From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Sat, 24 Apr 2021 19:40:50 -0600
Subject: Remove all uses of db_inc.php

This method of importing the database login every time wasn't very good.
Now everything uses the new Database singleton class.
---
 change_passw.php                |  67 +++++++++++------------
 create_thread.php               |   4 +-
 includes/Database.php           |  30 +++++++----
 includes/Session.php            |   6 +--
 includes/db_inc.php             |  14 -----
 includes/functions_category.php |  17 ++++++
 includes/functions_display.php  |   2 +-
 includes/functions_post.php     |  87 ++++++++++++++++++++++++++++++
 includes/functions_thread.php   |  16 ++++++
 includes/functions_user.php     |  21 ++++++++
 includes/model/Category.php     | 111 +++++++++++---------------------------
 includes/model/Post.php         | 100 +++++++++--------------------------
 includes/model/Thread.php       | 114 ++++++++++++----------------------------
 includes/model/User.php         |  36 +++++--------
 includes/reply_inc.php          |  21 +++-----
 index.php                       |   8 +--
 manage_post.php                 |  11 ++--
 moderate.php                    |   3 +-
 register.php                    |  41 ++-------------
 search.php                      |   9 ++--
 signin.php                      |  25 +++------
 viewcategory.php                |  12 ++---
 viewthread.php                  |  14 ++---
 viewuser.php                    |   3 +-
 24 files changed, 351 insertions(+), 421 deletions(-)
 delete mode 100644 includes/db_inc.php
 create mode 100644 includes/functions_category.php
 create mode 100644 includes/functions_user.php

diff --git a/change_passw.php b/change_passw.php
index aa8de88..9f39742 100644
--- a/change_passw.php
+++ b/change_passw.php
@@ -1,26 +1,9 @@
-<?php include_once 'header.php';?>
-
-<section>
 <?php
-	// FIXME
-	if (!isset($_SESSION) or empty($_SESSION['signed_in']) or !$_SESSION['signed_in']) {
-		echo '<h2>You must be logged in to change your password.</h2>';
-	} else {
-		echo '
-			<h2>Change your password</h2>
-			<form action="change_passw.php" method="post">
-			<label for="user_pass">Password: </label><br>
-			<input type="password" name="user_pass"><br>
-			<label for="user_pass_check">Re-enter password: </label><br>
-			<input type="password" name="user_pass_check"><br>
-			<input type="submit" name="submit">
-			</form>
-			<br>';
-	}
-?>
+include_once './includes/Session.php';
+include_once './includes/model/User.php';
+include_once './includes/functions_user.php';
 
-<?php
-include_once 'includes/db_inc.php';
+session_start();
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST' and $_SESSION['signed_in']) {
 	$errors = array();
@@ -48,24 +31,36 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' and $_SESSION['signed_in']) {
 		}
 		echo '</ul>';
 	} else {
-		$sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;";
-		$stmt = mysqli_stmt_init($dbc);
-
-		if (!mysqli_stmt_prepare($stmt, $sql)) {
-			die('Could not create account due to internal error: ' . mysqli_error($dbc));
-		}
-
 		$pass_hash = password_hash($user_pass, PASSWORD_DEFAULT);
-
-		mysqli_stmt_bind_param($stmt, "ss", $pass_hash, $_SESSION['user_id']);
-		mysqli_stmt_execute($stmt);
-		mysqli_stmt_close($stmt);
-
+		change_password(Session::get()->get_current_user(), $pass_hash);
 		echo 'Password successfully changed!';
 	}
 }
 ?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <title>Change your password - cflip.net forum</title>
+    <link rel="stylesheet" href="styles/style.css">
+</head>
+<body>
+<?php
+include_once './includes/templates/header.php';
 
-</section>
-
-<?php include_once 'footer.php';?>
+if (!Session::get()->is_signed_in()) {
+	echo '<h2>You must be logged in to change your password.</h2>';
+} else {
+	echo '
+			<h2>Change your password</h2>
+			<form action="change_passw.php" method="post">
+			<label for="user_pass">Password: </label><br>
+			<input type="password" name="user_pass"><br>
+			<label for="user_pass_check">Re-enter password: </label><br>
+			<input type="password" name="user_pass_check"><br>
+			<input type="submit" name="submit">
+			</form>
+			<br>';
+}
+?>
+</body>
+</html>
diff --git a/create_thread.php b/create_thread.php
index 534b0ab..2ed323d 100644
--- a/create_thread.php
+++ b/create_thread.php
@@ -20,10 +20,10 @@ if (!Session::get()->is_signed_in()) {
     <input type="text" name="thread_subject"><br>
     <label for="thread_cat">Category: </label><br>
 	<?php
-	include_once './includes/db_inc.php';
+	include_once './includes/functions_category.php';
 	include_once './includes/model/Category.php';
 
