From faae3f3906575b9c72d628a5e48d03f943c794fc Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 17 Apr 2021 17:36:18 -0600 Subject: Automatically sort threads without PHP comparisons --- index.php | 9 --------- model/Category.php | 4 ++-- viewcategory.php | 10 ---------- 3 files changed, 2 insertions(+), 21 deletions(-) diff --git a/index.php b/index.php index 7dd0fe4..bdbf770 100644 --- a/index.php +++ b/index.php @@ -27,16 +27,7 @@ include_once 'includes/db_inc.php'; include_once 'model/Category.php'; - // TODO: The get_all_categories function should return them in the right order - function cmp($a, $b) { - if ($a->id == $b->id) { - return 0; - } - return ($a->id < $b->id) ? -1 : 1; - } - $categories = get_all_categories($dbc); - usort($categories, "cmp"); foreach ($categories as $category) { $latest_thread = $category->get_latest_thread($dbc); diff --git a/model/Category.php b/model/Category.php index 1b699fb..b7c46d9 100644 --- a/model/Category.php +++ b/model/Category.php @@ -34,7 +34,7 @@ class Category { } function get_threads($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost"; + $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; $result = mysqli_query($dbc, $sql); if (!$result) { @@ -80,7 +80,7 @@ class Category { } function get_all_categories($dbc) { - $sql = "SELECT cat_id FROM categories"; + $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; $result = mysqli_query($dbc, $sql); if (!$result) { diff --git a/viewcategory.php b/viewcategory.php index a10afce..e10797a 100644 --- a/viewcategory.php +++ b/viewcategory.php @@ -39,17 +39,7 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { Latest Post date_lastpost); - $db = strtotime($b->date_lastpost); - - if ($da == $db) return 0; - - return ($da > $db) ? -1 : 1; - } - $threads = $current->get_threads($dbc); - usort($threads, "cmp"); foreach ($threads as $thread) { $latest_post = $thread->get_latest_post($dbc); -- cgit v1.2.3 From f695ed18b94041d8e2702e63b556e98d0954bbe2 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 18 Apr 2021 10:30:18 -0600 Subject: Ignore PHPStorm project files --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 394de92..f2ca6e2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ .vscode +.idea + config.ini \ No newline at end of file -- cgit v1.2.3 From f469e37a0a5d90350a6abd6a0c7b92b019f377e1 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Fri, 23 Apr 2021 17:44:28 -0600 Subject: Remove old TODO file --- TODO | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 TODO diff --git a/TODO b/TODO deleted file mode 100644 index 879a858..0000000 --- a/TODO +++ /dev/null @@ -1,17 +0,0 @@ -IMPROVE EXISTING CODE -[v] Object-oriented code -[ ] Clean up table printing code -[v] Fix thread create page -[ ] Clean up links -[ ] Create 404 pages - -CREATE NEW PAGES -[ ] Come up with designs for each page -[ ] Create search page (all posts, threads, users + search) -[ ] User profile picture + description -[ ] Scrolling banners for each category - -CLEAN UP PAGES -[ ] Create .htaccess for all pages/directories - - block off all .php files -[ ] Create CSS style \ No newline at end of file -- cgit v1.2.3 From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Fri, 23 Apr 2021 18:43:12 -0600 Subject: Refactoring part 1 --- includes/Database.php | 37 +++++++++++++ includes/Session.php | 52 ++++++++++++++++++ includes/functions_post.php | 57 ++++++++++++++++++++ includes/model/Category.php | 103 +++++++++++++++++++++++++++++++++++ includes/model/Post.php | 121 ++++++++++++++++++++++++++++++++++++++++++ includes/model/Thread.php | 111 ++++++++++++++++++++++++++++++++++++++ includes/model/User.php | 59 ++++++++++++++++++++ includes/templates/404.php | 12 +++++ includes/templates/header.php | 14 +++++ index.php | 85 +++++++++++++++-------------- manage_post.php | 26 ++------- model/Category.php | 103 ----------------------------------- model/Post.php | 121 ------------------------------------------ model/Thread.php | 111 -------------------------------------- model/User.php | 57 -------------------- register.php | 2 +- signin.php | 2 +- styles/style.css | 5 +- templates/404.php | 12 ----- templates/header.php | 14 ----- viewcategory.php | 68 ++++++++++++------------ viewthread.php | 60 ++++++++++----------- 22 files changed, 680 insertions(+), 552 deletions(-) create mode 100644 includes/Database.php create mode 100644 includes/Session.php create mode 100644 includes/functions_post.php create mode 100644 includes/model/Category.php create mode 100644 includes/model/Post.php create mode 100644 includes/model/Thread.php create mode 100644 includes/model/User.php create mode 100644 includes/templates/404.php create mode 100644 includes/templates/header.php delete mode 100644 model/Category.php delete mode 100644 model/Post.php delete mode 100644 model/Thread.php delete mode 100644 model/User.php delete mode 100644 templates/404.php delete mode 100644 templates/header.php diff --git a/includes/Database.php b/includes/Database.php new file mode 100644 index 0000000..3308e4c --- /dev/null +++ b/includes/Database.php @@ -0,0 +1,37 @@ +sql_connection = mysqli_connect($db_server, $db_user, $db_pass, $db_database); + + if (!$this->sql_connection) { + trigger_error("Database connection error: " . mysqli_connect_error()); + } + } + + public static function get(): ?Database + { + if (self::$instance == null) { + self::$instance = new Database(); + } + + return self::$instance; + } + + public function query(string $sql) + { + mysqli_query($this->sql_connection, $sql); + } +} \ No newline at end of file diff --git a/includes/Session.php b/includes/Session.php new file mode 100644 index 0000000..d97e7c5 --- /dev/null +++ b/includes/Session.php @@ -0,0 +1,52 @@ +is_signed_in()) { + return null; + } + + $result = new User(); + + if (isset($_SESSION['user_id'])) { + $result->get_by_id($_GET['id'], $dbc); + } else { + $result = null; + } + + return $result; + } +} \ No newline at end of file diff --git a/includes/functions_post.php b/includes/functions_post.php new file mode 100644 index 0000000..5bc8c2a --- /dev/null +++ b/includes/functions_post.php @@ -0,0 +1,57 @@ +is_signed_in()) { + trigger_error('You must be signed in to delete a post!'); + } + + // User must have permission to delete the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to delete this post."); + } + + // TODO: The post must not be locked + + // TODO: The post must have not been around for a certain amount of time + + // Delete the post from the database + Database::get()->query("DELETE FROM posts WHERE post_id = $post->id"); + + // Decrement the post count of the category + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; + mysqli_query($dbc, $sql); +} + +function edit_post($post, $post_content) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to edit this post!'); + } + + // User must have permission to edit the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to edit this post."); + } + + // Set the post content and the post edit date + $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "si", $post_content, $id); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + + // Redirect to the post's thread page + header("Location: /viewthread.php?id=" . $post->thread->id); +} diff --git a/includes/model/Category.php b/includes/model/Category.php new file mode 100644 index 0000000..b7c46d9 --- /dev/null +++ b/includes/model/Category.php @@ -0,0 +1,103 @@ +id = $id; + $this->name = $row['cat_name']; + $this->description = $row['cat_description']; + $this->thread_count = $row['cat_thread_count']; + $this->post_count = $row['cat_post_count']; + } + } + + mysqli_free_result($result); + return 1; + } + + function get_threads($dbc) { + $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get threads from category: ' . mysqli_error($dbc); + } + + $threads = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + array_push($threads, $thread); + } + } + + mysqli_free_result($result); + return $threads; + } + + function get_latest_thread($dbc) { + $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get thread from category: ' . mysqli_error($dbc); + } + + $thread = null; + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + } + } + + mysqli_free_result($result); + return $thread; + } +} + +function get_all_categories($dbc) { + $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get categories: ' . mysqli_error($dbc); + } + + $categories = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $category = new Category(); + $category->get_from_database($row['cat_id'], $dbc); + array_push($categories, $category); + } + } + + mysqli_free_result($result); + return $categories; +} \ No newline at end of file diff --git a/includes/model/Post.php b/includes/model/Post.php new file mode 100644 index 0000000..34d6a79 --- /dev/null +++ b/includes/model/Post.php @@ -0,0 +1,121 @@ +'; + } + + $reply = mysqli_fetch_assoc($result); + + if (empty($reply)) { + return '

