From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Sat, 24 Apr 2021 19:40:50 -0600
Subject: Remove all uses of db_inc.php

This method of importing the database login every time wasn't very good.
Now everything uses the new Database singleton class.
---
 includes/model/Category.php | 111 +++++++++++++-----------------------------
 includes/model/Post.php     | 100 ++++++++++----------------------------
 includes/model/Thread.php   | 114 +++++++++++++-------------------------------
 includes/model/User.php     |  36 ++++++--------
 4 files changed, 106 insertions(+), 255 deletions(-)

(limited to 'includes/model')

diff --git a/includes/model/Category.php b/includes/model/Category.php
index b7c46d9..ed53bdc 100644
--- a/includes/model/Category.php
+++ b/includes/model/Category.php
@@ -2,102 +2,55 @@
 
 include_once 'Thread.php';
 
-class Category {
+class Category
+{
 	public $id = 0;
 	public $name = 'Unknown';
 	public $description = 'This category does not exist';
 	public $thread_count = 0;
 	public $post_count = 0;
 
-	function get_from_database($id, $dbc) {
-		$sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $id);
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Failed to get category: ' . mysqli_error($dbc);
-		}
-	
-		if (mysqli_num_rows($result) == 0) {
-			return 0;
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $id;
-				$this->name = $row['cat_name'];
-				$this->description = $row['cat_description'];
-				$this->thread_count = $row['cat_thread_count'];
-				$this->post_count = $row['cat_post_count'];
-			}
+	function get_from_database($id): bool
+	{
+		$sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;";
+		$result = Database::get()->query($sql, "i", $id);
+
+		if (empty($result)) {
+			return false;
 		}
-	
-		mysqli_free_result($result);
-		return 1;
+
+		$this->id = $id;
+		$this->name = $result[0]['cat_name'];
+		$this->description = $result[0]['cat_description'];
+		$this->thread_count = $result[0]['cat_thread_count'];
+		$this->post_count = $result[0]['cat_post_count'];
+
+		return true;
 	}
 
-	function get_threads($dbc) {
-		$sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC";
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Could not get threads from category: ' . mysqli_error($dbc);
-		}
-	
+	function get_threads(): array
+	{
+		$sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC";
+		$result = Database::get()->query($sql, "i", $this->id);
 		$threads = array();
 
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$thread = new Thread();
-				$thread->get_from_database($row['thread_id'], $dbc);
-				array_push($threads, $thread);
-			}
+		foreach ($result as $row) {
+			$thread = new Thread();
+			$thread->get_from_database($row['thread_id']);
+			array_push($threads, $thread);
 		}
 
-		mysqli_free_result($result);
 		return $threads;
 	}
 
-	function get_latest_thread($dbc) {
-		$sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1";
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Could not get thread from category: ' . mysqli_error($dbc);
-		}
-	
-		$thread = null;
-		
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$thread = new Thread();
-				$thread->get_from_database($row['thread_id'], $dbc);
-			}
-		}
+	function get_latest_thread(): Thread
+	{
+		$sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1";
+		$result = Database::get()->query($sql, "i", $this->id);
+
+		$thread = new Thread();
+		$thread->get_from_database($result[0]['thread_id']);
 
-		mysqli_free_result($result);
 		return $thread;
 	}
 }
-
-function get_all_categories($dbc) {
-	$sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;";
-	$result = mysqli_query($dbc, $sql);
-	
-	if (!$result) {
-		echo 'Failed to get categories: ' . mysqli_error($dbc);
-	}
-
-	$categories = array();
-
-	if (mysqli_num_rows($result) == 0) {
-	} else {
-		while ($row = mysqli_fetch_assoc($result)) {
-			$category = new Category();
-			$category->get_from_database($row['cat_id'], $dbc);
-			array_push($categories, $category);
-		}
-	}
-
-	mysqli_free_result($result);
-	return $categories;
-}
\ No newline at end of file
diff --git a/includes/model/Post.php b/includes/model/Post.php
index 34d6a79..86373b6 100644
--- a/includes/model/Post.php
+++ b/includes/model/Post.php
@@ -2,27 +2,8 @@
 
 include_once 'Thread.php';
 
-function add_quote($dbc, $thread_id, $matches) {
-	foreach ($matches as $match) {
-		$id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
-		$sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id;
-		$result = mysqli_query($dbc, $sql);
-
-		if (!$result) {
-			return '<blockquote></blockquote>';
-		}
-
-		$reply = mysqli_fetch_assoc($result);
-
-		if (empty($reply)) {
-			return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
-		}
-
-		return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id .'">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
-	}
-}
-
-class Post {
+class Post
+{
 	public $id;
 	public $content;
 	public $date_created;
@@ -30,39 +11,33 @@ class Post {
 	public $thread;
 	public $author;
 
