summaryrefslogtreecommitdiff
path: root/includes/model
diff options
context:
space:
mode:
Diffstat (limited to 'includes/model')
-rwxr-xr-x[-rw-r--r--]includes/model/Category.php156
-rwxr-xr-x[-rw-r--r--]includes/model/Post.php369
-rwxr-xr-x[-rw-r--r--]includes/model/User.php189
3 files changed, 365 insertions, 349 deletions
diff --git a/includes/model/Category.php b/includes/model/Category.php
index e8cbe60..37ad4f8 100644..100755
--- a/includes/model/Category.php
+++ b/includes/model/Category.php
@@ -1,78 +1,78 @@
-<?php
-
-include_once 'Thread.php';
-
-class Category
-{
- public $id;
- public $name;
- public $description;
- public $thread_count = 0;
- public $post_count = 0;
-
- // If an invalid id was passed into the constructor, the database will not have
- // returned a result, but the object will not be null.
- // We need to keep track of whether or not this object has a value.
- private $has_value = false;
-
- public function __construct($id)
- {
- $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- if (empty($result)) {
- return;
- }
-
- $this->id = $id;
- $this->name = $result[0]['cat_name'];
- $this->description = $result[0]['cat_description'];
- $this->thread_count = $result[0]['cat_thread_count'];
- $this->post_count = $result[0]['cat_post_count'];
-
- $this->has_value = true;
- }
-
- // Returns true if this object was successfully fetched from the database
- public function has_value()
- {
- return $this->has_value;
- }
-
- public static function get_all_categories(): array
- {
- $sql = "SELECT cat_id FROM categories ORDER BY cat_id;";
- $result = Database::get()->query($sql);
-
- $categories = array();
-
- foreach ($result as $row) {
- $category = new Category($row['cat_id']);
- array_push($categories, $category);
- }
-
- return $categories;
- }
-
- public function get_threads(): array
- {
- $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC";
- $result = Database::get()->query($sql, "i", $this->id);
- $threads = array();
-
- foreach ($result as $row) {
- $thread = new Thread($row['thread_id']);
- if ($thread->has_value())
- array_push($threads, $thread);
- }
-
- return $threads;
- }
-
- public function get_latest_thread(): Thread
- {
- $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1";
- $result = Database::get()->query($sql, "i", $this->id);
- return new Thread($result[0]['thread_id']);
- }
-}
+<?php
+
+include_once 'Thread.php';
+
+class Category
+{
+ public $id;
+ public $name;
+ public $description;
+ public $thread_count = 0;
+ public $post_count = 0;
+
+ // If an invalid id was passed into the constructor, the database will not have
+ // returned a result, but the object will not be null.
+ // We need to keep track of whether or not this object has a value.
+ private $has_value = false;
+
+ public function __construct($id)
+ {
+ $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ if (empty($result)) {
+ return;
+ }
+
+ $this->id = $id;
+ $this->name = $result[0]['cat_name'];
+ $this->description = $result[0]['cat_description'];
+ $this->thread_count = $result[0]['cat_thread_count'];
+ $this->post_count = $result[0]['cat_post_count'];
+
+ $this->has_value = true;
+ }
+
+ // Returns true if this object was successfully fetched from the database
+ public function has_value()
+ {
+ return $this->has_value;
+ }
+
+ public static function get_all_categories(): array
+ {
+ $sql = "SELECT cat_id FROM categories ORDER BY cat_id;";
+ $result = Database::get()->query($sql);
+
+ $categories = array();
+
+ foreach ($result as $row) {
+ $category = new Category($row['cat_id']);
+ array_push($categories, $category);
+ }
+
+ return $categories;
+ }
+
+ public function get_threads(): array
+ {
+ $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC";
+ $result = Database::get()->query($sql, "i", $this->id);
+ $threads = array();
+
+ foreach ($result as $row) {
+ $thread = new Thread($row['thread_id']);
+ if ($thread->has_value())
+ array_push($threads, $thread);
+ }
+
+ return $threads;
+ }
+
+ public function get_latest_thread(): Thread
+ {
+ $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1";
+ $result = Database::get()->query($sql, "i", $this->id);
+ return new Thread($result[0]['thread_id']);
+ }
+}
diff --git a/includes/model/Post.php b/includes/model/Post.php
index 49fd640..1b64490 100644..100755
--- a/includes/model/Post.php
+++ b/includes/model/Post.php
@@ -1,184 +1,185 @@
-<?php
-include_once './includes/Session.php';
-include_once './includes/Database.php';
-include_once './includes/model/User.php';
-include_once './includes/model/Thread.php';
-
-// Utility functions for building the post HTML
-
-function create_quote(int $id): string
-{
- $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- $reply = $result[0];
-
- if (empty($reply)) {
- return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
- }
-
- return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
-}
-
-function format_post_content(string $post_content)
-{
- $post_content = preg_replace_callback('/>#\d+/', function ($matches) {
- $result = "";
- foreach ($matches as $match) {
- $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
- $result .= create_quote($id);
- }
- return $result;
- }, $post_content);
-
- $result = $post_content;
-
- // Replace newline characters with HTML <br> tags
- $result = nl2br($result);
-
- // Replace YouTube URLs with embedded YouTube videos.
