diff options
Diffstat (limited to 'includes/model/Post.php')
| -rw-r--r-- | includes/model/Post.php | 174 |
1 files changed, 167 insertions, 7 deletions
diff --git a/includes/model/Post.php b/includes/model/Post.php index 67c7e4a..42add02 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -1,6 +1,52 @@ <?php +include_once './includes/Session.php'; +include_once './includes/Database.php'; +include_once './includes/model/User.php'; +include_once './includes/model/Thread.php'; -include_once 'Thread.php'; +// Utility functions for building the post HTML + +function create_quote(int $id): string +{ + $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + $reply = $result[0]; + + if (empty($reply)) { + return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>'; + } + + return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>'; +} + +function format_post_content(string $post_content) +{ + $post_content = preg_replace_callback('/>#\d+/', function ($matches) { + $result = ""; + foreach ($matches as $match) { + $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); + $result .= create_quote($id); + } + return $result; + }, $post_content); + + $result = $post_content; + + // Replace newline characters with HTML <br> tags + $result = nl2br($result); + + // Replace YouTube URLs with embedded YouTube videos. + $result = preg_replace( + "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i", + '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result); + + // Replace Image URLs with embedded images. + $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result); + + // Replace other URLs with links. + return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result); +} class Post { @@ -11,26 +57,140 @@ class Post public $thread; public $author; - function get_from_database($id): bool + private $has_value = false; + + public function __construct($id) { $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;"; $result = Database::get()->query($sql, "i", $id); if (empty($result)) { - return false; + return; } $this->id = $id; $this->content = $result[0]['post_content']; $this->date_created = $result[0]['post_date_created']; $this->date_edited = $result[0]['post_date_edited']; - - $this->thread = new Thread(); - $this->thread->get_from_database($result[0]['post_thread']); + $this->thread = new Thread($result[0]['post_thread']); $this->author = new User(); $this->author->get_by_id($result[0]['post_author']); - return true; + $this->has_value = true; + } + + public function has_value() + { + return $this->has_value; + } + + /** + * Get the post content from the database and return it as a string ready for HTML display + */ + function get_content(): string + { + // Build the header + $result = '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>'; + $result .= ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>'; + $result .= ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); + + // If the post has a edit date, display it + if (!is_null($this->date_edited)) { + $result .= ' <small>edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . '</small>'; + } + + // Append a manage post button if the user is signed in and is the post's creator + if (Session::get()->is_signed_in() && Session::get()->get_current_user()->id == $this->author->id) { + $result .= '<span style="float:right;">'; + $result .= '[<a href="manage_post.php?id=' . $this->id . '">Edit/Delete</a>]'; + $result .= '</span>'; + } + $result .= '</div>'; + + // Append the formatted post content + $result .= '<span class="post-content">' . format_post_content($this->content) . '</span>'; + + return $result; + } + + function set_content(string $post_content) + { + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to edit this post!'); + return; + } + + // User must have permission to edit the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id != $this->author->id) { + trigger_error("You don't have sufficient permissions to edit this post."); + return; + } + + // Set the post content and the post edit date + $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; + Database::get()->query($sql, "si", $post_content, $this->id); + } + + function delete() + { + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a post!'); + return; + } + + // User must have permission to delete the post + if (Session::get()->get_current_user()->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to delete this post."); + return; + } + + // Delete the post from the database + Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $this->id); + + // Decrement the post count of the category + Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $this->thread->category->id); + } + + public static function create($post_content, $post_thread, $post_category) + { + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to create a post'); + return; + } + + $user = Session::get()->get_current_user(); + + // Insert the post into the database + $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id); + + // Increment the category's post count + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;"; + Database::get()->query($sql, "i", $post_category); + + // Set the last post date of the parent thread + $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;"; + Database::get()->query($sql, "i", $post_thread); + } + + public static function get_all_posts(): array + { + $sql = "SELECT post_id FROM posts"; + $result = Database::get()->query($sql); + + $posts = array(); + + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); + } + + return $posts; } } |