This post has been deleted

'; + } + + return '

Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '

'; + } +} + +class Post { + public $id; + public $content; + public $date_created; + public $date_edited; + public $thread; + public $author; + + function get_from_database($id, $dbc) { + // TODO: Potential SQL injection risk? + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get post: ' . mysqli_error($dbc); + } + + if (mysqli_num_rows($result) == 0) { + return 0; + } else { + while ($row = mysqli_fetch_assoc($result)) { + $this->id = $id; + $this->content = $row['post_content']; + $this->date_created = $row['post_date_created']; + $this->date_edited = $row['post_date_edited']; + + $this->thread = new Thread(); + $this->thread->get_from_database($row['post_thread'], $dbc); + + $this->author = new User(); + $this->author->get_by_id($row['post_author'], $dbc); + } + } + + mysqli_free_result($result); + return 1; + } + + function display_content($dbc) { + echo ''; + + $post_content = $this->content; + $thread_id = $this->id; + + $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { + return add_quote($dbc, $thread_id, $matches); + }, $post_content); + + // Replace newline characters with HTML
tags + $post_content = nl2br($post_content); + + // Replace YouTube URLs with embedded YouTube videos. + $post_content = preg_replace( + "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", + '
', $post_content); + // Replace Image URLs with embedded images. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', '

', $post_content); + // Replace other URLs with links. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); + + echo '' . $post_content . ''; + } +} + +function get_all_posts($dbc) { + $sql = "SELECT post_id FROM posts"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get posts: ' . mysqli_error($dbc); + } + + $posts = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + array_push($posts, $post); + } + } + + mysqli_free_result($result); + return $posts; +} diff --git a/includes/model/Thread.php b/includes/model/Thread.php new file mode 100644 index 0000000..a9dc690 --- /dev/null +++ b/includes/model/Thread.php @@ -0,0 +1,111 @@ +id = $id; + $this->subject = $row['thread_subject']; + $this->date_created = $row['thread_date_created']; + $this->date_lastpost = $row['thread_date_lastpost']; + + $this->category = new Category(); + $this->category->get_from_database($row['thread_category'], $dbc); + + $this->author = new User(); + $this->author->get_by_id($row['thread_author'], $dbc); + } + } + + mysqli_free_result($result); + return 1; + } + + function get_posts($dbc) { + $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get posts from thread: ' . mysqli_error($dbc); + } + + $posts = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + array_push($posts, $post); + } + } + + mysqli_free_result($result); + return $posts; + } + + function get_latest_post($dbc) { + $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get post from category: ' . mysqli_error($dbc); + } + + $post = null; + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + } + } + + mysqli_free_result($result); + return $post; + } +} + +function get_all_threads($dbc) { + $sql = "SELECT thread_id FROM threads"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get threads: ' . mysqli_error($dbc); + } + + $threads = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + array_push($threads, $thread); + } + } + + mysqli_free_result($result); + return $threads; +} diff --git a/includes/model/User.php b/includes/model/User.php new file mode 100644 index 0000000..1c48afb --- /dev/null +++ b/includes/model/User.php @@ -0,0 +1,59 @@ +id = $row['user_id']; + $this->name = $name; + $this->date = $row['user_date']; + $this->level = $row['user_level']; + } + } + + mysqli_free_result($result); + mysqli_stmt_close($stmt); + } + + function get_by_id($id, $dbc) { + $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = " . mysqli_real_escape_string($dbc, $id); + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get user: ' . mysqli_error($dbc); + } + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $this->id = $id; + $this->name = $row['user_name']; + $this->date = $row['user_date']; + $this->level = $row['user_level']; + } + } + + mysqli_free_result($result); + } + +} \ No newline at end of file diff --git a/includes/templates/404.php b/includes/templates/404.php new file mode 100644 index 0000000..d4d5128 --- /dev/null +++ b/includes/templates/404.php @@ -0,0 +1,12 @@ + + + + cflip.net forum + + + + +

Page Not Found

The page you requested does not exist.

+ + diff --git a/includes/templates/header.php b/includes/templates/header.php new file mode 100644 index 0000000..4eb17e3 --- /dev/null +++ b/includes/templates/header.php @@ -0,0 +1,14 @@ +

cflip.net forum^beta

+[Home] +[All Threads] +[All Posts] +[Create a thread] + + ' . $_SESSION['user_name'] . '\'s Profile] [Log out]'; + } else { + echo '[Sign in] or [Register an account]'; + } + ?> + diff --git a/index.php b/index.php index bdbf770..7b92524 100644 --- a/index.php +++ b/index.php @@ -1,53 +1,56 @@ - + - + - cflip.net forum - + cflip.net forum + - -

Welcome to the cflip.net forum!

- This is the beta test of the forum website, so there are lots of features missing. Since there are no moderation features built into the website, - for the most part I don't care that much about what is posted here. Some links and buttons may not have any functionality either! -

- If you notice a problem or have an idea for a feature that is missing, reply to this thread! -

Welcome to the cflip.net forum!

+ This is the beta test of the forum website, so there are lots of features missing. Since there are no moderation + features built into the website, + for the most part I don't care that much about what is posted here. Some links and buttons may not have any + functionality either! +

+ If you notice a problem or have an idea for a feature that is missing, reply to this thread! +

Category	Threads	Posts	Latest Thread
'; - echo '' . $category->name . ''; - echo ' ' . $category->description . ''; - echo '	' . $category->thread_count . '	' . $category->post_count . '	' . $latest_thread->subject . ' '; - echo 'by ' . $latest_thread->author->name . ', ' . $latest_thread->date_created . '	No threads yet!
'; + echo '' . $category->name . ''; + echo ' ' . $category->description . ''; + echo '	' . $category->thread_count . '	' . $category->post_count . '	' . $latest_thread->subject . ' '; + echo 'by ' . $latest_thread->author->name . ', ' . $latest_thread->date_created . '	No threads yet!

Register an account

Username:
diff --git a/signin.php b/signin.php index e559614..cf41645 100644 --- a/signin.php +++ b/signin.php @@ -6,7 +6,7 @@ - +

Sign in

" method="post"> Username:
diff --git a/styles/style.css b/styles/style.css index 92090c0..9e37f62 100644 --- a/styles/style.css +++ b/styles/style.css @@ -1,7 +1,8 @@ body { font-family: Arial, sans-serif; font-size: 10pt; - margin: 10px 40px; + margin: auto; + width: 980px; } a { @@ -14,7 +15,7 @@ small { } .header > small { - color: #bde; + color: #dde; } a:hover { diff --git a/templates/404.php b/templates/404.php deleted file mode 100644 index d4d5128..0000000 --- a/templates/404.php +++ /dev/null @@ -1,12 +0,0 @@ - - - - cflip.net forum - - - - -

Page Not Found

The page you requested does not exist.

- - diff --git a/templates/header.php b/templates/header.php deleted file mode 100644 index 4eb17e3..0000000 --- a/templates/header.php +++ /dev/null @@ -1,14 +0,0 @@ -

cflip.net forum^beta

-[Home] -[All Threads] -[All Posts] -[Create a thread] - - ' . $_SESSION['user_name'] . '\'s Profile] [Log out]'; - } else { - echo '[Sign in] or [Register an account]'; - } - ?> - diff --git a/viewcategory.php b/viewcategory.php index e10797a..70733da 100644 --- a/viewcategory.php +++ b/viewcategory.php @@ -1,6 +1,6 @@ get_from_database($_GET['id'], $dbc); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include('includes/templates/404.php'); die(); } } ?> - + - <?= $current->name; ?> - cflip.net forum - + <?= $current->name; ?> - cflip.net forum + - -

name; ?>

description; ?>

- - thread_count . ' threads, ' . $current->post_count . ' posts'; ?> - -

Threads

- - - - - - get_threads($dbc); + +

name; ?>

description; ?>

+thread_count . ' threads, ' . $current->post_count . ' posts'; ?> +

Threads

Thread Name	Latest Post

+ + + + + get_threads($dbc); - foreach ($threads as $thread) { - $latest_post = $thread->get_latest_post($dbc); + foreach ($threads as $thread) { + $latest_post = $thread->get_latest_post($dbc); - echo ''; - echo ''; + echo ''; + echo ''; - if (!is_null($latest_post)) { - echo ''; - } else { - echo ''; - } - - echo ''; + if (!is_null($latest_post)) { + echo ''; + } else { + echo ''; } - ?> -

Thread Name	Latest Post
' . $thread->subject . ''; - echo ' by ' . $thread->author->name . ' on ' . date('M d, Y', strtotime($thread->date_created)) . '
' . $thread->subject . ''; + echo ' by ' . $thread->author->name . ' on ' . date('M d, Y', strtotime($thread->date_created)) . '	by ' . $latest_post->author->name . ' on ' . $latest_post->date_created . '	No posts yet!
by ' . $latest_post->author->name . ' on ' . $latest_post->date_created . '	No posts yet!

