From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Fri, 23 Apr 2021 18:43:12 -0600 Subject: Refactoring part 1 --- includes/Database.php | 37 +++++++++++++ includes/Session.php | 52 ++++++++++++++++++ includes/functions_post.php | 57 ++++++++++++++++++++ includes/model/Category.php | 103 +++++++++++++++++++++++++++++++++++ includes/model/Post.php | 121 ++++++++++++++++++++++++++++++++++++++++++ includes/model/Thread.php | 111 ++++++++++++++++++++++++++++++++++++++ includes/model/User.php | 59 ++++++++++++++++++++ includes/templates/404.php | 12 +++++ includes/templates/header.php | 14 +++++ 9 files changed, 566 insertions(+) create mode 100644 includes/Database.php create mode 100644 includes/Session.php create mode 100644 includes/functions_post.php create mode 100644 includes/model/Category.php create mode 100644 includes/model/Post.php create mode 100644 includes/model/Thread.php create mode 100644 includes/model/User.php create mode 100644 includes/templates/404.php create mode 100644 includes/templates/header.php (limited to 'includes') diff --git a/includes/Database.php b/includes/Database.php new file mode 100644 index 0000000..3308e4c --- /dev/null +++ b/includes/Database.php @@ -0,0 +1,37 @@ +sql_connection = mysqli_connect($db_server, $db_user, $db_pass, $db_database); + + if (!$this->sql_connection) { + trigger_error("Database connection error: " . mysqli_connect_error()); + } + } + + public static function get(): ?Database + { + if (self::$instance == null) { + self::$instance = new Database(); + } + + return self::$instance; + } + + public function query(string $sql) + { + mysqli_query($this->sql_connection, $sql); + } +} \ No newline at end of file diff --git a/includes/Session.php b/includes/Session.php new file mode 100644 index 0000000..d97e7c5 --- /dev/null +++ b/includes/Session.php @@ -0,0 +1,52 @@ +is_signed_in()) { + return null; + } + + $result = new User(); + + if (isset($_SESSION['user_id'])) { + $result->get_by_id($_GET['id'], $dbc); + } else { + $result = null; + } + + return $result; + } +} \ No newline at end of file diff --git a/includes/functions_post.php b/includes/functions_post.php new file mode 100644 index 0000000..5bc8c2a --- /dev/null +++ b/includes/functions_post.php @@ -0,0 +1,57 @@ +is_signed_in()) { + trigger_error('You must be signed in to delete a post!'); + } + + // User must have permission to delete the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to delete this post."); + } + + // TODO: The post must not be locked + + // TODO: The post must have not been around for a certain amount of time + + // Delete the post from the database + Database::get()->query("DELETE FROM posts WHERE post_id = $post->id"); + + // Decrement the post count of the category + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; + mysqli_query($dbc, $sql); +} + +function edit_post($post, $post_content) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to edit this post!'); + } + + // User must have permission to edit the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to edit this post."); + } + + // Set the post content and the post edit date + $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "si", $post_content, $id); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + + // Redirect to the post's thread page + header("Location: /viewthread.php?id=" . $post->thread->id); +} diff --git a/includes/model/Category.php b/includes/model/Category.php new file mode 100644 index 0000000..b7c46d9 --- /dev/null +++ b/includes/model/Category.php @@ -0,0 +1,103 @@ +id = $id; + $this->name = $row['cat_name']; + $this->description = $row['cat_description']; + $this->thread_count = $row['cat_thread_count']; + $this->post_count = $row['cat_post_count']; + } + } + + mysqli_free_result($result); + return 1; + } + + function get_threads($dbc) { + $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get threads from category: ' . mysqli_error($dbc); + } + + $threads = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + array_push($threads, $thread); + } + } + + mysqli_free_result($result); + return $threads; + } + + function get_latest_thread($dbc) { + $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get thread from category: ' . mysqli_error($dbc); + } + + $thread = null; + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + } + } + + mysqli_free_result($result); + return $thread; + } +} + +function get_all_categories($dbc) { + $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get categories: ' . mysqli_error($dbc); + } + + $categories = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $category = new Category(); + $category->get_from_database($row['cat_id'], $dbc); + array_push($categories, $category); + } + } + + mysqli_free_result($result); + return $categories; +} \ No newline at end of file diff --git a/includes/model/Post.php b/includes/model/Post.php new file mode 100644 index 0000000..34d6a79 --- /dev/null +++ b/includes/model/Post.php @@ -0,0 +1,121 @@ +'; + } + + $reply = mysqli_fetch_assoc($result); + + if (empty($reply)) { + return '
This post has been deleted
'; + } + + return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; + } +} + +class Post { + public $id; + public $content; + public $date_created; + public $date_edited; + public $thread; + public $author; + + function get_from_database($id, $dbc) { + // TODO: Potential SQL injection risk? + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get post: ' . mysqli_error($dbc); + } + + if (mysqli_num_rows($result) == 0) { + return 0; + } else { + while ($row = mysqli_fetch_assoc($result)) { + $this->id = $id; + $this->content = $row['post_content']; + $this->date_created = $row['post_date_created']; + $this->date_edited = $row['post_date_edited']; + + $this->thread = new Thread(); + $this->thread->get_from_database($row['post_thread'], $dbc); + + $this->author = new User(); + $this->author->get_by_id($row['post_author'], $dbc); + } + } + + mysqli_free_result($result); + return 1; + } + + function display_content($dbc) { + echo '
