diff options
| -rw-r--r-- | includes/functions_insert.php | 4 | ||||
| -rw-r--r-- | manage_post.php | 113 | ||||
| -rw-r--r-- | model/Post.php | 18 | ||||
| -rw-r--r-- | model/Thread.php | 4 | ||||
| -rw-r--r-- | setup.sql | 3 | ||||
| -rw-r--r-- | styles/style.css | 6 | ||||
| -rw-r--r-- | viewcategory.php | 2 | ||||
| -rw-r--r-- | viewthread.php | 2 |
8 files changed, 138 insertions, 14 deletions
diff --git a/includes/functions_insert.php b/includes/functions_insert.php index e13b80e..4f60701 100644 --- a/includes/functions_insert.php +++ b/includes/functions_insert.php @@ -16,7 +16,7 @@ function insert_thread($dbc, $thread_subject, $thread_cat, $thread_author) { } function insert_post($dbc, $post_content, $post_thread, $post_author, $post_category) { - $sql = "INSERT INTO posts(post_content, post_date, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; $stmt = mysqli_stmt_init($dbc); if (!mysqli_stmt_prepare($stmt, $sql)) { @@ -32,4 +32,4 @@ function insert_post($dbc, $post_content, $post_thread, $post_author, $post_cate $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = " . $post_thread . ";"; mysqli_query($dbc, $sql); -}
\ No newline at end of file +} diff --git a/manage_post.php b/manage_post.php new file mode 100644 index 0000000..8c6129b --- /dev/null +++ b/manage_post.php @@ -0,0 +1,113 @@ +<?php + +include_once 'includes/db_inc.php'; +include_once 'model/Post.php'; + +function delete_post($dbc, $post) { + $sql = "DELETE FROM posts WHERE post_id = $post->id"; + mysqli_query($dbc, $sql); + + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; + mysqli_query($dbc, $sql); +} + +session_start(); + +if ($_SERVER['REQUEST_METHOD'] == 'GET') { + $current = new Post(); + + if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { + http_response_code(404); + include_once 'templates/404.php'; + die(); + } else { + $result = $current->get_from_database($_GET['id'], $dbc); + if ($result == 0) { + http_response_code(404); + include_once 'templates/404.php'; + die(); + } + } +} else { + $id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT); + $delete = filter_input(INPUT_POST, 'delete', FILTER_SANITIZE_STRING); + $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); + + $post = new Post(); + $post->get_from_database($id, $dbc); + + if (!isset($_SESSION['signed_in'])) { + echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; + goto end; + } + + + if ($_SESSION['user_id'] != $post->author->id) { + echo "You can't manage another user's post!"; + goto end; + } + + if (strcasecmp($delete, "on") == 0) { + delete_post($dbc, $post); + } else { + $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create post due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "si", $post_content, $id); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + } + + end: + header("Location: /viewthread.php?id=" . $post->thread->id); +} +?> +<!DOCTYPE html> +<html> +<head> + <title>Manage a post - cflip.net forum</title> + <link rel="stylesheet" href="/styles/style.css"> +</head> +<body> + <?php include_once 'templates/header.php' ?> + <h1>Manage a post</h1> + <?php + $current->display_content($dbc); + echo '<hr>'; + + $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); + + if (!isset($_SESSION['signed_in'])) { + echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; + return; + } + + $current_user = new User(); + $current_user->get_by_id($_SESSION['user_id'], $dbc); + + // Admin users should be able to delete posts, but they should not be able to edit them + // Or should they?? + if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) { + echo "You can't manage another user's post!"; + return; + } + + // TODO: Disallow editing/deleting posts if they have been around for a while + ?> + <form action="manage_post.php" method="post"> + <h3>Edit post</h3> + <input type="hidden" name="id" value="<?= $current->id ?