+ + echo ''; + } + ?> + diff --git a/viewthread.php b/viewthread.php index d41fb9b..ae08090 100644 --- a/viewthread.php +++ b/viewthread.php @@ -1,6 +1,6 @@ get_from_database($_GET['id'], $dbc); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include('includes/templates/404.php'); die(); } } ?> - + - <?= $current->subject; ?> - cflip.net forum - + <?= $current->subject; ?> - cflip.net forum + - -

subject; ?>

- created by author->name; ?> - in category->name; ?> - 3 days ago + +

subject; ?>

+created by author->name; ?> +in category->name; ?> +3 days ago -

- get_posts($dbc); +

+get_posts($dbc); - foreach ($posts as $post) { - $post->display_content($dbc); - } - ?> -

Reply to this thread

- - -
- -

+foreach ($posts as $post) { + $post->display_content($dbc); +} +?> +

Reply to this thread

+ signed in to reply to this thread.'; return; - } + } $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); $user_id = filter_var($_SESSION['user_id'], FILTER_SANITIZE_NUMBER_INT); @@ -93,5 +90,4 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { insert_post($dbc, $post_content, $current->id, $user_id, $current->category->id); } } - ?> -- cgit v1.2.3 From 7c3f2e348c015ea93563d866f89ec8cea9159ea0 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 09:40:20 -0600 Subject: Refactoring part 2 Starting to move some functionality such as the session and database connection into singleton classes to manage them. Functions for modifying posts and threads are being put in one place as well. --- create_thread.php | 68 ++++++++++++------------- includes/Database.php | 39 +++++++++++++-- includes/Session.php | 8 ++- includes/functions_insert.php | 35 ------------- includes/functions_post.php | 69 +++++++++++++++---------- includes/functions_thread.php | 51 +++++++++++++++++++ includes/model/User.php | 36 ++++++------- includes/templates/header.php | 8 ++- manage_post.php | 86 +++++++++++++------------------ moderate.php | 25 ++++----- register.php | 26 +++++----- search.php | 114 +++++++++++++++++++++--------------------- signin.php | 31 ++++++------ viewthread.php | 11 ++-- viewuser.php | 16 +++--- 15 files changed, 333 insertions(+), 290 deletions(-) delete mode 100644 includes/functions_insert.php create mode 100644 includes/functions_thread.php diff --git a/create_thread.php b/create_thread.php index 4598ce2..534b0ab 100644 --- a/create_thread.php +++ b/create_thread.php @@ -1,63 +1,61 @@ - + - + - Create a thread - cflip.net forum - + Create a thread - cflip.net forum + - +

Create a new thread

signed in to create a thread.'); -} +include_once 'includes/Session.php'; +if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to create a thread.'); + exit(); +} ?> - sql_connection, $sql); + $stmt = mysqli_stmt_init($this->sql_connection); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection)); + } + + mysqli_stmt_bind_param($stmt, $types, ...$vars); + mysqli_stmt_execute($stmt); + + $result = array(); + $db_result = mysqli_stmt_get_result($stmt); + + if (mysqli_num_rows($db_result) > 0) { + while ($row = mysqli_fetch_assoc($db_result)) { + array_push($result, $row); + } + } + + mysqli_free_result($db_result); + mysqli_stmt_close($stmt); + + return $result; + } + + /** + * Returns the auto generated ID of the last query. + * This function is just a wrapper for mysqli_insert_id. + * In the future, it might be better to return different + * values in the query function depending on the type of + * SQL query. + */ + public function get_last_id() + { + return mysqli_insert_id($this->sql_connection); } } \ No newline at end of file diff --git a/includes/Session.php b/includes/Session.php index d97e7c5..7e17527 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -9,10 +9,8 @@ class Session session_start(); } - public static function get(): ?Session + public static function get() { - session_start(); - if (self::$instance == null) { self::$instance = new Session(); } @@ -25,7 +23,7 @@ class Session $_SESSION['signed_in'] = true; } - public function is_signed_in() + public function is_signed_in(): bool { return isset($_SESSION['signed_in']); } @@ -42,7 +40,7 @@ class Session $result = new User(); if (isset($_SESSION['user_id'])) { - $result->get_by_id($_GET['id'], $dbc); + $result->get_by_id($_SESSION['user_id']); } else { $result = null; } diff --git a/includes/functions_insert.php b/includes/functions_insert.php deleted file mode 100644 index 4f60701..0000000 --- a/includes/functions_insert.php +++ /dev/null @@ -1,35 +0,0 @@ -is_signed_in()) { - trigger_error('You must be signed in to delete a post!'); + trigger_error('You must be signed in to create a post'); + return; } - // User must have permission to delete the post - $current_user = Session::get()->get_current_user(); - if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { - trigger_error("You don't have sufficient permissions to delete this post."); - } + $user = Session::get()->get_current_user(); - // TODO: The post must not be locked + // Insert the post into the database + $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id); - // TODO: The post must have not been around for a certain amount of time + // Increment the category's post count + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;"; + Database::get()->query($sql, "i", $post_category); - // Delete the post from the database - Database::get()->query("DELETE FROM posts WHERE post_id = $post->id"); - - // Decrement the post count of the category - $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; - mysqli_query($dbc, $sql); + // Set the last post date of the parent thread + $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;"; + Database::get()->query($sql, "i", $post_thread); } -function edit_post($post, $post_content) +function edit_post(Post $post, string $post_content) { // User must be signed in if (!Session::get()->is_signed_in()) { trigger_error('You must be signed in to edit this post!'); + return; } // User must have permission to edit the post $current_user = Session::get()->get_current_user(); - if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + if ($current_user->id != $post->author->id) { trigger_error("You don't have sufficient permissions to edit this post."); + return; } // Set the post content and the post edit date $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; - $stmt = mysqli_stmt_init($dbc); + Database::get()->query($sql, "si", $post_content, $post->id); +} - if (!mysqli_stmt_prepare($stmt, $sql)) { - trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc)); +function delete_post(Post $post) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a post!'); + return; + } + + // User must have permission to delete the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id != $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to delete this post."); + return; } - mysqli_stmt_bind_param($stmt, "si", $post_content, $id); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + // TODO: The post must not be locked + // TODO: The post must have not been around for a certain amount of time + + // Delete the post from the database + Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $post->id); - // Redirect to the post's thread page - header("Location: /viewthread.php?id=" . $post->thread->id); + // Decrement the post count of the category + Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $post->thread->category->id); } diff --git a/includes/functions_thread.php b/includes/functions_thread.php new file mode 100644 index 0000000..62efca9 --- /dev/null +++ b/includes/functions_thread.php @@ -0,0 +1,51 @@ +is_signed_in()) { + trigger_error('You must be signed in to create a thread'); + return 0; + } + + $user = Session::get()->get_current_user(); + + // Insert the new thread into the database + $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + Database::get()->query($sql, "sii", $subject, $category, $user->id); + + // Get the ID of the thread we just created + $thread_id = Database::get()->get_last_id(); + + // Increment the category's thread count + $sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = ?;"; + Database::get()->query($sql, "i", $category); + + return $thread_id; +} + +function delete_thread($thread) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a thread.'); + return; + } + + // User must be a moderator to delete a thread + $current_user = Session::get()->get_current_user(); + if ($current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You must be a moderator to delete this post."); + return; + } + + // TODO: The post must not be locked + // TODO: The post must have not been around for a certain amount of time + + // Delete the thread from the database + Database::get()->query("DELETE FROM threads WHERE thread_id = ?", "i", $thread->id); + + // Decrement the thread count of the category + Database::get()->query("UPDATE categories SET `cat_thread_count` = `cat_thread_count` - '1' WHERE cat_id = ?", "i", $thread->category->id); +} \ No newline at end of file diff --git a/includes/model/User.php b/includes/model/User.php index 1c48afb..c780ff0 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -1,14 +1,17 @@ id = $id; - $this->name = $row['user_name']; - $this->date = $row['user_date']; - $this->level = $row['user_level']; - } - } - - mysqli_free_result($result); - } + function get_by_id($id) + { + $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + $this->id = $id; + $this->name = $result[0]['user_name']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; + } } \ No newline at end of file diff --git a/includes/templates/header.php b/includes/templates/header.php index 4eb17e3..35d9848 100644 --- a/includes/templates/header.php +++ b/includes/templates/header.php @@ -5,8 +5,12 @@ [Create a thread] ' . $_SESSION['user_name'] . '\'s Profile] [Log out]'; + include_once './includes/Session.php'; + include_once './includes/model/User.php'; + + if (Session::get()->is_signed_in()) { + $user = Session::get()->get_current_user(); + echo '[' . $user->name . '\'s Profile] [Log out]'; } else { echo '[Sign in] or [Register an account]'; } diff --git a/manage_post.php b/manage_post.php index 3f9a9b3..9e04dd4 100644 --- a/manage_post.php +++ b/manage_post.php @@ -10,13 +10,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } else { $result = $current->get_from_database($_GET['id'], $dbc); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } } @@ -28,68 +28,54 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { $post = new Post(); $post->get_from_database($id, $dbc); - if (!isset($_SESSION['signed_in'])) { - echo 'You must be signed in to manage a post.'; - goto end; - } - - if ($_SESSION['user_id'] != $post->author->id) { - echo "You can't manage another user's post!"; - goto end; - } - if (strcasecmp($delete, "on") == 0) { - delete_post($dbc, $post); + delete_post($post); } else { - edit_post(); + edit_post($post, $post_content); } - end: header("Location: /viewthread.php?id=" . $post->thread->id); } ?> - + - Manage a post - cflip.net forum - + Manage a post - cflip.net forum + - -