-	function get_from_database($id, $dbc) {
-		// TODO: Potential SQL injection risk?
-		$sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id);
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Failed to get post: ' . mysqli_error($dbc);
+	function get_from_database($id): bool
+	{
+		$sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;";
+		$result = Database::get()->query($sql, "i", $id);
+
+		if (empty($result)) {
+			return false;
 		}
-	
-		if (mysqli_num_rows($result) == 0) {
-			return 0;
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $id;
-				$this->content = $row['post_content'];
-				$this->date_created = $row['post_date_created'];
-				$this->date_edited = $row['post_date_edited'];
 
-				$this->thread = new Thread();
-				$this->thread->get_from_database($row['post_thread'], $dbc);
+		$this->id = $id;
+		$this->content = $result[0]['post_content'];
+		$this->date_created = $result[0]['post_date_created'];
+		$this->date_edited = $result[0]['post_date_edited'];
 
-				$this->author = new User();
-				$this->author->get_by_id($row['post_author'], $dbc);
-			}
-		}
+		$this->thread = new Thread();
+		$this->thread->get_from_database($result[0]['post_thread']);
+
+		$this->author = new User();
+		$this->author->get_by_id($result[0]['post_author']);
 
-		mysqli_free_result($result);
-		return 1;
+		return true;
 	}
 
-	function display_content($dbc) {
+	function display_content($dbc)
+	{
 		echo '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
-		echo ' Posted by <a href="viewuser.php?id='. $this->author->id . '">' . $this->author->name . '</a>';
+		echo ' Posted by <a href="viewuser.php?id=' . $this->author->id . '">' . $this->author->name . '</a>';
 		echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
 		if (!is_null($this->date_edited)) {
 			echo ' <small>edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . '</small>';
@@ -70,22 +45,22 @@ class Post {
 		if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) {
 			echo '<span style="float:right;">';
 			echo '[<a href="manage_post.php?id=' . $this->id . '">Edit/Delete</a>] ';
-			echo'</span>';
+			echo '</span>';
 		}
 		echo '</div>';
 
 		$post_content = $this->content;
 		$thread_id = $this->id;
 
-		$post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
-			return add_quote($dbc, $thread_id, $matches);
+		$post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) {
+			return create_quote($dbc, $thread_id, $matches);
 		}, $post_content);
 
 		// Replace newline characters with HTML <br> tags
 		$post_content = nl2br($post_content);
 
 		// Replace YouTube URLs with embedded YouTube videos.
-		$post_content =  preg_replace(
+		$post_content = preg_replace(
 			"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
 			'<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $post_content);
 		// Replace Image URLs with embedded images.
@@ -96,26 +71,3 @@ class Post {
 		echo '<span class="post-content">' . $post_content . '</span>';
 	}
 }
-
-function get_all_posts($dbc) {
-	$sql = "SELECT post_id FROM posts";
-	$result = mysqli_query($dbc, $sql);
-	
-	if (!$result) {
-		echo 'Failed to get posts: ' . mysqli_error($dbc);
-	}
-
-	$posts = array();
-
-	if (mysqli_num_rows($result) == 0) {
-	} else {
-		while ($row = mysqli_fetch_assoc($result)) {
-			$post = new Post();
-			$post->get_from_database($row['post_id'], $dbc);
-			array_push($posts, $post);
-		}
-	}
-
-	mysqli_free_result($result);
-	return $posts;
-}
diff --git a/includes/model/Thread.php b/includes/model/Thread.php
index a9dc690..cfe10d6 100644
--- a/includes/model/Thread.php
+++ b/includes/model/Thread.php
@@ -4,7 +4,8 @@ include_once 'Category.php';
 include_once 'User.php';
 include_once 'Post.php';
 
-class Thread {
+class Thread
+{
 	public $id = 0;
 	public $subject = 'Unknown thread';
 	public $date_created = 0;
@@ -12,100 +13,53 @@ class Thread {
 	public $category;
 	public $author;
 
-	function get_from_database($id, $dbc) {
-		$sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = " . mysqli_real_escape_string($dbc, $id);
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			die('Error trying to display thread page: ' . mysqli_error($dbc));
+	function get_from_database($id): bool
+	{
+		$sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = ?;";
+		$result = Database::get()->query($sql, "i", $id);
+
+		if (empty($result)) {
+			return false;
 		}
-	
-		if (mysqli_num_rows($result) == 0) {
-			return 0;
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $id;
-				$this->subject = $row['thread_subject'];
-				$this->date_created = $row['thread_date_created'];
-				$this->date_lastpost = $row['thread_date_lastpost'];
 
