From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Fri, 23 Apr 2021 18:43:12 -0600
Subject: Refactoring part 1
---
includes/model/Post.php | 121 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 121 insertions(+)
create mode 100644 includes/model/Post.php
(limited to 'includes/model/Post.php')
diff --git a/includes/model/Post.php b/includes/model/Post.php
new file mode 100644
index 0000000..34d6a79
--- /dev/null
+++ b/includes/model/Post.php
@@ -0,0 +1,121 @@
+';
+ }
+
+ $reply = mysqli_fetch_assoc($result);
+
+ if (empty($reply)) {
+ return '
This post has been deleted
';
+ }
+
+ return 'Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
';
+ }
+}
+
+class Post {
+ public $id;
+ public $content;
+ public $date_created;
+ public $date_edited;
+ public $thread;
+ public $author;
+
+ function get_from_database($id, $dbc) {
+ // TODO: Potential SQL injection risk?
+ $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id);
+ $result = mysqli_query($dbc, $sql);
+
+ if (!$result) {
+ echo 'Failed to get post: ' . mysqli_error($dbc);
+ }
+
+ if (mysqli_num_rows($result) == 0) {
+ return 0;
+ } else {
+ while ($row = mysqli_fetch_assoc($result)) {
+ $this->id = $id;
+ $this->content = $row['post_content'];
+ $this->date_created = $row['post_date_created'];
+ $this->date_edited = $row['post_date_edited'];
+
+ $this->thread = new Thread();
+ $this->thread->get_from_database($row['post_thread'], $dbc);
+
+ $this->author = new User();
+ $this->author->get_by_id($row['post_author'], $dbc);
+ }
+ }
+
+ mysqli_free_result($result);
+ return 1;
+ }
+
+ function display_content($dbc) {
+ echo '';
+
+ $post_content = $this->content;
+ $thread_id = $this->id;
+
+ $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
+ return add_quote($dbc, $thread_id, $matches);
+ }, $post_content);
+
+ // Replace newline characters with HTML
tags
+ $post_content = nl2br($post_content);
+
+ // Replace YouTube URLs with embedded YouTube videos.
+ $post_content = preg_replace(
+ "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
+ '
', $post_content);
+ // Replace Image URLs with embedded images.
+ $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:\w+>|/?>))@i', '
', $post_content);
+ // Replace other URLs with links.
+ $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:\w+>|/?>))@i', '$0', $post_content);
+
+ echo '' . $post_content . '';
+ }
+}
+
+function get_all_posts($dbc) {
+ $sql = "SELECT post_id FROM posts";
+ $result = mysqli_query($dbc, $sql);
+
+ if (!$result) {
+ echo 'Failed to get posts: ' . mysqli_error($dbc);
+ }
+
+ $posts = array();
+
+ if (mysqli_num_rows($result) == 0) {
+ } else {
+ while ($row = mysqli_fetch_assoc($result)) {
+ $post = new Post();
+ $post->get_from_database($row['post_id'], $dbc);
+ array_push($posts, $post);
+ }
+ }
+
+ mysqli_free_result($result);
+ return $posts;
+}
--
cgit v1.2.3
From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Sat, 24 Apr 2021 19:40:50 -0600
Subject: Remove all uses of db_inc.php
This method of importing the database login every time wasn't very good.
Now everything uses the new Database singleton class.
---
includes/model/Post.php | 100 +++++++++++++-----------------------------------
1 file changed, 26 insertions(+), 74 deletions(-)
(limited to 'includes/model/Post.php')
diff --git a/includes/model/Post.php b/includes/model/Post.php
index 34d6a79..86373b6 100644
--- a/includes/model/Post.php
+++ b/includes/model/Post.php
@@ -2,27 +2,8 @@
include_once 'Thread.php';
-function add_quote($dbc, $thread_id, $matches) {
- foreach ($matches as $match) {
- $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
- $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id;
- $result = mysqli_query($dbc, $sql);
-
- if (!$result) {
- return '';
- }
-
- $reply = mysqli_fetch_assoc($result);
-
- if (empty($reply)) {
- return 'This post has been deleted
';
- }
-
- return 'Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
';
- }
-}
-
-class Post {
+class Post
+{
public $id;
public $content;
public $date_created;
@@ -30,39 +11,33 @@ class Post {
public $thread;
public $author;
- function get_from_database($id, $dbc) {
- // TODO: Potential SQL injection risk?