Manage a post

- display_content($dbc); - echo '

'; + +

Manage a post

+display_content($dbc); +echo '

'; - $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); +$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); - if (!isset($_SESSION['signed_in'])) { - echo 'You must be signed in to manage a post.'; - return; - } - - $current_user = new User(); - $current_user->get_by_id($_SESSION['user_id'], $dbc); +if (!Session::get()->is_signed_in()) { + echo '

You must be signed in to manage a post.

'; + return; +} - // Admin users should be able to delete posts, but they should not be able to edit them - // Or should they?? - if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) { - echo "You can't manage another user's post!"; - return; - } +// Admin users should be able to delete posts, but they should not be able to edit them +// Or should they?? +if (Session::get()->get_current_user()->id != $current->author->id) { + echo '

You can\'t manage another user\'s post!

'; + return; +} - // TODO: Disallow editing/deleting posts if they have been around for a while - ?> - +// TODO: Disallow editing/deleting posts if they have been around for a while +?> + diff --git a/moderate.php b/moderate.php index afeefa1..3b8d05d 100644 --- a/moderate.php +++ b/moderate.php @@ -1,25 +1,22 @@ get_by_id($_SESSION['user_id'], $dbc); - if ($user->level > 0) { + $user = Session::get()->get_current_user(); + + if ($user->level == USER_LEVEL_MODERATOR) { if (strcasecmp($delete, "on") == 0) { - delete_thread($dbc, $thread_id); + $thread = new Thread(); + $thread->get_from_database($thread_id, $dbc); + delete_thread($thread); header("Location: /"); exit(); diff --git a/register.php b/register.php index 03eac6b..050878e 100644 --- a/register.php +++ b/register.php @@ -1,27 +1,29 @@ + - + - Register an account - cflip.net forum - + Register an account - cflip.net forum + - +

Register an account

+ - + - Search - cflip.net forum - + Search - cflip.net forum + - -

Search cflip.net forum

- -

- +

Search cflip.net forum

+ +

+'; - echo '' . $thread->subject . ''; - echo ' created by ' . $thread->author->name . ' on ' . date('M d, Y', strtotime($thread->date_created)) . ''; - echo '

'; - } - break; - case 'post': - $posts = get_all_posts($dbc); - - foreach ($posts as $post) { - echo '

From ' . $post->thread->subject . '

'; - $post->display_content($dbc); - echo '

'; - } - break; - case 'user': - break; - default: - echo '

Could not search: Invalid type!

'; - break; +if (!isset($_GET['type'])) { + echo 'Specify a type to search.'; +} else { + switch ($_GET['type']) { + case 'thread': + $threads = get_all_threads($dbc); + foreach ($threads as $thread) { + echo '

'; + echo '' . $thread->subject . ''; + echo ' created by ' . $thread->author->name . ' on ' . date('M d, Y', strtotime($thread->date_created)) . ''; + echo '

'; } - } - ?> + break; + case 'post': + $posts = get_all_posts($dbc); + + foreach ($posts as $post) { + echo '

From ' . $post->thread->subject . '

'; + $post->display_content($dbc); + echo '

'; + } + break; + case 'user': + break; + default: + echo '

Could not search: Invalid type!

'; + break; + } +} +?> diff --git a/signin.php b/signin.php index cf41645..9017d37 100644 --- a/signin.php +++ b/signin.php @@ -1,26 +1,27 @@ - + - + - Sign in - cflip.net forum - + Sign in - cflip.net forum + - -

Sign in

- + +

Sign in

+ category->name; ?> get_by_id($_SESSION['user_id'], $dbc); +if (Session::get()->is_signed_in()) { + $user = Session::get()->get_current_user(); - if ($user->level > 0) { + if ($user->level == USER_LEVEL_MODERATOR) { echo '

@@ -75,6 +74,8 @@ foreach ($posts as $post) { signed in to reply to this thread.'; @@ -87,7 +88,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (empty($post_content) or !$post_content) { echo 'Thread subject cannot be empty'; } else { - insert_post($dbc, $post_content, $current->id, $user_id, $current->category->id); + create_post($post_content, $current->id, $current->category->id); } } ?> diff --git a/viewuser.php b/viewuser.php index 3a33de0..155b814 100644 --- a/viewuser.php +++ b/viewuser.php @@ -1,6 +1,6 @@ get_by_id($_GET['id'], $dbc); + $current->get_by_id($_GET['id']); } ?> - + - <?= $current->name; ?>'s Profile - cflip.net forum - + <?= $current->name; ?>'s Profile - cflip.net forum + - -

name; ?>

- member since date)); ?> + +

name; ?>

+member since date)); ?> -- cgit v1.2.3 From aae25cd709d486f7ee9513753d40eb5cc239c42d Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:38:22 -0600 Subject: Specify PHP version in README --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 2255372..80c9d54 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,9 @@ # cflip.net forums The source code to my first PHP project, a forum system. +## Requirements +This project requires PHP 7.0 or newer + ## Setup - Create a `config.ini` file and put your MySQL credentials in (see `config.example.ini`) - `setup.sql` has the SQL script to set up your database. -- cgit v1.2.3 From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:40:50 -0600 Subject: Remove all uses of db_inc.php This method of importing the database login every time wasn't very good. Now everything uses the new Database singleton class. --- change_passw.php | 67 +++++++++++------------ create_thread.php | 4 +- includes/Database.php | 30 +++++++---- includes/Session.php | 6 +-- includes/db_inc.php | 14 ----- includes/functions_category.php | 17 ++++++ includes/functions_display.php | 2 +- includes/functions_post.php | 87 ++++++++++++++++++++++++++++++ includes/functions_thread.php | 16 ++++++ includes/functions_user.php | 21 ++++++++ includes/model/Category.php | 111 +++++++++++--------------------------- includes/model/Post.php | 100 +++++++++-------------------------- includes/model/Thread.php | 114 ++++++++++++---------------------------- includes/model/User.php | 36 +++++-------- includes/reply_inc.php | 21 +++----- index.php | 8 +-- manage_post.php | 11 ++-- moderate.php | 3 +- register.php | 41 ++------------- search.php | 9 ++-- signin.php | 25 +++------ viewcategory.php | 12 ++--- viewthread.php | 14 ++--- viewuser.php | 3 +- 24 files changed, 351 insertions(+), 421 deletions(-) delete mode 100644 includes/db_inc.php create mode 100644 includes/functions_category.php create mode 100644 includes/functions_user.php diff --git a/change_passw.php b/change_passw.php index aa8de88..9f39742 100644 --- a/change_passw.php +++ b/change_passw.php @@ -1,26 +1,9 @@ - - -

You must be logged in to change your password.'; - } else { - echo ' -

Change your password

- - Password:
-
- Re-enter password:
-
- - -
'; - } -?> +include_once './includes/Session.php'; +include_once './includes/model/User.php'; +include_once './includes/functions_user.php'; -'; } else { - $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create account due to internal error: ' . mysqli_error($dbc)); - } - $pass_hash = password_hash($user_pass, PASSWORD_DEFAULT); - - mysqli_stmt_bind_param($stmt, "ss", $pass_hash, $_SESSION['user_id']); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - + change_password(Session::get()->get_current_user(), $pass_hash); echo 'Password successfully changed!'; } } ?> + + + + Change your password - cflip.net forum + + + + - - +if (!Session::get()->is_signed_in()) { + echo '

You must be logged in to change your password.

'; +} else { + echo ' +

Change your password

+ +
'; +} +?> + + diff --git a/create_thread.php b/create_thread.php index 534b0ab..2ed323d 100644 --- a/create_thread.php +++ b/create_thread.php @@ -20,10 +20,10 @@ if (!Session::get()->is_signed_in()) {
Category:
sql_connection); + $result = array(); - if (!mysqli_stmt_prepare($stmt, $sql)) { - trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection)); - } + if ($types == "") { + // No types were provided, preparing a statement is not necessary + $db_result = mysqli_query($this->sql_connection, $sql); + } else { + $stmt = mysqli_stmt_init($this->sql_connection); - mysqli_stmt_bind_param($stmt, $types, ...$vars); - mysqli_stmt_execute($stmt); + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Internal error: ' . mysqli_error($this->sql_connection)); + return $result; + } - $result = array(); - $db_result = mysqli_stmt_get_result($stmt); + mysqli_stmt_bind_param($stmt, $types, ...$vars); + mysqli_stmt_execute($stmt); + + $db_result = mysqli_stmt_get_result($stmt); + + mysqli_stmt_close($stmt); + } + + if (!$db_result) { + return $result; + } if (mysqli_num_rows($db_result) > 0) { while ($row = mysqli_fetch_assoc($db_result)) { @@ -51,7 +64,6 @@ class Database } mysqli_free_result($db_result); - mysqli_stmt_close($stmt); return $result; } diff --git a/includes/Session.php b/includes/Session.php index 7e17527..a9c1dc7 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -18,9 +18,11 @@ class Session return self::$instance; } - public function sign_in() + public function sign_in(User $user) { $_SESSION['signed_in'] = true; + $_SESSION['user_id'] = $user->id; + $_SESSION['user_name'] = $user->name; } public function is_signed_in(): bool @@ -30,8 +32,6 @@ class Session public function get_current_user() { - include_once 'db_inc.php'; - // There is no current user if (!$this->is_signed_in()) { return null; diff --git a/includes/db_inc.php b/includes/db_inc.php deleted file mode 100644 index b7c361d..0000000 --- a/includes/db_inc.php +++ /dev/null @@ -1,14 +0,0 @@ -query($sql); + + $categories = array(); + + foreach ($result as $row) { + $category = new Category(); + $category->get_from_database($row['cat_id']); + array_push($categories, $category); + } + + return $categories; +} \ No newline at end of file diff --git a/includes/functions_display.php b/includes/functions_display.php index bf9ed64..47ba188 100644 --- a/includes/functions_display.php +++ b/includes/functions_display.php @@ -93,7 +93,7 @@ function display_posts($dbc, $thread_id, $sql_result) { $post_content = $row['post_content']; $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace YouTube URLs with embedded YouTube videos. diff --git a/includes/functions_post.php b/includes/functions_post.php index 0176c76..97fc622 100644 --- a/includes/functions_post.php +++ b/includes/functions_post.php @@ -3,6 +3,22 @@ include_once './includes/Session.php'; include_once './includes/Database.php'; include_once './includes/model/User.php'; +function get_all_posts(): array +{ + $sql = "SELECT post_id FROM posts"; + $result = Database::get()->query($sql); + + $posts = array(); + + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); + } + + return $posts; +} + function create_post($post_content, $post_thread, $post_category) { // User must be signed in @@ -26,6 +42,77 @@ function create_post($post_content, $post_thread, $post_category) Database::get()->query($sql, "i", $post_thread); } +function create_quote(int $id): string +{ + $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + $reply = $result[0]; + + if (empty($reply)) { + return '

This post has been deleted

'; + } + + return '

Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '

'; +} + +function format_post_content(string $post_content) +{ + $post_content = preg_replace_callback('/>#\d+/', function ($matches) { + $result = ""; + foreach ($matches as $match) { + $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); + $result .= create_quote($id); + } + return $result; + }, $post_content); + + $result = $post_content; + + // Replace newline characters with HTML
tags + $result = nl2br($result); + + // Replace YouTube URLs with embedded YouTube videos. + $result = preg_replace( + "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i", + '
', $result); + + // Replace Image URLs with embedded images. + $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', '

', $result); + + // Replace other URLs with links. + return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $result); +} + +/** + * Get the post content from the database and return it as a string ready for HTML display + */ +function get_post_content(Post $post): string +{ + // Build the header + $result = '

#' . $post->id . ''; + $result .= ' Posted by ' . $post->author->name . ''; + $result .= ' on ' . date('m/d/Y g:ia', strtotime($post->date_created)); + + // If the post has a edit date, display it + if (!is_null($post->date_edited)) { + $result .= ' edited ' . date('m/d/Y g:ia', strtotime($post->date_edited)) . ''; + } + + // Append a manage post button if the user is signed in and is the post's creator + if (Session::get()->is_signed_in() && Session::get()->get_current_user()->id == $post->author->id) { + $result .= ''; + $result .= '[Edit/Delete]'; + $result .= ''; + } + $result .= '

'; + + // Append the formatted post content + $result .= '' . format_post_content($post->content) . ''; + + return $result; +} + function edit_post(Post $post, string $post_content) { // User must be signed in diff --git a/includes/functions_thread.php b/includes/functions_thread.php index 62efca9..61b8e59 100644 --- a/includes/functions_thread.php +++ b/includes/functions_thread.php @@ -2,6 +2,22 @@ include_once './includes/Database.php'; include_once './includes/Session.php'; +function get_all_threads(): array +{ + $sql = "SELECT thread_id FROM threads"; + $result = Database::get()->query($sql); + + $threads = array(); + + foreach ($result as $row) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id']); + array_push($threads, $thread); + } + + return $threads; +} + function create_thread($subject, $category) { if (!Session::get()->is_signed_in()) { diff --git a/includes/functions_user.php b/includes/functions_user.php new file mode 100644 index 0000000..b2069a2 --- /dev/null +++ b/includes/functions_user.php @@ -0,0 +1,21 @@ +query($sql, "s", $username); + + return !empty($result); +} + +function register_user(string $username, string $pass_hash) +{ + $sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());"; + Database::get()->query($sql, "ss", $username, $pass_hash); +} + +function change_password(User $user, string $pass_hash) +{ + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; + Database::get()->query($sql, "si", $pass_hash, $user->id); +} \ No newline at end of file diff --git a/includes/model/Category.php b/includes/model/Category.php index b7c46d9..ed53bdc 100644 --- a/includes/model/Category.php +++ b/includes/model/Category.php @@ -2,102 +2,55 @@ include_once 'Thread.php'; -class Category { +class Category +{ public $id = 0; public $name = 'Unknown'; public $description = 'This category does not exist'; public $thread_count = 0; public $post_count = 0; - function get_from_database($id, $dbc) { - $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get category: ' . mysqli_error($dbc); - } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->name = $row['cat_name']; - $this->description = $row['cat_description']; - $this->thread_count = $row['cat_thread_count']; - $this->post_count = $row['cat_post_count']; - } + function get_from_database($id): bool + { + $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - mysqli_free_result($result); - return 1; + + $this->id = $id; + $this->name = $result[0]['cat_name']; + $this->description = $result[0]['cat_description']; + $this->thread_count = $result[0]['cat_thread_count']; + $this->post_count = $result[0]['cat_post_count']; + + return true; } - function get_threads($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get threads from category: ' . mysqli_error($dbc); - } - + function get_threads(): array + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC"; + $result = Database::get()->query($sql, "i", $this->id); $threads = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } + foreach ($result as $row) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id']); + array_push($threads, $thread); } - mysqli_free_result($result); return $threads; } - function get_latest_thread($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get thread from category: ' . mysqli_error($dbc); - } - - $thread = null; - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - } - } + function get_latest_thread(): Thread + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); + + $thread = new Thread(); + $thread->get_from_database($result[0]['thread_id']); - mysqli_free_result($result); return $thread; } } - -function get_all_categories($dbc) { - $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get categories: ' . mysqli_error($dbc); - } - - $categories = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $category = new Category(); - $category->get_from_database($row['cat_id'], $dbc); - array_push($categories, $category); - } - } - - mysqli_free_result($result); - return $categories; -} \ No newline at end of file diff --git a/includes/model/Post.php b/includes/model/Post.php index 34d6a79..86373b6 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -2,27 +2,8 @@ include_once 'Thread.php'; -function add_quote($dbc, $thread_id, $matches) { - foreach ($matches as $match) { - $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); - $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - return '

'; - } - - $reply = mysqli_fetch_assoc($result); - - if (empty($reply)) { - return '

This post has been deleted

'; - } - - return '

Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '

'; - } -} - -class Post { +class Post +{ public $id; public $content; public $date_created; @@ -30,39 +11,33 @@ class Post { public $thread; public $author; - function get_from_database($id, $dbc) { - // TODO: Potential SQL injection risk? - $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get post: ' . mysqli_error($dbc); + function get_from_database($id): bool + { + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->content = $row['post_content']; - $this->date_created = $row['post_date_created']; - $this->date_edited = $row['post_date_edited']; - $this->thread = new Thread(); - $this->thread->get_from_database($row['post_thread'], $dbc); + $this->id = $id; + $this->content = $result[0]['post_content']; + $this->date_created = $result[0]['post_date_created']; + $this->date_edited = $result[0]['post_date_edited']; - $this->author = new User(); - $this->author->get_by_id($row['post_author'], $dbc); - } - } + $this->thread = new Thread(); + $this->thread->get_from_database($result[0]['post_thread']); + + $this->author = new User(); + $this->author->get_by_id($result[0]['post_author']); - mysqli_free_result($result); - return 1; + return true; } - function display_content($dbc) { + function display_content($dbc) + { echo '

#' . $this->id . ''; - echo ' Posted by ' . $this->author->name . ''; + echo ' Posted by ' . $this->author->name . ''; echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); if (!is_null($this->date_edited)) { echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; @@ -70,22 +45,22 @@ class Post { if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { echo ''; echo '[Edit/Delete] '; - echo''; + echo ''; } echo '

'; $post_content = $this->content; $thread_id = $this->id; - $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace newline characters with HTML
tags $post_content = nl2br($post_content); // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( + $post_content = preg_replace( "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", '
', $post_content); // Replace Image URLs with embedded images. @@ -96,26 +71,3 @@ class Post { echo '' . $post_content . ''; } } - -function get_all_posts($dbc) { - $sql = "SELECT post_id FROM posts"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get posts: ' . mysqli_error($dbc); - } - - $posts = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } - } - - mysqli_free_result($result); - return $posts; -} diff --git a/includes/model/Thread.php b/includes/model/Thread.php index a9dc690..cfe10d6 100644 --- a/includes/model/Thread.php +++ b/includes/model/Thread.php @@ -4,7 +4,8 @@ include_once 'Category.php'; include_once 'User.php'; include_once 'Post.php'; -class Thread { +class Thread +{ public $id = 0; public $subject = 'Unknown thread'; public $date_created = 0; @@ -12,100 +13,53 @@ class Thread { public $category; public $author; - function get_from_database($id, $dbc) { - $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - die('Error trying to display thread page: ' . mysqli_error($dbc)); + function get_from_database($id): bool + { + $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->subject = $row['thread_subject']; - $this->date_created = $row['thread_date_created']; - $this->date_lastpost = $row['thread_date_lastpost']; - $this->category = new Category(); - $this->category->get_from_database($row['thread_category'], $dbc); + $this->id = $id; + $this->subject = $result[0]['thread_subject']; + $this->date_created = $result[0]['thread_date_created']; + $this->date_lastpost = $result[0]['thread_date_lastpost']; - $this->author = new User(); - $this->author->get_by_id($row['thread_author'], $dbc); - } - } + $this->category = new Category(); + $this->category->get_from_database($result[0]['thread_category']); - mysqli_free_result($result); - return 1; + $this->author = new User(); + $this->author->get_by_id($result[0]['thread_author']); + + return true; } - function get_posts($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get posts from thread: ' . mysqli_error($dbc); - } - + function get_posts(): array + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ?"; + $result = Database::get()->query($sql, "i", $this->id); + $posts = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); } - mysqli_free_result($result); return $posts; } - function get_latest_post($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get post from category: ' . mysqli_error($dbc); - } - - $post = null; + function get_latest_post(): Post + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ? ORDER BY post_date_created DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - } - } + $post = new Post(); + $post->get_from_database($result[0]['post_id']); - mysqli_free_result($result); return $post; } } - -function get_all_threads($dbc) { - $sql = "SELECT thread_id FROM threads"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get threads: ' . mysqli_error($dbc); - } - - $threads = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } - } - - mysqli_free_result($result); - return $threads; -} diff --git a/includes/model/User.php b/includes/model/User.php index c780ff0..f2bd23d 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -7,44 +7,36 @@ class User { public $id; public $name = 'Unknown'; + public $password; public $date = 0; public $level = 0; - function get_by_name($name, $dbc) + function get_by_name($name): bool { - $sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?"; - $stmt = mysqli_stmt_init($dbc); + $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?"; + $result = Database::get()->query($sql, "s", $name); - if (!mysqli_stmt_prepare($stmt, $sql)) { - echo 'Failed to get user: ' . mysqli_error($dbc); + if (empty($result)) { + return false; } - mysqli_stmt_bind_param($stmt, "s", $name); - mysqli_stmt_execute($stmt); - - $result = mysqli_stmt_get_result($stmt); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $row['user_id']; - $this->name = $name; - $this->date = $row['user_date']; - $this->level = $row['user_level']; - } - } + $this->id = $result[0]['user_id']; + $this->name = $name; + $this->password = $result[0]['user_pass']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; - mysqli_free_result($result); - mysqli_stmt_close($stmt); + return true; } function get_by_id($id) { - $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;"; + $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;"; $result = Database::get()->query($sql, "i", $id); $this->id = $id; $this->name = $result[0]['user_name']; + $this->password = $result[0]['user_pass']; $this->date = $result[0]['user_date']; $this->level = $result[0]['user_level']; } diff --git a/includes/reply_inc.php b/includes/reply_inc.php index cf7a839..588b59f 100644 --- a/includes/reply_inc.php +++ b/includes/reply_inc.php @@ -1,10 +1,8 @@ get_from_database($thread_id); -mysqli_stmt_bind_param($stmt, "sii", $reply_content, $reply_to, $post_author); -mysqli_stmt_execute($stmt); -mysqli_stmt_close($stmt); +create_post($reply_content, $thread_id, $thread->category); header("Location: ../thread.php?id=" . $_GET['reply_to']); \ No newline at end of file diff --git a/index.php b/index.php index 7b92524..9d62f52 100644 --- a/index.php +++ b/index.php @@ -27,13 +27,13 @@ Latest Thread get_latest_thread($dbc); + $latest_thread = $category->get_latest_thread(); echo ''; echo ''; diff --git a/manage_post.php b/manage_post.php index 9e04dd4..99f0ad4 100644 --- a/manage_post.php +++ b/manage_post.php @@ -1,7 +1,6 @@ get_from_database($_GET['id'], $dbc); + $result = $current->get_from_database($_GET['id']); if ($result == 0) { http_response_code(404); include_once './includes/templates/404.php'; @@ -26,7 +25,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); $post = new Post(); - $post->get_from_database($id, $dbc); + $post->get_from_database($id); if (strcasecmp($delete, "on") == 0) { delete_post($post); @@ -47,7 +46,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {

Manage a post

display_content($dbc); +echo get_post_content($current); echo '

