From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:40:50 -0600 Subject: Remove all uses of db_inc.php This method of importing the database login every time wasn't very good. Now everything uses the new Database singleton class. --- includes/Database.php | 30 +++++++---- includes/Session.php | 6 +-- includes/db_inc.php | 14 ----- includes/functions_category.php | 17 ++++++ includes/functions_display.php | 2 +- includes/functions_post.php | 87 ++++++++++++++++++++++++++++++ includes/functions_thread.php | 16 ++++++ includes/functions_user.php | 21 ++++++++ includes/model/Category.php | 111 +++++++++++--------------------------- includes/model/Post.php | 100 +++++++++-------------------------- includes/model/Thread.php | 114 ++++++++++++---------------------------- includes/model/User.php | 36 +++++-------- includes/reply_inc.php | 21 +++----- 13 files changed, 278 insertions(+), 297 deletions(-) delete mode 100644 includes/db_inc.php create mode 100644 includes/functions_category.php create mode 100644 includes/functions_user.php (limited to 'includes') diff --git a/includes/Database.php b/includes/Database.php index cdaa0f8..4950ae3 100644 --- a/includes/Database.php +++ b/includes/Database.php @@ -32,17 +32,30 @@ class Database public function query(string $sql, string $types = "", ...$vars): array { - $stmt = mysqli_stmt_init($this->sql_connection); + $result = array(); - if (!mysqli_stmt_prepare($stmt, $sql)) { - trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection)); - } + if ($types == "") { + // No types were provided, preparing a statement is not necessary + $db_result = mysqli_query($this->sql_connection, $sql); + } else { + $stmt = mysqli_stmt_init($this->sql_connection); - mysqli_stmt_bind_param($stmt, $types, ...$vars); - mysqli_stmt_execute($stmt); + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Internal error: ' . mysqli_error($this->sql_connection)); + return $result; + } - $result = array(); - $db_result = mysqli_stmt_get_result($stmt); + mysqli_stmt_bind_param($stmt, $types, ...$vars); + mysqli_stmt_execute($stmt); + + $db_result = mysqli_stmt_get_result($stmt); + + mysqli_stmt_close($stmt); + } + + if (!$db_result) { + return $result; + } if (mysqli_num_rows($db_result) > 0) { while ($row = mysqli_fetch_assoc($db_result)) { @@ -51,7 +64,6 @@ class Database } mysqli_free_result($db_result); - mysqli_stmt_close($stmt); return $result; } diff --git a/includes/Session.php b/includes/Session.php index 7e17527..a9c1dc7 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -18,9 +18,11 @@ class Session return self::$instance; } - public function sign_in() + public function sign_in(User $user) { $_SESSION['signed_in'] = true; + $_SESSION['user_id'] = $user->id; + $_SESSION['user_name'] = $user->name; } public function is_signed_in(): bool @@ -30,8 +32,6 @@ class Session public function get_current_user() { - include_once 'db_inc.php'; - // There is no current user if (!$this->is_signed_in()) { return null; diff --git a/includes/db_inc.php b/includes/db_inc.php deleted file mode 100644 index b7c361d..0000000 --- a/includes/db_inc.php +++ /dev/null @@ -1,14 +0,0 @@ -query($sql); + + $categories = array(); + + foreach ($result as $row) { + $category = new Category(); + $category->get_from_database($row['cat_id']); + array_push($categories, $category); + } + + return $categories; +} \ No newline at end of file diff --git a/includes/functions_display.php b/includes/functions_display.php index bf9ed64..47ba188 100644 --- a/includes/functions_display.php +++ b/includes/functions_display.php @@ -93,7 +93,7 @@ function display_posts($dbc, $thread_id, $sql_result) { $post_content = $row['post_content']; $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace YouTube URLs with embedded YouTube videos. diff --git a/includes/functions_post.php b/includes/functions_post.php index 0176c76..97fc622 100644 --- a/includes/functions_post.php +++ b/includes/functions_post.php @@ -3,6 +3,22 @@ include_once './includes/Session.php'; include_once './includes/Database.php'; include_once './includes/model/User.php'; +function get_all_posts(): array +{ + $sql = "SELECT post_id FROM posts"; + $result = Database::get()->query($sql); + + $posts = array(); + + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); + } + + return $posts; +} + function create_post($post_content, $post_thread, $post_category) { // User must be signed in @@ -26,6 +42,77 @@ function create_post($post_content, $post_thread, $post_category) Database::get()->query($sql, "i", $post_thread); } +function create_quote(int $id): string +{ + $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + $reply = $result[0]; + + if (empty($reply)) { + return '
