From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Fri, 23 Apr 2021 18:43:12 -0600
Subject: Refactoring part 1

---
 includes/Database.php         |  37 +++++++++++++
 includes/Session.php          |  52 ++++++++++++++++++
 includes/functions_post.php   |  57 ++++++++++++++++++++
 includes/model/Category.php   | 103 +++++++++++++++++++++++++++++++++++
 includes/model/Post.php       | 121 ++++++++++++++++++++++++++++++++++++++++++
 includes/model/Thread.php     | 111 ++++++++++++++++++++++++++++++++++++++
 includes/model/User.php       |  59 ++++++++++++++++++++
 includes/templates/404.php    |  12 +++++
 includes/templates/header.php |  14 +++++
 9 files changed, 566 insertions(+)
 create mode 100644 includes/Database.php
 create mode 100644 includes/Session.php
 create mode 100644 includes/functions_post.php
 create mode 100644 includes/model/Category.php
 create mode 100644 includes/model/Post.php
 create mode 100644 includes/model/Thread.php
 create mode 100644 includes/model/User.php
 create mode 100644 includes/templates/404.php
 create mode 100644 includes/templates/header.php

(limited to 'includes')

diff --git a/includes/Database.php b/includes/Database.php
new file mode 100644
index 0000000..3308e4c
--- /dev/null
+++ b/includes/Database.php
@@ -0,0 +1,37 @@
+<?php
+
+class Database
+{
+	private static $instance = null;
+	private $sql_connection;
+
+	private function __construct()
+	{
+		$config = parse_ini_file('config.ini', true)['mysql_credentials'];
+
+		$db_server = $config['server'];
+		$db_user = $config['user'];
+		$db_pass = $config['password'];
+		$db_database = $config['database'];
+
+		$this->sql_connection = mysqli_connect($db_server, $db_user, $db_pass, $db_database);
+
+		if (!$this->sql_connection) {
+			trigger_error("Database connection error: " . mysqli_connect_error());
+		}
+	}
+
+	public static function get(): ?Database
+	{
+		if (self::$instance == null) {
+			self::$instance = new Database();
+		}
+
+		return self::$instance;
+	}
+
+	public function query(string $sql)
+	{
+		mysqli_query($this->sql_connection, $sql);
+	}
+}
\ No newline at end of file
diff --git a/includes/Session.php b/includes/Session.php
new file mode 100644
index 0000000..d97e7c5
--- /dev/null
+++ b/includes/Session.php
@@ -0,0 +1,52 @@
+<?php
+
+class Session
+{
+	private static $instance = null;
+
+	private function __construct()
+	{
+		session_start();
+	}
+
+	public static function get(): ?Session
+	{
+		session_start();
+
+		if (self::$instance == null) {
+			self::$instance = new Session();
+		}
+
+		return self::$instance;
+	}
+
+	public function sign_in()
+	{
+		$_SESSION['signed_in'] = true;
+	}
+
+	public function is_signed_in()
+	{
+		return isset($_SESSION['signed_in']);
+	}
+
+	public function get_current_user()
+	{
+		include_once 'db_inc.php';
+
+		// There is no current user
+		if (!$this->is_signed_in()) {
+			return null;
+		}
+
+		$result = new User();
+
+		if (isset($_SESSION['user_id'])) {
+			$result->get_by_id($_GET['id'], $dbc);
+		} else {
+			$result = null;
+		}
+
+		return $result;
+	}
+}
\ No newline at end of file
diff --git a/includes/functions_post.php b/includes/functions_post.php
new file mode 100644
index 0000000..5bc8c2a
--- /dev/null
+++ b/includes/functions_post.php
@@ -0,0 +1,57 @@
+<?php
+include_once 'Session.php';
+include_once 'model/User.php';
+
+function delete_post($post)
+{
+	// User must be signed in
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to delete a post!');
+	}
+
+	// User must have permission to delete the post
+	$current_user = Session::get()->get_current_user();
+	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+		trigger_error("You don't have sufficient permissions to delete this post.");
+	}
+
+	// TODO: The post must not be locked
+
+	// TODO: The post must have not been around for a certain amount of time
+
+	// Delete the post from the database
+	Database::get()->query("DELETE FROM posts WHERE post_id = $post->id");
+
+	// Decrement the post count of the category
+	$sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";";
+	mysqli_query($dbc, $sql);
+}
+
+function edit_post($post, $post_content)
+{
+	// User must be signed in
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You must be signed in to edit this post!');
+	}
+
