From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Fri, 23 Apr 2021 18:43:12 -0600 Subject: Refactoring part 1 --- manage_post.php | 26 ++++---------------------- 1 file changed, 4 insertions(+), 22 deletions(-) (limited to 'manage_post.php') diff --git a/manage_post.php b/manage_post.php index 8c6129b..3f9a9b3 100644 --- a/manage_post.php +++ b/manage_post.php @@ -1,15 +1,7 @@ id"; - mysqli_query($dbc, $sql); - - $sql = "UPDATE categories SET `cat_post_count` = `cat_post_count` - '1' WHERE cat_id = " . $post->thread->category->id . ";"; - mysqli_query($dbc, $sql); -} +include('includes/db_inc.php'); +include('includes/functions_post.php'); +include('includes/model/Post.php'); session_start(); @@ -41,7 +33,6 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { goto end; } - if ($_SESSION['user_id'] != $post->author->id) { echo "You can't manage another user's post!"; goto end; @@ -50,16 +41,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (strcasecmp($delete, "on") == 0) { delete_post($dbc, $post); } else { - $sql = "UPDATE posts SET post_content = ?, post_date_edited = CONVERT_TZ(NOW(), 'SYSTEM', '+00:00') WHERE post_id = ?;"; - $stmt = mysqli_stmt_init($dbc); - - if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create post due to internal error: ' . mysqli_error($dbc)); - } - - mysqli_stmt_bind_param($stmt, "si", $post_content, $id); - mysqli_stmt_execute($stmt); - mysqli_stmt_close($stmt); + edit_post(); } end: -- cgit v1.2.3 From 7c3f2e348c015ea93563d866f89ec8cea9159ea0 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 09:40:20 -0600 Subject: Refactoring part 2 Starting to move some functionality such as the session and database connection into singleton classes to manage them. Functions for modifying posts and threads are being put in one place as well. --- manage_post.php | 86 ++++++++++++++++++++++++--------------------------------- 1 file changed, 36 insertions(+), 50 deletions(-) (limited to 'manage_post.php') diff --git a/manage_post.php b/manage_post.php index 3f9a9b3..9e04dd4 100644 --- a/manage_post.php +++ b/manage_post.php @@ -10,13 +10,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } else { $result = $current->get_from_database($_GET['id'], $dbc); if ($result == 0) { http_response_code(404); - include_once 'templates/404.php'; + include_once './includes/templates/404.php'; die(); } } @@ -28,68 +28,54 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { $post = new Post(); $post->get_from_database($id, $dbc); - if (!isset($_SESSION['signed_in'])) { - echo 'You must be signed in to manage a post.'; - goto end; - } - - if ($_SESSION['user_id'] != $post->author->id) { - echo "You can't manage another user's post!"; - goto end; - } - if (strcasecmp($delete, "on") == 0) { - delete_post($dbc, $post); + delete_post($post); } else { - edit_post(); + edit_post($post, $post_content); } - end: header("Location: /viewthread.php?id=" . $post->thread->id); } ?> - +
-You must be signed in to manage a post.
'; + return; +} - // Admin users should be able to delete posts, but they should not be able to edit them - // Or should they?? - if ($current_user->id != $current->author->id/* && $current_user->level < 1*/) { - echo "You can't manage another user's post!"; - return; - } +// Admin users should be able to delete posts, but they should not be able to edit them +// Or should they?? +if (Session::get()->get_current_user()->id != $current->author->id) { + echo 'You can\'t manage another user\'s post!
'; + return; +} - // TODO: Disallow editing/deleting posts if they have been around for a while - ?> - +// TODO: Disallow editing/deleting posts if they have been around for a while +?> + -- cgit v1.2.3 From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:40:50 -0600 Subject: Remove all uses of db_inc.php This method of importing the database login every time wasn't very good. Now everything uses the new Database singleton class. --- manage_post.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'manage_post.php') diff --git a/manage_post.php b/manage_post.php index 9e04dd4..99f0ad4 100644 --- a/manage_post.php +++ b/manage_post.php @@ -1,7 +1,6 @@ get_from_database($_GET['id'], $dbc); + $result = $current->get_from_database($_GET['id']); if ($result == 0) { http_response_code(404); include_once './includes/templates/404.php'; @@ -26,7 +25,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') { $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); $post = new Post(); - $post->get_from_database($id, $dbc); + $post->get_from_database($id); if (strcasecmp($delete, "on") == 0) { delete_post($post); @@ -47,7 +46,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {