summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rwxr-xr-x[-rw-r--r--]includes/Database.php162
-rwxr-xr-x[-rw-r--r--]includes/Session.php114
-rwxr-xr-x[-rw-r--r--]includes/error.php50
-rwxr-xr-x[-rw-r--r--]includes/model/Category.php156
-rwxr-xr-x[-rw-r--r--]includes/model/Post.php369
-rwxr-xr-x[-rw-r--r--]includes/model/User.php189
-rwxr-xr-x[-rw-r--r--]includes/templates/404.php28
-rwxr-xr-x[-rw-r--r--]includes/templates/header.php41
8 files changed, 563 insertions, 546 deletions
diff --git a/includes/Database.php b/includes/Database.php
index 0a79dfb..61fbbb1 100644..100755
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -1,82 +1,82 @@
-<?php
-
-class Database
-{
- private static $instance = null;
- private $sql_connection;
-
- private function __construct()
- {
- $config = parse_ini_file('/var/www/config.ini', true)['mysql_credentials'];
-
- $db_server = $config['server'];
- $db_user = $config['user'];
- $db_pass = $config['password'];
- $db_database = $config['database'];
-
- $this->sql_connection = mysqli_connect($db_server, $db_user, $db_pass, $db_database);
-
- if (!$this->sql_connection) {
- trigger_error("Database connection error: " . mysqli_connect_error());
- }
- }
-
- public static function get()
- {
- if (self::$instance == null) {
- self::$instance = new Database();
- }
-
- return self::$instance;
- }
-
- public function query(string $sql, string $types = "", ...$vars): array
- {
- $result = array();
-
- if ($types == "") {
- // No types were provided, preparing a statement is not necessary
- $db_result = mysqli_query($this->sql_connection, $sql);
- } else {
- $stmt = mysqli_stmt_init($this->sql_connection);
-
- if (!mysqli_stmt_prepare($stmt, $sql)) {
- trigger_error('Internal error: ' . mysqli_error($this->sql_connection));
- return $result;
- }
-
- mysqli_stmt_bind_param($stmt, $types, ...$vars);
- mysqli_stmt_execute($stmt);
-
- $db_result = mysqli_stmt_get_result($stmt);
-
- mysqli_stmt_close($stmt);
- }
-
- if (!$db_result) {
- return $result;
- }
-
- if (mysqli_num_rows($db_result) > 0) {
- while ($row = mysqli_fetch_assoc($db_result)) {
- array_push($result, $row);
- }
- }
-
- mysqli_free_result($db_result);
-
- return $result;
- }
-
- /**
- * Returns the auto generated ID of the last query.
- * This function is just a wrapper for mysqli_insert_id.
- * In the future, it might be better to return different
- * values in the query function depending on the type of
- * SQL query.
- */
- public function get_last_id()
- {
- return mysqli_insert_id($this->sql_connection);
- }
+<?php
+
+class Database
+{
+ private static $instance = null;
+ private $sql_connection;
+
+ private function __construct()
+ {
+ $config = parse_ini_file('config.ini', true)['mysql_credentials'];
+
+ $db_server = $config['server'];
+ $db_user = $config['user'];
+ $db_pass = $config['password'];
+ $db_database = $config['database'];
+
+ $this->sql_connection = mysqli_connect($db_server, $db_user, $db_pass, $db_database);
+
+ if (!$this->sql_connection) {
+ trigger_error("Database connection error: " . mysqli_connect_error());
+ }
+ }
+
+ public static function get()
+ {
+ if (self::$instance == null) {
+ self::$instance = new Database();
+ }
+
+ return self::$instance;
+ }
+
+ public function query(string $sql, string $types = "", ...$vars): array
+ {
+ $result = array();
+
+ if ($types == "") {
+ // No types were provided, preparing a statement is not necessary
+ $db_result = mysqli_query($this->sql_connection, $sql);
+ } else {
+ $stmt = mysqli_stmt_init($this->sql_connection);
+
+ if (!mysqli_stmt_prepare($stmt, $sql)) {
+ trigger_error('Internal error: ' . mysqli_error($this->sql_connection));
+ return $result;
+ }
+
+ mysqli_stmt_bind_param($stmt, $types, ...$vars);
+ mysqli_stmt_execute($stmt);
+
+ $db_result = mysqli_stmt_get_result($stmt);
+
+ mysqli_stmt_close($stmt);
+ }
+
+ if (!$db_result) {
+ return $result;
+ }
+
+ if (mysqli_num_rows($db_result) > 0) {
+ while ($row = mysqli_fetch_assoc($db_result)) {
+ array_push($result, $row);
+ }
+ }
+
+ mysqli_free_result($db_result);
+
+ return $result;
+ }
+
+ /**
+ * Returns the auto generated ID of the last query.