- $result = preg_replace(
- "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i",
- '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result);
-
- // Replace Image URLs with embedded images.
- $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result);
-
- // Replace other URLs with links.
- return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result);
-}
-
-class Post
-{
- public $id;
- public $content;
- public $date_created;
- public $date_edited;
- public $thread;
- public $author;
-
- private $has_value = false;
-
- public function __construct($id)
- {
- $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- if (empty($result)) {
- return;
- }
-
- $this->id = $id;
- $this->content = $result[0]['post_content'];
- $this->date_created = $result[0]['post_date_created'];
- $this->date_edited = $result[0]['post_date_edited'];
- $this->thread = new Thread($result[0]['post_thread']);
-
- $this->author = new User();
- $this->author->get_by_id($result[0]['post_author']);
-
- $this->has_value = true;
- }
-
- public function has_value()
- {
- return $this->has_value;
- }
-
- /**
- * Get the post content from the database and return it as a string ready for HTML display
- */
- function get_content(): string
- {
- // Build the header
- $result = '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
- $result .= ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>';
- $result .= ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
- $result .= '</div>';
-
- // Append the formatted post content
- $result .= '<span class="post-content">' . format_post_content($this->content) . '</span>';
-
- return $result;
- }
-
- function set_content(string $post_content)
- {
- // User must be signed in
- if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to edit this post!');
- return;
- }
-
- // User must have permission to edit the post
- $current_user = Session::get()->get_current_user();
- if ($current_user->id != $this->author->id) {
- trigger_error("You don't have sufficient permissions to edit this post.");
- return;
- }
-
- // Set the post content and the post edit date
- $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
- Database::get()->query($sql, "si", $post_content, $this->id);
- }
-
- function delete()
- {
- // User must be signed in
- if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to delete a post!');
- return;
- }
-
- // User must have permission to delete the post
- if (Session::get()->get_current_user()->level != USER_LEVEL_MODERATOR) {
- trigger_error("You don't have sufficient permissions to delete this post.");
- return;
- }
-
- // Delete the post from the database
- Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $this->id);
-
- // Decrement the post count of the category
- Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $this->thread->category->id);
- }
-
- public static function create($post_content, $post_thread, $post_category)
- {
- // User must be signed in
- if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to create a post');
- return;
- }
-
- $user = Session::get()->get_current_user();
-
- // Insert the post into the database
- $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
- Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id);
-
- // Increment the category's post count
- $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;";
- Database::get()->query($sql, "i", $post_category);
-
- // Set the last post date of the parent thread
- $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;";
- Database::get()->query($sql, "i", $post_thread);
- }
-
- public static function get_all_posts(): array
- {
- $sql = "SELECT post_id FROM posts";
- $result = Database::get()->query($sql);
-
- $posts = array();
-
- foreach ($result as $row) {
- $post = new Post();
- $post->get_from_database($row['post_id']);
- array_push($posts, $post);
- }
-
- return $posts;
- }
-}
+<?php
+include_once './includes/Session.php';
+include_once './includes/Database.php';
+include_once './includes/model/User.php';
+include_once './includes/model/Thread.php';
+
+// Utility functions for building the post HTML
+
+function create_quote(int $id): string
+{
+ $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ $reply = $result[0];
+
+ if (empty($reply)) {
+ return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
+ }
+
+ return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
+}
+
+function format_post_content(string $post_content)
+{
+ $post_content = preg_replace_callback('/>#\d+/', function ($matches) {
+ $result = "";
+ foreach ($matches as $match) {
+ $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
+ $result .= create_quote($id);
+ }
+ return $result;
+ }, $post_content);
+
+ $result = $post_content;
+
+ // Replace newline characters with HTML <br> tags
+ $result = nl2br($result);
+
+ // Replace YouTube URLs with embedded YouTube videos.