'; $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); diff --git a/moderate.php b/moderate.php index 3b8d05d..68bf1b9 100644 --- a/moderate.php +++ b/moderate.php @@ -1,5 +1,4 @@ level == USER_LEVEL_MODERATOR) { if (strcasecmp($delete, "on") == 0) { $thread = new Thread(); - $thread->get_from_database($thread_id, $dbc); + $thread->get_from_database($thread_id); delete_thread($thread); header("Location: /"); diff --git a/register.php b/register.php index 050878e..02fbe58 100644 --- a/register.php +++ b/register.php @@ -20,31 +20,7 @@
'; } else { - $sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create account due to internal error: ' . mysqli_error($dbc)); - } - $pass_hash = password_hash($user_pass, PASSWORD_DEFAULT); - - mysqli_stmt_bind_param($stmt, "ss", $user_name, $pass_hash); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); - + register_user($user_name, $pass_hash); echo 'Account successfully registered! You can now sign in'; } } diff --git a/search.php b/search.php index 0732129..e5ef9db 100644 --- a/search.php +++ b/search.php @@ -27,7 +27,8 @@

'; echo '' . $thread->subject . ''; @@ -45,11 +46,11 @@ if (!isset($_GET['type'])) { } break; case 'post': - $posts = get_all_posts($dbc); + $posts = get_all_posts(); foreach ($posts as $post) { echo '

From ' . $post->thread->subject . '

'; - $post->display_content($dbc); + echo get_post_content($post); echo '

'; } break; diff --git a/signin.php b/signin.php index 9017d37..2c43309 100644 --- a/signin.php +++ b/signin.php @@ -18,8 +18,6 @@ '; } else { - $sql = "SELECT user_id, user_name, user_pass FROM users WHERE user_name = '" . $user_name . "';"; - $result = mysqli_query($dbc, $sql); + $user = new User(); + $result = $user->get_by_name($user_name); if (!$result) { - echo 'An error occurred while signing in: ' . mysqli_error($dbc); + echo 'There is no user with that name. Did you mean to create a new account?'; } else { - if (mysqli_num_rows($result) == 0) { - echo 'There is no user with that name. Did you mean to create a new account?'; + if (!password_verify($user_pass, $user->password)) { + echo 'Password does not match!'; } else { - while ($row = mysqli_fetch_assoc($result)) { - if (!password_verify($user_pass, $row['user_pass'])) { - echo 'Password does not match!'; - } else { - $_SESSION['signed_in'] = true; - $_SESSION['user_id'] = $row['user_id']; - $_SESSION['user_name'] = $row['user_name']; - - header("Location: index.php"); - } - } + Session::get()->sign_in($user); + header("Location: index.php"); } } } diff --git a/viewcategory.php b/viewcategory.php index 70733da..852148b 100644 --- a/viewcategory.php +++ b/viewcategory.php @@ -1,6 +1,6 @@ get_from_database($_GET['id'], $dbc); - if ($result == 0) { + $result = $current->get_from_database($_GET['id']); + if (!$result) { http_response_code(404); include('includes/templates/404.php'); die(); @@ -37,10 +37,10 @@ if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { Latest Post get_threads($dbc); + $threads = $current->get_threads(); foreach ($threads as $thread) { - $latest_post = $thread->get_latest_post($dbc); + $latest_post = $thread->get_latest_post(); echo ''; echo '' . $thread->subject . ''; diff --git a/viewthread.php b/viewthread.php index cc2d221..73a02ef 100644 --- a/viewthread.php +++ b/viewthread.php @@ -1,6 +1,5 @@ get_from_database($_GET['id'], $dbc); - if ($result == 0) { + $result = $current->get_from_database($_GET['id']); + + if (!$result) { http_response_code(404); include('includes/templates/404.php'); die(); @@ -58,10 +58,12 @@ if (Session::get()->is_signed_in()) { ?>

get_posts($dbc); +include './includes/functions_post.php'; + +$posts = $current->get_posts(); foreach ($posts as $post) { - $post->display_content($dbc); + echo get_post_content($post); } ?>

diff --git a/viewuser.php b/viewuser.php index 155b814..45f557a 100644 --- a/viewuser.php +++ b/viewuser.php @@ -1,6 +1,5 @@ Date: Sat, 24 Apr 2021 19:50:59 -0600 Subject: Use Session class instead of $_SESSION --- change_passw.php | 2 +- includes/model/Post.php | 37 ------------------------------------- includes/reply_inc.php | 2 +- viewthread.php | 3 +-- 4 files changed, 3 insertions(+), 41 deletions(-) diff --git a/change_passw.php b/change_passw.php index 9f39742..31e0e0d 100644 --- a/change_passw.php +++ b/change_passw.php @@ -5,7 +5,7 @@ include_once './includes/functions_user.php'; session_start(); -if ($_SERVER['REQUEST_METHOD'] == 'POST' and $_SESSION['signed_in']) { +if ($_SERVER['REQUEST_METHOD'] == 'POST' and Session::get()->is_signed_in()) { $errors = array(); $user_pass = ""; diff --git a/includes/model/Post.php b/includes/model/Post.php index 86373b6..67c7e4a 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -33,41 +33,4 @@ class Post return true; } - - function display_content($dbc) - { - echo ''; - - $post_content = $this->content; - $thread_id = $this->id; - - $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { - return create_quote($dbc, $thread_id, $matches); - }, $post_content); - - // Replace newline characters with HTML
tags - $post_content = nl2br($post_content); - - // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( - "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", - '
', $post_content); - // Replace Image URLs with embedded images. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', '

', $post_content); - // Replace other URLs with links. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); - - echo '' . $post_content . ''; - } } diff --git a/includes/reply_inc.php b/includes/reply_inc.php index 588b59f..873d516 100644 --- a/includes/reply_inc.php +++ b/includes/reply_inc.php @@ -7,7 +7,7 @@ if ($_SERVER['REQUEST_METHOD'] != 'POST') { die('This file cannot be called directly.'); } -if (!isset($_SESSION['signed_in'])) { +if (!Session::get()->is_signed_in()) { die('You must be signed in to reply to a thread.'); } diff --git a/viewthread.php b/viewthread.php index 73a02ef..812db0a 100644 --- a/viewthread.php +++ b/viewthread.php @@ -79,13 +79,12 @@ foreach ($posts as $post) { include_once 'includes/functions_post.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { - if (!isset($_SESSION['signed_in'])) { + if (!Session::get()->is_signed_in()) { echo 'You must be signed in to reply to this thread.'; return; } $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); - $user_id = filter_var($_SESSION['user_id'], FILTER_SANITIZE_NUMBER_INT); if (empty($post_content) or !$post_content) { echo 'Thread subject cannot be empty'; -- cgit v1.2.3 From 08561be92bbfafe149b758634f3df4d00ee310de Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 09:13:44 -0600 Subject: Only start session if it hasn't already been started --- includes/Session.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/includes/Session.php b/includes/Session.php index a9c1dc7..967b11b 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -6,7 +6,8 @@ class Session private function __construct() { - session_start(); + if (session_status() == PHP_SESSION_NONE) + session_start(); } public static function get() -- cgit v1.2.3 From 2d5cf9448edb1eb6785c1532ccb031b0ba0d1ef0 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 17:43:37 -0600 Subject: Remove old signout_inc.php file --- includes/Session.php | 6 ++++++ includes/signout_inc.php | 6 ------ includes/templates/header.php | 2 +- signout.php | 16 ++++++++++++++++ 4 files changed, 23 insertions(+), 7 deletions(-) delete mode 100644 includes/signout_inc.php create mode 100644 signout.php diff --git a/includes/Session.php b/includes/Session.php index 967b11b..7951d70 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -26,6 +26,12 @@ class Session $_SESSION['user_name'] = $user->name; } + public function sign_out() + { + session_unset(); + session_destroy(); + } + public function is_signed_in(): bool { return isset($_SESSION['signed_in']); diff --git a/includes/signout_inc.php b/includes/signout_inc.php deleted file mode 100644 index 7859c4f..0000000 --- a/includes/signout_inc.php +++ /dev/null @@ -1,6 +0,0 @@ -is_signed_in()) { $user = Session::get()->get_current_user(); - echo '[' . $user->name . '\'s Profile] [Log out]'; + echo '[' . $user->name . '\'s Profile] [Log out]'; } else { echo '[Sign in] or [Register an account]'; } diff --git a/signout.php b/signout.php new file mode 100644 index 0000000..035877b --- /dev/null +++ b/signout.php @@ -0,0 +1,16 @@ + + + + Sign out - cflip.net forums + + + +sign_out(); + +include_once './includes/templates/header.php'; +echo '