This post has been deleted
'; + } + + return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; +} + +function format_post_content(string $post_content) +{ + $post_content = preg_replace_callback('/>#\d+/', function ($matches) { + $result = ""; + foreach ($matches as $match) { + $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); + $result .= create_quote($id); + } + return $result; + }, $post_content); + + $result = $post_content; + + // Replace newline characters with HTML
tags + $result = nl2br($result); + + // Replace YouTube URLs with embedded YouTube videos. + $result = preg_replace( + "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i", + '
', $result); + + // Replace Image URLs with embedded images. + $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', 'http$2://$3', $result); + + // Replace other URLs with links. + return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $result); +} + +/** + * Get the post content from the database and return it as a string ready for HTML display + */ +function get_post_content(Post $post): string +{ + // Build the header + $result = '
#' . $post->id . ''; + $result .= ' Posted by ' . $post->author->name . ''; + $result .= ' on ' . date('m/d/Y g:ia', strtotime($post->date_created)); + + // If the post has a edit date, display it + if (!is_null($post->date_edited)) { + $result .= ' edited ' . date('m/d/Y g:ia', strtotime($post->date_edited)) . ''; + } + + // Append a manage post button if the user is signed in and is the post's creator + if (Session::get()->is_signed_in() && Session::get()->get_current_user()->id == $post->author->id) { + $result .= ''; + $result .= '[Edit/Delete]'; + $result .= ''; + } + $result .= '
'; + + // Append the formatted post content + $result .= '' . format_post_content($post->content) . ''; + + return $result; +} + function edit_post(Post $post, string $post_content) { // User must be signed in diff --git a/includes/functions_thread.php b/includes/functions_thread.php index 62efca9..61b8e59 100644 --- a/includes/functions_thread.php +++ b/includes/functions_thread.php @@ -2,6 +2,22 @@ include_once './includes/Database.php'; include_once './includes/Session.php'; +function get_all_threads(): array +{ + $sql = "SELECT thread_id FROM threads"; + $result = Database::get()->query($sql); + + $threads = array(); + + foreach ($result as $row) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id']); + array_push($threads, $thread); + } + + return $threads; +} + function create_thread($subject, $category) { if (!Session::get()->is_signed_in()) { diff --git a/includes/functions_user.php b/includes/functions_user.php new file mode 100644 index 0000000..b2069a2 --- /dev/null +++ b/includes/functions_user.php @@ -0,0 +1,21 @@ +query($sql, "s", $username); + + return !empty($result); +} + +function register_user(string $username, string $pass_hash) +{ + $sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());"; + Database::get()->query($sql, "ss", $username, $pass_hash); +} + +function change_password(User $user, string $pass_hash) +{ + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; + Database::get()->query($sql, "si", $pass_hash, $user->id); +} \ No newline at end of file diff --git a/includes/model/Category.php b/includes/model/Category.php index b7c46d9..ed53bdc 100644 --- a/includes/model/Category.php +++ b/includes/model/Category.php @@ -2,102 +2,55 @@ include_once 'Thread.php'; -class Category { +class Category +{ public $id = 0; public $name = 'Unknown'; public $description = 'This category does not exist'; public $thread_count = 0; public $post_count = 0; - function get_from_database($id, $dbc) { - $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get category: ' . mysqli_error($dbc); - } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->name = $row['cat_name']; - $this->description = $row['cat_description']; - $this->thread_count = $row['cat_thread_count']; - $this->post_count = $row['cat_post_count']; - } + function get_from_database($id): bool + { + $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - mysqli_free_result($result); - return 1; + + $this->id = $id; + $this->name = $result[0]['cat_name']; + $this->description = $result[0]['cat_description']; + $this->thread_count = $result[0]['cat_thread_count']; + $this->post_count = $result[0]['cat_post_count']; + + return true; } - function