-	$categories = get_all_categories($dbc);
+	$categories = get_all_categories();
 
 	if (count($categories) == 0) {
 		echo 'There are no categories to post to!';
diff --git a/includes/Database.php b/includes/Database.php
index cdaa0f8..4950ae3 100644
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -32,17 +32,30 @@ class Database
 
 	public function query(string $sql, string $types = "", ...$vars): array
 	{
-		$stmt = mysqli_stmt_init($this->sql_connection);
+		$result = array();
 
-		if (!mysqli_stmt_prepare($stmt, $sql)) {
-			trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection));
-		}
+		if ($types == "") {
+			// No types were provided, preparing a statement is not necessary
+			$db_result = mysqli_query($this->sql_connection, $sql);
+		} else {
+			$stmt = mysqli_stmt_init($this->sql_connection);
 
-		mysqli_stmt_bind_param($stmt, $types, ...$vars);
-		mysqli_stmt_execute($stmt);
+			if (!mysqli_stmt_prepare($stmt, $sql)) {
+				trigger_error('Internal error: ' . mysqli_error($this->sql_connection));
+				return $result;
+			}
 
-		$result = array();
-		$db_result = mysqli_stmt_get_result($stmt);
+			mysqli_stmt_bind_param($stmt, $types, ...$vars);
+			mysqli_stmt_execute($stmt);
+
+			$db_result = mysqli_stmt_get_result($stmt);
+
+			mysqli_stmt_close($stmt);
+		}
+
+		if (!$db_result) {
+			return $result;
+		}
 
 		if (mysqli_num_rows($db_result) > 0) {
 			while ($row = mysqli_fetch_assoc($db_result)) {
@@ -51,7 +64,6 @@ class Database
 		}
 
 		mysqli_free_result($db_result);
-		mysqli_stmt_close($stmt);
 
 		return $result;
 	}
diff --git a/includes/Session.php b/includes/Session.php
index 7e17527..a9c1dc7 100644
--- a/includes/Session.php
+++ b/includes/Session.php
@@ -18,9 +18,11 @@ class Session
 		return self::$instance;
 	}
 
-	public function sign_in()
+	public function sign_in(User $user)
 	{
 		$_SESSION['signed_in'] = true;
+		$_SESSION['user_id'] = $user->id;
+		$_SESSION['user_name'] = $user->name;
 	}
 
 	public function is_signed_in(): bool
@@ -30,8 +32,6 @@ class Session
 
 	public function get_current_user()
 	{
-		include_once 'db_inc.php';
-
 		// There is no current user
 		if (!$this->is_signed_in()) {
 			return null;
diff --git a/includes/db_inc.php b/includes/db_inc.php
deleted file mode 100644
index b7c361d..0000000
--- a/includes/db_inc.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-$cfg_ini = parse_ini_file('config.ini', true);
-$dbcfg = $cfg_ini['mysql_credentials'];
-
-$db_server = $dbcfg['server'];
-$db_user = $dbcfg['user'];
-$db_pass = $dbcfg['password'];
-$db_database = $dbcfg['database'];
-
-$dbc = mysqli_connect($db_server, $db_user, $db_pass, $db_database);
-
-if (!$dbc) {
-	die("Database connection error: " . mysqli_connect_error());
-}
diff --git a/includes/functions_category.php b/includes/functions_category.php
new file mode 100644
index 0000000..808708c
--- /dev/null
+++ b/includes/functions_category.php
@@ -0,0 +1,17 @@
+<?php
+
+function get_all_categories(): array
+{
+	$sql = "SELECT cat_id FROM categories ORDER BY cat_id;";
+	$result = Database::get()->query($sql);
+
+	$categories = array();
+
+	foreach ($result as $row) {
+		$category = new Category();
+		$category->get_from_database($row['cat_id']);
+		array_push($categories, $category);
+	}
+
+	return $categories;
+}
\ No newline at end of file
diff --git a/includes/functions_display.php b/includes/functions_display.php
index bf9ed64..47ba188 100644
--- a/includes/functions_display.php
+++ b/includes/functions_display.php
@@ -93,7 +93,7 @@ function display_posts($dbc, $thread_id, $sql_result) {
 		$post_content = $row['post_content'];
 
 		$post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
-			return add_quote($dbc, $thread_id, $matches);
+			return create_quote($dbc, $thread_id, $matches);
 		}, $post_content);
 
 		// Replace YouTube URLs with embedded YouTube videos.
diff --git a/includes/functions_post.php b/includes/functions_post.php
index 0176c76..97fc622 100644
--- a/includes/functions_post.php
+++ b/includes/functions_post.php
@@ -3,6 +3,22 @@ include_once './includes/Session.php';
 include_once './includes/Database.php';
 include_once './includes/model/User.php';
 