+ * This function is just a wrapper for mysqli_insert_id.
+ * In the future, it might be better to return different
+ * values in the query function depending on the type of
+ * SQL query.
+ */
+ public function get_last_id()
+ {
+ return mysqli_insert_id($this->sql_connection);
+ }
} \ No newline at end of file
diff --git a/includes/Session.php b/includes/Session.php
index ceaa765..0e08482 100644..100755
--- a/includes/Session.php
+++ b/includes/Session.php
@@ -1,57 +1,57 @@
-<?php
-
-class Session
-{
- private static $instance = null;
-
- private function __construct()
- {
- if (session_status() == PHP_SESSION_NONE)
- session_start();
- }
-
- public static function get()
- {
- if (self::$instance == null) {
- self::$instance = new Session();
- }
-
- return self::$instance;
- }
-
- public function sign_in(User $user)
- {
- $_SESSION['signed_in'] = true;
- $_SESSION['user_id'] = $user->id;
- $_SESSION['user_name'] = $user->name;
- }
-
- public function sign_out()
- {
- session_unset();
- session_destroy();
- }
-
- public function is_signed_in(): bool
- {
- return isset($_SESSION['signed_in']);
- }
-
- public function get_current_user()
- {
- // There is no current user
- if (!$this->is_signed_in()) {
- return null;
- }
-
- $result = new User();
-
- if (isset($_SESSION['user_id'])) {
- $result->get_by_id($_SESSION['user_id']);
- } else {
- $result = null;
- }
-
- return $result;
- }
-}
+<?php
+
+class Session
+{
+ private static $instance = null;
+
+ private function __construct()
+ {
+ if (session_status() == PHP_SESSION_NONE)
+ session_start();
+ }
+
+ public static function get()
+ {
+ if (self::$instance == null) {
+ self::$instance = new Session();
+ }
+
+ return self::$instance;
+ }
+
+ public function sign_in(User $user)
+ {
+ $_SESSION['signed_in'] = true;
+ $_SESSION['user_id'] = $user->id;
+ $_SESSION['user_name'] = $user->name;
+ }
+
+ public function sign_out()
+ {
+ session_unset();
+ session_destroy();
+ }
+
+ public function is_signed_in(): bool
+ {
+ return isset($_SESSION['signed_in']);
+ }
+
+ public function get_current_user()
+ {
+ // There is no current user
+ if (!$this->is_signed_in()) {
+ return null;
+ }
+
+ $result = new User();
+
+ if (isset($_SESSION['user_id'])) {
+ $result->get_by_id($_SESSION['user_id']);
+ } else {
+ $result = null;
+ }
+
+ return $result;
+ }
+}
diff --git a/includes/error.php b/includes/error.php
index 5e33212..1450a28 100644..100755
--- a/includes/error.php
+++ b/includes/error.php
@@ -1,25 +1,25 @@
-<?php
-function user_notice($message) {
- echo '<p class="error">'. $message .'</p>';
-}
-
-function handle_error($errno, $errstr, $errfile, $errline) {
- if (!(error_reporting() & $errno)) {
- // This error code is not included in error_reporting, so let it fall
- // through to the standard PHP error handler
- return false;
- }
-
- switch ($errno) {
- // See https://www.php.net/manual/en/errorfunc.constants.php
- case E_USER_NOTICE:
- user_notice($errstr);
- break;
- default:
- return false;
- }
- return true;
-}
-
