diff options
| -rw-r--r-- | create_thread.php | 68 | ||||
| -rw-r--r-- | includes/Database.php | 39 | ||||
| -rw-r--r-- | includes/Session.php | 8 | ||||
| -rw-r--r-- | includes/functions_insert.php | 35 | ||||
| -rw-r--r-- | includes/functions_post.php | 69 | ||||
| -rw-r--r-- | includes/functions_thread.php | 51 | ||||
| -rw-r--r-- | includes/model/User.php | 36 | ||||
| -rw-r--r-- | includes/templates/header.php | 8 | ||||
| -rw-r--r-- | manage_post.php | 86 | ||||
| -rw-r--r-- | moderate.php | 25 | ||||
| -rw-r--r-- | register.php | 26 | ||||
| -rw-r--r-- | search.php | 114 | ||||
| -rw-r--r-- | signin.php | 31 | ||||
| -rw-r--r-- | viewthread.php | 11 | ||||
| -rw-r--r-- | viewuser.php | 16 |
15 files changed, 333 insertions, 290 deletions
diff --git a/create_thread.php b/create_thread.php index 4598ce2..534b0ab 100644 --- a/create_thread.php +++ b/create_thread.php @@ -1,63 +1,61 @@ -<?php session_start()?> +<?php session_start() ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>Create a thread - cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title>Create a thread - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> -<?php include_once 'templates/header.php' ?> +<?php include_once 'includes/templates/header.php' ?> <h2>Create a new thread</h2> <?php -if (!isset($_SESSION['signed_in'])) { - die('You must be <a href="signin.php">signed in</a> to create a thread.'); -} +include_once 'includes/Session.php'; +if (!Session::get()->is_signed_in()) { + trigger_error('You must be <a href="signin.php">signed in</a> to create a thread.'); + exit(); +} ?> -<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> - <label for="thread_subject">Subject: </label><br> - <input type="text" name="thread_subject"><br> - <label for="thread_cat">Category: </label><br> +<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> + <label for="thread_subject">Subject: </label><br> + <input type="text" name="thread_subject"><br> + <label for="thread_cat">Category: </label><br> <?php - include_once 'includes/db_inc.php'; - include_once 'model/Category.php'; + include_once './includes/db_inc.php'; + include_once './includes/model/Category.php'; - $categories = get_all_categories($dbc); + $categories = get_all_categories($dbc); - if (count($categories) == 0) { - echo 'There are no categories to post to!'; - } else { - echo '<select name="thread_cat">'; + if (count($categories) == 0) { + echo 'There are no categories to post to!'; + } else { + echo '<select name="thread_cat">'; - foreach ($categories as $category) { - echo '<option value="' . $category->id . '">' . $category->name . '</option>'; - } - - echo '</select><br>'; + foreach ($categories as $category) { + echo '<option value="' . $category->id . '">' . $category->name . '</option>'; } + + echo '</select><br>'; + } ?> - <label for="post_content">Write your post: </label><br> - <textarea name="post_content"></textarea><br> - <input type="submit" name="submit"> + <label for="post_content">Write your post: </label><br> + <textarea name="post_content"></textarea><br> + <input type="submit" name="submit"> </form> <?php -include_once 'includes/db_inc.php'; -include_once 'includes/functions_insert.php'; +include_once 'includes/functions_post.php'; +include_once 'includes/functions_thread.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); $thread_subject = filter_input(INPUT_POST, 'thread_subject', FILTER_SANITIZE_STRING); $thread_cat = filter_input(INPUT_POST, 'thread_cat', FILTER_SANITIZE_NUMBER_INT); - $user_id = filter_var($_SESSION['user_id'], FILTER_SANITIZE_NUMBER_INT); if (empty($thread_subject) or !$thread_subject) { echo 'Thread subject cannot be empty'; } else { - insert_thread($dbc, $thread_subject, $thread_cat, $user_id); - $thread_id = mysqli_insert_id($dbc); - insert_post($dbc, $post_content, $thread_id, $user_id, $thread_cat); + $thread_id = create_thread($thread_subject, $thread_cat); + create_post($post_content, $thread_id, $thread_cat); - $sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = " . $thread_cat . ";"; - mysqli_query($dbc, $sql); header("Location: viewthread.php?id=" . $thread_id); } diff --git a/includes/Database.php b/includes/Database.php index 3308e4c..cdaa0f8 100644 --- a/includes/Database.php +++ b/includes/Database.php @@ -21,7 +21,7 @@ class Database } } - public static function get(): ?Database + public static function get() { if (self::$instance == null) { self::$instance = new Database(); @@ -30,8 +30,41 @@ class Database return self::$instance; } - public function query(string $sql) + public function query(string $sql, string $types = "", ...