diff options
| -rw-r--r-- | includes/Database.php | 37 | ||||
| -rw-r--r-- | includes/Session.php | 52 | ||||
| -rw-r--r-- | includes/functions_post.php | 57 | ||||
| -rw-r--r-- | includes/model/Category.php (renamed from model/Category.php) | 0 | ||||
| -rw-r--r-- | includes/model/Post.php (renamed from model/Post.php) | 0 | ||||
| -rw-r--r-- | includes/model/Thread.php (renamed from model/Thread.php) | 0 | ||||
| -rw-r--r-- | includes/model/User.php (renamed from model/User.php) | 2 | ||||
| -rw-r--r-- | includes/templates/404.php (renamed from templates/404.php) | 0 | ||||
| -rw-r--r-- | includes/templates/header.php (renamed from templates/header.php) | 0 | ||||
| -rw-r--r-- | index.php | 85 | ||||
| -rw-r--r-- | manage_post.php | 26 | ||||
| -rw-r--r-- | register.php | 2 | ||||
| -rw-r--r-- | signin.php | 2 | ||||
| -rw-r--r-- | styles/style.css | 5 | ||||
| -rw-r--r-- | viewcategory.php | 68 | ||||
| -rw-r--r-- | viewthread.php | 60 |
16 files changed, 262 insertions, 134 deletions
diff --git a/includes/Database.php b/includes/Database.php new file mode 100644 index 0000000..3308e4c --- /dev/null +++ b/includes/Database.php @@ -0,0 +1,37 @@ +<?php + +class Database +{ + private static $instance = null; + private $sql_connection; + + private function __construct() + { + $config = parse_ini_file('config.ini', true)['mysql_credentials']; + + $db_server = $config['server']; + $db_user = $config['user']; + $db_pass = $config['password']; + $db_database = $config['database']; + + $this->sql_connection = mysqli_connect($db_server, $db_user, $db_pass, $db_database); + + if (!$this->sql_connection) { + trigger_error("Database connection error: " . mysqli_connect_error()); + } + } + + public static function get(): ?Database + { + if (self::$instance == null) { + self::$instance = new Database(); + } + + return self::$instance; + } + + public function query(string $sql) + { + mysqli_query($this->sql_connection, $sql); + } +}
\ No newline at end of file diff --git a/includes/Session.php b/includes/Session.php new file mode 100644 index 0000000..d97e7c5 --- /dev/null +++ b/includes/Session.php @@ -0,0 +1,52 @@ +<?php + +class Session +{ + private static $instance = null; + + private function __construct() + { + session_start(); + } + + public static function get(): ?Session + { + session_start(); + + if (self::$instance == null) { + self::$instance = new Session(); + } + + return self::$instance; + } + + public function sign_in() + { + $_SESSION['signed_in'] = true; + } + + public function is_signed_in() + { + return isset($_SESSION['signed_in']); + } + + public function get_current_user() + { + include_once 'db_inc.php'; + + // There is no current user + if (!$this->is_signed_in()) { + return null; + } + + $result = new User(); + + if (isset($_SESSION['user_id'])) { + $result->get_by_id($_GET['id'], $dbc); + } else { + $result = null; + } + + return $result; + } +}
\ No newline at end of file diff --git a/includes/functions_post.php b/includes/functions_post.php new file mode 100644 index 0000000..5bc8c2a --- /dev/null +++ b/includes/functions_post.php @@ -0,0 +1,57 @@ +<?php +include_once 'Session.php'; +include_once 'model/User.php'; + +function delete_post($post) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a post!'); + } + + // User must have permission to delete the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to delete this post."); + } + + // TODO: The post must not be locked + + // TODO: The post must have not been around for a certain amount of time + + // Delete the post from the database + Database::get()->query("DELETE FROM posts WHERE post_id = $post->id"); + + // Decrement the post count of the category + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; + mysqli_query($dbc, $sql); +} + +function edit_post($post, $post_content) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to edit this post!'); + } + + // User must have permission to edit the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to edit this post."); + } + + // Set the post content and the post edit date + $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "si", $post_content, $id); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + + // Redirect to the post's thread page + header("Location: /viewthread.php?id=" . $post->thread->id); +} diff --git a/model/Category.php b/includes/model/Category.php index b7c46d9..b7c46d9 100644 --- a/model/Category.php +++ b/includes/model/Category.php diff --git a/model/Post.php b/includes/model/Post.php index 34d6a79..34d6a79 100644 --- a/model/Post.php +++ b/includes/model/Post.php diff --git a/model/Thread.php b/includes/model/Thread.php index a9dc690..a9dc690 100644 --- a/model/Thread.php +++ b/includes/model/Thread.php diff --git a/model/User.php b/includes/model/User.php index 469a9a1..1c48afb 100644 --- a/model/User.php +++ b/includes/model/User.php @@ -1,5 +1,7 @@ <?php +const USER_LEVEL_MODERATOR = 1; + class User { public $id; public $name = 'Unknown'; diff --git a/templates/404.php b/includes/templates/404.php index d4d5128..d4d5128 100644 --- a/templates/404.php +++ b/includes/templates/404.php diff --git a/templates/header.php b/includes/templates/header.php index 4eb17e3..4eb17e3 100644 --- a/templates/header.php +++ b/includes/templates/header.php @@ -1,53 +1,56 @@ -<?php session_start()?> +<?php session_start() ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title>cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> - <?php include_once 'templates/header.php'; ?> - <h2>Welcome to the cflip.net forum!</h2> - <p> - This is the beta test of the forum website, so there are lots of features missing. Since there are no moderation features built into the website, - <i>for the most part</i> I don't care that much about what is posted here. Some links and buttons may not have any functionality either! - </p> - <p> - If you notice a problem or have an idea for a feature that is missing, <a href="http://51.195.90.7/forum/thread.php?id=40">reply to this thread!</a> - </p> - <h2>Categories</h2> - <table> - <tr> - <th>Category</th> - <th>Threads</th> - <th>Posts</th> - <th>Latest Thread</th> - </tr> +<?php include('includes/templates/header.php'); ?> +<h2>Welcome to the cflip.net forum!</h2> +<p> + This is the beta test of the forum website, so there are lots of features missing. Since there are no moderation + features built into the website, + <i>for the most part</i> I don't care that much about what is posted here. Some links and buttons may not have any + functionality either! +</p> +<p> + If you notice a problem or have an idea for a feature that is missing, <a + href="http://51.195.90.7/forum/thread.php?id=40">reply to this thread!</a> +</p> +<h2>Categories</h2> +<table> + <tr> + <th>Category</th> + <th>Threads</th> + <th>Posts</th> + <th>Latest Thread</th> + </tr> <?php - include_once 'includes/db_inc.php'; - include_once 'model/Category.php'; + include('includes/db_inc.php'); + include('includes/model/Category.php'); - $categories = get_all_categories($dbc); + $categories = get_all_categories($dbc); - foreach ($categories as $category) { - $latest_thread = $category->get_latest_thread($dbc); + foreach ($categories as $category) { + $latest_thread = $category->get_latest_thread($dbc); - echo '<tr>'; - echo '<td>'; - echo '<b><a href="viewcategory.php?id=' . $category->id . '">' . $category->name . '</a></b>'; - echo '<br><small>' . $category->description . '</small>'; - echo '</td>'; - echo '<td>' . $category->thread_count . '</td>'; - echo '<td>' . $category->post_count . '</td>'; - if (!is_null($latest_thread)) { - echo '<td><b><a href="viewthread.php?id=' . $latest_thread->id . '">' . $latest_thread->subject . '</a></b><br>'; - echo '<small>by <b><a href="viewuser.php?id=' . $latest_thread->author->id . '">' . $latest_thread->author->name . '</a></b>, ' . $latest_thread->date_created . '</small></td>'; - } else { - echo '<td>No threads yet!</td>'; - } - echo '</tr>'; + echo '<tr>'; + echo '<td>'; + echo '<b><a href="viewcategory.php?id=' . $category->id . '">' . $category->name . '</a></b>'; + echo '<br><small>' . $category->description . '</small>'; + echo '</td>'; + echo '<td>' . $category->thread_count . '</td>'; + echo '<td>' . $category->post_count . '</td>'; + if (!is_null($latest_thread)) { + echo '<td><b><a href="viewthread.php?id=' . $latest_thread->id . '">' . $latest_thread->subject . '</a></b><br>'; + echo '<small>by <b><a href="viewuser.php?id=' . $latest_thread->author->id . '">' . $latest_thread->author->name . '</a></b>, ' . $latest_thread->date_created . '</small></td>'; + } else { + echo '<td>No threads yet!