ||||
| -rw-r--r-- | viewthread.php | 24 | ||||
| -rw-r--r-- | viewuser.php | 23 |
15 files changed, 389 insertions, 376 deletions
diff --git a/create_thread.php b/create_thread.php index 976bd9f..3d1c530 100644 --- a/create_thread.php +++ b/create_thread.php @@ -21,10 +21,9 @@ if (!Session::get()->is_signed_in()) { <input type="text" name="thread_subject"><br> <label for="thread_cat">Category: </label><br> <?php - include_once './includes/functions_category.php'; include_once './includes/model/Category.php'; - $categories = get_all_categories(); + $categories = Category::get_all_categories(); if (count($categories) == 0) { trigger_error('There are no categories to post to!'); @@ -43,9 +42,9 @@ if (!Session::get()->is_signed_in()) { <input type="submit" name="submit"> </form> <?php -include_once 'includes/functions_post.php'; -include_once 'includes/functions_thread.php'; -include_once 'includes/error.php'; +include_once './includes/model/Post.php'; +include_once './includes/model/Thread.php'; +include_once './includes/error.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); @@ -68,8 +67,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { $errstr .= '</ul>'; trigger_error($errstr); } else { - $thread_id = create_thread($thread_subject, $thread_cat); - create_post($post_content, $thread_id, $thread_cat); + $thread_id = Thread::create($thread_subject, $thread_cat); + Post::create($post_content, $thread_id, $thread_cat); header("Location: viewthread.php?id=" . $thread_id); } diff --git a/includes/functions_category.php b/includes/functions_category.php deleted file mode 100644 index 808708c..0000000 --- a/includes/functions_category.php +++ /dev/null @@ -1,17 +0,0 @@ -<?php - -function get_all_categories(): array -{ - $sql = "SELECT cat_id FROM categories ORDER BY cat_id;"; - $result = Database::get()->query($sql); - - $categories = array(); - - foreach ($result as $row) { - $category = new Category(); - $category->get_from_database($row['cat_id']); - array_push($categories, $category); - } - - return $categories; -}
\ No newline at end of file diff --git a/includes/functions_post.php b/includes/functions_post.php deleted file mode 100644 index 97fc622..0000000 --- a/includes/functions_post.php +++ /dev/null @@ -1,159 +0,0 @@ -<?php -include_once './includes/Session.php'; -include_once './includes/Database.php'; -include_once './includes/model/User.php'; - -function get_all_posts(): array -{ - $sql = "SELECT post_id FROM posts"; - $result = Database::get()->query($sql); - - $posts = array(); - - foreach ($result as $row) { - $post = new Post(); - $post->get_from_database($row['post_id']); - array_push($posts, $post); - } - - return $posts; -} - -function create_post($post_content, $post_thread, $post_category) -{ - // User must be signed in - if (!Session::get()->is_signed_in()) { - trigger_error('You must be signed in to create a post'); - return; - } - - $user = Session::get()->get_current_user(); - - // Insert the post into the database - $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; - Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id); - - // Increment the category's post count - $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;"; - Database::get()->query($sql, "i", $post_category); - - // Set the last post date of the parent thread - $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;"; - Database::get()->query($sql, "i", $post_thread); -} - -function create_quote(int $id): string -{ - $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;"; - $result = Database::get()->query($sql, "i", $id); - - $reply = $result[0]; - - if (empty($reply)) { - return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>'; - } - - return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>'; -} - -function format_post_content(string $post_content) -{ - $post_content = preg_replace_callback('/>#\d+/', function ($matches) { - $result = ""; - foreach ($matches as $match) { - $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); - $result .= create_quote($id); - } - return $result; - }, $post_content); - - $result = $post_content; - - // Replace newline characters with HTML <br> tags - $result = nl2br($result); - - // Replace YouTube URLs with embedded YouTube videos. - $result = preg_replace( - "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i", - '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result); - - // Replace Image URLs with embedded images. - $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result); - - // Replace other URLs with links. - return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result); -} - -/** - * Get the post content from the database and return it as a string ready for HTML display - */ -function get_post_content(Post $post): string -{ - // Build the header - $result = '<div class="header" id="p' . $post->id . '"><b>#' . $post->id . '</b>'; - $result .= ' Posted by <a href="viewuser.php?id=' . $post->author->id . '">' . $post->author->name . '</a>'; - $result .= ' on ' . date('m/d/Y g:ia', strtotime($post->date_created)); - - // If the post has a edit date, display it - if (!is_null($post->date_edited)) { - $result .= ' <small>edited ' . date('m/d/Y g:ia', strtotime($post->date_edited)) . '</small>'; - } - - // Append a manage post button if the user is signed in and is the post's creator - if (Session::get()->is_signed_in() && Session::get()->get_current_user()->id == $post->author->id) { - $result .= '<span style="float:right;">'; - $result .= '[<a href="manage_post.php?id=' . $post->id . '">Edit/Delete</a>]'; - $result .= '</span>'; - } - $result .= '</div>'; - - // Append the formatted post content - $result .= '<span class="post-content">' . format_post_content($post->content) . '</span>'; - - return $result; -} - -function edit_post(Post $post, string $post_content) -{ - // User must be signed in - if (!Session::get()->is_signed_in()) { - trigger_error('You must be signed in to edit this post!'); - return; - } - - // User must have permission to edit the post - $current_user = Session::get()->get_current_user(); - if ($current_user->id != $post->author->id) { - trigger_error("You don't have sufficient permissions to edit this post."); - return; - } - - // Set the post content and the post edit date - $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; - Database::get()->query($sql, "si", $post_content, $post->id); -} - -function delete_post(Post $post) -{ - // User must be signed in - if (!Session::get()->is_signed_in()) { - trigger_error('You must be signed in to delete a post!'); - return; - } - - // User must have permission to delete the post - $current_user = Session::get()->get_current_user(); - if ($current_user->id != $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { - trigger_error("You don't have sufficient permissions to delete this post."); - return; - } - - // TODO: The post must not be locked - // TODO: The post must have not been around for a certain amount of time - - // Delete the post from the database - Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $post->id); - - // Decrement the post count of the category - Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $post->thread->category->id); -} diff --git a/includes/functions_thread.php b/includes/functions_thread.php deleted file mode 100644 index 61b8e59..0000000 --- a/includes/functions_thread.php +++ /dev/null @@ -1,67 +0,0 @@ -<?php -include_once './includes/Database.php'; -include_once './includes/Session.php'; - -function get_all_threads(): array -{ - $sql = "SELECT thread_id FROM threads"; - $result = Database::get()->query($sql); - - $threads = array(); - - foreach ($result as $row) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id']); - array_push($threads, $thread); - } - - return $threads; -} - -function create_thread($subject, $category) -{ - if (!Session::get()->is_signed_in()) { - trigger_error('You must be signed in to create a thread'); - return 0; - } - - $user = Session::get()->get_current_user(); - - // Insert the new thread into the database - $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; - Database::get()->query($sql, "sii", $subject, $category, $user->id); - - // Get the ID of the thread we just created - $thread_id = Database::get()->get_last_id(); - - // Increment the category's thread count - $sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = ?;"; - Database::get()->query($sql, "i", $category); - - return $thread_id; -} - -function delete_thread($thread) -{ - // User must be signed in - if (!Session::get()->is_signed_in()) { - trigger_error('You must be signed in to delete a thread.'); - return; - } - - // User must be a moderator to delete a thread - $current_user = Session::get()->get_current_user(); - if ($current_user->level != USER_LEVEL_MODERATOR) { - trigger_error("You must be a moderator to delete this post."); - return; - } - - // TODO: The post must not be locked - // TODO: The post must have not been around for a certain amount of time - - // Delete the thread from the database - Database::get()->query("DELETE FROM threads WHERE thread_id = ?", "i", $thread->id); - - // Decrement the thread count of the category - Database::get()->query("UPDATE categories SET `cat_thread_count` = `cat_thread_count` - '1' WHERE cat_id = ?", "i", $thread->category->id); -}
\ No newline at end of file diff --git a/includes/functions_user.php b/includes/functions_user.php deleted file mode 100644 index 690350a..0000000 --- a/includes/functions_user.php +++ /dev/null @@ -1,31 +0,0 @@ -<?php - -function username_exists(string $username): bool -{ - $sql = "SELECT * FROM users WHERE user_name = ?;"; - $result = Database::get()->query($sql, "s", $username); - - return !empty($result); -} - -function register_user(string $username, string $pass_hash) -{ - $sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);"; - Database::get()->query($sql, "ss", $username, $pass_hash); -} - -function change_password(User $user, string $pass_hash) -{ - if (!Session::get()->is_signed_in()) { - trigger_error('You are not signed in.'); - return; - } - - if (Session::get()->get_current_user()->id != $user->id) { - trigger_error("You can't change another user's password."); - return; - } - - $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; - Database::get()->query($sql, "si", $pass_hash, $user->id); -}
\ No newline at end of file diff --git a/includes/model/Category.php b/includes/model/Category.php index ed53bdc..e8cbe60 100644 --- a/includes/model/Category.php +++ b/includes/model/Category.php @@ -4,19 +4,24 @@ include_once 'Thread.php'; class Category { - public $id = 0; - public $name = 'Unknown'; - public $description = 'This category does not exist'; + public $id; + public $name; + public $description; public $thread_count = 0; public $post_count = 0; - function get_from_database($id): bool + // If an invalid id was passed into the constructor, the database will not have + // returned a result, but the object will not be null. + // We need to keep track of whether or not this object has a value. + private $has_value = false; + + public function __construct($id) { $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;"; $result = Database::get()->query($sql, "i", $id); if (empty($result)) { - return false; + return; } $this->id = $id; @@ -25,32 +30,49 @@ class Category $this->thread_count = $result[0]['cat_thread_count']; $this->post_count = $result[0]['cat_post_count']; - return true; + $this->has_value = true; + } + + // Returns true if this object was successfully fetched from the database + public function has_value() + { + return $this->has_value; + } + + public static function get_all_categories(): array + { + $sql = "SELECT cat_id FROM categories ORDER BY cat_id;"; + $result = Database::get()->query($sql); + + $categories = array(); + + foreach ($result as $row) { + $category = new Category($row['cat_id']); + array_push($categories, $category); + } + + return $categories; } - function get_threads(): array + public function get_threads(): array { $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC"; $result = Database::get()->query($sql, "i", $this->id); $threads = array(); foreach ($result as $row) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id']); - array_push($threads, $thread); + $thread = new Thread($row['thread_id']); + if ($thread->has_value()) + array_push($threads, $thread); } return $threads; } - function get_latest_thread(): Thread + public function get_latest_thread(): Thread { $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1"; $result = Database::get()->query($sql, "i", $this->id); - - $thread = new Thread(); - $thread->get_from_database($result[0]['thread_id']); - - return $thread; + return new Thread($result[0]['thread_id']); } } diff --git a/includes/model/Post.php b/includes/model/Post.php index 67c7e4a..42add02 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -1,6 +1,52 @@ <?php +include_once './includes/Session.php'; +include_once './includes/Database.php'; +include_once './includes/model/User.php'; +include_once './includes/model/Thread.php'; -include_once 'Thread.php'; +// Utility functions for building the post HTML + +function create_quote(int $id): string +{ + $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + $reply = $result[0]; + + if (empty($reply)) { + return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>'; + } + + return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>'; +} + +function format_post_content(string $post_content) +{ + $post_content = preg_replace_callback('/>#\d+/', function ($matches) { + $result = ""; + foreach ($matches as $match) { + $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); + $result .= create_quote($id); + } + return $result; + }, $post_content); + + $result = $post_content; + + // Replace newline characters with HTML <br> tags + $result = nl2br($result); + + // Replace YouTube URLs with embedded YouTube videos. + $result = preg_replace( + "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i", + '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result); + + // Replace Image URLs with embedded images. + $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result); + + // Replace other URLs with links. + return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result); +} class Post { @@ -11,26 +57,140 @@ class Post public $thread; public $author; - function get_from_database($id): bool + private $has_value = false; + + public function __construct($id) { $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;"; $result = Database::get()->query($sql, "i", $id); if (empty($result)) { - return false; + return; } $this->id = $id; $this->content = $result[0]['post_content']; $this->date_created = $result[0]['post_date_created']; $this->date_edited = $result[0]['post_date_edited']; - - $this->thread = new Thread(); - $this->thread->get_from_database($result[0]['post_thread']); + $this->thread = new Thread($result[0]['post_thread']); $this->author = new User(); $this->author->get_by_id($result[0]['post_author']); - return true; + $this->has_value = true; + } + + public function has_value() + { + return $this->has_value; + } + + /** + * Get the post content from the database and return it as a string ready for HTML display + */ + function get_content(): string + { + // Build the header + $result = '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>'; + $result .= ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>'; + $result .= ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); + + // If the post has a edit date, display it + if (!is_null($this->date_edited)) { + $result .= ' <small>edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . '</small>'; + } + + // Append a manage post button if the user is signed in and is the post's creator + if (Session::get()->is_signed_in() && Session::get()->get_current_user()->id == $this->author->id) { + $result .= '<span style="float:right;">'; + $result .= '[<a href="manage_post.php?id=' . $this->id . '">Edit/Delete</a>]'; + $result .= '</span>'; + } + $result .= '</div>'; + + // Append the formatted post content + $result .= '<span class="post-content">' . format_post_content($this->content) . '</span>'; + + return $result; + } + + function set_content(string $post_content) + { + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to edit this post!'); + return; + } + + // User must have permission to edit the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id != $this->author->id) { + trigger_error("You don't have sufficient permissions to edit this post."); + return; + } + + // Set the post content and the post edit date + $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; + Database::get()->query($sql, "si", $post_content, $this->id); + } + + function delete() + { + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a post!'); + return; + } + + // User must have permission to delete the post + if (Session::get()->get_current_user()->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to delete this post."); + return; + } + + // Delete the post from the database + Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $this->id); + + // Decrement the post count of the category + Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $this->thread->category->id); + } + + public static function create($post_content, $post_thread, $post_category) + { + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to create a post'); + return; + } + + $user = Session::get()->get_current_user(); + + // Insert the post into the database + $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id); + + // Increment the category's post count + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;"; + Database::get()->query($sql, "i", $post_category); + + // Set the last post date of the parent thread + $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;"; + Database::get()->query($sql, "i", $post_thread); + } + + public static function get_all_posts(): array + { + $sql = "SELECT post_id FROM posts"; + $result = Database::get()->query($sql); + + $posts = array(); + + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); + } + + return $posts; } } diff --git a/includes/model/Thread.php b/includes/model/Thread.php index cfe10d6..95bd3d8 100644 --- a/includes/model/Thread.php +++ b/includes/model/Thread.php @@ -1,42 +1,109 @@ <?php - +include_once './includes/Database.php'; +include_once './includes/Session.php'; include_once 'Category.php'; include_once 'User.php'; include_once 'Post.php'; class Thread { - public $id = 0; - public $subject = 'Unknown thread'; + public $id; + public $subject; public $date_created = 0; public $date_lastpost = 0; public $category; public $author; - function get_from_database($id): bool + private $has_value = false; + + function __construct($id) { $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = ?;"; $result = Database::get()->query($sql, "i", $id); if (empty($result)) { - return false; + return; } $this->id = $id; $this->subject = $result[0]['thread_subject']; $this->date_created = $result[0]['thread_date_created']; $this->date_lastpost = $result[0]['thread_date_lastpost']; - - $this->category = new Category(); - $this->category->get_from_database($result[0]['thread_category']); + $this->category = new Category($result[0]['thread_category']); $this->author = new User(); $this->author->get_by_id($result[0]['thread_author']); - return true; + $this->has_value = true; } - function get_posts(): array + public static function create($subject, $category): int + { + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to create a thread'); + return 0; + } + + $user = Session::get()->get_current_user(); + + // Insert the new thread into the database + $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + Database::get()->query($sql, "sii", $subject, $category, $user->id); + + // Get the ID of the thread we just created + $thread_id = Database::get()->get_last_id(); + + // Increment the category's thread count + $sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = ?;"; + Database::get()->query($sql, "i", $category); + + return $thread_id; + } + + public static function delete($thread) + { + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a thread.'); + return; + } + + // User must be a moderator to delete a thread + $current_user = Session::get()->get_current_user(); + if ($current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You must be a moderator to delete this post."); + return; + } + + // Delete the thread from the database + Database::get()->query("DELETE FROM threads WHERE thread_id = ?", "i", $thread->id); + + // Decrement the thread count of the category + Database::get()->query("UPDATE categories SET `cat_thread_count` = `cat_thread_count` - '1' WHERE cat_id = ?", "i", $thread->category->id); + } + + public function has_value() + { + return $this->has_value; + } + + public static function get_all(): array + { + $sql = "SELECT thread_id FROM threads"; + $result = Database::get()->query($sql); + + $threads = array(); + + foreach ($result as $row) { + $thread = new Thread($row['thread_id']); + if ($thread->has_value()) + array_push($threads, $thread); + } + + return $threads; + } + + public function get_posts(): array { $sql = "SELECT post_id FROM posts WHERE post_thread = ?"; $result = Database::get()->query($sql, "i", $this->id); @@ -44,22 +111,18 @@ class Thread $posts = array(); foreach ($result as $row) { - $post = new Post(); - $post->get_from_database($row['post_id']); - array_push($posts, $post); + $post = new Post($row['post_id']); + if ($post->has_value()) + array_push($posts, $post); } return $posts; } - function get_latest_post(): Post + public function get_latest_post(): Post { $sql = "SELECT post_id FROM posts WHERE post_thread = ? ORDER BY post_date_created DESC LIMIT 1"; $result = Database::get()->query($sql, "i", $this->id); - - $post = new Post(); - $post->get_from_database($result[0]['post_id']); - - return $post; + return new Post($result[0]['post_id']); } } diff --git a/includes/model/User.php b/includes/model/User.php index f2bd23d..13cbc03 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -6,18 +6,40 @@ const USER_LEVEL_MODERATOR = 1; class User { public $id; - public $name = 'Unknown'; + public $name; public $password; - public $date = 0; + public $date; public $level = 0; - function get_by_name($name): bool + private $has_value = false; + + // Can't use a constructor here because we have two possible ways to get the user from the database + // and PHP does not allow function overloading. + public function get_by_id($id) + { + $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return; + } + + $this->id = $id; + $this->name = $result[0]['user_name']; + $this->password = $result[0]['user_pass']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; + + $this->has_value = true; + } + + public function get_by_name($name) { $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?"; $result = Database::get()->query($sql, "s", $name); if (empty($result)) { - return false; + return; } $this->id = $result[0]['user_id']; @@ -26,18 +48,41 @@ class User $this->date = $result[0]['user_date']; $this->level = $result[0]['user_level']; - return true; + $this->has_value = true; } - function get_by_id($id) + public function has_value() { - $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;"; - $result = Database::get()->query($sql, "i", $id); + return $this->has_value; + } - $this->id = $id; - $this->name = $result[0]['user_name']; - $this->password = $result[0]['user_pass']; - $this->date = $result[0]['user_date']; - $this->level = $result[0]['user_level']; + public static function register(string $username, string $pass_hash) + { + $sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);"; + Database::get()->query($sql, "ss", $username, $pass_hash); } + + public function change_password(string $pass_hash) + { + if (!Session::get()->is_signed_in()) { + trigger_error('You are not signed in.'); + return; + } + + if (Session::get()->get_current_user()->id != $this->id) { + trigger_error("You can't change another user's password."); + return; + } + + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; + Database::get()->query($sql, "si", $pass_hash, $this->id); + } +} + +function username_exists(string $username): bool +{ + $sql = "SELECT * FROM users WHERE user_name = ?;"; + $result = Database::get()->query($sql, "s", $username); + + return !empty($result); }
\ No newline at end of file @@ -27,10 +27,9 @@ <th>Latest Thread</th> </tr> <?php - include_once './includes/functions_category.php'; include_once './includes/model/Category.php'; - $categories = get_all_categories(); + $categories = Category::get_all_categories(); foreach ($categories as $category) { $latest_thread = $category->get_latest_thread(); @@ -42,7 +41,7 @@ echo '</td>'; echo '<td>' . $category->thread_count . '</td>'; echo '<td>' . $category->post_count . '</td>'; - if (!is_null($latest_thread)) { + if ($latest_thread->has_value()) { echo '<td><b><a href="viewthread.php?id=' . $latest_thread->id . '">' . $latest_thread->subject . '</a></b><br>'; echo '<small>by <b><a href="viewuser.php?id=' . $latest_thread->author->id . '">' . $latest_thread->author->name . '</a></b>, ' . $latest_thread->date_created . '</small></td>'; } else { diff --git a/register.php b/register.php index 4c42610..9eb3347 100644 --- a/register.php +++ b/register.php @@ -20,7 +20,7 @@ <br> <?php -include_once './includes/functions_user.php'; +include_once './includes/model/User.php'; include_once './includes/error.