+	// User must have permission to edit the post
+	$current_user = Session::get()->get_current_user();
+	if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) {
+		trigger_error("You don't have sufficient permissions to edit this post.");
+	}
+
+	// Set the post content and the post edit date
+	$sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;";
+	$stmt = mysqli_stmt_init($dbc);
+
+	if (!mysqli_stmt_prepare($stmt, $sql)) {
+		trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc));
+	}
+
+	mysqli_stmt_bind_param($stmt, "si", $post_content, $id);
+	mysqli_stmt_execute($stmt);
+	mysqli_stmt_close($stmt);
+
+	// Redirect to the post's thread page
+	header("Location: /viewthread.php?id=" . $post->thread->id);
+}
diff --git a/includes/model/Category.php b/includes/model/Category.php
new file mode 100644
index 0000000..b7c46d9
--- /dev/null
+++ b/includes/model/Category.php
@@ -0,0 +1,103 @@
+<?php
+
+include_once 'Thread.php';
+
+class Category {
+	public $id = 0;
+	public $name = 'Unknown';
+	public $description = 'This category does not exist';
+	public $thread_count = 0;
+	public $post_count = 0;
+
+	function get_from_database($id, $dbc) {
+		$sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $id);
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Failed to get category: ' . mysqli_error($dbc);
+		}
+	
+		if (mysqli_num_rows($result) == 0) {
+			return 0;
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $id;
+				$this->name = $row['cat_name'];
+				$this->description = $row['cat_description'];
+				$this->thread_count = $row['cat_thread_count'];
+				$this->post_count = $row['cat_post_count'];
+			}
+		}
+	
+		mysqli_free_result($result);
+		return 1;
+	}
+
+	function get_threads($dbc) {
+		$sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC";
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Could not get threads from category: ' . mysqli_error($dbc);
+		}
+	
+		$threads = array();
+
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$thread = new Thread();
+				$thread->get_from_database($row['thread_id'], $dbc);
+				array_push($threads, $thread);
+			}
+		}
+
+		mysqli_free_result($result);
+		return $threads;
+	}
+
+	function get_latest_thread($dbc) {
+		$sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1";
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Could not get thread from category: ' . mysqli_error($dbc);
+		}
+	
+		$thread = null;
+		
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$thread = new Thread();
+				$thread->get_from_database($row['thread_id'], $dbc);
+			}
+		}
+
+		mysqli_free_result($result);
+		return $thread;
+	}
+}
+
+function get_all_categories($dbc) {
+	$sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;";
+	$result = mysqli_query($dbc, $sql);
+	
+	if (!$result) {
+		echo 'Failed to get categories: ' . mysqli_error($dbc);
+	}
+
+	$categories = array();
+
+	if (mysqli_num_rows($result) == 0) {
+	} else {
+		while ($row = mysqli_fetch_assoc($result)) {
+			$category = new Category();
+			$category->get_from_database($row['cat_id'], $dbc);
+			array_push($categories, $category);
+		}
+	}
+
+	mysqli_free_result($result);
+	return $categories;
+}
\ No newline at end of file
diff --git a/includes/model/Post.php b/includes/model/Post.php
new file mode 100644
index 0000000..34d6a79
--- /dev/null
+++ b/includes/model/Post.php
@@ -0,0 +1,121 @@
+<?php
+
+include_once 'Thread.php';
+
+function add_quote($dbc, $thread_id, $matches) {
+	foreach ($matches as $match) {
+		$id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT);
+		$sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id;
+		$result = mysqli_query($dbc, $sql);
+
+		if (!$result) {
+			return '<blockquote></blockquote>';
+		}
+
+		$reply = mysqli_fetch_assoc($result);
+
+		if (empty($reply)) {
+			return '<blockquote><span style="color:red;">This post has been deleted</span></blockquote>';
+		}
+
+		return '<blockquote><a href="/viewthread.php?id=' . $reply['post_thread'] . '#p' . $id .'">Quote from ' . $reply['user_name'] . '</a><br>' . $reply['post_content'] . '</blockquote>';
+	}
+}
+
+class Post {
+	public $id;
+	public $content;
+	public $date_created;
+	public $date_edited;
+	public $thread;
+	public $author;
+
+	function get_from_database($id, $dbc) {
+		// TODO: Potential SQL injection risk?
