summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/Database.php39
-rw-r--r--includes/Session.php8
-rw-r--r--includes/functions_insert.php35
-rw-r--r--includes/functions_post.php69
-rw-r--r--includes/functions_thread.php51
-rw-r--r--includes/model/User.php36
-rw-r--r--includes/templates/header.php8
7 files changed, 152 insertions, 94 deletions
diff --git a/includes/Database.php b/includes/Database.php
index 3308e4c..cdaa0f8 100644
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -21,7 +21,7 @@ class Database
}
}
- public static function get(): ?Database
+ public static function get()
{
if (self::$instance == null) {
self::$instance = new Database();
@@ -30,8 +30,41 @@ class Database
return self::$instance;
}
- public function query(string $sql)
+ public function query(string $sql, string $types = "", ...$vars): array
{
- mysqli_query($this->sql_connection, $sql);
+ $stmt = mysqli_stmt_init($this->sql_connection);
+
+ if (!mysqli_stmt_prepare($stmt, $sql)) {
+ trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection));
+ }
+
+ mysqli_stmt_bind_param($stmt, $types, ...$vars);
+ mysqli_stmt_execute($stmt);
+
+ $result = array();
+ $db_result = mysqli_stmt_get_result($stmt);
+
+ if (mysqli_num_rows($db_result) > 0) {
+ while ($row = mysqli_fetch_assoc($db_result)) {
+ array_push($result, $row);
+ }
+ }
+
+ mysqli_free_result($db_result);
+ mysqli_stmt_close($stmt);
+
+ return $result;
+ }
+
+ /**
+ * Returns the auto generated ID of the last query.
+ * This function is just a wrapper for mysqli_insert_id.
+ * In the future, it might be better to return different
+ * values in the query function depending on the type of
+ * SQL query.
+ */
+ public function get_last_id()
+ {
+ return mysqli_insert_id($this->sql_connection);
}
} \ No newline at end of file
diff --git a/includes/Session.php b/includes/Session.php
index d97e7c5..7e17527 100644
--- a/includes/Session.php
+++ b/includes/Session.php
@@ -9,10 +9,8 @@ class Session
session_start();
}
- public static function get(): ?Session
+ public static function get()
{
- session_start();
-
if (self::$instance == null) {
self::$instance = new Session();
}
@@ -25,7 +23,7 @@ class Session
$_SESSION['signed_in'] = true;
}
- public function is_signed_in()
+ public function is_signed_in(): bool
{
return isset($_SESSION['signed_in']);
}
@@ -42,7 +40,7 @@ class Session
$result = new User();
if (isset($_SESSION['user_id'])) {
- $result->get_by_id($_GET['id'], $dbc);
+ $result->get_by_id($_SESSION['user_id']);
} else {
$result = null;
}
diff --git a/includes/functions_insert.php b/includes/functions_insert.php
deleted file mode 100644
index 4f60701..0000000
--- a/includes/functions_insert.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-// This file may be replaced by a MVC controller later on
-
-function insert_thread($dbc, $thread_subject, $thread_cat, $thread_author) {
- $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
- $stmt = mysqli_stmt_init($dbc);
-
- if (!mysqli_stmt_prepare($stmt, $sql)) {
- die('Could not create thread due to internal error: ' . mysqli_error($dbc));
- }
-
- mysqli_stmt_bind_param($stmt, "sii", $thread_subject, $thread_cat, $thread_author);
- mysqli_stmt_execute($stmt);
- mysqli_stmt_close($stmt);
-}
-
-function insert_post($dbc, $post_content, $post_thread, $post_author, $post_category) {
- $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
- $stmt = mysqli_stmt_init($dbc);
-
- if (!mysqli_stmt_prepare($stmt, $sql)) {
- die('Could not create post due to internal error: ' . mysqli_error($dbc));
- }
-
- mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author);
- mysqli_stmt_execute($stmt);
- mysqli_stmt_close($stmt);
-
- $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = " . $post_category . ";";
- mysqli_query($dbc, $sql);
-
- $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = " . $post_thread . ";";
- mysqli_query($dbc, $sql);
-}
diff --git a/includes/functions_post.php b/includes/functions_post.php
index 5bc8c2a..0176c76 100644
--- a/includes/functions_post.php
+++ b/includes/functions_post.php
@@ -1,57 +1,72 @@
<?php
-include_once 'Session.php';
-include_once 'model/User.php';
+include_once './includes/Session.php';
+include_once './includes/Database.php';
+include_once './includes/model/User.php';
-function delete_post($post)
+function create_post($post_content, $post_thread, $post_category)
{
// User must be signed in
if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to delete a post!');
+ trigger_error('You must be signed in to create a post');
+ return;
}
- // User must have permission to delete the post
- $current_user = Session::get()->get_current_user();
- if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
- trigger_error("You don't have sufficient permissions to delete this post.");
- }
+ $user = Session::get()->get_current_user();
- // TODO: The post must not be locked
+ // Insert the post into the database
+ $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
+ Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id);
- // TODO: The post must have not been around for a certain amount of time
+ // Increment the category's post count
+ $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;";
+ Database::get()->query($sql, "i", $post_category);
- // Delete the post from the database
- Database::get()->query("DELETE FROM posts WHERE post_id = $post->id");
-
- // Decrement the post count of the category
- $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";";
- mysqli_query($dbc, $sql);
+ // Set the last post date of the parent thread
+ $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;";
+ Database::get()->query($sql, "i", $post_thread);
}
-function edit_post($post, $post_content)
+function edit_post(Post $post, string $post_content)
{
