From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Fri, 23 Apr 2021 18:43:12 -0600 Subject: Refactoring part 1 --- includes/Database.php | 37 +++++++++++++ includes/Session.php | 52 ++++++++++++++++++ includes/functions_post.php | 57 ++++++++++++++++++++ includes/model/Category.php | 103 +++++++++++++++++++++++++++++++++++ includes/model/Post.php | 121 ++++++++++++++++++++++++++++++++++++++++++ includes/model/Thread.php | 111 ++++++++++++++++++++++++++++++++++++++ includes/model/User.php | 59 ++++++++++++++++++++ includes/templates/404.php | 12 +++++ includes/templates/header.php | 14 +++++ 9 files changed, 566 insertions(+) create mode 100644 includes/Database.php create mode 100644 includes/Session.php create mode 100644 includes/functions_post.php create mode 100644 includes/model/Category.php create mode 100644 includes/model/Post.php create mode 100644 includes/model/Thread.php create mode 100644 includes/model/User.php create mode 100644 includes/templates/404.php create mode 100644 includes/templates/header.php (limited to 'includes') diff --git a/includes/Database.php b/includes/Database.php new file mode 100644 index 0000000..3308e4c --- /dev/null +++ b/includes/Database.php @@ -0,0 +1,37 @@ +sql_connection = mysqli_connect($db_server, $db_user, $db_pass, $db_database); + + if (!$this->sql_connection) { + trigger_error("Database connection error: " . mysqli_connect_error()); + } + } + + public static function get(): ?Database + { + if (self::$instance == null) { + self::$instance = new Database(); + } + + return self::$instance; + } + + public function query(string $sql) + { + mysqli_query($this->sql_connection, $sql); + } +} \ No newline at end of file diff --git a/includes/Session.php b/includes/Session.php new file mode 100644 index 0000000..d97e7c5 --- /dev/null +++ b/includes/Session.php @@ -0,0 +1,52 @@ +is_signed_in()) { + return null; + } + + $result = new User(); + + if (isset($_SESSION['user_id'])) { + $result->get_by_id($_GET['id'], $dbc); + } else { + $result = null; + } + + return $result; + } +} \ No newline at end of file diff --git a/includes/functions_post.php b/includes/functions_post.php new file mode 100644 index 0000000..5bc8c2a --- /dev/null +++ b/includes/functions_post.php @@ -0,0 +1,57 @@ +is_signed_in()) { + trigger_error('You must be signed in to delete a post!'); + } + + // User must have permission to delete the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to delete this post."); + } + + // TODO: The post must not be locked + + // TODO: The post must have not been around for a certain amount of time + + // Delete the post from the database + Database::get()->query("DELETE FROM posts WHERE post_id = $post->id"); + + // Decrement the post count of the category + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; + mysqli_query($dbc, $sql); +} + +function edit_post($post, $post_content) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to edit this post!'); + } + + // User must have permission to edit the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to edit this post."); + } + + // Set the post content and the post edit date + $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "si", $post_content, $id); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + + // Redirect to the post's thread page + header("Location: /viewthread.php?id=" . $post->thread->id); +} diff --git a/includes/model/Category.php b/includes/model/Category.php new file mode 100644 index 0000000..b7c46d9 --- /dev/null +++ b/includes/model/Category.php @@ -0,0 +1,103 @@ +id = $id; + $this->name = $row['cat_name']; + $this->description = $row['cat_description']; + $this->thread_count = $row['cat_thread_count']; + $this->post_count = $row['cat_post_count']; + } + } + + mysqli_free_result($result); + return 1; + } + + function get_threads($dbc) { + $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get threads from category: ' . mysqli_error($dbc); + } + + $threads = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + array_push($threads, $thread); + } + } + + mysqli_free_result($result); + return $threads; + } + + function get_latest_thread($dbc) { + $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get thread from category: ' . mysqli_error($dbc); + } + + $thread = null; + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + } + } + + mysqli_free_result($result); + return $thread; + } +} + +function get_all_categories($dbc) { + $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get categories: ' . mysqli_error($dbc); + } + + $categories = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $category = new Category(); + $category->get_from_database($row['cat_id'], $dbc); + array_push($categories, $category); + } + } + + mysqli_free_result($result); + return $categories; +} \ No newline at end of file diff --git a/includes/model/Post.php b/includes/model/Post.php new file mode 100644 index 0000000..34d6a79 --- /dev/null +++ b/includes/model/Post.php @@ -0,0 +1,121 @@ +'; + } + + $reply = mysqli_fetch_assoc($result); + + if (empty($reply)) { + return '
This post has been deleted'; + } + + return '
Quote from ' . $reply['user_name'] . ''; + } +} + +class Post { + public $id; + public $content; + public $date_created; + public $date_edited; + public $thread; + public $author; + + function get_from_database($id, $dbc) { + // TODO: Potential SQL injection risk? + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get post: ' . mysqli_error($dbc); + } + + if (mysqli_num_rows($result) == 0) { + return 0; + } else { + while ($row = mysqli_fetch_assoc($result)) { + $this->id = $id; + $this->content = $row['post_content']; + $this->date_created = $row['post_date_created']; + $this->date_edited = $row['post_date_edited']; + + $this->thread = new Thread(); + $this->thread->get_from_database($row['post_thread'], $dbc); + + $this->author = new User(); + $this->author->get_by_id($row['post_author'], $dbc); + } + } + + mysqli_free_result($result); + return 1; + } + + function display_content($dbc) { + echo '
' . $reply['post_content'] . '
The page you requested does not exist.
+ + diff --git a/includes/templates/header.php b/includes/templates/header.php new file mode 100644 index 0000000..4eb17e3 --- /dev/null +++ b/includes/templates/header.php @@ -0,0 +1,14 @@ +