- $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id);
- $result = mysqli_query($dbc, $sql);
-
- if (!$result) {
- echo 'Failed to get post: ' . mysqli_error($dbc);
+ function get_from_database($id): bool
+ {
+ $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;";
+ $result = Database::get()->query($sql, "i", $id);
+
+ if (empty($result)) {
+ return false;
}
-
- if (mysqli_num_rows($result) == 0) {
- return 0;
- } else {
- while ($row = mysqli_fetch_assoc($result)) {
- $this->id = $id;
- $this->content = $row['post_content'];
- $this->date_created = $row['post_date_created'];
- $this->date_edited = $row['post_date_edited'];
- $this->thread = new Thread();
- $this->thread->get_from_database($row['post_thread'], $dbc);
+ $this->id = $id;
+ $this->content = $result[0]['post_content'];
+ $this->date_created = $result[0]['post_date_created'];
+ $this->date_edited = $result[0]['post_date_edited'];
- $this->author = new User();
- $this->author->get_by_id($row['post_author'], $dbc);
- }
- }
+ $this->thread = new Thread();
+ $this->thread->get_from_database($result[0]['post_thread']);
+
+ $this->author = new User();
+ $this->author->get_by_id($result[0]['post_author']);
- mysqli_free_result($result);
- return 1;
+ return true;
}
- function display_content($dbc) {
+ function display_content($dbc)
+ {
echo '';
$post_content = $this->content;
$thread_id = $this->id;
- $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
- return add_quote($dbc, $thread_id, $matches);
+ $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) {
+ return create_quote($dbc, $thread_id, $matches);
}, $post_content);
// Replace newline characters with HTML
tags
$post_content = nl2br($post_content);
// Replace YouTube URLs with embedded YouTube videos.
- $post_content = preg_replace(
+ $post_content = preg_replace(
"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
'
', $post_content);
// Replace Image URLs with embedded images.
@@ -96,26 +71,3 @@ class Post {
echo '' . $post_content . '';
}
}
-
-function get_all_posts($dbc) {
- $sql = "SELECT post_id FROM posts";
- $result = mysqli_query($dbc, $sql);
-
- if (!$result) {
- echo 'Failed to get posts: ' . mysqli_error($dbc);
- }
-
- $posts = array();
-
- if (mysqli_num_rows($result) == 0) {
- } else {
- while ($row = mysqli_fetch_assoc($result)) {
- $post = new Post();
- $post->get_from_database($row['post_id'], $dbc);
- array_push($posts, $post);
- }
- }
-
- mysqli_free_result($result);
- return $posts;
-}
--
cgit v1.2.3
From fe3e6194d33d63f149f2a362adf325019278d61e Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Sat, 24 Apr 2021 19:50:59 -0600
Subject: Use Session class instead of $_SESSION
---
includes/model/Post.php | 37 -------------------------------------
1 file changed, 37 deletions(-)
(limited to 'includes/model/Post.php')
diff --git a/includes/model/Post.php b/includes/model/Post.php
index 86373b6..67c7e4a 100644
--- a/includes/model/Post.php
+++ b/includes/model/Post.php
@@ -33,41 +33,4 @@ class Post
return true;
}
-
- function display_content($dbc)
- {
- echo '';
-
- $post_content = $this->content;
- $thread_id = $this->id;
-
- $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) {
- return create_quote($dbc, $thread_id, $matches);
- }, $post_content);
-
- // Replace newline characters with HTML
tags
- $post_content = nl2br($post_content);
-
- // Replace YouTube URLs with embedded YouTube videos.
- $post_content = preg_replace(
- "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
- '
', $post_content);
- // Replace Image URLs with embedded images.
- $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:\w+>|/?>))@i', '
', $post_content);
- // Replace other URLs with links.
- $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:\w+>|/?>))@i', '$0', $post_content);
-
- echo '' . $post_content . '';
- }
}
--
cgit v1.2.3