+function get_all_posts(): array
+{
+	$sql = "SELECT post_id FROM posts";
+	$result = Database::get()->query($sql);
+
+	$posts = array();
+
+	foreach ($result as $row) {
+		$post = new Post();
+		$post->get_from_database($row['post_id']);
+		array_push($posts, $post);
+	}
+
+	return $posts;
+}
+
 function create_post($post_content, $post_thread, $post_category)
 {
 	// User must be signed in
@@ -26,6 +42,77 @@ function create_post($post_content, $post_thread, $post_category)
 	Database::get()->query($sql, "i", $post_thread);
 }
 
+function create_quote(int $id): string
+{
+	$sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;";
+	$result = Database::get()->query($sql, "i", $id);
+
+	$reply = $result[0];
+
+	if (empty($reply)) {
+		return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
+	}
+
+	return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id . '">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
+}
+
+function format_post_content(string $post_content)
+{
+	$post_content = preg_replace_callback('/>#\d+/', function ($matches) {
+		$result = "";
+		foreach ($matches as $match) {
+			$id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
+			$result .= create_quote($id);
+		}
+		return $result;
+	}, $post_content);
+
+	$result = $post_content;
+
+	// Replace newline characters with HTML <br> tags
+	$result = nl2br($result);
+
+	// Replace YouTube URLs with embedded YouTube videos.
+	$result = preg_replace(
+		"/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i",
+		'<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $result);
+
+	// Replace Image URLs with embedded images.
+	$result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $result);
+
+	// Replace other URLs with links.
+	return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $result);
+}
+
+/**
+ * Get the post content from the database and return it as a string ready for HTML display
+ */
+function get_post_content(Post $post): string
+{
+	// Build the header
+	$result = '<div class="header" id="p' . $post->id . '"><b>#' . $post->id . '</b>';
+	$result .= ' Posted by <a href="viewuser.php?id=' . $post->author->id . '">' . $post->author->name . '</a>';
+	$result .= ' on ' . date('m/d/Y g:ia', strtotime($post->date_created));
+
+	// If the post has a edit date, display it
+	if (!is_null($post->date_edited)) {
+		$result .= ' <small>edited ' . date('m/d/Y g:ia', strtotime($post->date_edited)) . '</small>';
+	}
+
+	// Append a manage post button if the user is signed in and is the post's creator
+	if (Session::get()->is_signed_in() && Session::get()->get_current_user()->id == $post->author->id) {
+		$result .= '<span style="float:right;">';
+		$result .= '[<a href="manage_post.php?id=' . $post->id . '">Edit/Delete</a>]';
+		$result .= '</span>';
+	}
+	$result .= '</div>';
+
+	// Append the formatted post content
+	$result .= '<span class="post-content">' . format_post_content($post->content) . '</span>';
+
+	return $result;
+}
+
 function edit_post(Post $post, string $post_content)
 {
 	// User must be signed in
diff --git a/includes/functions_thread.php b/includes/functions_thread.php
index 62efca9..61b8e59 100644
--- a/includes/functions_thread.php
+++ b/includes/functions_thread.php
@@ -2,6 +2,22 @@
 include_once './includes/Database.php';
 include_once './includes/Session.php';
 
+function get_all_threads(): array
+{
+	$sql = "SELECT thread_id FROM threads";
+	$result = Database::get()->query($sql);
+
+	$threads = array();
+
+	foreach ($result as $row) {
+		$thread = new Thread();
+		$thread->get_from_database($row['thread_id']);
+		array_push($threads, $thread);
+	}
+
+	return $threads;
+}
+
 function create_thread($subject, $category)
 {
 	if (!Session::get()->is_signed_in()) {
diff --git a/includes/functions_user.php b/includes/functions_user.php
new file mode 100644
index 0000000..b2069a2
--- /dev/null
+++ b/includes/functions_user.php
@@ -0,0 +1,21 @@
+<?php
+
+function username_exists(string $username): bool
+{
+	$sql = "SELECT * FROM users WHERE user_name = ?;";
+	$result = Database::get()->query($sql, "s", $username);
+
+	return !empty($result);
+}
+
+function register_user(string $username, string $pass_hash)
+{
+	$sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());";
+	Database::get()->query($sql, "ss", $username, $pass_hash);
+}
+
+function change_password(User $user, string $pass_hash)
+{
+	$sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;";
+	Database::get()->query($sql, "si", $pass_hash, $user->id);
+}
\ No newline at end of file
diff --git a/includes/model/Category.php b/includes/model/Category.php
index b7c46d9..ed53bdc 100644
--- a/includes/model/Category.php
+++ b/includes/model/Category.php
@@ -2,102 +2,55 @@
 
 include_once 'Thread.php';
 
-class Category {
+class Category
+{
 	public $id = 0;
 	public $name = 'Unknown';
 	public $description = 'This category does not exist';
 	public $thread_count = 0;
 	public $post_count = 0;
 
-	function get_from_database($id, $dbc) {
-		$sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $id);
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Failed to get category: ' . mysqli_error($dbc);
-		}
-	
-		if (mysqli_num_rows($result) == 0) {
-			return 0;
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $id;
-				$this->name = $row['cat_name'];
-				$this->description = $row['cat_description'];
-				$this->thread_count = $row['cat_thread_count'];
-				$this->post_count = $row['cat_post_count'];
-			}
+	function get_from_database($id): bool
+	{
+		$sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;";
+		$result = Database::get()->query($sql, "i", $id);
+
+		if (empty($result)) {
+			return false;
 		}
-	
-		mysqli_free_result($result);
-		return 1;
+
+		$this->id = $id;
+		$this->name = $result[0]['cat_name'];
+		$this->description = $result[0]['cat_description'];
+		$this->thread_count = $result[0]['cat_thread_count'];
+		$this->post_count = $result[0]['cat_post_count'];
+
+		return true;
 	}
 
-	function get_threads($dbc) {
-		$sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC";
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Could not get threads from category: ' . mysqli_error($dbc);
-		}
-	
+	function get_threads(): array
+	{
+		$sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC";
+		$result = Database::get()->query($sql, "i", $this->id);
 		$threads = array();
 
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$thread = new Thread();
-				$thread->get_from_database($row['thread_id'], $dbc);
-				array_push($threads, $thread);
-			}
+		foreach ($result as $row) {
+			$thread = new Thread();
+			$thread->get_from_database($row['thread_id']);
+			array_push($threads, $thread);
 		}
 
-		mysqli_free_result($result);
 		return $threads;
 	}
 
-	function get_latest_thread($dbc) {
-		$sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1";
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Could not get thread from category: ' . mysqli_error($dbc);
-		}
-	
-		$thread = null;
-		
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$thread = new Thread();
-				$thread->get_from_database($row['thread_id'], $dbc);
-			}
-		}
+	function get_latest_thread(): Thread
+	{
+		$sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1";
+		$result = Database::get()->query($sql, "i", $this->id);
+
+		$thread = new Thread();
+		$thread->get_from_database($result[0]['thread_id']);
 
-		mysqli_free_result($result);
 		return $thread;
 	}
 }
-
-function get_all_categories($dbc) {
-	$sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;";
-	$result = mysqli_query($dbc, $sql);
-	
-	if (!$result) {
-		echo 'Failed to get categories: ' . mysqli_error($dbc);
-	}
-
-	$categories = array();
-
-	if (mysqli_num_rows($result) == 0) {
-	} else {
-		while ($row = mysqli_fetch_assoc($result)) {
-			$category = new Category();
-			$category->get_from_database($row['cat_id'], $dbc);
-			array_push($categories, $category);
-		}
-	}
-
-	mysqli_free_result($result);
-	return $categories;
-}
\ No newline at end of file
diff --git a/includes/model/Post.php b/includes/model/Post.php
index 34d6a79..86373b6 100644
--- a/includes/model/Post.php
+++ b/includes/model/Post.php
@@ -2,27 +2,8 @@
 
 include_once 'Thread.php';
 
-function add_quote($dbc, $thread_id, $matches) {
-	foreach ($matches as $match) {
-		$id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
-		$sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id;
-		$result = mysqli_query($dbc, $sql);
-
-		if (!$result) {
-			return '<blockquote></blockquote>';
-		}
-
-		$reply = mysqli_fetch_assoc($result);
-
-		if (empty($reply)) {
-			return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
-		}
-
-		return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id .'">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
-	}
-}
-
-class Post {
+class Post
+{
 	public $id;
 	public $content;
 	public $date_created;
@@ -30,39 +11,33 @@ class Post {
 	public $thread;
 	public $author;
 
-	function get_from_database($id, $dbc) {
-		// TODO: Potential SQL injection risk?
-		$sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id);
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Failed to get post: ' . mysqli_error($dbc);
+	function get_from_database($id): bool
+	{
+		$sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;";
+		$result = Database::get()->query($sql, "i", $id);
+
+		if (empty($result)) {
+			return false;
 		}
-	
-		if (mysqli_num_rows($result) == 0) {
-			return 0;
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $id;
-				$this->content = $row['post_content'];
-				$this->date_created = $row['post_date_created'];
-				$this->date_edited = $row['post_date_edited'];
 
-				$this->thread = new Thread();
-				$this->thread->get_from_database($row['post_thread'], $dbc);
+		$this->id = $id;
+		$this->content = $result[0]['post_content'];
+		$this->date_created = $result[0]['post_date_created'];
+		$this->date_edited = $result[0]['post_date_edited'];
 
-				$this->author = new User();
-				$this->author->get_by_id($row['post_author'], $dbc);
-			}
-		}
+		$this->thread = new Thread();
+		$this->thread->get_from_database($result[0]['post_thread']);
+
+		$this->author = new User();
+		$this->author->get_by_id($result[0]['post_author']);
 