get_threads($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get threads from category: ' . mysqli_error($dbc); - } - + function get_threads(): array + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC"; + $result = Database::get()->query($sql, "i", $this->id); $threads = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } + foreach ($result as $row) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id']); + array_push($threads, $thread); } - mysqli_free_result($result); return $threads; } - function get_latest_thread($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get thread from category: ' . mysqli_error($dbc); - } - - $thread = null; - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - } - } + function get_latest_thread(): Thread + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); + + $thread = new Thread(); + $thread->get_from_database($result[0]['thread_id']); - mysqli_free_result($result); return $thread; } } - -function get_all_categories($dbc) { - $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get categories: ' . mysqli_error($dbc); - } - - $categories = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $category = new Category(); - $category->get_from_database($row['cat_id'], $dbc); - array_push($categories, $category); - } - } - - mysqli_free_result($result); - return $categories; -} \ No newline at end of file diff --git a/includes/model/Post.php b/includes/model/Post.php index 34d6a79..86373b6 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -2,27 +2,8 @@ include_once 'Thread.php'; -function add_quote($dbc, $thread_id, $matches) { - foreach ($matches as $match) { - $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); - $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - return '
'; - } - - $reply = mysqli_fetch_assoc($result); - - if (empty($reply)) { - return '
This post has been deleted
'; - } - - return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; - } -} - -class Post { +class Post +{ public $id; public $content; public $date_created; @@ -30,39 +11,33 @@ class Post { public $thread; public $author; - function get_from_database($id, $dbc) { - // TODO: Potential SQL injection risk? - $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get post: ' . mysqli_error($dbc); + function get_from_database($id): bool + { + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->content = $row['post_content']; - $this->date_created = $row['post_date_created']; - $this->date_edited = $row['post_date_edited']; - $this->thread = new Thread(); - $this->thread->get_from_database($row['post_thread'], $dbc); + $this->id = $id; + $this->content = $result[0]['post_content']; + $this->date_created = $result[0]['post_date_created']; + $this->date_edited = $result[0]['post_date_edited']; - $this->author = new User(); - $this->author->get_by_id($row['post_author'], $dbc); - } - } + $this->thread = new Thread(); + $this->thread->get_from_database($result[0]['post_thread']); + + $this->author = new User(); + $this->author->get_by_id($result[0]['post_author']); - mysqli_free_result($result); - return 1; + return true; } - function display_content($dbc) { + function display_content($dbc) + { echo '
#' . $this->id . ''; - echo ' Posted by ' . $this->author->name . ''; + echo ' Posted by ' . $this->author->name . ''; echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); if (!is_null($this->date_edited)) { echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; @@ -70,22 +45,22 @@ class Post { if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { echo ''; echo '[Edit/Delete] '; - echo''; + echo ''; } echo '
'; $post_content = $this->content; $thread_id = $this->id; - $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace newline characters with HTML
tags $post_content = nl2br($post_content); // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( + $post_content = preg_replace( "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", '