-$old_error_handler = set_error_handler('handle_error');
-?>
+<?php
+function user_notice($message) {
+ echo '<p class="error">'. $message .'</p>';
+}
+
+function handle_error($errno, $errstr, $errfile, $errline) {
+ if (!(error_reporting() & $errno)) {
+ // This error code is not included in error_reporting, so let it fall
+ // through to the standard PHP error handler
+ return false;
+ }
+
+ switch ($errno) {
+ // See https://www.php.net/manual/en/errorfunc.constants.php
+ case E_USER_NOTICE:
+ user_notice($errstr);
+ break;
+ default:
+ return false;
+ }
+ return true;
+}
+
+$old_error_handler = set_error_handler('handle_error');
+?>
diff --git a/includes/model/Category.php b/includes/model/Category.php
index e8cbe60..37ad4f8 100644..100755
--- a/includes/model/Category.php
+++ b/includes/model/Category.php
@@ -1,78 +1,78 @@
-<?php
-
-include_once 'Thread.php';
-
-class Category
-{
- public $id;
- public $name;
- public $description;
- public $thread_count = 0;
- public $post_count = 0;
-
- // If an invalid id was passed into the constructor, the database will not have
- // returned a result, but the object will not be null.
- // We need to keep track of whether or not this object has a value.
- private $has_value = false;
-
- public function __construct($id)
- {
- $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- if (empty($result)) {
- return;
- }
-
- $this->id = $id;
- $this->name = $result[0]['cat_name'];
- $this->description = $result[0]['cat_description'];
- $this->thread_count = $result[0]['cat_thread_count'];
- $this->post_count = $result[0]['cat_post_count'];
-
- $this->has_value = true;
- }
-
- // Returns true if this object was successfully fetched from the database
- public function has_value()
- {
- return $this->has_value;
- }
-
- public static function get_all_categories(): array
- {
- $sql = "SELECT cat_id FROM categories ORDER BY cat_id;";
- $result = Database::get()->query($sql);
-
- $categories = array();
-
- foreach ($result as $row) {
- $category = new Category($row['cat_id']);
- array_push($categories, $category);
- }
-
- return $categories;
- }
-
- public function get_threads(): array
- {
- $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC";
- $result = Database::get()->query($sql, "i", $this->id);
- $threads = array();
-
- foreach ($result as $row) {
- $thread = new Thread($row['thread_id']);
- if ($thread->has_value())
- array_push($threads, $thread);
- }
-
- return $threads;
- }
-
- public function get_latest_thread(): Thread
- {
- $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1";
- $result = Database::get()->query($sql, "i", $this->id);
- return new Thread($result[0]['thread_id']);
- }
-}
+<?php
+
+include_once 'Thread.php';
+
+class Category
+{
+ public $id;
+ public $name;
+ public $description;
+ public $thread_count = 0;
+ public $post_count = 0;
+
+ // If an invalid id was passed into the constructor, the database will not have
+ // returned a result, but the object will not be null.
+ // We need to keep track of whether or not this object has a value.