-		mysqli_free_result($result);
-		return 1;
+		return true;
 	}
 
-	function display_content($dbc) {
+	function display_content($dbc)
+	{
 		echo '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
-		echo ' Posted by <a href="viewuser.php?id='. $this->author->id . '">' . $this->author->name . '</a>';
+		echo ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>';
 		echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
 		if (!is_null($this->date_edited)) {
 			echo ' <small>edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . '</small>';
@@ -70,22 +45,22 @@ class Post {
 		if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) {
 			echo '<span style="float:right;">';
 			echo '[<a href="manage_post.php?id=' . $this->id . '">Edit/Delete</a>] ';
-			echo'</span>';
+			echo '</span>';
 		}
 		echo '</div>';
 
 		$post_content = $this->content;
 		$thread_id = $this->id;
 
-		$post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
-			return add_quote($dbc, $thread_id, $matches);
+		$post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) {
+			return create_quote($dbc, $thread_id, $matches);
 		}, $post_content);
 
 		// Replace newline characters with HTML <br> tags
 		$post_content = nl2br($post_content);
 
 		// Replace YouTube URLs with embedded YouTube videos.
-		$post_content =  preg_replace(
+		$post_content = preg_replace(
 			"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
 			'<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $post_content);
 		// Replace Image URLs with embedded images.
@@ -96,26 +71,3 @@ class Post {
 		echo '<span class="post-content">' . $post_content . '</span>';
 	}
 }
-
-function get_all_posts($dbc) {
-	$sql = "SELECT post_id FROM posts";
-	$result = mysqli_query($dbc, $sql);
-	
-	if (!$result) {
-		echo 'Failed to get posts: ' . mysqli_error($dbc);
-	}
-
-	$posts = array();
-
-	if (mysqli_num_rows($result) == 0) {
-	} else {
-		while ($row = mysqli_fetch_assoc($result)) {
-			$post = new Post();
-			$post->get_from_database($row['post_id'], $dbc);
-			array_push($posts, $post);
-		}
-	}
-
-	mysqli_free_result($result);
-	return $posts;
-}
diff --git a/includes/model/Thread.php b/includes/model/Thread.php
index a9dc690..cfe10d6 100644
--- a/includes/model/Thread.php
+++ b/includes/model/Thread.php
@@ -4,7 +4,8 @@ include_once 'Category.php';
 include_once 'User.php';
 include_once 'Post.php';
 
-class Thread {
+class Thread
+{
 	public $id = 0;
 	public $subject = 'Unknown thread';
 	public $date_created = 0;
@@ -12,100 +13,53 @@ class Thread {
 	public $category;
 	public $author;
 
-	function get_from_database($id, $dbc) {
-		$sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = " . mysqli_real_escape_string($dbc, $id);
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			die('Error trying to display thread page: ' . mysqli_error($dbc));
+	function get_from_database($id): bool
+	{
+		$sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = ?;";
+		$result = Database::get()->query($sql, "i", $id);
+
+		if (empty($result)) {
+			return false;
 		}
-	
-		if (mysqli_num_rows($result) == 0) {
-			return 0;
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $id;
-				$this->subject = $row['thread_subject'];
-				$this->date_created = $row['thread_date_created'];
-				$this->date_lastpost = $row['thread_date_lastpost'];
 
-				$this->category = new Category();
-				$this->category->get_from_database($row['thread_category'], $dbc);
+		$this->id = $id;
+		$this->subject = $result[0]['thread_subject'];
+		$this->date_created = $result[0]['thread_date_created'];
+		$this->date_lastpost = $result[0]['thread_date_lastpost'];
 
-				$this->author = new User();
-				$this->author->get_by_id($row['thread_author'], $dbc);
-			}
-		}
+		$this->category = new Category();
+		$this->category->get_from_database($result[0]['thread_category']);
 
-		mysqli_free_result($result);
-		return 1;
+		$this->author = new User();
+		$this->author->get_by_id($result[0]['thread_author']);
+
+		return true;
 	}
 
-	function get_posts($dbc) {
-		$sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id;
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Could not get posts from thread: ' . mysqli_error($dbc);
-		}
-	
+	function get_posts(): array
+	{
+		$sql = "SELECT post_id FROM posts WHERE post_thread = ?";
+		$result = Database::get()->query($sql, "i", $this->id);
+
 		$posts = array();
 
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$post = new Post();
-				$post->get_from_database($row['post_id'], $dbc);
-				array_push($posts, $post);
-			}
+		foreach ($result as $row) {
+			$post = new Post();
+			$post->get_from_database($row['post_id']);
+			array_push($posts, $post);
 		}
 
-		mysqli_free_result($result);
 		return $posts;
 	}
 
-	function get_latest_post($dbc) {
-		$sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1";
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Could not get post from category: ' . mysqli_error($dbc);
-		}
-	
-		$post = null;
+	function get_latest_post(): Post
+	{
+		$sql = "SELECT post_id FROM posts WHERE post_thread = ? ORDER BY post_date_created DESC LIMIT 1";
+		$result = Database::get()->query($sql, "i", $this->id);
 
