1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
<?php
include_once 'Thread.php';
class Post {
public $id;
public $content;
public $date;
public $thread;
public $author;
function get_from_database($id, $dbc) {
// TODO: Potential SQL injection risk?
$sql = "SELECT post_content, post_date, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id);
$result = mysqli_query($dbc, $sql);
if (!$result) {
echo 'Failed to get post: ' . mysqli_error($dbc);
}
if (mysqli_num_rows($result) == 0) {
} else {
while ($row = mysqli_fetch_assoc($result)) {
$this->id = $id;
$this->content = $row['post_content'];
$this->date = $row['post_date'];
$this->thread = new Thread();
$this->thread->get_from_database($row['post_thread'], $dbc);
$this->author = new User();
$this->author->get_by_id($row['post_author'], $dbc);
}
}
mysqli_free_result($result);
}
function display_content() {
echo '<div>#' . $this->id . ' Posted by <a href="viewuser.php?id='. $this->author->id.'">' . $this->author->name . '</a> on ' . date('m/d/Y g:ia', strtotime($this->date)) . '<br></div>';
$post_content = $this->content;
// $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) {
// return add_quote($dbc, $thread_id, $matches);
// }, $post_content);
// Replace YouTube URLs with embedded YouTube videos.
$post_content = preg_replace(
"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
'<br><iframe class="youtube-embed" src="//www.youtube.com/embed/$2" allowfullscreen></iframe>', $post_content);
// Replace Image URLs with embedded images.
$post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:</\w+>|/?>))@i', '<img class="image-embed" src="http$2://$3" alt="http$2://$3" />', $post_content);
// Replace other URLs with links.
$post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:</\w+>|/?>))@i', '<a href="http$2://$3">$0</a>', $post_content);
echo $post_content;
}
}
function get_all_posts($dbc) {
$sql = "SELECT post_id FROM posts";
$result = mysqli_query($dbc, $sql);
if (!$result) {
echo 'Failed to get posts: ' . mysqli_error($dbc);
}
$posts = array();
if (mysqli_num_rows($result) == 0) {
} else {
while ($row = mysqli_fetch_assoc($result)) {
$post = new Post();
$post->get_from_database($row['post_id'], $dbc);
array_push($posts, $post);
}
}
mysqli_free_result($result);
return $posts;
}
|