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -70,7 +70,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { trigger_error($errstr); } else { $pass_hash = password_hash($user_pass, PASSWORD_DEFAULT); - register_user($user_name, $pass_hash); + User::register($user_name, $pass_hash); echo '<p class="success">Account successfully registered! You can now <a href="signin.php">sign in</a></p>'; } } @@ -15,7 +15,6 @@ <input type="password" name="user_pass"><br> <input type="submit" name="submit"> </form> - <?php include_once 'includes/error.php'; @@ -51,9 +50,9 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { trigger_error($errstr); } else { $user = new User(); - $result = $user->get_by_name($user_name); + $user->get_by_name($user_name); - if (!$result) { + if (!$user->has_value()) { trigger_error('There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>'); } else { if (!password_verify($user_pass, $user->password)) { diff --git a/viewcategory.php b/viewcategory.php index 852148b..e68bab2 100644 --- a/viewcategory.php +++ b/viewcategory.php @@ -1,22 +1,19 @@ <?php - include_once 'includes/model/Category.php'; session_start(); -$current = new Category(); +if (!isset($_GET['id']) or !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { + http_response_code(404); + include('includes/templates/404.php'); + die(); +} -if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { +$current = new Category($_GET['id']); +if (!$current->has_value()) { http_response_code(404); include('includes/templates/404.php'); die(); -} else { - $result = $current->get_from_database($_GET['id']); - if (!$result) { - http_response_code(404); - include('includes/templates/404.php'); - die(); - } } ?> <!DOCTYPE html> diff --git a/viewthread.php b/viewthread.php index fa1c81b..12b9429 100644 --- a/viewthread.php +++ b/viewthread.php @@ -3,20 +3,17 @@ include_once 'includes/model/Thread.php'; session_start(); -$current = new Thread(); - if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { http_response_code(404); include('includes/templates/404.php'); die(); -} else { - $result = $current->get_from_database($_GET['id']); +} - if (!$result) { - http_response_code(404); - include('includes/templates/404.php'); - die(); - } +$current = new Thread($_GET['id']); +if (!$current->has_value()) { + http_response_code(404); + include('includes/templates/404.php'); + die(); } ?> <!DOCTYPE html> @@ -32,7 +29,7 @@ created by <b><?= $current->author->name; ?></b> in <b><?= $current->category->name; ?></b> <abbr title="<?= date('M d, Y g:ia', strtotime($current->date_created)); ?>">3 days ago</abbr> <?php -include_once('includes/model/User.php'); +include_once './includes/model/User.php'; if (Session::get()->is_signed_in()) { $user = Session::get()->get_current_user(); @@ -58,18 +55,17 @@ if (Session::get()->is_signed_in()) { ?> <hr> <?php -include './includes/functions_post.php'; +include_once './includes/model/Post.php'; $posts = $current->get_posts(); foreach ($posts as $post) { - echo get_post_content($post); + echo $post->get_content(); } ?> <hr> <h2>Reply to this thread</h2> <?php -include_once 'includes/functions_post.php'; include_once 'includes/error.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -83,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (empty($post_content) or !$post_content) { trigger_error('Reply cannot be empty'); } else { - create_post($post_content, $current->id, $current->category->id); + Post::create($post_content, $current->id, $current->category->id); header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $current->id); } } diff --git a/viewuser.php b/viewuser.php index 45f557a..de40d6f 100644 --- a/viewuser.php +++ b/viewuser.php @@ -3,22 +3,29 @@ include_once './includes/model/User.php'; session_start(); -$current = new User(); +if (!isset($_GET['id']) or !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { + http_response_code(404); + include('includes/templates/404.php'); + die(); +} -if (!isset($_GET['id'])) { -} else { - $current->get_by_id($_GET['id']); +$current = new User(); +$current->get_by_id($_GET['id']); +if (!$current->has_value()) { + http_response_code(404); + include('includes/templates/404.php'); + die(); } ?> <!DOCTYPE html> <html lang="en"> <head> - <title><?= $current->name; ?>'s Profile - cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title><?= $current->name; ?>'s Profile - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> <?php include_once "includes/templates/header.php" ?> -<h1><?= $current->name; ?></h1> -member since <?= date('M d, Y', strtotime($current->date)); ?> + <h1><?= $current->name; ?></h1> + member since <?= date('M d, Y', strtotime($current->date)); ?> </body> </html> |