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$post = new Post();
-				$post->get_from_database($row['post_id'], $dbc);
-			}
-		}
+		$post = new Post();
+		$post->get_from_database($result[0]['post_id']);
 
-		mysqli_free_result($result);
 		return $post;
 	}
 }
-
-function get_all_threads($dbc) {
-	$sql = "SELECT thread_id FROM threads";
-	$result = mysqli_query($dbc, $sql);
-	
-	if (!$result) {
-		echo 'Failed to get threads: ' . mysqli_error($dbc);
-	}
-
-	$threads = array();
-
-	if (mysqli_num_rows($result) == 0) {
-	} else {
-		while ($row = mysqli_fetch_assoc($result)) {
-			$thread = new Thread();
-			$thread->get_from_database($row['thread_id'], $dbc);
-			array_push($threads, $thread);
-		}
-	}
-
-	mysqli_free_result($result);
-	return $threads;
-}
diff --git a/includes/model/User.php b/includes/model/User.php
index c780ff0..f2bd23d 100644
--- a/includes/model/User.php
+++ b/includes/model/User.php
@@ -7,44 +7,36 @@ class User
 {
 	public $id;
 	public $name = 'Unknown';
+	public $password;
 	public $date = 0;
 	public $level = 0;
 
-	function get_by_name($name, $dbc)
+	function get_by_name($name): bool
 	{
-		$sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?";
-		$stmt = mysqli_stmt_init($dbc);
+		$sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?";
+		$result = Database::get()->query($sql, "s", $name);
 
-		if (!mysqli_stmt_prepare($stmt, $sql)) {
-			echo 'Failed to get user: ' . mysqli_error($dbc);
+		if (empty($result)) {
+			return false;
 		}
 
-		mysqli_stmt_bind_param($stmt, "s", $name);
-		mysqli_stmt_execute($stmt);
-
-		$result = mysqli_stmt_get_result($stmt);
-
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $row['user_id'];
-				$this->name = $name;
-				$this->date = $row['user_date'];
-				$this->level = $row['user_level'];
-			}
-		}
+		$this->id = $result[0]['user_id'];
+		$this->name = $name;
+		$this->password = $result[0]['user_pass'];
+		$this->date = $result[0]['user_date'];
+		$this->level = $result[0]['user_level'];
 
-		mysqli_free_result($result);
-		mysqli_stmt_close($stmt);
+		return true;
 	}
 
 	function get_by_id($id)
 	{
-		$sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;";
+		$sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;";
 		$result = Database::get()->query($sql, "i", $id);
 
 		$this->id = $id;
 		$this->name = $result[0]['user_name'];
+		$this->password = $result[0]['user_pass'];
 		$this->date = $result[0]['user_date'];
 		$this->level = $result[0]['user_level'];
 	}
diff --git a/includes/reply_inc.php b/includes/reply_inc.php
index cf7a839..588b59f 100644
--- a/includes/reply_inc.php
+++ b/includes/reply_inc.php
@@ -1,10 +1,8 @@
 <?php
+include_once 'functions_post.php';
 
 session_start();
 
-include_once 'db_inc.php';
-include_once 'functions_inc.php';
-
 if ($_SERVER['REQUEST_METHOD'] != 'POST') {
 	die('This file cannot be called directly.');
 } 
@@ -13,19 +11,12 @@ if (!isset($_SESSION['signed_in'])) {
 	die('You must be signed in to reply to a thread.');
 } 
 
-$reply_content = filter_var($_POST['reply_content'], FILTER_SANITIZE_STRING);
-$reply_to = $_GET['reply_to'];
-$post_author = $_SESSION['user_id'];
-
-$sql = "INSERT INTO posts(post_content, post_date, post_thread, post_author) VALUES(?, NOW(), ?, ?)";
-$stmt = mysqli_stmt_init($dbc);
+$reply_content = filter_input(INPUT_POST, 'reply_content', FILTER_SANITIZE_STRING);
+$thread_id = filter_input(INPUT_POST, 'reply_to', FILTER_SANITIZE_NUMBER_INT);
 
-if (!mysqli_stmt_prepare($stmt, $sql)) {
-	die('Failed to process statement: ' . mysqli_error($dbc));
-}
+$thread = new Thread();
+$thread->get_from_database($thread_id);
 
-mysqli_stmt_bind_param($stmt, "sii", $reply_content, $reply_to, $post_author);
-mysqli_stmt_execute($stmt);
-mysqli_stmt_close($stmt);
+create_post($reply_content, $thread_id, $thread->category);
 
 header("Location: ../thread.php?id=" . $_GET['reply_to']);
\ No newline at end of file
diff --git a/index.php b/index.php
index 7b92524..9d62f52 100644
--- a/index.php
+++ b/index.php
@@ -27,13 +27,13 @@
         <th>Latest Thread</th>
     </tr>
 	<?php
-	include('includes/db_inc.php');
-	include('includes/model/Category.php');
+    include_once './includes/functions_category.php';
+    include_once './includes/model/Category.php';
 