</td>'; } + echo '</tr>'; + } ?> - </table> +</table> </body> </html> diff --git a/manage_post.php b/manage_post.php index 8c6129b..3f9a9b3 100644 --- a/manage_post.php +++ b/manage_post.php @@ -1,15 +1,7 @@ <?php - -include_once 'includes/db_inc.php'; -include_once 'model/Post.php'; - -function delete_post($dbc, $post) { - $sql = "DELETE FROM posts WHERE post_id = $post->id"; - mysqli_query($dbc, $sql); - - $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; - mysqli_query($dbc, $sql); -} +include('includes/db_inc.php'); +include('includes/functions_post.php'); +include('includes/model/Post.php'); session_start(); @@ -41,7 +33,6 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { goto end; } - if ($_SESSION['user_id'] != $post->author->id) { echo "You can't manage another user's post!"; goto end; @@ -50,16 +41,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (strcasecmp($delete, "on") == 0) { delete_post($dbc, $post); } else { - $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create post due to internal error: ' . mysqli_error($dbc)); - } - - mysqli_stmt_bind_param($stmt, "si", $post_content, $id); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + edit_post(); } end: diff --git a/register.php b/register.php index cd72a37..03eac6b 100644 --- a/register.php +++ b/register.php @@ -5,7 +5,7 @@ <link rel="stylesheet" href="styles/style.css"> </head> <body> -<?php include_once 'templates/header.php'?> +<?php include_once 'templates/header.php' ?> <h2>Register an account</h2> <form action="register.php" method="post"> <label for="user_name">Username: </label><br> @@ -6,7 +6,7 @@ <link rel="stylesheet" href="styles/style.css"> </head> <body> - <?php include_once 'templates/header.php'?> + <?php include_once 'templates/header.php' ?> <h2>Sign in</h2> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> <label for="user_name">Username: </label><br> diff --git a/styles/style.css b/styles/style.css index 92090c0..9e37f62 100644 --- a/styles/style.css +++ b/styles/style.css @@ -1,7 +1,8 @@ body { font-family: Arial, sans-serif; font-size: 10pt; - margin: 10px 40px; + margin: auto; + width: 980px; } a { @@ -14,7 +15,7 @@ small { } .header > small { - color: #bde; + color: #dde; } a:hover { diff --git a/viewcategory.php b/viewcategory.php index e10797a..70733da 100644 --- a/viewcategory.php +++ b/viewcategory.php @@ -1,6 +1,6 @@ <?php -include_once 'includes/db_inc.php'; -include_once 'model/Category.php'; +include('includes/db_inc.php'); +include('includes/model/Category.php'); session_start(); @@ -8,55 +8,53 @@ $current = new Category(); if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { http_response_code(404); - include_once 'templates/404.php'; + include('includes/templates/404.php'); die(); } else { $result = $current->get_from_database($_GET['id'], $dbc); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include('includes/templates/404.php'); die(); } } ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title><?= $current->name; ?> - cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title><?= $current->name; ?> - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> -<?php include_once 'templates/header.php';?> - <h1><?= $current->name; ?></h1> - <p><?= $current->description; ?></p> - <span class="info"> - <?= $current->thread_count . ' threads, ' . $current->post_count . ' posts'; ?> - </span> - <h2>Threads</h2> - <table width="100%"> - <tr> - <th>Thread Name</th> - <th>Latest Post</th> - </tr> - <?php - $threads = $current->get_threads($dbc); +<?php include('includes/templates/header.php'); ?> +<h1><?= $current->name; ?></h1> +<p><?= $current->description; ?></p> +<span class="info"><?= $current->thread_count . ' threads, ' . $current->post_count . ' posts'; ?