From 7c3f2e348c015ea93563d866f89ec8cea9159ea0 Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Sat, 24 Apr 2021 09:40:20 -0600
Subject: Refactoring part 2

Starting to move some functionality such as the session and database connection into singleton classes to manage them. Functions for modifying posts and threads are being put in one place as well.
---
 create_thread.php             |  68 ++++++++++++-------------
 includes/Database.php         |  39 +++++++++++++--
 includes/Session.php          |   8 ++-
 includes/functions_insert.php |  35 -------------
 includes/functions_post.php   |  69 +++++++++++++++----------
 includes/functions_thread.php |  51 +++++++++++++++++++
 includes/model/User.php       |  36 ++++++-------
 includes/templates/header.php |   8 ++-
 manage_post.php               |  86 +++++++++++++------------------
 moderate.php                  |  25 ++++-----
 register.php                  |  26 +++++-----
 search.php                    | 114 +++++++++++++++++++++---------------------
 signin.php                    |  31 ++++++------
 viewthread.php                |  11 ++--
 viewuser.php                  |  16 +++---
 15 files changed, 333 insertions(+), 290 deletions(-)
 delete mode 100644 includes/functions_insert.php
 create mode 100644 includes/functions_thread.php

diff --git a/create_thread.php b/create_thread.php
index 4598ce2..534b0ab 100644
--- a/create_thread.php
+++ b/create_thread.php
@@ -1,63 +1,61 @@
-<?php session_start()?>
+<?php session_start() ?>
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
-	<title>Create a thread - cflip.net forum</title>
-	<link rel="stylesheet" href="styles/style.css">
+    <title>Create a thread - cflip.net forum</title>
+    <link rel="stylesheet" href="styles/style.css">
 </head>
 <body>
-<?php include_once 'templates/header.php' ?>
+<?php include_once 'includes/templates/header.php' ?>
 <h2>Create a new thread</h2>
 <?php
-if (!isset($_SESSION['signed_in'])) {
-	die('You must be <a href="signin.php">signed in</a> to create a thread.');
-} 
+include_once 'includes/Session.php';
+if (!Session::get()->is_signed_in()) {
+	trigger_error('You must be <a href="signin.php">signed in</a> to create a thread.');
+	exit();
+}
 ?>
-<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
-	<label for="thread_subject">Subject: </label><br>
-	<input type="text" name="thread_subject"><br>
-	<label for="thread_cat">Category: </label><br>
+<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
+    <label for="thread_subject">Subject: </label><br>
+    <input type="text" name="thread_subject"><br>
+    <label for="thread_cat">Category: </label><br>
 	<?php
-		include_once 'includes/db_inc.php';
-		include_once 'model/Category.php';
+	include_once './includes/db_inc.php';
+	include_once './includes/model/Category.php';
 
-		$categories = get_all_categories($dbc);
+	$categories = get_all_categories($dbc);
 
-		if (count($categories) == 0) {
-			echo 'There are no categories to post to!';
-		} else {
-			echo '<select name="thread_cat">';
+	if (count($categories) == 0) {
+		echo 'There are no categories to post to!';
+	} else {
+		echo '<select name="thread_cat">';
 
-			foreach ($categories as $category) {
-				echo '<option value="' . $category->id . '">' . $category->name . '</option>';
-			}
-	
-			echo '</select><br>';
+		foreach ($categories as $category) {
+			echo '<option value="' . $category->id . '">' . $category->name . '</option>';
 		}
+
+		echo '</select><br>';
+	}
 	?>
-	<label for="post_content">Write your post: </label><br>
-	<textarea name="post_content"></textarea><br>
-	<input type="submit" name="submit">
+    <label for="post_content">Write your post: </label><br>
+    <textarea name="post_content"></textarea><br>
+    <input type="submit" name="submit">
 </form>
 <?php
-include_once 'includes/db_inc.php';
-include_once 'includes/functions_insert.php';
+include_once 'includes/functions_post.php';
+include_once 'includes/functions_thread.php';
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 	$post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING);
 	$thread_subject = filter_input(INPUT_POST, 'thread_subject', FILTER_SANITIZE_STRING);
 	$thread_cat = filter_input(INPUT_POST, 'thread_cat', FILTER_SANITIZE_NUMBER_INT);
-	$user_id = filter_var($_SESSION['user_id'], FILTER_SANITIZE_NUMBER_INT);
 