-	$categories = get_all_categories($dbc);
+	$categories = get_all_categories();
 
 	foreach ($categories as $category) {
-		$latest_thread = $category->get_latest_thread($dbc);
+		$latest_thread = $category->get_latest_thread();
 
 		echo '<tr>';
 		echo '<td>';
diff --git a/manage_post.php b/manage_post.php
index 9e04dd4..99f0ad4 100644
--- a/manage_post.php
+++ b/manage_post.php
@@ -1,7 +1,6 @@
 <?php
-include('includes/db_inc.php');
-include('includes/functions_post.php');
-include('includes/model/Post.php');
+include_once './includes/functions_post.php';
+include_once './includes/model/Post.php';
 
 session_start();
 
@@ -13,7 +12,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
 		include_once './includes/templates/404.php';
 		die();
 	} else {
-		$result = $current->get_from_database($_GET['id'], $dbc);
+		$result = $current->get_from_database($_GET['id']);
 		if ($result == 0) {
 			http_response_code(404);
 			include_once './includes/templates/404.php';
@@ -26,7 +25,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
 	$post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING);
 
 	$post = new Post();
-	$post->get_from_database($id, $dbc);
+	$post->get_from_database($id);
 
 	if (strcasecmp($delete, "on") == 0) {
 		delete_post($post);
@@ -47,7 +46,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
 <?php include('includes/templates/header.php'); ?>
 <h1>Manage a post</h1>
 <?php
-$current->display_content($dbc);
+echo get_post_content($current);
 echo '<hr>';
 
 $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
diff --git a/moderate.php b/moderate.php
index 3b8d05d..68bf1b9 100644
--- a/moderate.php
+++ b/moderate.php
@@ -1,5 +1,4 @@
 <?php
-include_once './includes/db_inc.php';
 include_once './includes/functions_thread.php';
 include_once './includes/Session.php';
 include_once './includes/model/User.php';
@@ -15,7 +14,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 	if ($user->level == USER_LEVEL_MODERATOR) {
 		if (strcasecmp($delete, "on") == 0) {
 			$thread = new Thread();
-			$thread->get_from_database($thread_id, $dbc);
+			$thread->get_from_database($thread_id);
 			delete_thread($thread);
 
 			header("Location: /");
diff --git a/register.php b/register.php
index 050878e..02fbe58 100644
--- a/register.php
+++ b/register.php
@@ -20,31 +20,7 @@
 <br>
 
 <?php
-include_once 'includes/db_inc.php';
-
-function username_exists($dbc, $user_name)
-{
-	$sql = "SELECT * FROM users WHERE user_name = ?;";
-	$stmt = mysqli_stmt_init($dbc);
-
-	if (!mysqli_stmt_prepare($stmt, $sql)) {
-		die("Error: " . mysqli_error($dbc));
-	}
-
-	mysqli_stmt_bind_param($stmt, "s", $user_name);
-	mysqli_stmt_execute($stmt);
-
-	$result = mysqli_stmt_get_result($stmt);
-
-	if ($row = mysqli_fetch_assoc($result)) {
-		return $row;
-	} else {
-		$result = false;
-		return $result;
-	}
-
-	mysqli_stmt_close($stmt);
-}
+include_once './includes/functions_user.php';
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 	$errors = array();
@@ -64,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 			$errors[] = "Your username must be 30 characters or less.";
 		}
 
-		if (username_exists($dbc, $user_name) !== false) {
+		if (username_exists($user_name) !== false) {
 			$errors[] = "The username '" . $user_name . "' has already been taken by another user.";
 		}
 	}
@@ -91,19 +67,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 		}
 		echo '</ul>';
 	} else {
-		$sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());";
-		$stmt = mysqli_stmt_init($dbc);
-
-		if (!mysqli_stmt_prepare($stmt, $sql)) {
-			die('Could not create account due to internal error: ' . mysqli_error($dbc));
-		}
-
 		$pass_hash = password_hash($user_pass, PASSWORD_DEFAULT);
-
-		mysqli_stmt_bind_param($stmt, "ss", $user_name, $pass_hash);
-		mysqli_stmt_execute($stmt);
-		mysqli_stmt_close($stmt);
-
+        register_user($user_name, $pass_hash);
 		echo 'Account successfully registered! You can now <a href="signin.php">sign in</a>';
 	}
 }
diff --git a/search.php b/search.php
index 0732129..e5ef9db 100644
--- a/search.php
+++ b/search.php
@@ -27,7 +27,8 @@
 </form>
 <hr>
 <?php
-include_once './includes/db_inc.php';
+include_once './includes/functions_thread.php';
+include_once './includes/functions_post.php';
 include_once './includes/model/Thread.php';
 include_once './includes/model/Post.php';
 