+		$sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id);
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Failed to get post: ' . mysqli_error($dbc);
+		}
+	
+		if (mysqli_num_rows($result) == 0) {
+			return 0;
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $id;
+				$this->content = $row['post_content'];
+				$this->date_created = $row['post_date_created'];
+				$this->date_edited = $row['post_date_edited'];
+
+				$this->thread = new Thread();
+				$this->thread->get_from_database($row['post_thread'], $dbc);
+
+				$this->author = new User();
+				$this->author->get_by_id($row['post_author'], $dbc);
+			}
+		}
+
+		mysqli_free_result($result);
+		return 1;
+	}
+
+	function display_content($dbc) {
+		echo '<div class="header" id="p' . $this->id . '"><b>#' . $this->id . '</b>';
+		echo ' Posted by <a href="viewuser.php?id='. $this->author->id . '">' . $this->author->name . '</a>';
+		echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created));
+		if (!is_null($this->date_edited)) {
+			echo ' <small>edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . '</small>';
+		}
+		if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) {
+			echo '<span style="float:right;">';
+			echo '[<a href="manage_post.php?id=' . $this->id . '">Edit/Delete</a>] ';
+			echo'</span>';
+		}
+		echo '</div>';
+
+		$post_content = $this->content;
+		$thread_id = $this->id;
+
+		$post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
+			return add_quote($dbc, $thread_id, $matches);
+		}, $post_content);
+
+		// Replace newline characters with HTML <br> tags
+		$post_content = nl2br($post_content);
+
+		// Replace YouTube URLs with embedded YouTube videos.
+		$post_content =  preg_replace(
+			"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
+			'<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $post_content);
+		// Replace Image URLs with embedded images.
+		$post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $post_content);
+		// Replace other URLs with links.
+		$post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $post_content);
+
+		echo '<span class="post-content">' . $post_content . '</span>';
+	}
+}
+
+function get_all_posts($dbc) {
+	$sql = "SELECT post_id FROM posts";
+	$result = mysqli_query($dbc, $sql);
+	
+	if (!$result) {
+		echo 'Failed to get posts: ' . mysqli_error($dbc);
+	}
+
+	$posts = array();
+
+	if (mysqli_num_rows($result) == 0) {
+	} else {
+		while ($row = mysqli_fetch_assoc($result)) {
+			$post = new Post();
+			$post->get_from_database($row['post_id'], $dbc);
+			array_push($posts, $post);
+		}
+	}
+
+	mysqli_free_result($result);
+	return $posts;
+}
diff --git a/includes/model/Thread.php b/includes/model/Thread.php
new file mode 100644
index 0000000..a9dc690
--- /dev/null
+++ b/includes/model/Thread.php
@@ -0,0 +1,111 @@
+<?php
+
+include_once 'Category.php';
+include_once 'User.php';
+include_once 'Post.php';
+
+class Thread {
+	public $id = 0;
+	public $subject = 'Unknown thread';
+	public $date_created = 0;
+	public $date_lastpost = 0;
+	public $category;
+	public $author;
+
+	function get_from_database($id, $dbc) {
+		$sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = " . mysqli_real_escape_string($dbc, $id);
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			die('Error trying to display thread page: ' . mysqli_error($dbc));
+		}
+	
+		if (mysqli_num_rows($result) == 0) {
+			return 0;
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $id;
+				$this->subject = $row['thread_subject'];
+				$this->date_created = $row['thread_date_created'];
+				$this->date_lastpost = $row['thread_date_lastpost'];
+
+				$this->category = new Category();
+				$this->category->get_from_database($row['thread_category'], $dbc);
+
+				$this->author = new User();
+				$this->author->get_by_id($row['thread_author'], $dbc);
+			}
+		}
+
+		mysqli_free_result($result);
+		return 1;
+	}
+
+	function get_posts($dbc) {
+		$sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id;
