From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Fri, 23 Apr 2021 18:43:12 -0600
Subject: Refactoring part 1

---
 includes/model/Category.php | 103 +++++++++++++++++++++++++++++++++++++
 includes/model/Post.php     | 121 ++++++++++++++++++++++++++++++++++++++++++++
 includes/model/Thread.php   | 111 ++++++++++++++++++++++++++++++++++++++++
 includes/model/User.php     |  59 +++++++++++++++++++++
 4 files changed, 394 insertions(+)
 create mode 100644 includes/model/Category.php
 create mode 100644 includes/model/Post.php
 create mode 100644 includes/model/Thread.php
 create mode 100644 includes/model/User.php

(limited to 'includes/model')

diff --git a/includes/model/Category.php b/includes/model/Category.php
new file mode 100644
index 0000000..b7c46d9
--- /dev/null
+++ b/includes/model/Category.php
@@ -0,0 +1,103 @@
+<?php
+
+include_once 'Thread.php';
+
+class Category {
+	public $id = 0;
+	public $name = 'Unknown';
+	public $description = 'This category does not exist';
+	public $thread_count = 0;
+	public $post_count = 0;
+
+	function get_from_database($id, $dbc) {
+		$sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $id);
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Failed to get category: ' . mysqli_error($dbc);
+		}
+	
+		if (mysqli_num_rows($result) == 0) {
+			return 0;
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $id;
+				$this->name = $row['cat_name'];
+				$this->description = $row['cat_description'];
+				$this->thread_count = $row['cat_thread_count'];
+				$this->post_count = $row['cat_post_count'];
+			}
+		}
+	
+		mysqli_free_result($result);
+		return 1;
+	}
+
+	function get_threads($dbc) {
+		$sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC";
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Could not get threads from category: ' . mysqli_error($dbc);
+		}
+	
+		$threads = array();
+
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$thread = new Thread();
+				$thread->get_from_database($row['thread_id'], $dbc);
+				array_push($threads, $thread);
+			}
+		}
+
+		mysqli_free_result($result);
+		return $threads;
+	}
+
+	function get_latest_thread($dbc) {
+		$sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1";
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Could not get thread from category: ' . mysqli_error($dbc);
+		}
+	
+		$thread = null;
+		
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$thread = new Thread();
+				$thread->get_from_database($row['thread_id'], $dbc);
+			}
+		}
+
+		mysqli_free_result($result);
+		return $thread;
+	}
+}
+
+function get_all_categories($dbc) {
+	$sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;";
+	$result = mysqli_query($dbc, $sql);
+	
+	if (!$result) {
+		echo 'Failed to get categories: ' . mysqli_error($dbc);
+	}
+
+	$categories = array();
+
+	if (mysqli_num_rows($result) == 0) {
+	} else {
+		while ($row = mysqli_fetch_assoc($result)) {
+			$category = new Category();
+			$category->get_from_database($row['cat_id'], $dbc);
+			array_push($categories, $category);
+		}
+	}
+
+	mysqli_free_result($result);
+	return $categories;
+}
\ No newline at end of file
diff --git a/includes/model/Post.php b/includes/model/Post.php
new file mode 100644
index 0000000..34d6a79
--- /dev/null
+++ b/includes/model/Post.php
@@ -0,0 +1,121 @@
+<?php
+
+include_once 'Thread.php';
+
+function add_quote($dbc, $thread_id, $matches) {
+	foreach ($matches as $match) {
+		$id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
+		$sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id;
+		$result = mysqli_query($dbc, $sql);
+
+		if (!$result) {
+			return '<blockquote></blockquote>';
+		}
+
+		$reply = mysqli_fetch_assoc($result);
+
+		if (empty($reply)) {
+			return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
+		}
+
+		return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id .'">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
+	}
+}
+
+class Post {
+	public $id;
+	public $content;
+	public $date_created;
+	public $date_edited;
+	public $thread;
+	public $author;
+
+	function get_from_database($id, $dbc) {
+		// TODO: Potential SQL injection risk?
+		$sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id);
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Failed to get post: ' . mysqli_error($dbc);
+		}
+	
+		if (mysqli_num_rows($result) == 0) {
+			return 0;
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $id;
+				$this->content = $row['post_content'];
+				$this->date_created = $row['post_date_created'];
+				$this->date_edited = $row['post_date_edited'];
+
+				$this->thread = new Thread();
+				$this->thread->get_from_database($row['post_thread'], $dbc);
+
+				$this->author = new User();
+				$this->author->get_by_id($row['post_author'], $dbc);
+			}
+		}
+
+		mysqli_free_result($result);
+		return 1;
+	}
+
+	function display_content($dbc) {
+		echo '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
+		echo ' Posted by <a href="viewuser.php?id='. $this->author->id . '">' . $this->author->name . '</a>';
+		echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
+		if (!is_null($this->date_edited)) {
+			echo ' <small>edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . '</small>';
+		}
+		if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) {
+			echo '<span style="float:right;">';
+			echo '[<a href="manage_post.php?id=' . $this->id . '">Edit/Delete</a>] ';
+			echo'</span>';
+		}
+		echo '</div>';
+
+		$post_content = $this->content;
+		$thread_id = $this->id;
+
+		$post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
+			return add_quote($dbc, $thread_id, $matches);
+		}, $post_content);
+
+		// Replace newline characters with HTML <br> tags
+		$post_content = nl2br($post_content);
+
+		// Replace YouTube URLs with embedded YouTube videos.
+		$post_content =  preg_replace(
+			"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
+			'<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $post_content);
+		// Replace Image URLs with embedded images.
+		$post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $post_content);
+		// Replace other URLs with links.
+		$post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $post_content);
+
+		echo '<span class="post-content">' . $post_content . '</span>';
+	}
+}
+
+function get_all_posts($dbc) {
+	$sql = "SELECT post_id FROM posts";
+	$result = mysqli_query($dbc, $sql);
+	
+	if (!$result) {
+		echo 'Failed to get posts: ' . mysqli_error($dbc);
+	}
+
+	$posts = array();
+
+	if (mysqli_num_rows($result) == 0) {
+	} else {
+		while ($row = mysqli_fetch_assoc($result)) {
+			$post = new Post();
+			$post->get_from_database($row['post_id'], $dbc);
+			array_push($posts, $post);
+		}
+	}
+
+	mysqli_free_result($result);
+	return $posts;
+}
diff --git a/includes/model/Thread.php b/includes/model/Thread.php
new file mode 100644
index 0000000..a9dc690
--- /dev/null
+++ b/includes/model/Thread.php
@@ -0,0 +1,111 @@
+<?php
+
+include_once 'Category.php';
+include_once 'User.php';
+include_once 'Post.php';
+
+class Thread {
+	public $id = 0;
+	public $subject = 'Unknown thread';
+	public $date_created = 0;
+	public $date_lastpost = 0;
+	public $category;
+	public $author;
+
+	function get_from_database($id, $dbc) {
+		$sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = " . mysqli_real_escape_string($dbc, $id);
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			die('Error trying to display thread page: ' . mysqli_error($dbc));
+		}
+	
+		if (mysqli_num_rows($result) == 0) {
+			return 0;
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $id;
+				$this->subject = $row['thread_subject'];
+				$this->date_created = $row['thread_date_created'];
+				$this->date_lastpost = $row['thread_date_lastpost'];
+
+				$this->category = new Category();
+				$this->category->get_from_database($row['thread_category'], $dbc);
+
+				$this->author = new User();
+				$this->author->get_by_id($row['thread_author'], $dbc);
+			}
+		}
+
+		mysqli_free_result($result);
+		return 1;
+	}
+
+	function get_posts($dbc) {
+		$sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id;
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Could not get posts from thread: ' . mysqli_error($dbc);
+		}
+	
+		$posts = array();
+
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$post = new Post();
+				$post->get_from_database($row['post_id'], $dbc);
+				array_push($posts, $post);
+			}
+		}
+
+		mysqli_free_result($result);
+		return $posts;
+	}
+
+	function get_latest_post($dbc) {
+		$sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1";
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Could not get post from category: ' . mysqli_error($dbc);
+		}
+	
+		$post = null;
+
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$post = new Post();
+				$post->get_from_database($row['post_id'], $dbc);
+			}
+		}
+
+		mysqli_free_result($result);
+		return $post;
+	}
+}
+
+function get_all_threads($dbc) {
+	$sql = "SELECT thread_id FROM threads";
+	$result = mysqli_query($dbc, $sql);
+	
+	if (!$result) {
+		echo 'Failed to get threads: ' . mysqli_error($dbc);
+	}
+
+	$threads = array();
+
+	if (mysqli_num_rows($result) == 0) {
+	} else {
+		while ($row = mysqli_fetch_assoc($result)) {
+			$thread = new Thread();
+			$thread->get_from_database($row['thread_id'], $dbc);
+			array_push($threads, $thread);
+		}
+	}
+
+	mysqli_free_result($result);
+	return $threads;
+}
diff --git a/includes/model/User.php b/includes/model/User.php
new file mode 100644
index 0000000..1c48afb
--- /dev/null
+++ b/includes/model/User.php
@@ -0,0 +1,59 @@
+<?php
+
+const USER_LEVEL_MODERATOR = 1;
+
+class User {
+	public $id;
+	public $name = 'Unknown';
+	public $date = 0;
+	public $level = 0;
+
+	function get_by_name($name, $dbc) {
+		$sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?";
+		$stmt = mysqli_stmt_init($dbc);
+
+		if (!mysqli_stmt_prepare($stmt, $sql)) {
+			echo 'Failed to get user: ' . mysqli_error($dbc);
+		}
+
+		mysqli_stmt_bind_param($stmt, "s", $name);
+		mysqli_stmt_execute($stmt);
+
+		$result = mysqli_stmt_get_result($stmt);
+
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $row['user_id'];
+				$this->name = $name;
+				$this->date = $row['user_date'];
+				$this->level = $row['user_level'];
+			}
+		}
+
+		mysqli_free_result($result);
+		mysqli_stmt_close($stmt);
+	}
+
+	function get_by_id($id, $dbc) {
+		$sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = " . mysqli_real_escape_string($dbc, $id);
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Failed to get user: ' . mysqli_error($dbc);
+		}
+	
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $id;
+				$this->name = $row['user_name'];
+				$this->date = $row['user_date'];
+				$this->level = $row['user_level'];
+			}
+		}
+	
+		mysqli_free_result($result);
+	}
+
+}
\ No newline at end of file
-- 
cgit v1.2.3