diff options
Diffstat (limited to 'model/Post.php')
| -rw-r--r-- | model/Post.php | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/model/Post.php b/model/Post.php new file mode 100644 index 0000000..bcaff29 --- /dev/null +++ b/model/Post.php @@ -0,0 +1,82 @@ +<?php + +include_once 'Thread.php'; + +class Post { + public $id; + public $content; + public $date; + public $thread; + public $author; + + function get_from_database($id, $dbc) { + // TODO: Potential SQL injection risk? + $sql = "SELECT post_content, post_date, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get post: ' . mysqli_error($dbc); + } + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $this->id = $id; + $this->content = $row['post_content']; + $this->date = $row['post_date']; + + $this->thread = new Thread(); + $this->thread->get_from_database($row['post_thread'], $dbc); + + $this->author = new User(); + $this->author->get_by_id($row['post_author'], $dbc); + } + } + + mysqli_free_result($result); + } + + function display_content() { + echo '<div>#' . $this->id . ' Posted by <a href="/forum/user/'. $this->author->name .'">' . $this->author->name . '</a> on ' . date('m/d/Y g:ia', strtotime($this->date)) . '<br></div>'; + + $post_content = $this->content; + + // $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { + // return add_quote($dbc, $thread_id, $matches); + // }, $post_content); + + // Replace YouTube URLs with embedded YouTube videos. + $post_content = preg_replace( + "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", + '<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $post_content); + // Replace Image URLs with embedded images. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $post_content); + // Replace other URLs with links. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $post_content); + + echo $post_content; + } +} + +function get_all_posts($dbc) { + $sql = "SELECT post_id FROM posts"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get posts: ' . mysqli_error($dbc); + } + + $posts = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + array_push($posts, $post); + } + } + + mysqli_free_result($result); + return $posts; +}
\ No newline at end of file |