+ $result = preg_replace(
+ "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i",
+ '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result);
+
+ // Replace Image URLs with embedded images.
+ $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result);
+
+ // Replace other URLs with links.
+ return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result);
+}
+
+class Post
+{
+ public $id;
+ public $content;
+ public $date_created;
+ public $thread;
+ public $author;
+
+ private $has_value = false;
+
+ public function __construct($id)
+ {
+ $sql = "SELECT post_content, post_date_created, post_thread, post_author FROM posts WHERE post_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ if (empty($result)) {
+ return;
+ }
+
+ $this->id = $id;
+ $this->content = $result[0]['post_content'];
+ $this->date_created = $result[0]['post_date_created'];
+ $this->thread = new Thread($result[0]['post_thread']);
+
+ $this->author = new User();
+ $this->author->get_by_id($result[0]['post_author']);
+
+ $this->has_value = true;
+ }
+
+ public function has_value()
+ {
+ return $this->has_value;
+ }
+
+ /**
+ * Get the post content from the database and return it as a string ready for HTML display
+ */
+ function get_content(): string
+ {
+ // Build the header
+ $result = '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
+ $result .= ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>';
+ $result .= ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
+ if (Session::get()->is_signed_in() && Session::get()->get_current_user()->level == USER_LEVEL_MODERATOR) {
+ $result .= '<a href="moderate.php?type=post&id=' . $this->id . '" style="float:right;">[Options]</a>';
+ }
+ $result .= '</div>';
+
+ // Append the formatted post content
+ $result .= '<span class="post-content">' . format_post_content($this->content) . '</span>';
+
+ return $result;
+ }
+
+ function set_content(string $post_content)
+ {
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to edit this post!');
+ return;
+ }
+
+ // User must have permission to edit the post
+ $current_user = Session::get()->get_current_user();
+ if ($current_user->id != $this->author->id) {
+ trigger_error("You don't have sufficient permissions to edit this post.");
+ return;
+ }
+
+ // Set the post content and the post edit date
+ $sql = "UPDATE posts SET post_content = ? WHERE post_id = ?;";
+ Database::get()->query($sql, "si", $post_content, $this->id);
+ }
+
+ function delete()
+ {
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to delete a post!');
+ return;
+ }
+
+ // User must have permission to delete the post
+ if (Session::get()->get_current_user()->level != USER_LEVEL_MODERATOR) {
+ trigger_error("You don't have sufficient permissions to delete this post.");
+ return;
+ }
+
+ // Delete the post from the database
+ Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $this->id);
+
+ // Decrement the post count of the category
+ Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $this->thread->category->id);
+ }
+
+ public static function create($post_content, $post_thread, $post_category)
+ {
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to create a post');
+ return;
+ }
+
+ $user = Session::get()->get_current_user();
+
+ // Insert the post into the database
+ $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
+ Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id);
+
+ // Increment the category's post count
+ $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;";
+ Database::get()->query($sql, "i", $post_category);
+
+ // Set the last post date of the parent thread
+ $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;";
+ Database::get()->query($sql, "i", $post_thread);
+ }
+
+ public static function get_all_posts(): array
+ {
+ $sql = "SELECT post_id FROM posts";
+ $result = Database::get()->query($sql);
+
+ $posts = array();
+
+ foreach ($result as $row) {
+ $post = new Post();
+ $post->get_from_database($row['post_id']);
+ array_push($posts, $post);
+ }
+
+ return $posts;
+ }
+}
diff --git a/includes/model/User.php b/includes/model/User.php
index 13cbc03..7d3c1e4 100644..100755
--- a/includes/model/User.php
+++ b/includes/model/User.php
@@ -1,88 +1,103 @@
-<?php
-include_once './includes/Database.php';
-
-const USER_LEVEL_MODERATOR = 1;
-
-class User
-{
- public $id;
- public $name;
- public $password;
- public $date;
- public $level = 0;
-
- private $has_value = false;
-
- // Can't use a constructor here because we have two possible ways to get the user from the database
- // and PHP does not allow function overloading.