$vars): array { - mysqli_query($this->sql_connection, $sql); + $stmt = mysqli_stmt_init($this->sql_connection); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection)); + } + + mysqli_stmt_bind_param($stmt, $types, ...$vars); + mysqli_stmt_execute($stmt); + + $result = array(); + $db_result = mysqli_stmt_get_result($stmt); + + if (mysqli_num_rows($db_result) > 0) { + while ($row = mysqli_fetch_assoc($db_result)) { + array_push($result, $row); + } + } + + mysqli_free_result($db_result); + mysqli_stmt_close($stmt); + + return $result; + } + + /** + * Returns the auto generated ID of the last query. + * This function is just a wrapper for mysqli_insert_id. + * In the future, it might be better to return different + * values in the query function depending on the type of + * SQL query. + */ + public function get_last_id() + { + return mysqli_insert_id($this->sql_connection); } }
\ No newline at end of file diff --git a/includes/Session.php b/includes/Session.php index d97e7c5..7e17527 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -9,10 +9,8 @@ class Session session_start(); } - public static function get(): ?Session + public static function get() { - session_start(); - if (self::$instance == null) { self::$instance = new Session(); } @@ -25,7 +23,7 @@ class Session $_SESSION['signed_in'] = true; } - public function is_signed_in() + public function is_signed_in(): bool { return isset($_SESSION['signed_in']); } @@ -42,7 +40,7 @@ class Session $result = new User(); if (isset($_SESSION['user_id'])) { - $result->get_by_id($_GET['id'], $dbc); + $result->get_by_id($_SESSION['user_id']); } else { $result = null; } diff --git a/includes/functions_insert.php b/includes/functions_insert.php deleted file mode 100644 index 4f60701..0000000 --- a/includes/functions_insert.php +++ /dev/null @@ -1,35 +0,0 @@ -<?php - -// This file may be replaced by a MVC controller later on - -function insert_thread($dbc, $thread_subject, $thread_cat, $thread_author) { - $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create thread due to internal error: ' . mysqli_error($dbc)); - } - - mysqli_stmt_bind_param($stmt, "sii", $thread_subject, $thread_cat, $thread_author); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); -} - -function insert_post($dbc, $post_content, $post_thread, $post_author, $post_category) { - $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create post due to internal error: ' . mysqli_error($dbc)); - } - - mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - - $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = " . $post_category . ";"; - mysqli_query($dbc, $sql); - - $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = " . $post_thread . ";"; - mysqli_query($dbc, $sql); -} diff --git a/includes/functions_post.php b/includes/functions_post.php index 5bc8c2a..0176c76 100644 --- a/includes/functions_post.php +++ b/includes/functions_post.php @@ -1,57 +1,72 @@ <?php -include_once 'Session.php'; -include_once 'model/User.php'; +include_once './includes/Session.php'; +include_once './includes/Database.php'; +include_once './includes/model/User.php'; -function delete_post($post) +function create_post($post_content, $post_thread, $post_category) { // User must be signed in if (!Session::get()->is_signed_in()) { - trigger_error('You must be signed in to delete a post!'); + trigger_error('You must be signed in to create a post'); + return; } - // User must have permission to delete the post - $current_user = Session::get()->get_current_user(); - if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { - trigger_error("You don't have sufficient permissions to delete this post."); - } + $user = Session::get()->get_current_user(); - // TODO: The post must not be locked + // Insert the post into the database + $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id); - // TODO: The post must have not been around for a certain amount of time + // Increment the category's post count + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;"; + Database::get()->query($sql, "i", $post_category); - // Delete the post from the database - Database::get()->query("DELETE FROM posts WHERE post_id = $post->id"); - - // Decrement the post count of the category - $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; - mysqli_query($dbc, $sql); + // Set the last post date of the parent thread + $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;"; + Database::get()->query($sql, "i", $post_thread); } -function edit_post($post, $post_content) +function edit_post(Post $post, string $post_content) { // User must be signed in if (!Session::get()->is_signed_in()) { trigger_error('You must be signed in to edit this post!'); + return; } // User must have permission to edit the post $current_user = Session::get()->get_current_user(); - if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + if ($current_user->id != $post->author->id) { trigger_error("You don't have sufficient permissions to edit this post."); + return; } // Set the post content and the post edit date $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; - $stmt = mysqli_stmt_init($dbc); + Database::get()->query($sql, "si", $post_content, $post->id); +} - if (!mysqli_stmt_prepare($stmt, $sql)) { - trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc)); +function delete_post(Post $post) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a post!'); + return; + } + + // User must have permission to delete the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id != $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to delete this post."); + return; } - mysqli_stmt_bind_param($stmt, "si", $post_content, $id); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + // TODO: The post must not be locked + // TODO: The post must have not been around for a certain amount of time + + // Delete the post from the database + Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $post->id); - // Redirect to the post's thread page - header("Location: /viewthread.php?id=" . $post->thread->id); + // Decrement the post count of the category + Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $post->thread->category->id); } diff --git a/includes/functions_thread.php b/includes/functions_thread.php new file mode 100644 index 0000000..62efca9 --- /dev/null +++ b/includes/functions_thread.php @@ -0,0 +1,51 @@ +<?php +include_once './includes/Database.php'; +include_once './includes/Session.php'; + +function create_thread($subject, $category) +{ + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to create a thread'); + return 0; + } + + $user = Session::get()->get_current_user(); + + // Insert the new thread into the database + $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + Database::get()->query($sql, "sii", $subject, $category, $user->id); + + // Get the ID of the thread we just created + $thread_id = Database::get()->get_last_id(); + + // Increment the category's thread count + $sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = ?;"; + Database::get()->query($sql, "i", $category); + + return $thread_id; +} + +function delete_thread($thread) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a thread.'); + return; + } + + // User must be a moderator to delete a thread + $current_user = Session::get()->get_current_user(); + if ($current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You must be a moderator to delete this post."); + return; + } + + // TODO: The post must not be locked + // TODO: The post must have not been around for a certain amount of time + + // Delete the thread from the database + Database::get()->query("DELETE FROM threads WHERE thread_id = ?", "i", $thread->id); + + // Decrement the thread count of the category + Database::get()->query("UPDATE categories SET `cat_thread_count` = `cat_thread_count` - '1' WHERE cat_id = ?", "i", $thread->category->id); +}
\ No newline at end of file diff --git a/includes/model/User.php b/includes/model/User.php index 1c48afb..c780ff0 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -1,14 +1,17 @@ <?php +include_once './includes/Database.php'; const USER_LEVEL_MODERATOR = 1; -class User { +class User +{ public $id; public $name = 'Unknown'; public $date = 0; public $level = 0; - function get_by_name($name, $dbc) { + function get_by_name($name, $dbc) + { $sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?"; $stmt = mysqli_stmt_init($dbc); @@ -35,25 +38,14 @@ class User { mysqli_stmt_close($stmt); } - function get_by_id($id, $dbc) { - $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get user: ' . mysqli_error($dbc); - } - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->name = $row['user_name']; - $this->date = $row['user_date']; - $this->level = $row['user_level']; - } - } - - mysqli_free_result($result); - } + function get_by_id($id) + { + $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + $this->id = $id; + $this->name = $result[0]['user_name']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; + } }
