Added many stuff

Too lazy to write what
2026-06-17 04:33:56 +02:00 · 2019-05-16 13:25:21 +02:00
parent eaa735da68
commit 62e4c56658
10 changed files with 400 additions and 87 deletions
--- a/lib/Bloggr/auth.php
+++ b/lib/Bloggr/auth.php
@ -241,8 +241,30 @@ class Auth
    }
    return $id;
  }
+  public function canEditPost($id) {
+    if (!$this->isLoggedIn()) return false;
+    if (!$this->hasRole(\Bloggr\Roles::ADMIN)) {
+      try {
+        $s = $this->pdo->prepare("SELECT id FROM posts WHERE id = :id AND user = :user LIMIT 1;");
+        $s->execute(array(
+          ':id' => $id,
+          ':user' => $this->getId(),
+        ));
+  
+        if ($s->rowCount() <= 0) {
+          return false;
+        }
+
+        return true;
+      } catch (\PDOException $e) {
+        return false;
+      }
+    }
+    return true;
+  }
  public function editPost($id, $title, $text) {
    if (!$this->isLoggedIn()) return false;
+    if (!$this->canEditPost($id)) return false;

    $errors = array();
    $title = htmlspecialchars(trim(filter_var($title, FILTER_SANITIZE_STRING)));
@ -279,11 +301,12 @@ class Auth
      return $errors;
    }
    try {
-      $s = $this->pdo->prepare("UPDATE posts SET title = :title, text = :text, updated_at = :updated_at WHERE id = :id LIMIT 1;");
+      $s = $this->pdo->prepare("UPDATE posts SET title = :title, text = :text, updated_at = :updated_at, updated_by = :updated_by WHERE id = :id LIMIT 1;");
      $r = $s->execute(array(
        ':title' => $title,
        ':text' => $text,
        ':updated_at' => $updated_at,
+        ':updated_by' => $this->getId(),
        ':id' => $id,
      ));
      if(!$r) {
@ -314,6 +337,9 @@ class Auth

      while ($row = $s->fetch()) {
        $row['user'] = $this->getUsernameById($row['user']);
+        if ($row['updated_by'] && $row['updated_by'] != 0) {
+          $row['updated_by'] = $this->getUsernameById($row['updated_by']);
+        }
        return $row;
      }

@ -342,5 +368,181 @@ class Auth
      return $posts;
    }
  }
+  public function commentPost($id, $comment) {
+    if (empty($id) || !\is_numeric($id)) {
+      return false;
+    }
+    if (!$this->isLoggedIn()) return false;
+
+    $errors = array();
+    $comment = htmlspecialchars(trim($comment, FILTER_SANITIZE_STRING));
+    $created_at = time();
+    if (strlen($comment) < 3) {
+      array_push($errors, 'Text is too short! Min. 3');
+    }
+    if (strlen($comment) > 256) {
+      array_push($errors, 'Text is too long! Max. 256');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    try {
+      $s = $this->pdo->prepare("INSERT INTO comments (post, user, comment, created_at) VALUES(:post, :user, :comment, :created_at);");
+      $r = $s->execute(array(
+        ':post' => $id,
+        ':user' => $this->getId(),
+        ':comment' => $comment,
+        ':created_at' => $created_at,
+      ));
+      if(!$r) {
+        array_push($errors, 'Something went wrong!');
+      }
+      if (count($errors) > 0) {
+        return $errors;
+      }
+      return true;
+    } catch (\PDOException $e) {
+      array_push($errors, 'Something went wrong!');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    return false;
+  }
+  public function getPostComments($id) {
+    if (empty($id) || !\is_numeric($id)) {
+      return false;
+    }
+
+    try {
+      $s = $this->pdo->prepare("SELECT * FROM comments WHERE post = :id ORDER BY id DESC;");
+      $s->execute(array(
+        ':id' => $id,
+      ));
+
+      if ($s->rowCount() <= 0) {
+        return false;
+      }
+      $rows = [];
+
+      while ($row = $s->fetch()) {
+        $row['user'] = $this->getUsernameById($row['user']);
+        array_push($rows, $row);
+      }
+      return $rows;
+
+      return false;
+    } catch (\PDOException $e) {
+      return false;
+    }
+  }
+  public function getAllUsers() {
+    try {
+      $users = [];
+      $sql = "SELECT * FROM users ORDER BY id ASC";
+      $result = $this->pdo->query($sql);
+
+      if (!$result) {
+        return false;
+      }
+
+      foreach ($result as $row) {
+        array_push($users, $row);
+      }
+
+      return $users;
+    } catch (\PDOException $e) {
+      return $users;
+    }
+  }
+  public function updateUserRole($id, $role = 0) {
+    if (!$this->isLoggedIn()) return false;
+    if (!$this->hasRole([ \Bloggr\Roles::ADMIN ])) {
+      return false;
+    }
+    if (empty($id) || !\is_numeric($id)) {
+      return false;
+    }
+    if (!isset($role) || !\is_numeric($role)) {
+      return false;
+    }
+
+    $errors = array();
+
+    try {
+      $s = $this->pdo->prepare("UPDATE users SET roles_mask = :role WHERE id = :id LIMIT 1;");
+      $r = $s->execute(array(
+        ':role' => $role,
+        ':id' => $id,
+      ));
+      if(!$r) {
+        array_push($errors, 'Something went wrong!');
+      }
+    } catch (\PDOException $e) {
+      array_push($errors, 'Something went wrong!');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    return true;
+  }
+  public function updatePassword($old, $new, $repeat) {
+    if (!$this->isLoggedIn()) return false;
+    $errors = array();
+    
+    $old = filter_var($old, FILTER_SANITIZE_STRING);
+    $new = filter_var($new, FILTER_SANITIZE_STRING);
+    $repeat = filter_var($repeat, FILTER_SANITIZE_STRING);
+
+    try {
+      $s = $this->pdo->prepare("SELECT id, username, email, password FROM users WHERE id = :id LIMIT 1;");
+      $s->execute(array(
+        ':id' => $this->getId()
+      ));
+      if ($s->rowCount() <= 0) {
+        array_push($errors, 'User not found!');
+      } else {
+        while ($row = $s->fetch()) {
+          if (!password_verify($old, $row['password'])) {
+            array_push($errors, 'Wrong password!');
+          }
+        }
+      }
+    } catch (\PDOException $e) {
+      array_push($errors, 'Something went wrong!');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    if ($new != $repeat) {
+      array_push($errors, 'Password repeat wrong!');
+    }
+    if (strlen(trim($new)) < 8) {
+      array_push($errors, 'Password is too short! Min 8');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+
+    try {
+      $s = $this->pdo->prepare("UPDATE users SET password = :password WHERE id = :id LIMIT 1;");
+      $r = $s->execute(array(
+        ':password' => password_hash($new, PASSWORD_DEFAULT),
+        ':id' => $this->getId(),
+      ));
+      if(!$r) {
+        array_push($errors, 'Something went wrong!');
+      }
+    } catch (\PDOException $e) {
+      array_push($errors, 'Something went wrong!');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    return true;
+  }
 }
 ?>
--- a/lib/autoload.php
+++ b/lib/autoload.php
@ -1,4 +1,6 @@
 <?php
+date_default_timezone_set("Europe/Berlin");
+
 spl_autoload_register(function ($class_name) {
  include $class_name . '.php';
 });
--- a/lib/config.php
+++ b/lib/config.php
@ -1,5 +1,5 @@
 <?php
-define('SITE_TITLE', 'A Bloggr Site');
+define('SITE_TITLE', 'Title of Doom');