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Could not get posts from thread: ' . mysqli_error($dbc);
+		}
+	
+		$posts = array();
+
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$post = new Post();
+				$post->get_from_database($row['post_id'], $dbc);
+				array_push($posts, $post);
+			}
+		}
+
+		mysqli_free_result($result);
+		return $posts;
+	}
+
+	function get_latest_post($dbc) {
+		$sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1";
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Could not get post from category: ' . mysqli_error($dbc);
+		}
+	
+		$post = null;
+
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$post = new Post();
+				$post->get_from_database($row['post_id'], $dbc);
+			}
+		}
+
+		mysqli_free_result($result);
+		return $post;
+	}
+}
+
+function get_all_threads($dbc) {
+	$sql = "SELECT thread_id FROM threads";
+	$result = mysqli_query($dbc, $sql);
+	
+	if (!$result) {
+		echo 'Failed to get threads: ' . mysqli_error($dbc);
+	}
+
+	$threads = array();
+
+	if (mysqli_num_rows($result) == 0) {
+	} else {
+		while ($row = mysqli_fetch_assoc($result)) {
+			$thread = new Thread();
+			$thread->get_from_database($row['thread_id'], $dbc);
+			array_push($threads, $thread);
+		}
+	}
+
+	mysqli_free_result($result);
+	return $threads;
+}
diff --git a/includes/model/User.php b/includes/model/User.php
new file mode 100644
index 0000000..1c48afb
--- /dev/null
+++ b/includes/model/User.php
@@ -0,0 +1,59 @@
+<?php
+
+const USER_LEVEL_MODERATOR = 1;
+
+class User {
+	public $id;
+	public $name = 'Unknown';
+	public $date = 0;
+	public $level = 0;
+
+	function get_by_name($name, $dbc) {
+		$sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?";
+		$stmt = mysqli_stmt_init($dbc);
+
+		if (!mysqli_stmt_prepare($stmt, $sql)) {
+			echo 'Failed to get user: ' . mysqli_error($dbc);
+		}
+
+		mysqli_stmt_bind_param($stmt, "s", $name);
+		mysqli_stmt_execute($stmt);
+
+		$result = mysqli_stmt_get_result($stmt);
+
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $row['user_id'];
+				$this->name = $name;
+				$this->date = $row['user_date'];
+				$this->level = $row['user_level'];
+			}
+		}
+
+		mysqli_free_result($result);
+		mysqli_stmt_close($stmt);
+	}
+
+	function get_by_id($id, $dbc) {
+		$sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = " . mysqli_real_escape_string($dbc, $id);
+		$result = mysqli_query($dbc, $sql);
+	
+		if (!$result) {
+			echo 'Failed to get user: ' . mysqli_error($dbc);
+		}
+	
+		if (mysqli_num_rows($result) == 0) {
+		} else {
+			while ($row = mysqli_fetch_assoc($result)) {
+				$this->id = $id;
+				$this->name = $row['user_name'];
+				$this->date = $row['user_date'];
+				$this->level = $row['user_level'];
+			}
+		}
+	
+		mysqli_free_result($result);
+	}
+
+}
\ No newline at end of file
diff --git a/includes/templates/404.php b/includes/templates/404.php
new file mode 100644
index 0000000..d4d5128
--- /dev/null
+++ b/includes/templates/404.php
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>cflip.net forum</title>
+	<link rel="stylesheet" href="styles/style.css">
+</head>
+<body>
+	<?php include_once 'header.php'; ?>
+	<h1>Page Not Found</h1>
+	<p>The page you requested does not exist.</p>
+</body>
+</html>
diff --git a/includes/templates/header.php b/includes/templates/header.php
new file mode 100644
index 0000000..4eb17e3
--- /dev/null
+++ b/includes/templates/header.php
@@ -0,0 +1,14 @@
+<h1>cflip.net forum<sup style="font-size: small;">beta</sup></h1>
+[<a href="/">Home</a>]
+[<a href="/search.php?type=thread&sort=lr">All Threads</a>]
+[<a href="/search.php?type=post&sort=cd">All Posts</a>]
+[<a href="/create_thread.php">Create a thread</a>]
+<span style="float:right;">
+	<?php
+	if (isset($_SESSION['signed_in'])) {
+		echo '[<a href="viewuser.php?id='. $_SESSION['user_id'] .'">' . $_SESSION['user_name'] . '\'s Profile</a>] [<a href="includes/signout_inc.php">Log out</a>]';
+	} else {
+		echo '[<a href="signin.php">Sign in</a>] or [<a href="register.php">Register an account</a>]';
+	}
+	?>
+</span>
-- 
cgit v1.2.3