\ No newline at end of file diff --git a/includes/templates/header.php b/includes/templates/header.php index 4eb17e3..35d9848 100644 --- a/includes/templates/header.php +++ b/includes/templates/header.php @@ -5,8 +5,12 @@ [<a href="/create_thread.php">Create a thread</a>] <span style="float:right;"> <?php - if (isset($_SESSION['signed_in'])) { - echo '[<a href="viewuser.php?id='. $_SESSION['user_id'] .'">' . $_SESSION['user_name'] . '\'s Profile</a>] [<a href="includes/signout_inc.php">Log out</a>]'; + include_once './includes/Session.php'; + include_once './includes/model/User.php'; + + if (Session::get()->is_signed_in()) { + $user = Session::get()->get_current_user(); + echo '[<a href="viewuser.php?id=' . $user->id . '">' . $user->name . '\'s Profile</a>] [<a href="includes/signout_inc.php">Log out</a>]'; } else { echo '[<a href="signin.php">Sign in</a>] or [<a href="register.php">Register an account</a>]'; } diff --git a/manage_post.php b/manage_post.php index 3f9a9b3..9e04dd4 100644 --- a/manage_post.php +++ b/manage_post.php @@ -10,13 +10,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } else { $result = $current->get_from_database($_GET['id'], $dbc); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } } @@ -28,68 +28,54 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { $post = new Post(); $post->get_from_database($id, $dbc); - if (!isset($_SESSION['signed_in'])) { - echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; - goto end; - } - - if ($_SESSION['user_id'] != $post->author->id) { - echo "You can't manage another user's post!"; - goto end; - } - if (strcasecmp($delete, "on") == 0) { - delete_post($dbc, $post); + delete_post($post); } else { - edit_post(); + edit_post($post, $post_content); } - end: header("Location: /viewthread.php?id=" . $post->thread->id); } ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>Manage a post - cflip.net forum</title> - <link rel="stylesheet" href="/styles/style.css"> + <title>Manage a post - cflip.net forum</title> + <link rel="stylesheet" href="/styles/style.css"> </head> <body> - <?php include_once 'templates/header.php' ?> - <h1>Manage a post</h1> - <?php - $current->display_content($dbc); - echo '<hr>'; +<?php include('includes/templates/header.php'); ?> +<h1>Manage a post</h1> +<?php +$current->display_content($dbc); +echo '<hr>'; - $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); +$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); - if (!isset($_SESSION['signed_in'])) { - echo 'You must be <a href="signin.php">signed in</a> to manage a post.'; - return; - } - - $current_user = new User(); - $current_user->get_by_id($_SESSION['user_id'], $dbc); +if (!Session::get()->is_signed_in()) { + echo '<p class="error">You must be <a href="signin.php">signed in</a> to manage a post.</p>'; + return; +} - // Admin users should be able to delete posts, but they should not be able to edit them - // Or should they?? - if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) { - echo "You can't manage another user's post!"; - return; - } +// Admin users should be able to delete posts, but they should not be able to edit them +// Or should they?? +if (Session::get()->get_current_user()->id != $current->author->id) { + echo '<p class="error">You can\'t manage another user\'s post!</p>'; + return; +} - // TODO: Disallow editing/deleting posts if they have been around for a while - ?> - <form action="manage_post.php" method="post"> - <h3>Edit post</h3> - <input type="hidden" name="id" value="<?= $current->id ?>"> - <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> - <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> - <p> - <input type="checkbox" id="delete" name="delete"> - <label for="delete">Delete this post</label> - </p> - <input type="submit" value="Apply Changes"> - </form> +// TODO: Disallow editing/deleting posts if they have been around for a while +?> +<form action="manage_post.php" method="post"> + <h3>Edit post</h3> + <input type="hidden" name="id" value="<?= $current->id ?>"> + <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea> + <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p> + <p> + <input type="checkbox" id="delete" name="delete"> + <label for="delete">Delete this post</label> + </p> + <input type="submit" value="Apply Changes"> +</form> </body> </html> diff --git a/moderate.php b/moderate.php index afeefa1..3b8d05d 100644 --- a/moderate.php +++ b/moderate.php @@ -1,25 +1,22 @@ <?php - -include_once 'includes/db_inc.php'; -include_once 'model/User.php'; +include_once './includes/db_inc.php'; +include_once './includes/functions_thread.php'; +include_once './includes/Session.php'; +include_once './includes/model/User.php'; session_start(); -function