- public function get_by_id($id)
- {
- $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- if (empty($result)) {
- return;
- }
-
- $this->id = $id;
- $this->name = $result[0]['user_name'];
- $this->password = $result[0]['user_pass'];
- $this->date = $result[0]['user_date'];
- $this->level = $result[0]['user_level'];
-
- $this->has_value = true;
- }
-
- public function get_by_name($name)
- {
- $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?";
- $result = Database::get()->query($sql, "s", $name);
-
- if (empty($result)) {
- return;
- }
-
- $this->id = $result[0]['user_id'];
- $this->name = $name;
- $this->password = $result[0]['user_pass'];
- $this->date = $result[0]['user_date'];
- $this->level = $result[0]['user_level'];
-
- $this->has_value = true;
- }
-
- public function has_value()
- {
- return $this->has_value;
- }
-
- public static function register(string $username, string $pass_hash)
- {
- $sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);";
- Database::get()->query($sql, "ss", $username, $pass_hash);
- }
-
- public function change_password(string $pass_hash)
- {
- if (!Session::get()->is_signed_in()) {
- trigger_error('You are not signed in.');
- return;
- }
-
- if (Session::get()->get_current_user()->id != $this->id) {
- trigger_error("You can't change another user's password.");
- return;
- }
-
- $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;";
- Database::get()->query($sql, "si", $pass_hash, $this->id);
- }
-}
-
-function username_exists(string $username): bool
-{
- $sql = "SELECT * FROM users WHERE user_name = ?;";
- $result = Database::get()->query($sql, "s", $username);
-
- return !empty($result);
+<?php
+include_once './includes/Database.php';
+
+const USER_LEVEL_MODERATOR = 1;
+
+class User
+{
+ public $id;
+ public $name;
+ public $password;
+ public $date;
+ public $level = 0;
+
+ private $has_value = false;
+
+ // Can't use a constructor here because we have two possible ways to get the user from the database
+ // and PHP does not allow function overloading.
+ public function get_by_id($id)
+ {
+ $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ if (empty($result)) {
+ return;
+ }
+
+ $this->id = $id;
+ $this->name = $result[0]['user_name'];
+ $this->password = $result[0]['user_pass'];
+ $this->date = $result[0]['user_date'];
+ $this->level = $result[0]['user_level'];
+
+ $this->has_value = true;
+ }
+
+ public function get_by_name($name)
+ {
+ $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?";
+ $result = Database::get()->query($sql, "s", $name);
+
+ if (empty($result)) {
+ return;
+ }
+
+ $this->id = $result[0]['user_id'];
+ $this->name = $name;
+ $this->password = $result[0]['user_pass'];
+ $this->date = $result[0]['user_date'];
+ $this->level = $result[0]['user_level'];
+
+ $this->has_value = true;
+ }
+
+ public function has_value()
+ {
+ return $this->has_value;
+ }
+
+ public static function register(string $username, string $pass_hash)
+ {
+ $sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);";
+ Database::get()->query($sql, "ss", $username, $pass_hash);
+ }
+
+ public function change_password(string $pass_hash)
+ {
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You are not signed in.');
+ return;
+ }
+
+ if (Session::get()->get_current_user()->id != $this->id) {
+ trigger_error("You can't change another user's password.");
+ return;
+ }
+
+ $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;";
+ Database::get()->query($sql, "si", $pass_hash, $this->id);
+ }
+
+ public function get_threads(): array
+ {
+ $sql = "SELECT thread_id FROM threads WHERE thread_author = ? ORDER BY thread_date_lastpost DESC";
+ $result = Database::get()->query($sql, "i", $this->id);
+ $threads = array();
+
+ foreach ($result as $row) {
+ $thread = new Thread($row['thread_id']);
+ if ($thread->has_value())
+ array_push($threads, $thread);
+ }
+
+ return $threads;
+ }
+}
+
+function username_exists(string $username): bool
+{
+ $sql = "SELECT * FROM users WHERE user_name = ?;";
+ $result = Database::get()->query($sql, "s", $username);
+
+ return !empty($result);
} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-25 23:10:05 +0000