#' . $this->id . ''; + echo ' Posted by ' . $this->author->name . ''; + echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); + if (!is_null($this->date_edited)) { + echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; + } + if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { + echo ''; + echo '[Edit/Delete] '; + echo''; + } + echo '
'; + + $post_content = $this->content; + $thread_id = $this->id; + + $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { + return add_quote($dbc, $thread_id, $matches); + }, $post_content); + + // Replace newline characters with HTML
tags + $post_content = nl2br($post_content); + + // Replace YouTube URLs with embedded YouTube videos. + $post_content = preg_replace( + "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", + '
', $post_content); + // Replace Image URLs with embedded images. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', 'http$2://$3', $post_content); + // Replace other URLs with links. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); + + echo '' . $post_content . ''; + } +} + +function get_all_posts($dbc) { + $sql = "SELECT post_id FROM posts"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get posts: ' . mysqli_error($dbc); + } + + $posts = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + array_push($posts, $post); + } + } + + mysqli_free_result($result); + return $posts; +} diff --git a/includes/model/Thread.php b/includes/model/Thread.php new file mode 100644 index 0000000..a9dc690 --- /dev/null +++ b/includes/model/Thread.php @@ -0,0 +1,111 @@ +id = $id; + $this->subject = $row['thread_subject']; + $this->date_created = $row['thread_date_created']; + $this->date_lastpost = $row['thread_date_lastpost']; + + $this->category = new Category(); + $this->category->get_from_database($row['thread_category'], $dbc); + + $this->author = new User(); + $this->author->get_by_id($row['thread_author'], $dbc); + } + } + + mysqli_free_result($result); + return 1; + } + + function get_posts($dbc) { + $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get posts from thread: ' . mysqli_error($dbc); + } + + $posts = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + array_push($posts, $post); + } + } + + mysqli_free_result($result); + return $posts; + } + + function get_latest_post($dbc) { + $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get post from category: ' . mysqli_error($dbc); + } + + $post = null; + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + } + } + + mysqli_free_result($result); + return $post; + } +} + +function get_all_threads($dbc) { + $sql = "SELECT thread_id FROM threads"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get threads: ' . mysqli_error($dbc); + } + + $threads = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + array_push($threads, $thread); + } + } + + mysqli_free_result($result); + return $threads; +} diff --git a/includes/model/User.php b/includes/model/User.php new file mode 100644 index 0000000..1c48afb --- /dev/null +++ b/includes/model/User.php @@ -0,0 +1,59 @@ +id = $row['user_id']; + $this->name = $name; + $this->date = $row['user_date']; + $this->level = $row['user_level']; + } + } + + mysqli_free_result($result); + mysqli_stmt_close($stmt); + } + + function get_by_id($id, $dbc) { + $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = " . mysqli_real_escape_string($dbc, $id); + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get user: ' . mysqli_error($dbc); + } + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $this->id = $id; + $this->name = $row['user_name']; + $this->date = $row['user_date']; + $this->level = $row['user_level']; + } + } + + mysqli_free_result($result); + } + +} \ No newline at end of file diff --git a/includes/templates/404.php b/includes/templates/404.php new file mode 100644 index 0000000..d4d5128 --- /dev/null +++ b/includes/templates/404.php @@ -0,0 +1,12 @@ + + + + cflip.net forum + + + + +

Page Not Found

+

The page you requested does not exist.

+ + diff --git a/includes/templates/header.php b/includes/templates/header.php new file mode 100644 index 0000000..4eb17e3 --- /dev/null +++ b/includes/templates/header.php @@ -0,0 +1,14 @@ +

cflip.net forumbeta

+[Home] +[All Threads] +[All Posts] +[Create a thread] + + ' . $_SESSION['user_name'] . '\'s Profile] [Log out]'; + } else { + echo '[Sign in] or [Register an account]'; + } + ?> + -- cgit v1.2.3 From 7c3f2e348c015ea93563d866f89ec8cea9159ea0 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 09:40:20 -0600 Subject: Refactoring part 2 Starting to move some functionality such as the session and database connection into singleton classes to manage them. Functions for modifying posts and threads are being put in one place as well. --- includes/Database.php | 39 ++++++++++++++++++++++-- includes/Session.php | 8 ++--- includes/functions_insert.php | 35 ---------------------- includes/functions_post.php | 69 ++++++++++++++++++++++++++----------------- includes/functions_thread.php | 51 ++++++++++++++++++++++++++++++++ includes/model/User.php | 36 +++++++++------------- includes/templates/header.php | 8 +++-- 7 files changed, 152 insertions(+), 94 deletions(-) delete mode 100644 includes/functions_insert.php create mode 100644 includes/functions_thread.php (limited to 'includes') diff --git a/includes/Database.php b/includes/Database.php index 3308e4c..cdaa0f8 100644 --- a/includes/Database.php +++ b/includes/Database.php @@ -21,7 +21,7 @@ class Database } } - public static function get(): ?Database + public static function get() { if (self::$instance == null) { self::$instance = new Database(); @@ -30,8 +30,41 @@ class Database return self::$instance; } - public function query(string $sql) + public function query(string $sql, string $types = "", ...$vars): array { - mysqli_query($this->sql_connection, $sql); + $stmt = mysqli_stmt_init($this->sql_connection); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection)); + } + + mysqli_stmt_bind_param($stmt, $types, ...$vars); + mysqli_stmt_execute($stmt); + + $result = array(); + $db_result = mysqli_stmt_get_result($stmt); + + if (mysqli_num_rows($db_result) > 0) { + while ($row = mysqli_fetch_assoc($db_result)) { + array_push($result, $row); + } + } + + mysqli_free_result($db_result); + mysqli_stmt_close($stmt); + + return $result; + } + + /** + * Returns the auto generated ID of the last query. + * This function is just a wrapper for mysqli_insert_id. + * In the future, it might be better to return different + * values in the query function depending on the type of + * SQL query. + */ + public function get_last_id() + { + return mysqli_insert_id($this->sql_connection); } } \ No newline at end of file diff --git a/includes/Session.php b/includes/Session.php index d97e7c5..7e17527 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -9,10 +9,8 @@ class Session session_start(); } - public static function get(): ?Session + public static function get() { - session_start(); - if (self::$instance == null) { self::$instance = new Session(); } @@ -25,7 +23,7 @@ class Session $_SESSION['signed_in'] = true; } - public function is_signed_in() + public function is_signed_in(): bool { return isset($_SESSION['signed_in']); } @@ -42,7 +40,7 @@ class Session $result = new User(); if (isset($_SESSION['user_id'])) { - $result->get_by_id($_GET['id'], $dbc); + $result->get_by_id($_SESSION['user_id']); } else { $result = null; } diff --git a/includes/functions_insert.php b/includes/functions_insert.php deleted file mode 100644 index 4f60701..0000000 --- a/includes/functions_insert.php +++ /dev/null @@ -1,35 +0,0 @@ -is_signed_in()) { - trigger_error('You must be signed in to delete a post!'); + trigger_error('You must be signed in to create a post'); + return; } - // User must have permission to delete the post - $current_user = Session::get()->get_current_user(); - if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { - trigger_error("You don't have sufficient permissions to delete this post."); - } + $user = Session::get()->get_current_user(); - // TODO: The post must not be locked + // Insert the post into the database + $sql = "INSERT INTO posts(post_content, post_date_created, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + Database::get()->query($sql, "sii", $post_content, $post_thread, $user->id); - // TODO: The post must have not been around for a certain amount of time + // Increment the category's post count + $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = ?;"; + Database::get()->query($sql, "i", $post_category); - // Delete the post from the database - Database::get()->query("DELETE FROM posts WHERE post_id = $post->id"); - - // Decrement the post count of the category - $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; - mysqli_query($dbc, $sql); + // Set the last post date of the parent thread + $sql = "UPDATE threads SET thread_date_lastpost = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE thread_id = ?;"; + Database::get()->query($sql, "i", $post_thread); } -function edit_post($post, $post_content) +function edit_post(Post $post, string $post_content) { // User must be signed in if (!Session::get()->is_signed_in()) { trigger_error('You must be signed in to edit this post!'); + return; } // User must have permission to edit the post $current_user = Session::get()->get_current_user(); - if ($current_user->id == $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + if ($current_user->id != $post->author->id) { trigger_error("You don't have sufficient permissions to edit this post."); + return; } // Set the post content and the post edit date $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; - $stmt = mysqli_stmt_init($dbc); + Database::get()->query($sql, "si", $post_content, $post->id); +} - if (!mysqli_stmt_prepare($stmt, $sql)) { - trigger_error('Could not create post due to internal error: ' . mysqli_error($dbc)); +function delete_post(Post $post) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a post!'); + return; + } + + // User must have permission to delete the post + $current_user = Session::get()->get_current_user(); + if ($current_user->id != $post->author->id || $current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You don't have sufficient permissions to delete this post."); + return; } - mysqli_stmt_bind_param($stmt, "si", $post_content, $id); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + // TODO: The post must not be locked + // TODO: The post must have not been around for a certain amount of time + + // Delete the post from the database + Database::get()->query("DELETE FROM posts WHERE post_id = ?", "i", $post->id); - // Redirect to the post's thread page - header("Location: /viewthread.php?id=" . $post->thread->id); + // Decrement the post count of the category + Database::get()->query("UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = ?", "i", $post->thread->category->id); } diff --git a/includes/functions_thread.php b/includes/functions_thread.php new file mode 100644 index 0000000..62efca9 --- /dev/null +++ b/includes/functions_thread.php @@ -0,0 +1,51 @@ +is_signed_in()) { + trigger_error('You must be signed in to create a thread'); + return 0; + } + + $user = Session::get()->get_current_user(); + + // Insert the new thread into the database + $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; + Database::get()->query($sql, "sii", $subject, $category, $user->id); + + // Get the ID of the thread we just created + $thread_id = Database::get()->get_last_id(); + + // Increment the category's thread count + $sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1' WHERE cat_id = ?;"; + Database::get()->query($sql, "i", $category); + + return $thread_id; +} + +function delete_thread($thread) +{ + // User must be signed in + if (!Session::get()->is_signed_in()) { + trigger_error('You must be signed in to delete a thread.'); + return; + } + + // User must be a moderator to delete a thread + $current_user = Session::get()->get_current_user(); + if ($current_user->level != USER_LEVEL_MODERATOR) { + trigger_error("You must be a moderator to delete this post."); + return; + } + + // TODO: The post must not be locked + // TODO: The post must have not been around for a certain amount of time + + // Delete the thread from the database + Database::get()->query("DELETE FROM threads WHERE thread_id = ?", "i", $thread->id); + + // Decrement the thread count of the category + Database::get()->query("UPDATE categories SET `cat_thread_count` = `cat_thread_count` - '1' WHERE cat_id = ?", "i", $thread->category->id); +} \ No newline at end of file diff --git a/includes/model/User.php b/includes/model/User.php index 1c48afb..c780ff0 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -1,14 +1,17 @@ id = $id; - $this->name = $row['user_name']; - $this->date = $row['user_date']; - $this->level = $row['user_level']; - } - } - - mysqli_free_result($result); - } + function get_by_id($id) + { + $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + $this->id = $id; + $this->name = $result[0]['user_name']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; + } } \ No newline at end of file diff --git a/includes/templates/header.php b/includes/templates/header.php index 4eb17e3..35d9848 100644 --- a/includes/templates/header.php +++ b/includes/templates/header.php @@ -5,8 +5,12 @@ [Create a thread] ' . $_SESSION['user_name'] . '\'s Profile] [Log out]'; + include_once './includes/Session.php'; + include_once './includes/model/User.php'; + + if (Session::get()->is_signed_in()) { + $user = Session::get()->get_current_user(); + echo '[' . $user->name . '\'s Profile] [Log out]'; } else { echo '[Sign in] or [Register an account]'; } -- cgit v1.2.3 From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:40:50 -0600 Subject: Remove all uses of db_inc.php This method of importing the database login every time wasn't very good. Now everything uses the new Database singleton class. --- includes/Database.php | 30 +++++++---- includes/Session.php | 6 +-- includes/db_inc.php | 14 ----- includes/functions_category.php | 17 ++++++ includes/functions_display.php | 2 +- includes/functions_post.php | 87 ++++++++++++++++++++++++++++++ includes/functions_thread.php | 16 ++++++ includes/functions_user.php | 21 ++++++++ includes/model/Category.php | 111 +++++++++++--------------------------- includes/model/Post.php | 100 +++++++++-------------------------- includes/model/Thread.php | 114 ++++++++++++---------------------------- includes/model/User.php | 36 +++++-------- includes/reply_inc.php | 21 +++----- 13 files changed, 278 insertions(+), 297 deletions(-) delete mode 100644 includes/db_inc.php create mode 100644 includes/functions_category.php create mode 100644 includes/functions_user.php (limited to 'includes') diff --git a/includes/Database.php b/includes/Database.php index cdaa0f8..4950ae3 100644 --- a/includes/Database.php +++ b/includes/Database.php @@ -32,17 +32,30 @@ class Database public function query(string $sql, string $types = "", ...$vars): array { - $stmt = mysqli_stmt_init($this->sql_connection); + $result = array(); - if (!mysqli_stmt_prepare($stmt, $sql)) { - trigger_error('Could not create post due to internal error: ' . mysqli_error($this->sql_connection)); - } + if ($types == "") { + // No types were provided, preparing a statement is not necessary + $db_result = mysqli_query($this->sql_connection, $sql); + } else { + $stmt = mysqli_stmt_init($this->sql_connection); - mysqli_stmt_bind_param($stmt, $types, ...$vars); - mysqli_stmt_execute($stmt); + if (!mysqli_stmt_prepare($stmt, $sql)) { + trigger_error('Internal error: ' . mysqli_error($this->sql_connection)); + return $result; + } - $result = array(); - $db_result = mysqli_stmt_get_result($stmt); + mysqli_stmt_bind_param($stmt, $types, ...$vars); + mysqli_stmt_execute($stmt); + + $db_result = mysqli_stmt_get_result($stmt); + + mysqli_stmt_close($stmt); + } + + if (!$db_result) { + return $result; + } if (mysqli_num_rows($db_result) > 0) { while ($row = mysqli_fetch_assoc($db_result)) { @@ -51,7 +64,6 @@ class Database } mysqli_free_result($db_result); - mysqli_stmt_close($stmt); return $result; } diff --git a/includes/Session.php b/includes/Session.php index 7e17527..a9c1dc7 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -18,9 +18,11 @@ class Session return self::$instance; } - public function sign_in() + public function sign_in(User $user) { $_SESSION['signed_in'] = true; + $_SESSION['user_id'] = $user->id; + $_SESSION['user_name'] = $user->name; } public function is_signed_in(): bool @@ -30,8 +32,6 @@ class Session public function get_current_user() { - include_once 'db_inc.php'; - // There is no current user if (!$this->is_signed_in()) { return null; diff --git a/includes/db_inc.php b/includes/db_inc.php deleted file mode 100644 index b7c361d..0000000 --- a/includes/db_inc.php +++ /dev/null @@ -1,14 +0,0 @@ -query($sql); + + $categories = array(); + + foreach ($result as $row) { + $category = new Category(); + $category->get_from_database($row['cat_id']); + array_push($categories, $category); + } + + return $categories; +} \ No newline at end of file diff --git a/includes/functions_display.php b/includes/functions_display.php index bf9ed64..47ba188 100644 --- a/includes/functions_display.php +++ b/includes/functions_display.php @@ -93,7 +93,7 @@ function display_posts($dbc, $thread_id, $sql_result) { $post_content = $row['post_content']; $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace YouTube URLs with embedded YouTube videos. diff --git a/includes/functions_post.php b/includes/functions_post.php index 0176c76..97fc622 100644 --- a/includes/functions_post.php +++ b/includes/functions_post.php @@ -3,6 +3,22 @@ include_once './includes/Session.php'; include_once './includes/Database.php'; include_once './includes/model/User.php'; +function get_all_posts(): array +{ + $sql = "SELECT post_id FROM posts"; + $result = Database::get()->query($sql); + + $posts = array(); + + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); + } + + return $posts; +} + function create_post($post_content, $post_thread, $post_category) { // User must be signed in @@ -26,6 +42,77 @@ function create_post($post_content, $post_thread, $post_category) Database::get()->query($sql, "i", $post_thread); } +function create_quote(int $id): string +{ + $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + $reply = $result[0]; + + if (empty($reply)) { + return '
This post has been deleted
'; + } + + return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; +} + +function format_post_content(string $post_content) +{ + $post_content = preg_replace_callback('/>#\d+/', function ($matches) { + $result = ""; + foreach ($matches as $match) { + $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); + $result .= create_quote($id); + } + return $result; + }, $post_content); + + $result = $post_content; + + // Replace newline characters with HTML
tags + $result = nl2br($result); + + // Replace YouTube URLs with embedded YouTube videos. + $result = preg_replace( + "/\s*[a-zA-Z\/:]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/*-_?&;%=.]*)/i", + '
', $result); + + // Replace Image URLs with embedded images. + $result = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', 'http$2://$3', $result); + + // Replace other URLs with links. + return preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $result); +} + +/** + * Get the post content from the database and return it as a string ready for HTML display + */ +function get_post_content(Post $post): string +{ + // Build the header + $result = '
#' . $post->id . ''; + $result .= ' Posted by ' . $post->author->name . ''; + $result .= ' on ' . date('m/d/Y g:ia', strtotime($post->date_created)); + + // If the post has a edit date, display it + if (!is_null($post->date_edited)) { + $result .= ' edited ' . date('m/d/Y g:ia', strtotime($post->date_edited)) . ''; + } + + // Append a manage post button if the user is signed in and is the post's creator + if (Session::get()->is_signed_in() && Session::get()->get_current_user()->id == $post->author->id) { + $result .= ''; + $result .= '[Edit/Delete]'; + $result .= ''; + } + $result .= '
'; + + // Append the formatted post content + $result .= '' . format_post_content($post->content) . ''; + + return $result; +} + function edit_post(Post $post, string $post_content) { // User must be signed in diff --git a/includes/functions_thread.php b/includes/functions_thread.php index 62efca9..61b8e59 100644 --- a/includes/functions_thread.php +++ b/includes/functions_thread.php @@ -2,6 +2,22 @@ include_once './includes/Database.php'; include_once './includes/Session.php'; +function get_all_threads(): array +{ + $sql = "SELECT thread_id FROM threads"; + $result = Database::get()->query($sql); + + $threads = array(); + + foreach ($result as $row) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id']); + array_push($threads, $thread); + } + + return $threads; +} + function create_thread($subject, $category) { if (!Session::get()->is_signed_in()) { diff --git a/includes/functions_user.php b/includes/functions_user.php new file mode 100644 index 0000000..b2069a2 --- /dev/null +++ b/includes/functions_user.php @@ -0,0 +1,21 @@ +query($sql, "s", $username); + + return !empty($result); +} + +function register_user(string $username, string $pass_hash) +{ + $sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());"; + Database::get()->query($sql, "ss", $username, $pass_hash); +} + +function change_password(User $user, string $pass_hash) +{ + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; + Database::get()->query($sql, "si", $pass_hash, $user->id); +} \ No newline at end of file diff --git a/includes/model/Category.php b/includes/model/Category.php index b7c46d9..ed53bdc 100644 --- a/includes/model/Category.php +++ b/includes/model/Category.php @@ -2,102 +2,55 @@ include_once 'Thread.php'; -class Category { +class Category +{ public $id = 0; public $name = 'Unknown'; public $description = 'This category does not exist'; public $thread_count = 0; public $post_count = 0; - function get_from_database($id, $dbc) { - $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get category: ' . mysqli_error($dbc); - } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->name = $row['cat_name']; - $this->description = $row['cat_description']; - $this->thread_count = $row['cat_thread_count']; - $this->post_count = $row['cat_post_count']; - } + function get_from_database($id): bool + { + $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - mysqli_free_result($result); - return 1; + + $this->id = $id; + $this->name = $result[0]['cat_name']; + $this->description = $result[0]['cat_description']; + $this->thread_count = $result[0]['cat_thread_count']; + $this->post_count = $result[0]['cat_post_count']; + + return true; } - function get_threads($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get threads from category: ' . mysqli_error($dbc); - } - + function get_threads(): array + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC"; + $result = Database::get()->query($sql, "i", $this->id); $threads = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } + foreach ($result as $row) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id']); + array_push($threads, $thread); } - mysqli_free_result($result); return $threads; } - function get_latest_thread($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get thread from category: ' . mysqli_error($dbc); - } - - $thread = null; - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - } - } + function get_latest_thread(): Thread + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); + + $thread = new Thread(); + $thread->get_from_database($result[0]['thread_id']); - mysqli_free_result($result); return $thread; } } - -function get_all_categories($dbc) { - $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get categories: ' . mysqli_error($dbc); - } - - $categories = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $category = new Category(); - $category->get_from_database($row['cat_id'], $dbc); - array_push($categories, $category); - } - } - - mysqli_free_result($result); - return $categories; -} \ No newline at end of file diff --git a/includes/model/Post.php b/includes/model/Post.php index 34d6a79..86373b6 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -2,27 +2,8 @@ include_once 'Thread.php'; -function add_quote($dbc, $thread_id, $matches) { - foreach ($matches as $match) { - $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); - $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - return '
'; - } - - $reply = mysqli_fetch_assoc($result); - - if (empty($reply)) { - return '
This post has been deleted
'; - } - - return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; - } -} - -class Post { +class Post +{ public $id; public $content; public $date_created; @@ -30,39 +11,33 @@ class Post { public $thread; public $author; - function get_from_database($id, $dbc) { - // TODO: Potential SQL injection risk? - $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get post: ' . mysqli_error($dbc); + function get_from_database($id): bool + { + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->content = $row['post_content']; - $this->date_created = $row['post_date_created']; - $this->date_edited = $row['post_date_edited']; - $this->thread = new Thread(); - $this->thread->get_from_database($row['post_thread'], $dbc); + $this->id = $id; + $this->content = $result[0]['post_content']; + $this->date_created = $result[0]['post_date_created']; + $this->date_edited = $result[0]['post_date_edited']; - $this->author = new User(); - $this->author->get_by_id($row['post_author'], $dbc); - } - } + $this->thread = new Thread(); + $this->thread->get_from_database($result[0]['post_thread']); + + $this->author = new User(); + $this->author->get_by_id($result[0]['post_author']); - mysqli_free_result($result); - return 1; + return true; } - function display_content($dbc) { + function display_content($dbc) + { echo '
#' . $this->id . ''; - echo ' Posted by ' . $this->author->name . ''; + echo ' Posted by ' . $this->author->name . ''; echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); if (!is_null($this->date_edited)) { echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; @@ -70,22 +45,22 @@ class Post { if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { echo ''; echo '[Edit/Delete] '; - echo''; + echo ''; } echo '
'; $post_content = $this->content; $thread_id = $this->id; - $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace newline characters with HTML
tags $post_content = nl2br($post_content); // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( + $post_content = preg_replace( "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", '
', $post_content); // Replace Image URLs with embedded images. @@ -96,26 +71,3 @@ class Post { echo '' . $post_content . ''; } } - -function get_all_posts($dbc) { - $sql = "SELECT post_id FROM posts"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get posts: ' . mysqli_error($dbc); - } - - $posts = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } - } - - mysqli_free_result($result); - return $posts; -} diff --git a/includes/model/Thread.php b/includes/model/Thread.php index a9dc690..cfe10d6 100644 --- a/includes/model/Thread.php +++ b/includes/model/Thread.php @@ -4,7 +4,8 @@ include_once 'Category.php'; include_once 'User.php'; include_once 'Post.php'; -class Thread { +class Thread +{ public $id = 0; public $subject = 'Unknown thread'; public $date_created = 0; @@ -12,100 +13,53 @@ class Thread { public $category; public $author; - function get_from_database($id, $dbc) { - $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - die('Error trying to display thread page: ' . mysqli_error($dbc)); + function get_from_database($id): bool + { + $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->subject = $row['thread_subject']; - $this->date_created = $row['thread_date_created']; - $this->date_lastpost = $row['thread_date_lastpost']; - $this->category = new Category(); - $this->category->get_from_database($row['thread_category'], $dbc); + $this->id = $id; + $this->subject = $result[0]['thread_subject']; + $this->date_created = $result[0]['thread_date_created']; + $this->date_lastpost = $result[0]['thread_date_lastpost']; - $this->author = new User(); - $this->author->get_by_id($row['thread_author'], $dbc); - } - } + $this->category = new Category(); + $this->category->get_from_database($result[0]['thread_category']); - mysqli_free_result($result); - return 1; + $this->author = new User(); + $this->author->get_by_id($result[0]['thread_author']); + + return true; } - function get_posts($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get posts from thread: ' . mysqli_error($dbc); - } - + function get_posts(): array + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ?"; + $result = Database::get()->query($sql, "i", $this->id); + $posts = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); } - mysqli_free_result($result); return $posts; } - function get_latest_post($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get post from category: ' . mysqli_error($dbc); - } - - $post = null; + function get_latest_post(): Post + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ? ORDER BY post_date_created DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - } - } + $post = new Post(); + $post->get_from_database($result[0]['post_id']); - mysqli_free_result($result); return $post; } } - -function get_all_threads($dbc) { - $sql = "SELECT thread_id FROM threads"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get threads: ' . mysqli_error($dbc); - } - - $threads = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } - } - - mysqli_free_result($result); - return $threads; -} diff --git a/includes/model/User.php b/includes/model/User.php index c780ff0..f2bd23d 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -7,44 +7,36 @@ class User { public $id; public $name = 'Unknown'; + public $password; public $date = 0; public $level = 0; - function get_by_name($name, $dbc) + function get_by_name($name): bool { - $sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?"; - $stmt = mysqli_stmt_init($dbc); + $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?"; + $result = Database::get()->query($sql, "s", $name); - if (!mysqli_stmt_prepare($stmt, $sql)) { - echo 'Failed to get user: ' . mysqli_error($dbc); + if (empty($result)) { + return false; } - mysqli_stmt_bind_param($stmt, "s", $name); - mysqli_stmt_execute($stmt); - - $result = mysqli_stmt_get_result($stmt); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $row['user_id']; - $this->name = $name; - $this->date = $row['user_date']; - $this->level = $row['user_level']; - } - } + $this->id = $result[0]['user_id']; + $this->name = $name; + $this->password = $result[0]['user_pass']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; - mysqli_free_result($result); - mysqli_stmt_close($stmt); + return true; } function get_by_id($id) { - $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;"; + $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;"; $result = Database::get()->query($sql, "i", $id); $this->id = $id; $this->name = $result[0]['user_name']; + $this->password = $result[0]['user_pass']; $this->date = $result[0]['user_date']; $this->level = $result[0]['user_level']; } diff --git a/includes/reply_inc.php b/includes/reply_inc.php index cf7a839..588b59f 100644 --- a/includes/reply_inc.php +++ b/includes/reply_inc.php @@ -1,10 +1,8 @@ get_from_database($thread_id); -mysqli_stmt_bind_param($stmt, "sii", $reply_content, $reply_to, $post_author); -mysqli_stmt_execute($stmt); -mysqli_stmt_close($stmt); +create_post($reply_content, $thread_id, $thread->category); header("Location: ../thread.php?id=" . $_GET['reply_to']); \ No newline at end of file -- cgit v1.2.3 From fe3e6194d33d63f149f2a362adf325019278d61e Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:50:59 -0600 Subject: Use Session class instead of $_SESSION --- includes/model/Post.php | 37 ------------------------------------- includes/reply_inc.php | 2 +- 2 files changed, 1 insertion(+), 38 deletions(-) (limited to 'includes') diff --git a/includes/model/Post.php b/includes/model/Post.php index 86373b6..67c7e4a 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -33,41 +33,4 @@ class Post return true; } - - function display_content($dbc) - { - echo '
#' . $this->id . ''; - echo ' Posted by ' . $this->author->name . ''; - echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); - if (!is_null($this->date_edited)) { - echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; - } - if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { - echo ''; - echo '[Edit/Delete] '; - echo ''; - } - echo '
'; - - $post_content = $this->content; - $thread_id = $this->id; - - $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { - return create_quote($dbc, $thread_id, $matches); - }, $post_content); - - // Replace newline characters with HTML
tags - $post_content = nl2br($post_content); - - // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( - "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", - '
', $post_content); - // Replace Image URLs with embedded images. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', 'http$2://$3', $post_content); - // Replace other URLs with links. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); - - echo '' . $post_content . ''; - } } diff --git a/includes/reply_inc.php b/includes/reply_inc.php index 588b59f..873d516 100644 --- a/includes/reply_inc.php +++ b/includes/reply_inc.php @@ -7,7 +7,7 @@ if ($_SERVER['REQUEST_METHOD'] != 'POST') { die('This file cannot be called directly.'); } -if (!isset($_SESSION['signed_in'])) { +if (!Session::get()->is_signed_in()) { die('You must be signed in to reply to a thread.'); } -- cgit v1.2.3 From 08561be92bbfafe149b758634f3df4d00ee310de Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 09:13:44 -0600 Subject: Only start session if it hasn't already been started --- includes/Session.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'includes') diff --git a/includes/Session.php b/includes/Session.php index a9c1dc7..967b11b 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -6,7 +6,8 @@ class Session private function __construct() { - session_start(); + if (session_status() == PHP_SESSION_NONE) + session_start(); } public static function get() -- cgit v1.2.3 From 2d5cf9448edb1eb6785c1532ccb031b0ba0d1ef0 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 17:43:37 -0600 Subject: Remove old signout_inc.php file --- includes/Session.php | 6 ++++++ includes/signout_inc.php | 6 ------ includes/templates/header.php | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 includes/signout_inc.php (limited to 'includes') diff --git a/includes/Session.php b/includes/Session.php index 967b11b..7951d70 100644 --- a/includes/Session.php +++ b/includes/Session.php @@ -26,6 +26,12 @@ class Session $_SESSION['user_name'] = $user->name; } + public function sign_out() + { + session_unset(); + session_destroy(); + } + public function is_signed_in(): bool { return isset($_SESSION['signed_in']); diff --git a/includes/signout_inc.php b/includes/signout_inc.php deleted file mode 100644 index 7859c4f..0000000 --- a/includes/signout_inc.php +++ /dev/null @@ -1,6 +0,0 @@ -is_signed_in()) { $user = Session::get()->get_current_user(); - echo '[' . $user->name . '\'s Profile] [Log out]'; + echo '[' . $user->name . '\'s Profile] [Log out]'; } else { echo '[Sign in] or [Register an account]'; } -- cgit v1.2.3 From df9177492976ba968a556a52cc155477652089dc Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 17:47:41 -0600 Subject: Reload page after submitting a reply to a thread --- includes/reply_inc.php | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 includes/reply_inc.php (limited to 'includes') diff --git a/includes/reply_inc.php b/includes/reply_inc.php deleted file mode 100644 index 873d516..0000000 --- a/includes/reply_inc.php +++ /dev/null @@ -1,22 +0,0 @@ -is_signed_in()) { - die('You must be signed in to reply to a thread.'); -} - -$reply_content = filter_input(INPUT_POST, 'reply_content', FILTER_SANITIZE_STRING); -$thread_id = filter_input(INPUT_POST, 'reply_to', FILTER_SANITIZE_NUMBER_INT); - -$thread = new Thread(); -$thread->get_from_database($thread_id); - -create_post($reply_content, $thread_id, $thread->category); - -header("Location: ../thread.php?id=" . $_GET['reply_to']); \ No newline at end of file -- cgit v1.2.3 From 0d163247b2cf93a8cefa638e4f134c85b29e91a6 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 17:48:17 -0600 Subject: Delete unused functions_display.php script --- includes/functions_display.php | 110 ----------------------------------------- 1 file changed, 110 deletions(-) delete mode 100644 includes/functions_display.php (limited to 'includes') diff --git a/includes/functions_display.php b/includes/functions_display.php deleted file mode 100644 index 47ba188..0000000 --- a/includes/functions_display.php +++ /dev/null @@ -1,110 +0,0 @@ -'; - echo '

' . $row['cat_name'] . '

'; - echo $row['cat_description']; - if ($thread) { - echo '' . $thread['thread_subject'] . '
'; - echo 'by ' . $thread['user_name'] . ''; - } else { - $no_threads_msg = 'There are no threads in this category yet.'; - echo ''. $no_threads_msg .''; - } - } - - mysqli_stmt_close($stmt); - mysqli_free_result($thread_res); -} - -function display_threads($dbc, $sql_result, $show_category = false) { - $sql = "SELECT post_id, post_date, user_id, user_name FROM posts JOIN users ON post_author = user_id WHERE post_thread = ? ORDER BY post_id DESC LIMIT 1"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create thread due to internal error: ' . mysqli_error($dbc)); - } - - while ($row = mysqli_fetch_assoc($sql_result)) { - mysqli_stmt_bind_param($stmt, "i", $row['thread_id']); - mysqli_stmt_execute($stmt); - - $thread_res = mysqli_stmt_get_result($stmt); - $thread = mysqli_fetch_assoc($thread_res); - - echo ''; - echo '

' . $row['thread_subject'] . '

'; - echo 'by ' . $row['user_name'] . ' '; - if ($show_category) { - echo 'in ' . $row['cat_name'] . ' '; - } - echo 'on ' . date('M d, Y', strtotime($row['thread_date'])) . ''; - echo 'by ' . $thread['user_name'] . '
'; - echo '' . date('m/d/Y g:ia', strtotime($thread['post_date'])) . ''; - } - - mysqli_stmt_close($stmt); -} - -function add_quote($dbc, $thread_id, $matches) { - foreach ($matches as $match) { - $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT) - 1; - $sql = "SELECT post_content, post_author, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_thread = " . $thread_id . " LIMIT 1 OFFSET " . $id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - return '
'; - } - - $reply = mysqli_fetch_assoc($result); - - if (empty($reply)) { - return '
Invalid quote!
'; - } - - $id = $id + 1; - - return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; - } -} - -function display_posts($dbc, $thread_id, $sql_result) { - while ($row = mysqli_fetch_assoc($sql_result)) { - echo '#' . $row['post_id'] . ' Posted by ' . $row['user_name'] . ' on ' . date('m/d/Y g:ia', strtotime($row['post_date'])) . '
'; - - $post_content = $row['post_content']; - - $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return create_quote($dbc, $thread_id, $matches); - }, $post_content); - - // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( - "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", - '
', $post_content); - // Replace Image URLs with embedded images. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', 'http$2://$3', $post_content); - // Replace other URLs with links. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); - - echo $post_content; - } -} \ No newline at end of file -- cgit v1.2.3 From 5c3d6b49d5db5bb3504191933dd171b54219c2b3 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sun, 25 Apr 2021 17:50:21 -0600 Subject: Add some extra checks before changing a password --- includes/functions_user.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'includes') diff --git a/includes/functions_user.php b/includes/functions_user.php index b2069a2..4ea1ad1 100644 --- a/includes/functions_user.php +++ b/includes/functions_user.php @@ -16,6 +16,16 @@ function register_user(string $username, string $pass_hash) function change_password(User $user, string $pass_hash) { + if (!Session::get()->is_signed_in()) { + trigger_error('You are not signed in.'); + return; + } + + if (Session::get()->get_current_user()->id != $user->id) { + trigger_error("You can't change another user's password."); + return; + } + $sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;"; Database::get()->query($sql, "si", $pass_hash, $user->id); } \ No newline at end of file -- cgit v1.2.3 From a09d9f377f5c055e42e5f21b5cdea64c2e2ca896 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 8 May 2021 17:28:53 -0600 Subject: Default user level --- includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'includes') diff --git a/includes/functions_user.php b/includes/functions_user.php index 4ea1ad1..690350a 100644 --- a/includes/functions_user.php +++ b/includes/functions_user.php @@ -10,7 +10,7 @@ function username_exists(string $username): bool function register_user(string $username, string $pass_hash) { - $sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());"; + $sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);"; Database::get()->query($sql, "ss", $username, $pass_hash); } -- cgit v1.2.3