delete_thread($dbc, $thread_id) { - $sql = "DELETE FROM threads WHERE thread_id = $thread_id;"; - mysqli_query($dbc, $sql); -} - -if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_SESSION['signed_in'])) { +if ($_SERVER['REQUEST_METHOD'] == 'POST') { $thread_id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT); $delete = filter_input(INPUT_POST, "delete", FILTER_SANITIZE_STRING); - - $user = new User(); - $user->get_by_id($_SESSION['user_id'], $dbc); - if ($user->level > 0) { + $user = Session::get()->get_current_user(); + + if ($user->level == USER_LEVEL_MODERATOR) { if (strcasecmp($delete, "on") == 0) { - delete_thread($dbc, $thread_id); + $thread = new Thread(); + $thread->get_from_database($thread_id, $dbc); + delete_thread($thread); header("Location: /"); exit(); diff --git a/register.php b/register.php index 03eac6b..050878e 100644 --- a/register.php +++ b/register.php @@ -1,27 +1,29 @@ +<?php session_start() ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>Register an account - cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title>Register an account - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> -<?php include_once 'templates/header.php' ?> +<?php include './includes/templates/header.php' ?> <h2>Register an account</h2> <form action="register.php" method="post"> - <label for="user_name">Username: </label><br> - <input type="text" name="user_name"><br> - <label for="user_pass">Password: </label><br> - <input type="password" name="user_pass"><br> - <label for="user_pass_check">Re-enter password: </label><br> - <input type="password" name="user_pass_check"><br> - <input type="submit" name="submit"> + <label for="user_name">Username: </label><br> + <input type="text" name="user_name"><br> + <label for="user_pass">Password: </label><br> + <input type="password" name="user_pass"><br> + <label for="user_pass_check">Re-enter password: </label><br> + <input type="password" name="user_pass_check"><br> + <input type="submit" name="submit"> </form> <br> <?php include_once 'includes/db_inc.php'; -function username_exists($dbc, $user_name) { +function username_exists($dbc, $user_name) +{ $sql = "SELECT * FROM users WHERE user_name = ?;"; $stmt = mysqli_stmt_init($dbc); @@ -1,65 +1,65 @@ -<?php session_start()?> +<?php session_start() ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>Search - cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title>Search - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> - <?php include_once 'templates/header.php'; ?> - <h2>Search cflip.net forum</h2> - <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="get"> - Type: - <select name="type"> - <option value="thread">Thread</option> - <option value="post">Post</option> - <option value="user">User</option> - </select> - Sort By: - <select name="sort"> - <option value="lr">Last Reply</option> - <option value="cd">Creation Date</option> - <option value="rc">Reply Count</option> - </select> - With Name: - <input type="text" name="query"> - <input type="submit" value="Search!"> - </form> - <hr> - <?php - include_once 'includes/db_inc.php'; - include_once 'model/Thread.php'; - include_once 'model/Post.php'; +<?php include_once './includes/templates/header.php'; ?> +<h2>Search cflip.net forum</h2> +<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="get"> + <label for="type">Type:</label> + <select id="type" name="type"> + <option value="thread">Thread</option> + <option value="post">Post</option> + <option value="user">User</option> + </select> + <label for="sort">Sort By:</label> + <select id="sort" name="sort"> + <option value="lr">Last Reply</option> + <option value="cd">Creation Date</option> + <option value="rc">Reply Count</option> + </select> + <label for="text">With Name:</label> + <input id="text" type="text" name="query"> + <input type="submit" value="Search!"> +</form> +<hr> +<?php +include_once './includes/db_inc.php'; +include_once './includes/model/Thread.php'; +include_once './includes/model/Post.php'; - if (!isset($_GET['type'])) { - echo 'Specify a type to search.'; - } else { - switch ($_GET['type']) { - case 'thread': - $threads = get_all_threads($dbc); - foreach ($threads as $thread) { - echo '<p>'; - echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>'; - echo '<small> created by <b><a href="viewuser.php?id=' . $thread->author->id . '">' . $thread->author->name . '</a></b> on ' . date('M d, Y', strtotime($thread->date_created)) . '</small></td>'; - echo '</p>'; - } - break; - case 'post': - $posts = get_all_posts($dbc); - - foreach ($posts as $post) { - echo '<h3>From <a href="viewthread.php?id=' . $post->thread->id . '">' . $post->thread->subject . '</a></h3>'; - $post->display_content($dbc); - echo '<hr>'; - } - break; - case 'user': - break; - default: - echo '<h3>Could not search: Invalid type!