// User must be signed in
if (!Session::get()->is_signed_in()) {
trigger_error('You must be signed in to edit this post!');
+ return;
}
// User must have permission to edit the post
$current_user = Session::get()->get_current_user();
- if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+ if ($current_user->id != $post->author->id) {
trigger_error("You don't have sufficient permissions to edit this post.");
+ return;
}
// Set the post content and the post edit date
$sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
- $stmt = mysqli_stmt_init($dbc);
+ Database::get()->query($sql, "si", $post_content, $post->id);
+}
- if (!mysqli_stmt_prepare($stmt, $sql)) {
- trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc));
+function delete_post(Post $post)
+{
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to delete a post!');
+ return;
+ }
+
+ // User must have permission to delete the post
+ $current_user = Session::get()->get_current_user();
+ if ($current_user->id != $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+ trigger_error("You don't have sufficient permissions to delete this post.");
+ return;
}
- mysqli_stmt_bind_param($stmt, "si", $post_content, $id);
- mysqli_stmt_execute($stmt);
- mysqli_stmt_close($stmt);
+ // TODO: The post must not be locked
+ // TODO: The post must have not been around for a certain amount of time
+
+ // Delete the post from the database
+ Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $post->id);
- // Redirect to the post's thread page
- header("Location: /viewthread.php?id=" . $post->thread->id);
+ // Decrement the post count of the category
+ Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $post->thread->category->id);
}
diff --git a/includes/functions_thread.php b/includes/functions_thread.php
new file mode 100644
index 0000000..62efca9
--- /dev/null
+++ b/includes/functions_thread.php
@@ -0,0 +1,51 @@
+<?php
+include_once './includes/Database.php';
+include_once './includes/Session.php';
+
+function create_thread($subject, $category)
+{
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to create a thread');
+ return 0;
+ }
+
+ $user = Session::get()->get_current_user();
+
+ // Insert the new thread into the database
+ $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
+ Database::get()->query($sql, "sii", $subject, $category, $user->id);
+
+ // Get the ID of the thread we just created
+ $thread_id = Database::get()->get_last_id();
+
+ // Increment the category's thread count
+ $sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = ?;";
+ Database::get()->query($sql, "i", $category);
+
+ return $thread_id;
+}
+
+function delete_thread($thread)
+{
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to delete a thread.');
+ return;
+ }
+
+ // User must be a moderator to delete a thread
+ $current_user = Session::get()->get_current_user();
+ if ($current_user->level != USER_LEVEL_MODERATOR) {
+ trigger_error("You must be a moderator to delete this post.");
+ return;
+ }
+
+ // TODO: The post must not be locked
+ // TODO: The post must have not been around for a certain amount of time
+
+ // Delete the thread from the database
+ Database::get()->query("DELETE FROM threads WHERE thread_id = ?", "i", $thread->id);
+
+ // Decrement the thread count of the category
+ Database::get()->query("UPDATE categories SET `cat_thread_count` = `cat_thread_count` - '1' WHERE cat_id = ?", "i", $thread->category->id);
+} \ No newline at end of file
diff --git a/includes/model/User.php b/includes/model/User.php
index 1c48afb..c780ff0 100644
--- a/includes/model/User.php
+++ b/includes/model/User.php
@@ -1,14 +1,17 @@
<?php
+include_once './includes/Database.php';
const USER_LEVEL_MODERATOR = 1;
-class User {
+class User
+{
public $id;
public $name = 'Unknown';
public $date = 0;
public $level = 0;
- function get_by_name($name, $dbc) {
+ function get_by_name($name, $dbc)
+ {
$sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?";
$stmt = mysqli_stmt_init($dbc);
@@ -35,25 +38,14 @@ class User {
mysqli_stmt_close($stmt);
}
- function get_by_id($id, $dbc) {
- $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = " . mysqli_real_escape_string($dbc, $id);
- $result = mysqli_query($dbc, $sql);
-
- if (!$result) {
- echo 'Failed to get user: ' . mysqli_error($dbc);
- }
-
- if (mysqli_num_rows($result) == 0) {
- } else {
- while ($row = mysqli_fetch_assoc($result)) {
- $this->id = $id;
- $this->name = $row['user_name'];
- $this->date = $row['user_date'];
- $this->level = $row['user_level'];
- }
- }
-
- mysqli_free_result($result);
- }
+ function get_by_id($id)
+ {
+ $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+ $this->id = $id;
+ $this->name = $result[0]['user_name'];
+ $this->date = $result[0]['user_date'];
+ $this->level = $result[0]['user_level'];
+ }
} \ No newline at end of file
diff --git a/includes/templates/header.php b/includes/templates/header.php
index 4eb17e3..35d9848 100644
--- a/includes/templates/header.php
+++ b/includes/templates/header.php
@@ -5,8 +5,12 @@
[<a href="/create_thread.php">Create a thread</a>]
<span style="float:right;">
<?php
- if (isset($_SESSION['signed_in'])) {
- echo '[<a href="viewuser.php?id='. $_SESSION['user_id'] .'">' . $_SESSION['user_name'] . '\'s Profile</a>] [<a href="includes/signout_inc.php">Log out</a>]';
+ include_once './includes/Session.php';
+ include_once './includes/model/User.php';
+
+ if (Session::get()->is_signed_in()) {
+ $user = Session::get()->get_current_user();
+ echo '[<a href="viewuser.php?id=' . $user->id . '">' . $user->name . '\'s Profile</a>] [<a href="includes/signout_inc.php">Log out</a>]';
} else {
echo '[<a href="signin.php">Sign in</a>] or [<a href="register.php">Register an account</a>]';
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-25 23:43:22 +0000