 define('DB_HOST', 'localhost');
 define('DB_NAME', 'bloggr');
--- a/lib/sql/db.sql
+++ b/lib/sql/db.sql
@ -23,5 +23,16 @@ CREATE TABLE `posts` (
  `text` longtext CHARACTER SET utf8mb4 NOT NULL,
  `created_at` int(10) UNSIGNED NOT NULL,
  `updated_at` int(10) UNSIGNED DEFAULT NULL,
+  `updated_by` int(11) UNSIGNED,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+
+CREATE TABLE `comments` (
+  `id` int(11) UNSIGNED NOT NULL AUTO_INCREMENT,
+  `post` int(11) UNSIGNED NOT NULL,
+  `user` int(11) UNSIGNED NOT NULL,
+  `comment` text NOT NULL,
+  `created_at` int(10) UNSIGNED NOT NULL,
  PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--- a/lib/sql/posts.sql
+++ b/lib/sql/posts.sql
@ -1,73 +0,0 @@
-- phpMyAdmin SQL Dump
-- version 4.8.5
-- https://www.phpmyadmin.net/
--
-- Host: 127.0.0.1
-- Generation Time: May 10, 2019 at 10:50 AM
-- Server version: 10.1.38-MariaDB
-- PHP Version: 7.3.3
-
-SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
-SET AUTOCOMMIT = 0;
-START TRANSACTION;
-SET time_zone = "+00:00";
-
-
-/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
-/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
-/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
-/*!40101 SET NAMES utf8mb4 */;
-
--
-- Database: `bloggr`
--
-
-- --------------------------------------------------------
-
--
-- Table structure for table `posts`
--
-
-CREATE TABLE `posts` (
-  `id` int(11) UNSIGNED NOT NULL,
-  `user` int(11) UNSIGNED NOT NULL,
-  `title` varchar(128) CHARACTER SET utf8mb4 NOT NULL,
-  `text` longtext CHARACTER SET utf8mb4 NOT NULL,
-  `created_at` int(10) UNSIGNED NOT NULL,
-  `updated_at` int(10) UNSIGNED DEFAULT NULL
-) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-
--
-- Dumping data for table `posts`
--
-
-INSERT INTO `posts` (`id`, `user`, `title`, `text`, `created_at`, `updated_at`) VALUES
-(1, 1, 'test', 'test title', 1557473772, NULL),
-(2, 1, 'test', 'test title', 1557473835, 1557476392),
-(3, 1, 'Title of doom', 'Lorem ipsum', 1557473940, 1557476222),
-(4, 1, 'awdswetf', ' wteawstrsw tws4e sw t  4aeswtg w4s      ', 1557474085, NULL);
-
--
-- Indexes for dumped tables
--
-
--
-- Indexes for table `posts`
--
-ALTER TABLE `posts`
-  ADD PRIMARY KEY (`id`);
-
--
-- AUTO_INCREMENT for dumped tables
--
-
--
-- AUTO_INCREMENT for table `posts`
--
-ALTER TABLE `posts`
-  MODIFY `id` int(11) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=5;
-COMMIT;
-
-/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
-/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
-/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;