-				$this->category = new Category();
-				$this->category->get_from_database($row['thread_category'], $dbc);
+		$this->id = $id;
+		$this->subject = $result[0]['thread_subject'];
+		$this->date_created = $result[0]['thread_date_created'];
+		$this->date_lastpost = $result[0]['thread_date_lastpost'];
 
-				$this->author = new User();
-				$this->author->get_by_id($row['thread_author'], $dbc);
-			}
-		}
+		$this->category = new Category();
+		$this->category->get_from_database($result[0]['thread_category']);
 
-		mysqli_free_result($result);
-		return 1;
+		$this->author = new User();
+		$this->author->get_by_id($result[0]['thread_author']);
+
+		return true;
 	}
 
-	function get_posts($dbc) {
-		$sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id;
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Could not get posts from thread: ' . mysqli_error($dbc);
-		}
-	
+	function get_posts(): array
+	{
+		$sql = "SELECT post_id FROM posts WHERE post_thread = ?";
+		$result = Database::get()->query($sql, "i", $this->id);
+
 		$posts = array();
 
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$post = new Post();
-				$post->get_from_database($row['post_id'], $dbc);
-				array_push($posts, $post);
-			}
+		foreach ($result as $row) {
+			$post = new Post();
+			$post->get_from_database($row['post_id']);
+			array_push($posts, $post);
 		}
 
-		mysqli_free_result($result);
 		return $posts;
 	}
 
-	function get_latest_post($dbc) {
-		$sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1";
-		$result = mysqli_query($dbc, $sql);
-	
-		if (!$result) {
-			echo 'Could not get post from category: ' . mysqli_error($dbc);
-		}
-	
-		$post = null;
+	function get_latest_post(): Post
+	{
+		$sql = "SELECT post_id FROM posts WHERE post_thread = ? ORDER BY post_date_created DESC LIMIT 1";
+		$result = Database::get()->query($sql, "i", $this->id);
 
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$post = new Post();
-				$post->get_from_database($row['post_id'], $dbc);
-			}
-		}
+		$post = new Post();
+		$post->get_from_database($result[0]['post_id']);
 
-		mysqli_free_result($result);
 		return $post;
 	}
 }
-
-function get_all_threads($dbc) {
-	$sql = "SELECT thread_id FROM threads";
-	$result = mysqli_query($dbc, $sql);
-	
-	if (!$result) {
-		echo 'Failed to get threads: ' . mysqli_error($dbc);
-	}
-
-	$threads = array();
-
-	if (mysqli_num_rows($result) == 0) {
-	} else {
-		while ($row = mysqli_fetch_assoc($result)) {
-			$thread = new Thread();
-			$thread->get_from_database($row['thread_id'], $dbc);
-			array_push($threads, $thread);
-		}
-	}
-
-	mysqli_free_result($result);
-	return $threads;
-}
diff --git a/includes/model/User.php b/includes/model/User.php
index c780ff0..f2bd23d 100644
--- a/includes/model/User.php
+++ b/includes/model/User.php
@@ -7,44 +7,36 @@ class User
 {
 	public $id;
 	public $name = 'Unknown';
+	public $password;
 	public $date = 0;
 	public $level = 0;
 
-	function get_by_name($name, $dbc)
+	function get_by_name($name): bool
 	{
-		$sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?";
-		$stmt = mysqli_stmt_init($dbc);
+		$sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?";
+		$result = Database::get()->query($sql, "s", $name);
 
-		if (!mysqli_stmt_prepare($stmt, $sql)) {
-			echo 'Failed to get user: ' . mysqli_error($dbc);
+		if (empty($result)) {
+			return false;
 		}
 
-		mysqli_stmt_bind_param($stmt, "s", $name);
-		mysqli_stmt_execute($stmt);
-
-		$result = mysqli_stmt_get_result($stmt);
-
-		if (mysqli_num_rows($result) == 0) {
-		} else {
-			while ($row = mysqli_fetch_assoc($result)) {
-				$this->id = $row['user_id'];
-				$this->name = $name;
-				$this->date = $row['user_date'];
-				$this->level = $row['user_level'];
-			}
-		}
+		$this->id = $result[0]['user_id'];
+		$this->name = $name;
+		$this->password = $result[0]['user_pass'];
+		$this->date = $result[0]['user_date'];
+		$this->level = $result[0]['user_level'];
 
-		mysqli_free_result($result);
-		mysqli_stmt_close($stmt);
+		return true;
 	}
 
 	function get_by_id($id)
 	{
-		$sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;";
+		$sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;";
 		$result = Database::get()->query($sql, "i", $id);
 
 		$this->id = $id;
 		$this->name = $result[0]['user_name'];
+		$this->password = $result[0]['user_pass'];
 		$this->date = $result[0]['user_date'];
 		$this->level = $result[0]['user_level'];
 	}
-- 
cgit v1.2.3