@@ -36,7 +37,7 @@ if (!isset($_GET['type'])) {
 } else {
 	switch ($_GET['type']) {
 		case 'thread':
-			$threads = get_all_threads($dbc);
+			$threads = get_all_threads();
 			foreach ($threads as $thread) {
 				echo '<p>';
 				echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>';
@@ -45,11 +46,11 @@ if (!isset($_GET['type'])) {
 			}
 			break;
 		case 'post':
-			$posts = get_all_posts($dbc);
+			$posts = get_all_posts();
 
 			foreach ($posts as $post) {
 				echo '<h3>From <a href="viewthread.php?id=' . $post->thread->id . '">' . $post->thread->subject . '</a></h3>';
-				$post->display_content($dbc);
+				echo get_post_content($post);
 				echo '<hr>';
 			}
 			break;
diff --git a/signin.php b/signin.php
index 9017d37..2c43309 100644
--- a/signin.php
+++ b/signin.php
@@ -18,8 +18,6 @@
 
 <?php
 
-include_once 'includes/db_inc.php';
-
 function validate($data)
 {
 	$data = trim($data);
@@ -50,26 +48,17 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 		}
 		echo '</ul>';
 	} else {
-		$sql = "SELECT user_id, user_name, user_pass FROM users WHERE user_name = '" . $user_name . "';";
-		$result = mysqli_query($dbc, $sql);
+		$user = new User();
+		$result = $user->get_by_name($user_name);
 
 		if (!$result) {
-			echo 'An error occurred while signing in: ' . mysqli_error($dbc);
+			echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>';
 		} else {
-			if (mysqli_num_rows($result) == 0) {
-				echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>';
+			if (!password_verify($user_pass, $user->password)) {
+				echo 'Password does not match!';
 			} else {
-				while ($row = mysqli_fetch_assoc($result)) {
-					if (!password_verify($user_pass, $row['user_pass'])) {
-						echo 'Password does not match!';
-					} else {
-						$_SESSION['signed_in'] = true;
-						$_SESSION['user_id'] = $row['user_id'];
-						$_SESSION['user_name'] = $row['user_name'];
-
-						header("Location: index.php");
-					}
-				}
+			    Session::get()->sign_in($user);
+				header("Location: index.php");
 			}
 		}
 	}
diff --git a/viewcategory.php b/viewcategory.php
index 70733da..852148b 100644
--- a/viewcategory.php
+++ b/viewcategory.php
@@ -1,6 +1,6 @@
 <?php
-include('includes/db_inc.php');
-include('includes/model/Category.php');
+
+include_once 'includes/model/Category.php';
 
 session_start();
 
@@ -11,8 +11,8 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
 	include('includes/templates/404.php');
 	die();
 } else {
-	$result = $current->get_from_database($_GET['id'], $dbc);
-	if ($result == 0) {
+	$result = $current->get_from_database($_GET['id']);
+	if (!$result) {
 		http_response_code(404);
 		include('includes/templates/404.php');
 		die();
@@ -37,10 +37,10 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
         <th>Latest Post</th>
     </tr>
 	<?php
-	$threads = $current->get_threads($dbc);
+	$threads = $current->get_threads();
 
 	foreach ($threads as $thread) {
-		$latest_post = $thread->get_latest_post($dbc);
+		$latest_post = $thread->get_latest_post();
 
 		echo '<tr>';
 		echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>';
diff --git a/viewthread.php b/viewthread.php
index cc2d221..73a02ef 100644
--- a/viewthread.php
+++ b/viewthread.php
@@ -1,6 +1,5 @@
 <?php
-include('includes/db_inc.php');
-include('includes/model/Thread.php');
+include_once 'includes/model/Thread.php';
 
 session_start();
 
@@ -11,8 +10,9 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
 	include('includes/templates/404.php');
 	die();
 } else {
-	$result = $current->get_from_database($_GET['id'], $dbc);
-	if ($result == 0) {
+	$result = $current->get_from_database($_GET['id']);
+
+	if (!$result) {
 		http_response_code(404);
 		include('includes/templates/404.php');
 		die();
@@ -58,10 +58,12 @@ if (Session::get()->is_signed_in()) {
 ?>
 <hr>
 <?php
-$posts = $current->get_posts($dbc);
+include './includes/functions_post.php';
+
+$posts = $current->get_posts();
 
 foreach ($posts as $post) {
-	$post->display_content($dbc);
+	echo get_post_content($post);
 }
 ?>
 <hr>
diff --git a/viewuser.php b/viewuser.php
index 155b814..45f557a 100644
--- a/viewuser.php
+++ b/viewuser.php
@@ -1,6 +1,5 @@
 <?php
-include_once 'includes/db_inc.php';
-include_once 'includes/model/User.php';
+include_once './includes/model/User.php';
 
 session_start();
 
-- 
cgit v1.2.3