+ private $has_value = false;
+
+ public function __construct($id)
+ {
+ $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ if (empty($result)) {
+ return;
+ }
+
+ $this->id = $id;
+ $this->name = $result[0]['cat_name'];
+ $this->description = $result[0]['cat_description'];
+ $this->thread_count = $result[0]['cat_thread_count'];
+ $this->post_count = $result[0]['cat_post_count'];
+
+ $this->has_value = true;
+ }
+
+ // Returns true if this object was successfully fetched from the database
+ public function has_value()
+ {
+ return $this->has_value;
+ }
+
+ public static function get_all_categories(): array
+ {
+ $sql = "SELECT cat_id FROM categories ORDER BY cat_id;";
+ $result = Database::get()->query($sql);
+
+ $categories = array();
+
+ foreach ($result as $row) {
+ $category = new Category($row['cat_id']);
+ array_push($categories, $category);
+ }
+
+ return $categories;
+ }
+
+ public function get_threads(): array
+ {
+ $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC";
+ $result = Database::get()->query($sql, "i", $this->id);
+ $threads = array();
+
+ foreach ($result as $row) {
+ $thread = new Thread($row['thread_id']);
+ if ($thread->has_value())
+ array_push($threads, $thread);
+ }
+
+ return $threads;
+ }
+
+ public function get_latest_thread(): Thread
+ {
+ $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1";
+ $result = Database::get()->query($sql, "i", $this->id);
+ return new Thread($result[0]['thread_id']);
+ }
+}
diff --git a/includes/model/Post.php b/includes/model/Post.php
index 49fd640..1b64490 100644..100755
--- a/includes/model/Post.php
+++ b/includes/model/Post.php
@@ -1,184 +1,185 @@
-<?php
-include_once './includes/Session.php';
-include_once './includes/Database.php';
-include_once './includes/model/User.php';
-include_once './includes/model/Thread.php';
-
-// Utility functions for building the post HTML
-
-function create_quote(int $id): string
-{
- $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- $reply = $result[0];
-
- if (empty($reply)) {
- return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
- }
-
- return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
-}
-
-function format_post_content(string $post_content)
-{
- $post_content = preg_replace_callback('/>#\d+/', function ($matches) {
- $result = "";
- foreach ($matches as $match) {
- $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
- $result .= create_quote($id);
- }
- return $result;
- }, $post_content);
-
- $result = $post_content;
-
- // Replace newline characters with HTML <br> tags
- $result = nl2br($result);
-
- // Replace YouTube URLs with embedded YouTube videos.
- $result = preg_replace(
- "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i",
- '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result);
-
- // Replace Image URLs with embedded images.
- $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result);
-
- // Replace other URLs with links.
- return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result);
-}
-
-class Post
-{
- public $id;
- public $content;
- public $date_created;
- public $date_edited;
- public $thread;
- public $author;
-
- private $has_value = false;
-
- public function __construct($id)
- {
- $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- if (empty($result)) {
- return;
- }
-
- $this->id = $id;
- $this->content = $result[0]['post_content'];
- $this->date_created = $result[0]['post_date_created'];
- $this->date_edited = $result[0]['post_date_edited'];
- $this->thread = new Thread($result[0]['post_thread']);
-
- $this->author = new User();
- $this->author->get_by_id($result[0]['post_author']);
-
- $this->has_value = true;
- }
-
- public function has_value()
- {
- return $this->has_value;
- }
-
- /**
- * Get the post content from the database and return it as a string ready for HTML display
- */
- function get_content(): string
- {
- // Build the header
- $result = '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
- $result .= ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>';
- $result .= ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
- $result .= '</div>';
-
- // Append the formatted post content
- $result .= '<span class="post-content">' . format_post_content($this->content) . '</span>';
-
- return $result;
- }
-
- function set_content(string $post_content)
- {
- // User must be signed in
- if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to edit this post!');
- return;
- }
-
- // User must have permission to edit the post
- $current_user = Session::get()->get_current_user();
- if ($current_user->id != $this->author->id) {
- trigger_error("You don't have sufficient permissions to edit this post.");
- return;
- }
-
- // Set the post content and the post edit date
- $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
- Database::get()->query($sql, "si", $post_content, $this->id);
- }
-
- function delete()
- {
- // User must be signed in
- if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to delete a post!');
- return;
- }
-
- // User must have permission to delete the post
- if (Session::get()->get_current_user()->level != USER_LEVEL_MODERATOR) {
- trigger_error("You don't have sufficient permissions to delete this post.");
- return;
- }
-
- // Delete the post from the database
- Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $this->id);
-
- // Decrement the post count of the category
- Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $this->thread->category->id);
- }
-
- public static function create($post_content, $post_thread, $post_category)
- {
- // User must be signed in
- if (!Session::get()->is_signed_in()) {
- trigger_error('You must be signed in to create a post');
- return;
- }
-
- $user = Session::get()->get_current_user();
-
- // Insert the post into the database
- $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
- Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id);
-
- // Increment the category's post count
- $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;";
- Database::get()->query($sql, "i", $post_category);
-
- // Set the last post date of the parent thread
- $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;";
- Database::get()->query($sql, "i", $post_thread);
- }
-
- public static function get_all_posts(): array
- {
- $sql = "SELECT post_id FROM posts";
- $result = Database::get()->query($sql);
-
- $posts = array();
-
- foreach ($result as $row) {
- $post = new Post();
- $post->get_from_database($row['post_id']);
- array_push($posts, $post);
- }
-
- return $posts;
- }
-}
+<?php
+include_once './includes/Session.php';
+include_once './includes/Database.php';
+include_once './includes/model/User.php';
+include_once './includes/model/Thread.php';
+
+// Utility functions for building the post HTML
+
+function create_quote(int $id): string
+{
+ $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ $reply = $result[0];
+
+ if (empty($reply)) {
+ return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
+ }
+
+ return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
+}
+
+function format_post_content(string $post_content)
+{
+ $post_content = preg_replace_callback('/>#\d+/', function ($matches) {
+ $result = "";
+ foreach ($matches as $match) {
+ $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
+ $result .= create_quote($id);
+ }
+ return $result;
+ }, $post_content);
+
+ $result = $post_content;
+
+ // Replace newline characters with HTML <br> tags
+ $result = nl2br($result);
+
+ // Replace YouTube URLs with embedded YouTube videos.
+ $result = preg_replace(
+ "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i",
+ '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result);
+
+ // Replace Image URLs with embedded images.
+ $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result);
+
+ // Replace other URLs with links.
+ return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result);
+}
+
+class Post
+{
+ public $id;
+ public $content;
+ public $date_created;
+ public $thread;
+ public $author;
+
+ private $has_value = false;
+
+ public function __construct($id)
+ {
+ $sql = "SELECT post_content, post_date_created, post_thread, post_author FROM posts WHERE post_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ if (empty($result)) {
+ return;
+ }
+
+ $this->id = $id;
+ $this->content = $result[0]['post_content'];
+ $this->date_created = $result[0]['post_date_created'];
+ $this->thread = new Thread($result[0]['post_thread']);
+
+ $this->author = new User();
+ $this->author->get_by_id($result[0]['post_author']);
+
+ $this->has_value = true;
+ }
+
+ public function has_value()
+ {
+ return $this->has_value;
+ }
+
+ /**
+ * Get the post content from the database and return it as a string ready for HTML display
+ */
+ function get_content(): string
+ {
+ // Build the header
+ $result = '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
+ $result .= ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>';
+ $result .= ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
+ if (Session::get()->is_signed_in() && Session::get()->get_current_user()->level == USER_LEVEL_MODERATOR) {
+ $result .= '<a href="moderate.php?type=post&id=' . $this->id . '" style="float:right;">[Options]</a>';
+ }
+ $result .= '</div>';
+
+ // Append the formatted post content
+ $result .= '<span class="post-content">' . format_post_content($this->content) . '</span>';
+
+ return $result;
+ }
+
+ function set_content(string $post_content)
+ {
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to edit this post!');