You have now been signed out

'; +?> + + \ No newline at end of file -- cgit v1.2.3 From df9177492976ba968a556a52cc155477652089dc Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 17:47:41 -0600 Subject: Reload page after submitting a reply to a thread --- create_thread.php | 1 - includes/reply_inc.php | 22 ---------------------- viewthread.php | 1 + 3 files changed, 1 insertion(+), 23 deletions(-) delete mode 100644 includes/reply_inc.php diff --git a/create_thread.php b/create_thread.php index 2ed323d..6fb7df9 100644 --- a/create_thread.php +++ b/create_thread.php @@ -56,7 +56,6 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { $thread_id = create_thread($thread_subject, $thread_cat); create_post($post_content, $thread_id, $thread_cat); - header("Location: viewthread.php?id=" . $thread_id); } } diff --git a/includes/reply_inc.php b/includes/reply_inc.php deleted file mode 100644 index 873d516..0000000 --- a/includes/reply_inc.php +++ /dev/null @@ -1,22 +0,0 @@ -is_signed_in()) { - die('You must be signed in to reply to a thread.'); -} - -$reply_content = filter_input(INPUT_POST, 'reply_content', FILTER_SANITIZE_STRING); -$thread_id = filter_input(INPUT_POST, 'reply_to', FILTER_SANITIZE_NUMBER_INT); - -$thread = new Thread(); -$thread->get_from_database($thread_id); - -create_post($reply_content, $thread_id, $thread->category); - -header("Location: ../thread.php?id=" . $_GET['reply_to']); \ No newline at end of file diff --git a/viewthread.php b/viewthread.php index 812db0a..e8eda06 100644 --- a/viewthread.php +++ b/viewthread.php @@ -90,6 +90,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo 'Thread subject cannot be empty'; } else { create_post($post_content, $current->id, $current->category->id); + header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $current->id); } } ?> -- cgit v1.2.3 From 0d163247b2cf93a8cefa638e4f134c85b29e91a6 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 17:48:17 -0600 Subject: Delete unused functions_display.php script --- includes/functions_display.php | 110 ----------------------------------------- 1 file changed, 110 deletions(-) delete mode 100644 includes/functions_display.php diff --git a/includes/functions_display.php b/includes/functions_display.php deleted file mode 100644 index 47ba188..0000000 --- a/includes/functions_display.php +++ /dev/null @@ -1,110 +0,0 @@ -'; - echo '

' . $row['cat_name'] . '

'; - echo $row['cat_description']; - if ($thread) { - echo '' . $thread['thread_subject'] . '
'; - echo 'by ' . $thread['user_name'] . ''; - } else { - $no_threads_msg = 'There are no threads in this category yet.'; - echo ''. $no_threads_msg .''; - } - } - - mysqli_stmt_close($stmt); - mysqli_free_result($thread_res); -} - -function display_threads($dbc, $sql_result, $show_category = false) { - $sql = "SELECT post_id, post_date, user_id, user_name FROM posts JOIN users ON post_author = user_id WHERE post_thread = ? ORDER BY post_id DESC LIMIT 1"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create thread due to internal error: ' . mysqli_error($dbc)); - } - - while ($row = mysqli_fetch_assoc($sql_result)) { - mysqli_stmt_bind_param($stmt, "i", $row['thread_id']); - mysqli_stmt_execute($stmt); - - $thread_res = mysqli_stmt_get_result($stmt); - $thread = mysqli_fetch_assoc($thread_res); - - echo ''; - echo '

' . $row['thread_subject'] . '

'; - echo 'by ' . $row['user_name'] . ' '; - if ($show_category) { - echo 'in ' . $row['cat_name'] . ' '; - } - echo 'on ' . date('M d, Y', strtotime($row['thread_date'])) . ''; - echo 'by ' . $thread['user_name'] . '
'; - echo '' . date('m/d/Y g:ia', strtotime($thread['post_date'])) . ''; - } - - mysqli_stmt_close($stmt); -} - -function add_quote($dbc, $thread_id, $matches) { - foreach ($matches as $match) { - $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT) - 1; - $sql = "SELECT post_content, post_author, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_thread = " . $thread_id . " LIMIT 1 OFFSET " . $id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - return '

'; - } - - $reply = mysqli_fetch_assoc($result); - - if (empty($reply)) { - return '

Invalid quote!

'; - } - - $id = $id + 1; - - return '

Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '

'; - } -} - -function display_posts($dbc, $thread_id, $sql_result) { - while ($row = mysqli_fetch_assoc($sql_result)) { - echo '#' . $row['post_id'] . ' Posted by ' . $row['user_name'] . ' on ' . date('m/d/Y g:ia', strtotime($row['post_date'])) . '
'; - - $post_content = $row['post_content']; - - $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return create_quote($dbc, $thread_id, $matches); - }, $post_content); - - // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( - "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", - '
', $post_content); - // Replace Image URLs with embedded images. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', '

', $post_content); - // Replace other URLs with links. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); - - echo $post_content; - } -} \ No newline at end of file -- cgit v1.2.3 From 553d46ae295e880b1bb024fe725870db21f4e61d Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 17:49:12 -0600 Subject: Add some coloured backgrounds for errors and successes --- styles/style.css | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/styles/style.css b/styles/style.css index 9e37f62..95d3a94 100644 --- a/styles/style.css +++ b/styles/style.css @@ -18,6 +18,24 @@ small { color: #dde; } +.success { + background-color: #efe; + margin: 8px 40px 14px 18px; + padding: 12px; + border: 1px solid #aea; + overflow: hidden; + border-radius: 5px; +} + +.error { + background-color: #fee; + margin: 8px 40px 14px 18px; + padding: 12px; + border: 1px solid #eaa; + overflow: hidden; + border-radius: 5px; +} + a:hover { color:#373737; text-decoration: none; -- cgit v1.2.3 From 5c3d6b49d5db5bb3504191933dd171b54219c2b3 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 17:50:21 -0600 Subject: Add some extra checks before changing a password --- includes/functions_user.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/includes/functions_user.php b/includes/functions_user.php index b2069a2..4ea1ad1 100644 --- a/includes/functions_user.php +++ b/includes/functions_user.php @@ -16,6 +16,16 @@ function register_user(string $username, string $pass_hash) function change_password(User $user, string $pass_hash) { + if (!Session::get()->is_signed_in()) { + trigger_error('You are not signed in.'); + return; + } + + if (Session::get()->get_current_user()->id != $user->id) { + trigger_error("You can't change another user's password."); + return; + } + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; Database::get()->query($sql, "si", $pass_hash, $user->id); } \ No newline at end of file -- cgit v1.2.3 From a09d9f377f5c055e42e5f21b5cdea64c2e2ca896 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 8 May 2021 17:28:53 -0600 Subject: Default user level --- includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/functions_user.php b/includes/functions_user.php index 4ea1ad1..690350a 100644 --- a/includes/functions_user.php +++ b/includes/functions_user.php @@ -10,7 +10,7 @@ function username_exists(string $username): bool function register_user(string $username, string $pass_hash) { - $sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());"; + $sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);"; Database::get()->query($sql, "ss", $username, $pass_hash); } -- cgit v1.2.3

Page Not Found

cflip.net forumbeta

Welcome to the cflip.net forum!

Categories

Welcome to the cflip.net forum!

Categories

Register an account

Sign in

Page Not Found

cflip.net forumbeta

name; ?>

Threads

name; ?>

Threads

subject; ?>

subject; ?>

Reply to this thread

Reply to this thread

Create a new thread

Manage a post

Manage a post

Edit post

Edit post

Register an account

Search cflip.net forum

Search cflip.net forum

From ' . $post->thread->subject . '

Could not search: Invalid type!

From ' . $post->thread->subject . '

Could not search: Invalid type!

Sign in

Sign in

name; ?>

name; ?>

Change your password

You must be logged in to change your password.

Change your password

Manage a post

From ' . $post->thread->subject . '

' . $row['cat_name'] . '

' . $row['thread_subject'] . '

cflip.net forum^beta

cflip.net forum^beta