></span> +<h2>Threads</h2> +<table> + <tr> + <th>Thread Name</th> + <th>Latest Post</th> + </tr> + <?php + $threads = $current->get_threads($dbc); - foreach ($threads as $thread) { - $latest_post = $thread->get_latest_post($dbc); + foreach ($threads as $thread) { + $latest_post = $thread->get_latest_post($dbc); - echo '<tr>'; - echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>'; - echo '<small> by <b><a href="viewuser.php?id=' . $thread->author->id . '">' . $thread->author->name . '</a></b> on ' . date('M d, Y', strtotime($thread->date_created)) . '</small></td>'; + echo '<tr>'; + echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>'; + echo '<small> by <b><a href="viewuser.php?id=' . $thread->author->id . '">' . $thread->author->name . '</a></b> on ' . date('M d, Y', strtotime($thread->date_created)) . '</small></td>'; - if (!is_null($latest_post)) { - echo '<td>by <b><a href="viewuser.php?id=' . $latest_post->author->id . '">' . $latest_post->author->name . '</a></b><small> on ' . $latest_post->date_created . '</small></td>'; - } else { - echo '<td>No posts yet!</td>'; - } - - echo '</tr>'; + if (!is_null($latest_post)) { + echo '<td>by <b><a href="viewuser.php?id=' . $latest_post->author->id . '">' . $latest_post->author->name . '</a></b><small> on ' . $latest_post->date_created . '</small></td>'; + } else { + echo '<td>No posts yet!</td>'; } - ?> - </table> + + echo '</tr>'; + } + ?> +</table> </body> </html> diff --git a/viewthread.php b/viewthread.php index d41fb9b..ae08090 100644 --- a/viewthread.php +++ b/viewthread.php @@ -1,6 +1,6 @@ <?php -include_once 'includes/db_inc.php'; -include_once 'model/Thread.php'; +include('includes/db_inc.php'); +include('includes/model/Thread.php'); session_start(); @@ -8,31 +8,31 @@ $current = new Thread(); if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { http_response_code(404); - include_once 'templates/404.php'; + include('includes/templates/404.php'); die(); } else { $result = $current->get_from_database($_GET['id'], $dbc); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include('includes/templates/404.php'); die(); } } ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title><?= $current->subject; ?> - cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title><?= $current->subject; ?> - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> - <?php include_once 'templates/header.php';?> - <h1><?= $current->subject; ?></h1> - created by <b><?= $current->author->name; ?></b> - in <b><?= $current->category->name; ?></b> - <abbr title="<?= date('M d, Y g:ia', strtotime($current->date_created));?>">3 days ago</abbr> +<?php include('includes/templates/header.php'); ?> +<h1><?= $current->subject; ?></h1> +created by <b><?= $current->author->name; ?></b> +in <b><?= $current->category->name; ?></b> +<abbr title="<?= date('M d, Y g:ia', strtotime($current->date_created)); ?>">3 days ago</abbr> <?php -include_once 'model/User.php'; +include_once('includes/model/User.php'); if (isset($_SESSION['signed_in'])) { $user = new User(); @@ -57,32 +57,29 @@ if (isset($_SESSION['signed_in'])) { } } ?> - <hr> - <?php - $posts = $current->get_posts($dbc); +<hr> +<?php +$posts = $current->get_posts($dbc); - foreach ($posts as $post) { - $post->display_content($dbc); - } - ?> - <hr> - <h2>Reply to this thread</h2> - <form method="post"> - <textarea name="post_content" rows="10" cols="50"></textarea> - <br> - <input type="submit" name="submit"> - </form> +foreach ($posts as $post) { + $post->display_content($dbc); +} +?> +<hr> +<h2>Reply to this thread</h2> +<form method="post"> + <textarea name="post_content" rows="10" cols="50"></textarea> + <br> + <input type="submit" name="submit"> +</form> </body> </html> <?php -include_once 'includes/db_inc.php'; -include_once 'includes/functions_insert.php'; - if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!isset($_SESSION['signed_in'])) { echo 'You must be <a href="signin.php">signed in</a> to reply to this thread.'; return; - } + } $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); $user_id = filter_var($_SESSION['user_id'], FILTER_SANITIZE_NUMBER_INT); @@ -93,5 +90,4 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { insert_post($dbc, $post_content, $current->id, $user_id, $current->category->id); } } - ?> |