+ return;
+ }
+
+ // User must have permission to edit the post
+ $current_user = Session::get()->get_current_user();
+ if ($current_user->id != $this->author->id) {
+ trigger_error("You don't have sufficient permissions to edit this post.");
+ return;
+ }
+
+ // Set the post content and the post edit date
+ $sql = "UPDATE posts SET post_content = ? WHERE post_id = ?;";
+ Database::get()->query($sql, "si", $post_content, $this->id);
+ }
+
+ function delete()
+ {
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to delete a post!');
+ return;
+ }
+
+ // User must have permission to delete the post
+ if (Session::get()->get_current_user()->level != USER_LEVEL_MODERATOR) {
+ trigger_error("You don't have sufficient permissions to delete this post.");
+ return;
+ }
+
+ // Delete the post from the database
+ Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $this->id);
+
+ // Decrement the post count of the category
+ Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $this->thread->category->id);
+ }
+
+ public static function create($post_content, $post_thread, $post_category)
+ {
+ // User must be signed in
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You must be signed in to create a post');
+ return;
+ }
+
+ $user = Session::get()->get_current_user();
+
+ // Insert the post into the database
+ $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
+ Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id);
+
+ // Increment the category's post count
+ $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;";
+ Database::get()->query($sql, "i", $post_category);
+
+ // Set the last post date of the parent thread
+ $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;";
+ Database::get()->query($sql, "i", $post_thread);
+ }
+
+ public static function get_all_posts(): array
+ {
+ $sql = "SELECT post_id FROM posts";
+ $result = Database::get()->query($sql);
+
+ $posts = array();
+
+ foreach ($result as $row) {
+ $post = new Post();
+ $post->get_from_database($row['post_id']);
+ array_push($posts, $post);
+ }
+
+ return $posts;
+ }
+}
diff --git a/includes/model/User.php b/includes/model/User.php
index 13cbc03..7d3c1e4 100644..100755
--- a/includes/model/User.php
+++ b/includes/model/User.php
@@ -1,88 +1,103 @@
-<?php
-include_once './includes/Database.php';
-
-const USER_LEVEL_MODERATOR = 1;
-
-class User
-{
- public $id;
- public $name;
- public $password;
- public $date;
- public $level = 0;
-
- private $has_value = false;
-
- // Can't use a constructor here because we have two possible ways to get the user from the database
- // and PHP does not allow function overloading.
- public function get_by_id($id)
- {
- $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;";
- $result = Database::get()->query($sql, "i", $id);
-
- if (empty($result)) {
- return;
- }
-
- $this->id = $id;
- $this->name = $result[0]['user_name'];
- $this->password = $result[0]['user_pass'];
- $this->date = $result[0]['user_date'];
- $this->level = $result[0]['user_level'];
-
- $this->has_value = true;
- }
-
- public function get_by_name($name)
- {
- $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?";
- $result = Database::get()->query($sql, "s", $name);
-
- if (empty($result)) {
- return;
- }
-
- $this->id = $result[0]['user_id'];
- $this->name = $name;
- $this->password = $result[0]['user_pass'];
- $this->date = $result[0]['user_date'];
- $this->level = $result[0]['user_level'];
-
- $this->has_value = true;
- }
-
- public function has_value()
- {
- return $this->has_value;
- }
-
- public static function register(string $username, string $pass_hash)
- {
- $sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);";
- Database::get()->query($sql, "ss", $username, $pass_hash);
- }
-
- public function change_password(string $pass_hash)
- {
- if (!Session::get()->is_signed_in()) {
- trigger_error('You are not signed in.');
- return;
- }
-
- if (Session::get()->get_current_user()->id != $this->id) {
- trigger_error("You can't change another user's password.");
- return;
- }
-
- $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;";
- Database::get()->query($sql, "si", $pass_hash, $this->id);
- }
-}
-
-function username_exists(string $username): bool
-{
- $sql = "SELECT * FROM users WHERE user_name = ?;";
- $result = Database::get()->query($sql, "s", $username);
-
- return !empty($result);
+<?php
+include_once './includes/Database.php';
+
+const USER_LEVEL_MODERATOR = 1;
+
+class User
+{
+ public $id;
+ public $name;
+ public $password;
+ public $date;
+ public $level = 0;
+
+ private $has_value = false;
+
+ // Can't use a constructor here because we have two possible ways to get the user from the database
+ // and PHP does not allow function overloading.
