From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Fri, 23 Apr 2021 18:43:12 -0600 Subject: Refactoring part 1 --- includes/model/Post.php | 121 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 includes/model/Post.php (limited to 'includes/model/Post.php') diff --git a/includes/model/Post.php b/includes/model/Post.php new file mode 100644 index 0000000..34d6a79 --- /dev/null +++ b/includes/model/Post.php @@ -0,0 +1,121 @@ +'; + } + + $reply = mysqli_fetch_assoc($result); + + if (empty($reply)) { + return '
This post has been deleted
'; + } + + return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; + } +} + +class Post { + public $id; + public $content; + public $date_created; + public $date_edited; + public $thread; + public $author; + + function get_from_database($id, $dbc) { + // TODO: Potential SQL injection risk? + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get post: ' . mysqli_error($dbc); + } + + if (mysqli_num_rows($result) == 0) { + return 0; + } else { + while ($row = mysqli_fetch_assoc($result)) { + $this->id = $id; + $this->content = $row['post_content']; + $this->date_created = $row['post_date_created']; + $this->date_edited = $row['post_date_edited']; + + $this->thread = new Thread(); + $this->thread->get_from_database($row['post_thread'], $dbc); + + $this->author = new User(); + $this->author->get_by_id($row['post_author'], $dbc); + } + } + + mysqli_free_result($result); + return 1; + } + + function display_content($dbc) { + echo '
#' . $this->id . ''; + echo ' Posted by ' . $this->author->name . ''; + echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); + if (!is_null($this->date_edited)) { + echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; + } + if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { + echo ''; + echo '[Edit/Delete] '; + echo''; + } + echo '
'; + + $post_content = $this->content; + $thread_id = $this->id; + + $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { + return add_quote($dbc, $thread_id, $matches); + }, $post_content); + + // Replace newline characters with HTML
tags + $post_content = nl2br($post_content); + + // Replace YouTube URLs with embedded YouTube videos. + $post_content = preg_replace( + "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", + '
', $post_content); + // Replace Image URLs with embedded images. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', 'http$2://$3', $post_content); + // Replace other URLs with links. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); + + echo '' . $post_content . ''; + } +} + +function get_all_posts($dbc) { + $sql = "SELECT post_id FROM posts"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get posts: ' . mysqli_error($dbc); + } + + $posts = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + array_push($posts, $post); + } + } + + mysqli_free_result($result); + return $posts; +} -- cgit v1.2.3 From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:40:50 -0600 Subject: Remove all uses of db_inc.php This method of importing the database login every time wasn't very good. Now everything uses the new Database singleton class. --- includes/model/Post.php | 100 +++++++++++++----------------------------------- 1 file changed, 26 insertions(+), 74 deletions(-) (limited to 'includes/model/Post.php') diff --git a/includes/model/Post.php b/includes/model/Post.php index 34d6a79..86373b6 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -2,27 +2,8 @@ include_once 'Thread.php'; -function add_quote($dbc, $thread_id, $matches) { - foreach ($matches as $match) { - $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); - $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - return '
'; - } - - $reply = mysqli_fetch_assoc($result); - - if (empty($reply)) { - return '
This post has been deleted
'; - } - - return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; - } -} - -class Post { +class Post +{ public $id; public $content; public $date_created; @@ -30,39 +11,33 @@ class Post { public $thread; public $author; - function get_from_database($id, $dbc) { - // TODO: Potential SQL injection risk? - $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get post: ' . mysqli_error($dbc); + function get_from_database($id): bool + { + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->content = $row['post_content']; - $this->date_created = $row['post_date_created']; - $this->date_edited = $row['post_date_edited']; - $this->thread = new Thread(); - $this->thread->get_from_database($row['post_thread'], $dbc); + $this->id = $id; + $this->content = $result[0]['post_content']; + $this->date_created = $result[0]['post_date_created']; + $this->date_edited = $result[0]['post_date_edited']; - $this->author = new User(); - $this->author->get_by_id($row['post_author'], $dbc); - } - } + $this->thread = new Thread(); + $this->thread->get_from_database($result[0]['post_thread']); + + $this->author = new User(); + $this->author->get_by_id($result[0]['post_author']); - mysqli_free_result($result); - return 1; + return true; } - function display_content($dbc) { + function display_content($dbc) + { echo '
#' . $this->id . ''; - echo ' Posted by ' . $this->author->name . ''; + echo ' Posted by ' . $this->author->name . ''; echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); if (!is_null($this->date_edited)) { echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; @@ -70,22 +45,22 @@ class Post { if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { echo ''; echo '[Edit/Delete] '; - echo''; + echo ''; } echo '
'; $post_content = $this->content; $thread_id = $this->id; - $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace newline characters with HTML
tags $post_content = nl2br($post_content); // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( + $post_content = preg_replace( "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", '
', $post_content); // Replace Image URLs with embedded images. @@ -96,26 +71,3 @@ class Post { echo '' . $post_content . ''; } } - -function get_all_posts($dbc) { - $sql = "SELECT post_id FROM posts"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get posts: ' . mysqli_error($dbc); - } - - $posts = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } - } - - mysqli_free_result($result); - return $posts; -} -- cgit v1.2.3 From fe3e6194d33d63f149f2a362adf325019278d61e Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:50:59 -0600 Subject: Use Session class instead of $_SESSION --- includes/model/Post.php | 37 ------------------------------------- 1 file changed, 37 deletions(-) (limited to 'includes/model/Post.php') diff --git a/includes/model/Post.php b/includes/model/Post.php index 86373b6..67c7e4a 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -33,41 +33,4 @@ class Post return true; } - - function display_content($dbc) - { - echo '
#' . $this->id . ''; - echo ' Posted by ' . $this->author->name . ''; - echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); - if (!is_null($this->date_edited)) { - echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; - } - if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { - echo ''; - echo '[Edit/Delete] '; - echo ''; - } - echo '
'; - - $post_content = $this->content; - $thread_id = $this->id; - - $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { - return create_quote($dbc, $thread_id, $matches); - }, $post_content); - - // Replace newline characters with HTML
tags - $post_content = nl2br($post_content); - - // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( - "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", - '
', $post_content); - // Replace Image URLs with embedded images. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', 'http$2://$3', $post_content); - // Replace other URLs with links. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); - - echo '' . $post_content . ''; - } } -- cgit v1.2.3