 	if (empty($thread_subject) or !$thread_subject) {
 		echo 'Thread subject cannot be empty';
 	} else {
-		insert_thread($dbc, $thread_subject, $thread_cat, $user_id);
-		$thread_id = mysqli_insert_id($dbc);
-		insert_post($dbc, $post_content, $thread_id, $user_id, $thread_cat);
+		$thread_id = create_thread($thread_subject, $thread_cat);
+		create_post($post_content, $thread_id, $thread_cat);
 
-		$sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = " . $thread_cat . ";";
-		mysqli_query($dbc, $sql);
 
 		header("Location: viewthread.php?id=" . $thread_id);
 	}
diff --git a/includes/Database.php b/includes/Database.php
index 3308e4c..cdaa0f8 100644
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -21,7 +21,7 @@ class Database
 		}
 	}
 
-	public static function get(): ?Database
+	public static function get()
 	{
 		if (self::$instance == null) {
 			self::$instance = new Database();
@@ -30,8 +30,41 @@ class Database
 		return self::$instance;
 	}
 
-	public function query(string $sql)
+	public function query(string $sql, string $types = "", ...$vars): array
 	{
-		mysqli_query($this->sql_connection, $sql);
+		$stmt = mysqli_stmt_init($this->sql_connection);
+
+		if (!mysqli_stmt_prepare($stmt, $sql)) {
+			trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection));
+		}
+
+		mysqli_stmt_bind_param($stmt, $types, ...$vars);
+		mysqli_stmt_execute($stmt);
+
+		$result = array();
+		$db_result = mysqli_stmt_get_result($stmt);
+
+		if (mysqli_num_rows($db_result) > 0) {
+			while ($row = mysqli_fetch_assoc($db_result)) {
+				array_push($result, $row);
+			}
+		}
+
+		mysqli_free_result($db_result);
+		mysqli_stmt_close($stmt);
+
+		return $result;
+	}
+
+	/**
+	 * Returns the auto generated ID of the last query.
+	 * This function is just a wrapper for mysqli_insert_id.
+	 * In the future, it might be better to return different
+	 * values in the query function depending on the type of
+	 * SQL query.
+	 */
+	public function get_last_id()
+	{
+		return mysqli_insert_id($this->sql_connection);
 	}
 }
\ No newline at end of file
diff --git a/includes/Session.php b/includes/Session.php
index d97e7c5..7e17527 100644
--- a/includes/Session.php
+++ b/includes/Session.php
@@ -9,10 +9,8 @@ class Session
 		session_start();
 	}
 
-	public static function get(): ?Session
+	public static function get()
 	{
-		session_start();
-
 		if (self::$instance == null) {
 			self::$instance = new Session();
 		}
@@ -25,7 +23,7 @@ class Session
 		$_SESSION['signed_in'] = true;
 	}
 
-	public function is_signed_in()
+	public function is_signed_in(): bool
 	{
 		return isset($_SESSION['signed_in']);
 	}
@@ -42,7 +40,7 @@ class Session
 		$result = new User();
 
 		if (isset($_SESSION['user_id'])) {
-			$result->get_by_id($_GET['id'], $dbc);
+			$result->get_by_id($_SESSION['user_id']);
 		} else {
 			$result = null;
 		}
diff --git a/includes/functions_insert.php b/includes/functions_insert.php
deleted file mode 100644
index 4f60701..0000000
--- a/includes/functions_insert.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-// This file may be replaced by a MVC controller later on
-
-function insert_thread($dbc, $thread_subject, $thread_cat, $thread_author) {
-	$sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
-	$stmt = mysqli_stmt_init($dbc);
-
-	if (!mysqli_stmt_prepare($stmt, $sql)) {
-		die('Could not create thread due to internal error: ' . mysqli_error($dbc));
-	}
-
-	mysqli_stmt_bind_param($stmt, "sii", $thread_subject, $thread_cat, $thread_author);
-	mysqli_stmt_execute($stmt);
-	mysqli_stmt_close($stmt);
-}
-
-function insert_post($dbc, $post_content, $post_thread, $post_author, $post_category) {
-	$sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
-	$stmt = mysqli_stmt_init($dbc);
-
-	if (!mysqli_stmt_prepare($stmt, $sql)) {
-		die('Could not create post due to internal error: ' . mysqli_error($dbc));
-	}
-
-	mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author);
-	mysqli_stmt_execute($stmt);
-	mysqli_stmt_close($stmt);
-
-	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = " . $post_category . ";";
-	mysqli_query($dbc, $sql);
-
-	$sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = " . $post_thread . ";";
-	mysqli_query($dbc, $sql);
-}
diff --git a/includes/functions_post.php b/includes/functions_post.php
index 5bc8c2a..0176c76 100644
--- a/includes/functions_post.php
+++ b/includes/functions_post.php
@@ -1,57 +1,72 @@
 <?php
-include_once 'Session.php';
-include_once 'model/User.php';
+include_once './includes/Session.php';
+include_once './includes/Database.php';
+include_once './includes/model/User.php';
 
-function delete_post($post)
+function create_post($post_content, $post_thread, $post_category)
 {
 	// User must be signed in
 	if (!Session::get()->is_signed_in()) {
-		trigger_error('You must be signed in to delete a post!');
+		trigger_error('You must be signed in to create a post');
+		return;
 	}
 
-	// User must have permission to delete the post
-	$current_user = Session::get()->get_current_user();
-	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
-		trigger_error("You don't have sufficient permissions to delete this post.");
-	}
+	$user = Session::get()->get_current_user();
 
-	// TODO: The post must not be locked
+	// Insert the post into the database
+	$sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
+	Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id);
 
-	// TODO: The post must have not been around for a certain amount of time
+	// Increment the category's post count
+	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;";
+	Database::get()->query($sql, "i", $post_category);
 
-	// Delete the post from the database
-	Database::get()->query("DELETE FROM posts WHERE post_id = $post->id");
-
-	// Decrement the post count of the category
-	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";";
-	mysqli_query($dbc, $sql);
+	// Set the last post date of the parent thread
+	$sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;";
+	Database::get()->query($sql, "i", $post_thread);
 }
 
-function edit_post($post, $post_content)
+function edit_post(Post $post, string $post_content)
 {
 	// User must be signed in
 	if (!Session::get()->is_signed_in()) {
 		trigger_error('You must be signed in to edit this post!');
+		return;
 	}
 
 	// User must have permission to edit the post
 	$current_user = Session::get()->get_current_user();
-	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+	if ($current_user->id != $post->author->id) {
 		trigger_error("You don't have sufficient permissions to edit this post.");
+		return;
 	}
 
 	// Set the post content and the post edit date
 	$sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
-	$stmt = mysqli_stmt_init($dbc);
+	Database::get()->query($sql, "si", $post_content, $post->id);
+}
 
-	if (!mysqli_stmt_prepare($stmt, $sql)) {
-		trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc));
+function delete_post(Post $post)
+{
+	// User must be signed in
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to delete a post!');
+		return;
+	}
+
+	// User must have permission to delete the post
+	$current_user = Session::get()->get_current_user();
+	if ($current_user->id != $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+		trigger_error("You don't have sufficient permissions to delete this post.");
+		return;
 	}
 
-	mysqli_stmt_bind_param($stmt, "si", $post_content, $id);
-	mysqli_stmt_execute($stmt);
-	mysqli_stmt_close($stmt);
+	// TODO: The post must not be locked
+	// TODO: The post must have not been around for a certain amount of time
+
+	// Delete the post from the database
+	Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $post->id);
 
-	// Redirect to the post's thread page
-	header("Location: /viewthread.php?id=" . $post->thread->id);
+	// Decrement the post count of the category
+	Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $post->thread->category->id);
 }
diff --git a/includes/functions_thread.php b/includes/functions_thread.php
new file mode 100644
index 0000000..62efca9
--- /dev/null
+++ b/includes/functions_thread.php
@@ -0,0 +1,51 @@
+<?php
+include_once './includes/Database.php';
+include_once './includes/Session.php';
+
+function create_thread($subject, $category)
+{
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to create a thread');
+		return 0;
+	}
+
+	$user = Session::get()->get_current_user();
+
+	// Insert the new thread into the database
+	$sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);";
+	Database::get()->query($sql, "sii", $subject, $category, $user->id);
+
+	// Get the ID of the thread we just created
+	$thread_id = Database::get()->get_last_id();
+
+	// Increment the category's thread count
+	$sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = ?;";
+	Database::get()->query($sql, "i", $category);
+
+	return $thread_id;
+}
+
+function delete_thread($thread)
+{
+	// User must be signed in
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to delete a thread.');
+		return;
+	}
+
+	// User must be a moderator to delete a thread
+	$current_user = Session::get()->get_current_user();
+	if ($current_user->level != USER_LEVEL_MODERATOR) {
+		trigger_error("You must be a moderator to delete this post.");
+		return;
+	}
+
+	// TODO: The post must not be locked
+	// TODO: The post must have not been around for a certain amount of time
+
+	// Delete the thread from the database
+	Database::get()->query("DELETE FROM threads WHERE thread_id = ?", "i", $thread->id);
+
+	// Decrement the thread count of the category
+	Database::get()->query("UPDATE categories SET `cat_thread_count` = `cat_thread_count` - '1' WHERE cat_id = ?", "i", $thread->category->id);
+}
\ No newline at end of file
diff --git a/includes/model/User.php b/includes/model/User.php
index 1c48afb..c780ff0 100644
--- a/includes/model/User.php
+++ b/includes/model/User.php
@@ -1,14 +1,17 @@
 <?php
+include_once './includes/Database.php';
 
 const USER_LEVEL_MODERATOR = 1;
 
-class User {
+class User
+{
 	public $id;
 	public $name = 'Unknown';
 	public $date = 0;
 	public $level = 0;
 
-	function get_by_name($name, $dbc) {
+	function get_by_name($name, $dbc)
+	{
 		$sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?";
 		$stmt = mysqli_stmt_init($dbc);
 
@@ -35,25 +38,14 @@ class User {
 		mysqli_stmt_close($stmt);
 	}
 
-	function get_by_id($id, $dbc) {
-		$sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = " . mysqli_real_escape_string($dbc, $id);
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Failed to get user: ' . mysqli_error($dbc);
-		}
-	
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $id;
-				$this->name = $row['user_name'];
-				$this->date = $row['user_date'];
-				$this->level = $row['user_level'];
-			}
-		}
-	
-		mysqli_free_result($result);
-	}
+	function get_by_id($id)
+	{
+		$sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;";
+		$result = Database::get()->query($sql, "i", $id);
 
+		$this->id = $id;
+		$this->name = $result[0]['user_name'];
+		$this->date = $result[0]['user_date'];
+		$this->level = $result[0]['user_level'];
+	}
 }
\ No newline at end of file
diff --git a/includes/templates/header.php b/includes/templates/header.php
index 4eb17e3..35d9848 100644
--- a/includes/templates/header.php
+++ b/includes/templates/header.php
@@ -5,8 +5,12 @@
 [<a href="/create_thread.php">Create a thread</a>]
 <span style="float:right;">
 	<?php
-	if (isset($_SESSION['signed_in'])) {
-		echo '[<a href="viewuser.php?id='. $_SESSION['user_id'] .'">' . $_SESSION['user_name'] . '\'s Profile</a>] [<a href="includes/signout_inc.php">Log out</a>]';
+	include_once './includes/Session.php';
+	include_once './includes/model/User.php';
+
+	if (Session::get()->is_signed_in()) {
+		$user = Session::get()->get_current_user();
+		echo '[<a href="viewuser.php?id=' . $user->id . '">' . $user->name . '\'s Profile</a>] [<a href="includes/signout_inc.php">Log out</a>]';
 	} else {
 		echo '[<a href="signin.php">Sign in</a>] or [<a href="register.php">Register an account</a>]';
 	}
diff --git a/manage_post.php b/manage_post.php
index 3f9a9b3..9e04dd4 100644
--- a/manage_post.php
+++ b/manage_post.php
@@ -10,13 +10,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
 
 	if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
 		http_response_code(404);
-		include_once 'templates/404.php';
+		include_once './includes/templates/404.php';
 		die();
 	} else {
 		$result = $current->get_from_database($_GET['id'], $dbc);
 		if ($result == 0) {
 			http_response_code(404);
-			include_once 'templates/404.php';
+			include_once './includes/templates/404.php';
 			die();
 		}
 	}
@@ -28,68 +28,54 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
 	$post = new Post();
 	$post->get_from_database($id, $dbc);
 
-	if (!isset($_SESSION['signed_in'])) {
-		echo 'You must be <a href="signin.php">signed in</a> to manage a post.';
-		goto end;
-	}
-
-	if ($_SESSION['user_id'] != $post->author->id) {
-		echo "You can't manage another user's post!";
-		goto end;
-	}
-
 	if (strcasecmp($delete, "on") == 0) {
-		delete_post($dbc, $post);
+		delete_post($post);
 	} else {
-		edit_post();
+		edit_post($post, $post_content);
 	}
 
-	end:
 	header("Location: /viewthread.php?id=" . $post->thread->id);
 }
 ?>
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
-	<title>Manage a post - cflip.net forum</title>
-	<link rel="stylesheet" href="/styles/style.css">
+    <title>Manage a post - cflip.net forum</title>
+    <link rel="stylesheet" href="/styles/style.css">
 </head>
 <body>
-	<?php include_once 'templates/header.php' ?>
-	<h1>Manage a post</h1>
-	<?php
-	$current->display_content($dbc);
-	echo '<hr>';
+<?php include('includes/templates/header.php'); ?>
+<h1>Manage a post</h1>
+<?php
+$current->display_content($dbc);
+echo '<hr>';
 
-	$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
+$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
 
-	if (!isset($_SESSION['signed_in'])) {
-		echo 'You must be <a href="signin.php">signed in</a> to manage a post.';
-		return;
-	}
-
-	$current_user = new User();
-	$current_user->get_by_id($_SESSION['user_id'], $dbc);
+if (!Session::get()->is_signed_in()) {
+	echo '<p class="error">You must be <a href="signin.php">signed in</a> to manage a post.</p>';
+	return;
+}
 
-	// Admin users should be able to delete posts, but they should not be able to edit them
-	// Or should they??
-	if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) {
-		echo "You can't manage another user's post!";
-		return;
-	}
+// Admin users should be able to delete posts, but they should not be able to edit them
+// Or should they??
+if (Session::get()->get_current_user()->id != $current->author->id) {
+	echo '<p class="error">You can\'t manage another user\'s post!</p>';
+	return;
+}
 
-	// TODO: Disallow editing/deleting posts if they have been around for a while
-	?>
-	<form action="manage_post.php" method="post">
-		<h3>Edit post</h3>
-		<input type="hidden" name="id" value="<?= $current->id ?>">
-		<textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea>
-		<p>Edited posts will show a timestamp above the post showing when the last edit was made.</p>
-		<p>
-			<input type="checkbox" id="delete" name="delete">
-			<label for="delete">Delete this post</label>
-		</p>
-		<input type="submit" value="Apply Changes">
-	</form>
+// TODO: Disallow editing/deleting posts if they have been around for a while
+?>
+<form action="manage_post.php" method="post">
+    <h3>Edit post</h3>
+    <input type="hidden" name="id" value="<?= $current->id ?>">
+    <textarea name="post_content" rows="10" cols="50"><?= $current->content; ?></textarea>
+    <p>Edited posts will show a timestamp above the post showing when the last edit was made.</p>
+    <p>
+        <input type="checkbox" id="delete" name="delete">
+        <label for="delete">Delete this post</label>
+    </p>
+    <input type="submit" value="Apply Changes">
+</form>
 </body>
 </html>
diff --git a/moderate.php b/moderate.php
index afeefa1..3b8d05d 100644
--- a/moderate.php
+++ b/moderate.php
@@ -1,25 +1,22 @@
 <?php
-
-include_once 'includes/db_inc.php';
-include_once 'model/User.php';
+include_once './includes/db_inc.php';
+include_once './includes/functions_thread.php';
+include_once './includes/Session.php';
+include_once './includes/model/User.php';
 
 session_start();
 
-function delete_thread($dbc, $thread_id) {
-	$sql = "DELETE FROM threads WHERE thread_id = $thread_id;";
-	mysqli_query($dbc, $sql);
-}
-
-if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_SESSION['signed_in'])) {
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 	$thread_id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
 	$delete = filter_input(INPUT_POST, "delete", FILTER_SANITIZE_STRING);
-	
-	$user = new User();
-	$user->get_by_id($_SESSION['user_id'], $dbc);
 
-	if ($user->level > 0) {
+	$user = Session::get()->get_current_user();
+
+	if ($user->level == USER_LEVEL_MODERATOR) {
 		if (strcasecmp($delete, "on") == 0) {
-			delete_thread($dbc, $thread_id);
+			$thread = new Thread();
+			$thread->get_from_database($thread_id, $dbc);
+			delete_thread($thread);
 
 			header("Location: /");
 			exit();
diff --git a/register.php b/register.php
index 03eac6b..050878e 100644
--- a/register.php
+++ b/register.php
@@ -1,27 +1,29 @@
+<?php session_start() ?>
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
-	<title>Register an account - cflip.net forum</title>
-	<link rel="stylesheet" href="styles/style.css">
+    <title>Register an account - cflip.net forum</title>
+    <link rel="stylesheet" href="styles/style.css">
 </head>
 <body>
-<?php include_once 'templates/header.php' ?>
+<?php include './includes/templates/header.php' ?>
 <h2>Register an account</h2>
 <form action="register.php" method="post">
-	<label for="user_name">Username: </label><br>
-	<input type="text" name="user_name"><br>
-	<label for="user_pass">Password: </label><br>
-	<input type="password" name="user_pass"><br>
-	<label for="user_pass_check">Re-enter password: </label><br>
-	<input type="password" name="user_pass_check"><br>
-	<input type="submit" name="submit">
+    <label for="user_name">Username: </label><br>
+    <input type="text" name="user_name"><br>
+    <label for="user_pass">Password: </label><br>
+    <input type="password" name="user_pass"><br>
+    <label for="user_pass_check">Re-enter password: </label><br>
+    <input type="password" name="user_pass_check"><br>
+    <input type="submit" name="submit">
 </form>
 <br>
 
 <?php
 include_once 'includes/db_inc.php';
 
-function username_exists($dbc, $user_name) {
+function username_exists($dbc, $user_name)
+{
 	$sql = "SELECT * FROM users WHERE user_name = ?;";
 	$stmt = mysqli_stmt_init($dbc);
 
diff --git a/search.php b/search.php
index c09ae53..0732129 100644
--- a/search.php
+++ b/search.php
@@ -1,65 +1,65 @@
-<?php session_start()?>
+<?php session_start() ?>
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
-	<title>Search - cflip.net forum</title>
-	<link rel="stylesheet" href="styles/style.css">
+    <title>Search - cflip.net forum</title>
+    <link rel="stylesheet" href="styles/style.css">
 </head>
 <body>
-	<?php include_once 'templates/header.php'; ?>
-	<h2>Search cflip.net forum</h2>
-	<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="get">
-		Type:
-		<select name="type">
-			<option value="thread">Thread</option>
-			<option value="post">Post</option>
-			<option value="user">User</option>
-		</select>
-		Sort By:
-		<select name="sort">
-			<option value="lr">Last Reply</option>
-			<option value="cd">Creation Date</option>
-			<option value="rc">Reply Count</option>
-		</select>
-		With Name:
-		<input type="text" name="query">
-		<input type="submit" value="Search!">
-	</form>
-	<hr>
-	<?php
-		include_once 'includes/db_inc.php';
-		include_once 'model/Thread.php';
-		include_once 'model/Post.php';
+<?php include_once './includes/templates/header.php'; ?>
+<h2>Search cflip.net forum</h2>
+<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="get">
+    <label for="type">Type:</label>
+    <select id="type" name="type">
+        <option value="thread">Thread</option>
+        <option value="post">Post</option>
+        <option value="user">User</option>
+    </select>
+    <label for="sort">Sort By:</label>
+    <select id="sort" name="sort">
+        <option value="lr">Last Reply</option>
+        <option value="cd">Creation Date</option>
+        <option value="rc">Reply Count</option>
+    </select>
+    <label for="text">With Name:</label>
+    <input id="text" type="text" name="query">
+    <input type="submit" value="Search!">
+</form>
+<hr>
+<?php
+include_once './includes/db_inc.php';
+include_once './includes/model/Thread.php';
+include_once './includes/model/Post.php';
 
-		if (!isset($_GET['type'])) {
-			echo 'Specify a type to search.';
-		} else {
-			switch ($_GET['type']) {
-				case 'thread':
-					$threads = get_all_threads($dbc);
-					foreach ($threads as $thread) {
-						echo '<p>';
-						echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>';
-						echo '<small> created by <b><a href="viewuser.php?id=' . $thread->author->id . '">' . $thread->author->name . '</a></b> on ' . date('M d, Y', strtotime($thread->date_created)) . '</small></td>';
-						echo '</p>';
-					}
-					break;
-				case 'post':
-					$posts = get_all_posts($dbc);
-	
-					foreach ($posts as $post) {
-						echo '<h3>From <a href="viewthread.php?id=' . $post->thread->id . '">' . $post->thread->subject . '</a></h3>';
-						$post->display_content($dbc);
-						echo '<hr>';
-					}
-					break;
-				case 'user':
-					break;
-				default:
-					echo '<h3>Could not search: Invalid type!</h3>';
-					break;
+if (!isset($_GET['type'])) {
+	echo 'Specify a type to search.';
+} else {
+	switch ($_GET['type']) {
+		case 'thread':
+			$threads = get_all_threads($dbc);
+			foreach ($threads as $thread) {
+				echo '<p>';
+				echo '<td><b><a href="viewthread.php?id=' . $thread->id . '">' . $thread->subject . '</a></b>';
+				echo '<small> created by <b><a href="viewuser.php?id=' . $thread->author->id . '">' . $thread->author->name . '</a></b> on ' . date('M d, Y', strtotime($thread->date_created)) . '</small></td>';
+				echo '</p>';
 			}
-		}
-	?>
+			break;
+		case 'post':
+			$posts = get_all_posts($dbc);
+
+			foreach ($posts as $post) {
+				echo '<h3>From <a href="viewthread.php?id=' . $post->thread->id . '">' . $post->thread->subject . '</a></h3>';
+				$post->display_content($dbc);
+				echo '<hr>';
+			}
+			break;
+		case 'user':
+			break;
+		default:
+			echo '<h3>Could not search: Invalid type!</h3>';
+			break;
+	}
+}
+?>
 </body>
 </html>
diff --git a/signin.php b/signin.php
index cf41645..9017d37 100644
--- a/signin.php
+++ b/signin.php
@@ -1,26 +1,27 @@
-<?php session_start()?>
+<?php session_start() ?>
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
-	<title>Sign in - cflip.net forum</title>
-	<link rel="stylesheet" href="styles/style.css">
+    <title>Sign in - cflip.net forum</title>
+    <link rel="stylesheet" href="styles/style.css">
 </head>
 <body>
-	<?php include_once 'templates/header.php' ?>
-	<h2>Sign in</h2>
-	<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
-		<label for="user_name">Username: </label><br>
-		<input type="text" name="user_name"><br>
-		<label for="user_pass">Password: </label><br>
-		<input type="password" name="user_pass"><br>
-		<input type="submit" name="submit">
-	</form>
+<?php include_once './includes/templates/header.php' ?>
+<h2>Sign in</h2>
+<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
+    <label for="user_name">Username: </label><br>
+    <input type="text" name="user_name"><br>
+    <label for="user_pass">Password: </label><br>
+    <input type="password" name="user_pass"><br>
+    <input type="submit" name="submit">
+</form>
 
 <?php
 
 include_once 'includes/db_inc.php';
 
-function validate($data)  {
+function validate($data)
+{
 	$data = trim($data);
 	$data = stripslashes($data);
 	$data = htmlspecialchars($data);
@@ -29,7 +30,7 @@ function validate($data)  {
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 	$errors = array();
-	
+
 	if (empty($_POST['user_name'])) {
 		$errors[] = 'Please provide a username.';
 	} else {
diff --git a/viewthread.php b/viewthread.php
index ae08090..cc2d221 100644
--- a/viewthread.php
+++ b/viewthread.php
@@ -34,11 +34,10 @@ in <b><?= $current->category->name; ?></b>
 <?php
 include_once('includes/model/User.php');
 
-if (isset($_SESSION['signed_in'])) {
-	$user = new User();
-	$user->get_by_id($_SESSION['user_id'], $dbc);
+if (Session::get()->is_signed_in()) {
+	$user = Session::get()->get_current_user();
 
-	if ($user->level > 0) {
+	if ($user->level == USER_LEVEL_MODERATOR) {
 		echo '
 		<form action="moderate.php" method="post">
 			<p>
@@ -75,6 +74,8 @@ foreach ($posts as $post) {
 </body>
 </html>
 <?php
+include_once 'includes/functions_post.php';
+
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 	if (!isset($_SESSION['signed_in'])) {
 		echo 'You must be <a href="signin.php">signed in</a> to reply to this thread.';
@@ -87,7 +88,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 	if (empty($post_content) or !$post_content) {
 		echo 'Thread subject cannot be empty';
 	} else {
-		insert_post($dbc, $post_content, $current->id, $user_id, $current->category->id);
+		create_post($post_content, $current->id, $current->category->id);
 	}
 }
 ?>
diff --git a/viewuser.php b/viewuser.php
index 3a33de0..155b814 100644
--- a/viewuser.php
+++ b/viewuser.php
@@ -1,6 +1,6 @@
 <?php
 include_once 'includes/db_inc.php';
-include_once 'model/User.php';
+include_once 'includes/model/User.php';
 
 session_start();
 
@@ -8,18 +8,18 @@ $current = new User();
 
 if (!isset($_GET['id'])) {
 } else {
-	$current->get_by_id($_GET['id'], $dbc);
+	$current->get_by_id($_GET['id']);
 }
 ?>
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
-	<title><?= $current->name; ?>'s Profile - cflip.net forum</title>
-	<link rel="stylesheet" href="styles/style.css">
+    <title><?= $current->name; ?>'s Profile - cflip.net forum</title>
+    <link rel="stylesheet" href="styles/style.css">
 </head>
 <body>
-	<?php include_once "templates/header.php" ?>
-	<h1><?= $current->name; ?></h1>
-	member since <?= date('M d, Y', strtotime($current->date)); ?>
+<?php include_once "includes/templates/header.php" ?>
+<h1><?= $current->name; ?></h1>
+member since <?= date('M d, Y', strtotime($current->date)); ?>
 </body>
 </html>
-- 
cgit v1.2.3