1 files changed, 121 insertions, 0 deletions
diff --git a/includes/model/Post.php b/includes/model/Post.php
new file mode 100644
index 0000000..34d6a79
--- /dev/null
+++ b/includes/model/Post.php
@@ -0,0 +1,121 @@
+<?php
+
+include_once 'Thread.php';
+
+function add_quote($dbc, $thread_id, $matches) {
+	foreach ($matches as $match) {
+		$id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
+		$sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id;
+		$result = mysqli_query($dbc, $sql);
+
+		if (!$result) {
+			return '<blockquote></blockquote>';
+		}
+
+		$reply = mysqli_fetch_assoc($result);
+
+		if (empty($reply)) {
+			return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
+		}
+
+		return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id .'">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
+	}
+}
+
+class Post {
+	public $id;
+	public $content;
+	public $date_created;
+	public $date_edited;
+	public $thread;
+	public $author;
+
+	function get_from_database($id, $dbc) {
+		// TODO: Potential SQL injection risk?
+		$sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id);
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Failed to get post: ' . mysqli_error($dbc);
+		}
+	
+		if (mysqli_num_rows($result) == 0) {
+			return 0;
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $id;
+				$this->content = $row['post_content'];
+				$this->date_created = $row['post_date_created'];
+				$this->date_edited = $row['post_date_edited'];
+
+				$this->thread = new Thread();
+				$this->thread->get_from_database($row['post_thread'], $dbc);
+
+				$this->author = new User();
+				$this->author->get_by_id($row['post_author'], $dbc);
+			}
+		}
+
+		mysqli_free_result($result);
+		return 1;
+	}
+
+	function display_content($dbc) {
+		echo '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
+		echo ' Posted by <a href="viewuser.php?id='. $this->author->id . '">' . $this->author->name . '</a>';
+		echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
+		if (!is_null($this->date_edited)) {
+			echo ' <small>edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . '</small>';
+		}
+		if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) {
+			echo '<span style="float:right;">';
+			echo '[<a href="manage_post.php?id=' . $this->id . '">Edit/Delete</a>] ';
+			echo'</span>';
+		}
+		echo '</div>';
+
+		$post_content = $this->content;
+		$thread_id = $this->id;
+
+		$post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
+			return add_quote($dbc, $thread_id, $matches);
+		}, $post_content);
+
+		// Replace newline characters with HTML <br> tags
+		$post_content = nl2br($post_content);
+
+		// Replace YouTube URLs with embedded YouTube videos.
+		$post_content =  preg_replace(
+			"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
+			'<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $post_content);
+		// Replace Image URLs with embedded images.
+		$post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $post_content);
+		// Replace other URLs with links.
+		$post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $post_content);
+
+		echo '<span class="post-content">' . $post_content . '</span>';
+	}
+}
+
+function get_all_posts($dbc) {
+	$sql = "SELECT post_id FROM posts";
+	$result = mysqli_query($dbc, $sql);
+	
+	if (!$result) {
+		echo 'Failed to get posts: ' . mysqli_error($dbc);
+	}
+
+	$posts = array();
+
+	if (mysqli_num_rows($result) == 0) {
+	} else {
+		while ($row = mysqli_fetch_assoc($result)) {
+			$post = new Post();
+			$post->get_from_database($row['post_id'], $dbc);
+			array_push($posts, $post);
+		}
+	}
+
+	mysqli_free_result($result);
+	return $posts;
+}