summaryrefslogtreecommitdiff
path: root/includes/model/Post.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/model/Post.php')
-rwxr-xr-x[-rw-r--r--]includes/model/Post.php369
1 files changed, 185 insertions, 184 deletions
diff --git a/includes/model/Post.php b/includes/model/Post.php
index 49fd640..1b64490 100644..100755
--- a/includes/model/Post.php
+++ b/includes/model/Post.php
@@ -1,184 +1,185 @@
-<?php
-include_once './includes/Session.php';
-include_once './includes/Database.php';
-include_once './includes/model/User.php';
-include_once './includes/model/Thread.php';
-
-// Utility functions for building the post HTML
-
-function create_quote(int $id): string
-{
- $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- $reply = $result[0];
-
- if (empty($reply)) {
- return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
- }
-
- return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
-}
-
-function format_post_content(string $post_content)
-{
- $post_content = preg_replace_callback('/>#\d+/', function ($matches) {
- $result = "";
- foreach ($matches as $match) {
- $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
- $result .= create_quote($id);
- }
- return $result;
- }, $post_content);
-
- $result = $post_content;
-
- // Replace newline characters with HTML <br> tags
- $result = nl2br($result);
-
- // Replace YouTube URLs with embedded YouTube videos.
- $result = preg_replace(
- "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i",
- '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result);
-
- // Replace Image URLs with embedded images.
- $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result);
-
- // Replace other URLs with links.
- return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result);
-}
-
-class Post
-{
- public $id;
- public $content;
- public $date_created;
- public $date_edited;
- public $thread;
- public $author;
-
- private $has_value = false;
-
- public function __construct($id)
- {
- $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- if (empty($result)) {
- return;
- }
-
- $this->id = $id;
- $this->content = $result[0]['post_content'];
- $this->date_created = $result[0]['post_date_created'];
- $this->date_edited = $result[0]['post_date_edited'];
- $this->thread = new Thread($result[0]['post_thread']);
-
- $this->author = new User();
- $this->author->get_by_id($result[0]['post_author']);
-
- $this->has_value = true;
- }
-
- public function has_value()
- {
- return $this->has_value;
- }
-
- /**
- * Get the post content from the database and return it as a string ready for HTML display
- */
- function get_content(): string
- {
- // Build the header
- $result = '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
- $result .= ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>';
- $result .= ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
- $result .= '</div>';
-
- // Append the formatted post content
- $result .= '<span class="post-content">' . format_post_content($this->content) . '</span>';
-
- return $result;
- }
-
- function set_content(string $post_content)
- {
- // User must be signed in
- if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to edit this post!');
- return;
- }
-
- // User must have permission to edit the post
- $current_user = Session::get()->get_current_user();
- if ($current_user->id != $this->author->id) {
- trigger_error("You don't have sufficient permissions to edit this post.");
- return;
- }
-
- // Set the post content and the post edit date
- $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
- Database::get()->query($sql, "si", $post_content, $this->id);
- }
-
- function delete()
- {
- // User must be signed in
- if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to delete a post!');
- return;
- }
-
- // User must have permission to delete the post
- if (Session::get()->get_current_user()->level != USER_LEVEL_MODERATOR) {
- trigger_error("You don't have sufficient permissions to delete this post.");
- return;
- }
-
- // Delete the post from the database
- Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $this->id);
-
- // Decrement the post count of the category
- Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $this->thread->category->id);
- }
-
- public static function create($post_content, $post_thread, $post_category)
- {
- // User must be signed in
- if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to create a post');
- return;
- }
-
- $user = Session::get()->get_current_user();
-
- // Insert the post into the database
- $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
- Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id);
-
- // Increment the category's post count
- $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;";
- Database::get()->query($sql, "i", $post_category);
-
- // Set the last post date of the parent thread
- $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;";
- Database::get()->query($sql, "i", $post_thread);
- }
-
- public static function get_all_posts(): array
- {
- $sql = "SELECT post_id FROM posts";
- $result = Database::get()->query($sql);
-
- $posts = array();
-
- foreach ($result as $row) {
- $post = new Post();
- $post->get_from_database($row['post_id']);
- array_push($posts, $post);
- }
-
- return $posts;
- }
-}
+<?php
+include_once './includes/Session.php';
+include_once './includes/Database.php';
+include_once './includes/model/User.php';
+include_once './includes/model/Thread.php';
+
+// Utility functions for building the post HTML
+
+function create_quote(int $id): string
+{
+ $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ $reply = $result[0];
+
+ if (empty($reply)) {
+ return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
+ }
+
+ return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
+}
+
+function format_post_content(string $post_content)
+{
+ $post_content = preg_replace_callback('/>#\d+/', function ($matches) {
+ $result = "";
+ foreach ($matches as $match) {
+ $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
+ $result .= create_quote($id);
+ }
+ return $result;
+ }, $post_content);
+
+ $result = $post_content;
+
+ // Replace newline characters with HTML <br> tags
+ $result = nl2br($result);
+
+ // Replace YouTube URLs with embedded YouTube videos.