+ public function get_by_id($id)
+ {
+ $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ if (empty($result)) {
+ return;
+ }
+
+ $this->id = $id;
+ $this->name = $result[0]['user_name'];
+ $this->password = $result[0]['user_pass'];
+ $this->date = $result[0]['user_date'];
+ $this->level = $result[0]['user_level'];
+
+ $this->has_value = true;
+ }
+
+ public function get_by_name($name)
+ {
+ $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?";
+ $result = Database::get()->query($sql, "s", $name);
+
+ if (empty($result)) {
+ return;
+ }
+
+ $this->id = $result[0]['user_id'];
+ $this->name = $name;
+ $this->password = $result[0]['user_pass'];
+ $this->date = $result[0]['user_date'];
+ $this->level = $result[0]['user_level'];
+
+ $this->has_value = true;
+ }
+
+ public function has_value()
+ {
+ return $this->has_value;
+ }
+
+ public static function register(string $username, string $pass_hash)
+ {
+ $sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);";
+ Database::get()->query($sql, "ss", $username, $pass_hash);
+ }
+
+ public function change_password(string $pass_hash)
+ {
+ if (!Session::get()->is_signed_in()) {
+ trigger_error('You are not signed in.');
+ return;
+ }
+
+ if (Session::get()->get_current_user()->id != $this->id) {
+ trigger_error("You can't change another user's password.");
+ return;
+ }
+
+ $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;";
+ Database::get()->query($sql, "si", $pass_hash, $this->id);
+ }
+
+ public function get_threads(): array
+ {
+ $sql = "SELECT thread_id FROM threads WHERE thread_author = ? ORDER BY thread_date_lastpost DESC";
+ $result = Database::get()->query($sql, "i", $this->id);
+ $threads = array();
+
+ foreach ($result as $row) {
+ $thread = new Thread($row['thread_id']);
+ if ($thread->has_value())
+ array_push($threads, $thread);
+ }
+
+ return $threads;
+ }
+}
+
+function username_exists(string $username): bool
+{
+ $sql = "SELECT * FROM users WHERE user_name = ?;";
+ $result = Database::get()->query($sql, "s", $username);
+
+ return !empty($result);
} \ No newline at end of file
diff --git a/includes/templates/404.php b/includes/templates/404.php
index 74db2d6..8815b91 100644..100755
--- a/includes/templates/404.php
+++ b/includes/templates/404.php
@@ -1,14 +1,14 @@
-<!DOCTYPE html>
-<html>
- <head>
- <title>cflip.net forum</title>
- <link rel="stylesheet" href="styles/style.css">
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- </head>
- <body>
-<?php include_once 'header.php'; ?>
- <h1>Page Not Found</h1>
- <p>The page you requested does not exist.</p>
- </body>
-</html>
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>cflip.net forum</title>
+ <link rel="stylesheet" href="styles/style.css">
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ </head>
+ <body>
+<?php include_once 'header.php'; ?>
+ <h1>Page Not Found</h1>
+ <p>The page you requested does not exist.</p>
+ </body>
+</html>
diff --git a/includes/templates/header.php b/includes/templates/header.php
index f1c2c94..45ec7e6 100644..100755
--- a/includes/templates/header.php
+++ b/includes/templates/header.php
@@ -1,20 +1,21 @@
-<header>
-<h1>cflip.net forum<sup style="font-size: small;">beta</sup></h1>
-<p>
-[<a href="/">Home</a>]
-[<a href="/create_thread.php">Create a thread</a>]
-<span style="float:right;">
- <?php
- include_once './includes/Session.php';
- include_once './includes/model/User.php';
-
- if (Session::get()->is_signed_in()) {
- $user = Session::get()->get_current_user();
- echo '[<a href="viewuser.php?id=' . $user->id . '">' . $user->name . '\'s Profile</a>] [<a href="signout.php">Log out</a>]';
- } else {
- echo '[<a href="signin.php">Sign in</a>] or [<a href="register.php">Register an account</a>]';
- }
- ?>
-</span>
-</p>
-</header>
+<header>
+<h1>cflip.net forum</h1>
+<p>
+[<a href="/">Home</a>]
+[<a href="/create_thread.php">Create a thread</a>]
+<span style="float:right;">
+ <?php
+ include_once './includes/Session.php';
+ include_once './includes/model/User.php';
+
+ if (Session::get()->is_signed_in()) {
+ $user = Session::get()->get_current_user();
+ echo '[<a href="viewuser.php?id=' . $user->id . '">' . $user->name . '\'s Profile</a>] [<a href="signout.php">Log out</a>]';
+ } else {
+ echo '[<a href="signin.php">Sign in</a>] or [<a href="register.php">Register an account</a>]';
+ }
+ ?>
+</span>
+</p>
+</header>
+<hr> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-25 23:03:39 +0000