>"> + <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> + <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> + <p> + <input type="checkbox" id="delete" name="delete"> + <label for="delete">Delete this post</label> + </p> + <input type="submit" value="Apply Changes"> + </form> +</body> +</html> diff --git a/model/Post.php b/model/Post.php index 5d85f20..34d6a79 100644 --- a/model/Post.php +++ b/model/Post.php @@ -25,13 +25,14 @@ function add_quote($dbc, $thread_id, $matches) { class Post { public $id; public $content; - public $date; + public $date_created; + public $date_edited; public $thread; public $author; function get_from_database($id, $dbc) { // TODO: Potential SQL injection risk? - $sql = "SELECT post_content, post_date, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); $result = mysqli_query($dbc, $sql); if (!$result) { @@ -39,11 +40,13 @@ class Post { } if (mysqli_num_rows($result) == 0) { + return 0; } else { while ($row = mysqli_fetch_assoc($result)) { $this->id = $id; $this->content = $row['post_content']; - $this->date = $row['post_date']; + $this->date_created = $row['post_date_created']; + $this->date_edited = $row['post_date_edited']; $this->thread = new Thread(); $this->thread->get_from_database($row['post_thread'], $dbc); @@ -54,16 +57,19 @@ class Post { } mysqli_free_result($result); + return 1; } function display_content($dbc) { echo '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>'; echo ' Posted by <a href="viewuser.php?id='. $this->author->id . '">' . $this->author->name . '</a>'; - echo ' on ' . date('m/d/Y g:ia', strtotime($this->date)); + echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); + if (!is_null($this->date_edited)) { + echo ' <small>edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . '</small>'; + } if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { echo '<span style="float:right;">'; - echo '[<a href="includes/manage_post.php?action=edit&id=' . $this->id . '">Edit</a>] '; - echo '[<a href="includes/manage_post.php?action=delete&id=' . $this->id . '">Delete</a>]'; + echo '[<a href="manage_post.php?id=' . $this->id . '">Edit/Delete</a>] '; echo'</span>'; } echo '</div>'; diff --git a/model/Thread.php b/model/Thread.php index aa48cfd..a9dc690 100644 --- a/model/Thread.php +++ b/model/Thread.php @@ -65,7 +65,7 @@ class Thread { } function get_latest_post($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date DESC LIMIT 1"; + $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1"; $result = mysqli_query($dbc, $sql); if (!$result) { @@ -108,4 +108,4 @@ function get_all_threads($dbc) { mysqli_free_result($result); return $threads; -}
\ No newline at end of file +} @@ -31,7 +31,8 @@ CREATE TABLE threads ( CREATE TABLE posts ( post_id INT(8) NOT NULL AUTO_INCREMENT, post_content TEXT NOT NULL, - post_date DATETIME NOT NULL, + post_date_created DATETIME NOT NULL, + post_date_edited DATETIME, post_thread INT(8) NOT NULL, post_author INT(8) NOT NULL, PRIMARY KEY (post_id) diff --git a/styles/style.css b/styles/style.css index a908537..92090c0 100644 --- a/styles/style.css +++ b/styles/style.css @@ -1,5 +1,5 @@ body { - font-family: sans-serif; + font-family: Arial, sans-serif; font-size: 10pt; margin: 10px 40px; } @@ -13,6 +13,10 @@ small { color: #333; } +.header > small { + color: #bde; +} + a:hover { color:#373737; text-decoration: none; diff --git a/viewcategory.php b/viewcategory.php index 0d69ed8..a10afce 100644 --- a/viewcategory.php +++ b/viewcategory.php @@ -59,7 +59,7 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { echo '<small> by <b><a href="viewuser.php?id=' . $thread->author->id . '">' . $thread->author->name . '</a></b> on ' . date('M d, Y', strtotime($thread->date_created)) . '</small></td>'; if (!is_null($latest_post)) { - echo '<td>by <b><a href="viewuser.php?id=' . $latest_post->author->id . '">' . $latest_post->author->name . '</a></b><small> on ' . $latest_post->date . '</small></td>'; + echo '<td>by <b><a href="viewuser.php?id=' . $latest_post->author->id . '">' . $latest_post->author->name . '</a></b><small> on ' . $latest_post->date_created . '</small></td>'; } else { echo '<td>No posts yet!</td>'; } diff --git a/viewthread.php b/viewthread.php index e1961fc..d41fb9b 100644 --- a/viewthread.php +++ b/viewthread.php @@ -43,7 +43,7 @@ if (isset($_SESSION['signed_in'])) { <form action="moderate.php" method="post"> <p> <b>Moderator Options</b> - <input type="number" name="id" value="' . $current->id . '"> + <input type="hidden" name="id" value="' . $current->id . '"> <input type="checkbox" id="delete" name="delete"> <label for="delete">Delete thread</label> <input type="checkbox" id="lock" name="lock"> |