', $post_content); // Replace Image URLs with embedded images. @@ -96,26 +71,3 @@ class Post { echo '' . $post_content . ''; } } - -function get_all_posts($dbc) { - $sql = "SELECT post_id FROM posts"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get posts: ' . mysqli_error($dbc); - } - - $posts = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } - } - - mysqli_free_result($result); - return $posts; -} diff --git a/includes/model/Thread.php b/includes/model/Thread.php index a9dc690..cfe10d6 100644 --- a/includes/model/Thread.php +++ b/includes/model/Thread.php @@ -4,7 +4,8 @@ include_once 'Category.php'; include_once 'User.php'; include_once 'Post.php'; -class Thread { +class Thread +{ public $id = 0; public $subject = 'Unknown thread'; public $date_created = 0; @@ -12,100 +13,53 @@ class Thread { public $category; public $author; - function get_from_database($id, $dbc) { - $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - die('Error trying to display thread page: ' . mysqli_error($dbc)); + function get_from_database($id): bool + { + $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->subject = $row['thread_subject']; - $this->date_created = $row['thread_date_created']; - $this->date_lastpost = $row['thread_date_lastpost']; - $this->category = new Category(); - $this->category->get_from_database($row['thread_category'], $dbc); + $this->id = $id; + $this->subject = $result[0]['thread_subject']; + $this->date_created = $result[0]['thread_date_created']; + $this->date_lastpost = $result[0]['thread_date_lastpost']; - $this->author = new User(); - $this->author->get_by_id($row['thread_author'], $dbc); - } - } + $this->category = new Category(); + $this->category->get_from_database($result[0]['thread_category']); - mysqli_free_result($result); - return 1; + $this->author = new User(); + $this->author->get_by_id($result[0]['thread_author']); + + return true; } - function get_posts($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get posts from thread: ' . mysqli_error($dbc); - } - + function get_posts(): array + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ?"; + $result = Database::get()->query($sql, "i", $this->id); + $posts = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); } - mysqli_free_result($result); return $posts; } - function get_latest_post($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get post from category: ' . mysqli_error($dbc); - } - - $post = null; + function get_latest_post(): Post + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ? ORDER BY post_date_created DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - } - } + $post = new Post(); + $post->get_from_database($result[0]['post_id']); - mysqli_free_result($result); return $post; } } - -function get_all_threads($dbc) { - $sql = "SELECT thread_id FROM threads"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get threads: ' . mysqli_error($dbc); - } - - $threads = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } - } - - mysqli_free_result($result); - return $threads; -} diff --git a/includes/model/User.php b/includes/model/User.php index c780ff0..f2bd23d 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -7,44 +7,36 @@ class User { public $id; public $name = 'Unknown'; + public $password; public $date = 0; public $level = 0; - function get_by_name($name, $dbc) + function get_by_name($name): bool { - $sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?"; - $stmt = mysqli_stmt_init($dbc); + $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?"; + $result = Database::get()->query($sql, "s", $name); - if (!mysqli_stmt_prepare($stmt, $sql)) { - echo 'Failed to get user: ' . mysqli_error($dbc); + if (empty($result)) { + return false; } - mysqli_stmt_bind_param($stmt, "s", $name); - mysqli_stmt_execute($stmt); - - $result = mysqli_stmt_get_result($stmt); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $row['user_id']; - $this->name = $name; - $this->date = $row['user_date']; - $this->level = $row['user_level']; - } - } + $this->id = $result[0]['user_id']; + $this->name = $name; + $this->password = $result[0]['user_pass']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; - mysqli_free_result($result); - mysqli_stmt_close($stmt); + return true; } function get_by_id($id) { - $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;"; + $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;"; $result = Database::get()->query($sql, "i", $id); $this->id = $id; $this->name = $result[0]['user_name']; + $this->password = $result[0]['user_pass']; $this->date = $result[0]['user_date']; $this->level = $result[0]['user_level']; } diff --git a/includes/reply_inc.php b/includes/reply_inc.php index cf7a839..588b59f 100644 --- a/includes/reply_inc.php +++ b/includes/reply_inc.php @@ -1,10 +1,8 @@ get_from_database($thread_id); -mysqli_stmt_bind_param($stmt, "sii", $reply_content, $reply_to, $post_author); -mysqli_stmt_execute($stmt); -mysqli_stmt_close($stmt); +create_post($reply_content, $thread_id, $thread->category); header("Location: ../thread.php?id=" . $_GET['reply_to']); \ No newline at end of file -- cgit v1.2.3