</h3>'; - break; +if (!isset($_GET['type'])) { + echo 'Specify a type to search.'; +} else { + switch ($_GET['type']) { + case 'thread': + $threads = get_all_threads($dbc); + foreach ($threads as $thread) { + echo '<p>'; + echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>'; + echo '<small> created by <b><a href="viewuser.php?id=' . $thread->author->id . '">' . $thread->author->name . '</a></b> on ' . date('M d, Y', strtotime($thread->date_created)) . '</small></td>'; + echo '</p>'; } - } - ?> + break; + case 'post': + $posts = get_all_posts($dbc); + + foreach ($posts as $post) { + echo '<h3>From <a href="viewthread.php?id=' . $post->thread->id . '">' . $post->thread->subject . '</a></h3>'; + $post->display_content($dbc); + echo '<hr>'; + } + break; + case 'user': + break; + default: + echo '<h3>Could not search: Invalid type!</h3>'; + break; + } +} +?> </body> </html> @@ -1,26 +1,27 @@ -<?php session_start()?> +<?php session_start() ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>Sign in - cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title>Sign in - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> - <?php include_once 'templates/header.php' ?> - <h2>Sign in</h2> - <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> - <label for="user_name">Username: </label><br> - <input type="text" name="user_name"><br> - <label for="user_pass">Password: </label><br> - <input type="password" name="user_pass"><br> - <input type="submit" name="submit"> - </form> +<?php include_once './includes/templates/header.php' ?> +<h2>Sign in</h2> +<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> + <label for="user_name">Username: </label><br> + <input type="text" name="user_name"><br> + <label for="user_pass">Password: </label><br> + <input type="password" name="user_pass"><br> + <input type="submit" name="submit"> +</form> <?php include_once 'includes/db_inc.php'; -function validate($data) { +function validate($data) +{ $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); @@ -29,7 +30,7 @@ function validate($data) { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $errors = array(); - + if (empty($_POST['user_name'])) { $errors[] = 'Please provide a username.'; } else { diff --git a/viewthread.php b/viewthread.php index ae08090..cc2d221 100644 --- a/viewthread.php +++ b/viewthread.php @@ -34,11 +34,10 @@ in <b><?= $current->category->name; ?></b> <?php include_once('includes/model/User.php'); -if (isset($_SESSION['signed_in'])) { - $user = new User(); - $user->get_by_id($_SESSION['user_id'], $dbc); +if (Session::get()->is_signed_in()) { + $user = Session::get()->get_current_user(); - if ($user->level > 0) { + if ($user->level == USER_LEVEL_MODERATOR) { echo ' <form action="moderate.php" method="post"> <p> @@ -75,6 +74,8 @@ foreach ($posts as $post) { </body> </html> <?php +include_once 'includes/functions_post.php'; + if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!isset($_SESSION['signed_in'])) { echo 'You must be <a href="signin.php">signed in</a> to reply to this thread.'; @@ -87,7 +88,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (empty($post_content) or !$post_content) { echo 'Thread subject cannot be empty'; } else { - insert_post($dbc, $post_content, $current->id, $user_id, $current->category->id); + create_post($post_content, $current->id, $current->category->id); } } ?> diff --git a/viewuser.php b/viewuser.php index 3a33de0..155b814 100644 --- a/viewuser.php +++ b/viewuser.php @@ -1,6 +1,6 @@ <?php include_once 'includes/db_inc.php'; -include_once 'model/User.php'; +include_once 'includes/model/User.php'; session_start(); @@ -8,18 +8,18 @@ $current = new User(); if (!isset($_GET['id'])) { } else { - $current->get_by_id($_GET['id'], $dbc); + $current->get_by_id($_GET['id']); } ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title><?= $current->name; ?>'s Profile - cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title><?= $current->name; ?>'s Profile - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> - <?php include_once "templates/header.php" ?> - <h1><?= $current->name; ?></h1> - member since <?= date('M d, Y', strtotime($current->date)); ?> +<?php include_once "includes/templates/header.php" ?> +<h1><?= $current->name; ?></h1> +member since <?= date('M d, Y', strtotime($current->date)); ?> </body> </html> |