+ $result = preg_replace(
+ "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i",
+ '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result);
+
+ // Replace Image URLs with embedded images.
+ $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result);
+
+ // Replace other URLs with links.
+ return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result);
+}
+
+class Post
+{
+ public $id;
+ public $content;
+ public $date_created;
+ public $thread;
+ public $author;
+
+ private $has_value = false;
+
+ public function __construct($id)
+ {
+ $sql = "SELECT post_content, post_date_created, post_thread, post_author FROM posts WHERE post_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ if (empty($result)) {
+ return;
+ }
+
+ $this->id = $id;
+ $this->content = $result[0]['post_content'];
+ $this->date_created = $result[0]['post_date_created'];
+ $this->thread = new Thread($result[0]['post_thread']);
+
+ $this->author = new User();
+ $this->author->get_by_id($result[0]['post_author']);
+
+ $this->has_value = true;
+ }
+
+ public function has_value()
+ {
+ return $this->has_value;
+ }
+
+ /**
+ * Get the post content from the database and return it as a string ready for HTML display
+ */
+ function get_content(): string
+ {
+ // Build the header
+ $result = '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
+ $result .= ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>';
+ $result .= ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
+ if (Session::get()->is_signed_in() && Session::get()->get_current_user()->level == USER_LEVEL_MODERATOR) {
+ $result .= '<a href="moderate.php?type=post&id=' . $this->id . '" style="float:right;">[Options]</a>';
+ }
+ $result .= '</div>';
+
+ // Append the formatted post content
+ $result .= '<span class="post-content">' . format_post_content($this->content) . '</span>';
+
+ return $result;
+ }
+
+ function set_content(string $post_content)
+ {
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to edit this post!');
+ return;
+ }
+
+ // User must have permission to edit the post
+ $current_user = Session::get()->get_current_user();
+ if ($current_user->id != $this->author->id) {
+ trigger_error("You don't have sufficient permissions to edit this post.");
+ return;
+ }
+
+ // Set the post content and the post edit date
+ $sql = "UPDATE posts SET post_content = ? WHERE post_id = ?;";
+ Database::get()->query($sql, "si", $post_content, $this->id);
+ }
+
+ function delete()
+ {
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to delete a post!');
+ return;
+ }
+
+ // User must have permission to delete the post
+ if (Session::get()->get_current_user()->level != USER_LEVEL_MODERATOR) {
+ trigger_error("You don't have sufficient permissions to delete this post.");
+ return;
+ }
+
+ // Delete the post from the database
+ Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $this->id);
+
+ // Decrement the post count of the category
+ Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $this->thread->category->id);
+ }
+
+ public static function create($post_content, $post_thread, $post_category)
+ {
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to create a post');
+ return;
+ }
+
+ $user = Session::get()->get_current_user();
+
+ // Insert the post into the database
+ $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
+ Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id);
+
+ // Increment the category's post count
+ $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;";
+ Database::get()->query($sql, "i", $post_category);
+
+ // Set the last post date of the parent thread
+ $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;";
+ Database::get()->query($sql, "i", $post_thread);
+ }
+
+ public static function get_all_posts(): array
+ {
+ $sql = "SELECT post_id FROM posts";
+ $result = Database::get()->query($sql);
+
+ $posts = array();
+
+ foreach ($result as $row) {
+ $post = new Post();
+ $post->get_from_database($row['post_id']);
+ array_push($posts, $post);
+ }
+
+ return $posts;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-25 20:28:25 +0000