misuzu/public/forum/posting.php

<?php
require_once '../../misuzu.php';

if (!user_session_active()) {
    echo render_error(401);
    return;
}

if (user_warning_check_restriction(user_session_current('user_id', 0))) {
    echo render_error(403);
    return;
}

$forumPostingModes = [
    'create',   'edit',     'quote',
    'delete',   'restore',  'nuke',
];

if (!empty($_POST)) {
    $mode = $_POST['post']['mode'] ?? 'create';
    $postId = max(0, (int)($_POST['post']['id'] ?? 0));
    $topicId = max(0, (int)($_POST['post']['topic'] ?? 0));
    $forumId = max(0, (int)($_POST['post']['forum'] ?? 0));
} else {
    $mode = $_GET['m'] ?? 'create';
    $postId = max(0, (int)($_GET['p'] ?? 0));
    $topicId = max(0, (int)($_GET['t'] ?? 0));
    $forumId = max(0, (int)($_GET['f'] ?? 0));
}

if (!in_array($mode, $forumPostingModes, true)) {
    echo render_error(400);
    return;
}

if (empty($postId) && empty($topicId) && empty($forumId)) {
    echo render_error(404);
    return;
}

if (!empty($postId)) {
    $post = forum_post_get($postId);

    if (isset($post['topic_id'])) { // should automatic cross-quoting be a thing? if so, check if $topicId is < 1 first
        $topicId = (int)$post['topic_id'];
    }
}

if (!empty($topicId)) {
    $getTopic = db_prepare('
        SELECT `topic_id`, `forum_id`, `topic_title`, `topic_locked`
        FROM `msz_forum_topics`
        WHERE `topic_id` = :topic_id
    ');
    $getTopic->bindValue('topic_id', $topicId);
    $topic = $getTopic->execute() ? $getTopic->fetch(PDO::FETCH_ASSOC) : false;

    if (isset($topic['forum_id'])) {
        $forumId = (int)$topic['forum_id'];
    }
}

if (!empty($forumId)) {
    $getForum = db_prepare('
        SELECT `forum_id`, `forum_name`, `forum_type`, `forum_archived`
        FROM `msz_forum_categories`
        WHERE `forum_id` = :forum_id
    ');
    $getForum->bindValue('forum_id', $forumId);
    $forum = $getForum->execute() ? $getForum->fetch(PDO::FETCH_ASSOC) : false;
}

if (empty($forum)) {
    echo render_error(404);
    return;
}

$perms = forum_perms_get_user(MSZ_FORUM_PERMS_GENERAL, $forum['forum_id'], user_session_current('user_id'));

if ($forum['forum_archived']
    || !empty($topic['topic_locked'])
    || !perms_check($perms, MSZ_FORUM_PERM_VIEW_FORUM | MSZ_FORUM_PERM_CREATE_POST)
    || (empty($topic) && !perms_check($perms, MSZ_FORUM_PERM_CREATE_TOPIC))) {
    echo render_error(403);
    return;
}

if (!forum_may_have_topics($forum['forum_type'])) {
    echo render_error(400);
    return;
}

// edit mode stuff
if ($mode === 'edit') {
    if (empty($post)) {
        echo render_error(404);
        return;
    }

    if (!perms_check($perms, $post['poster_id'] === user_session_current('user_id') ? MSZ_FORUM_PERM_EDIT_POST : MSZ_FORUM_PERM_EDIT_ANY_POST)) {
        echo render_error(403);
        return;
    }
}

$notices = [];

if (!empty($_POST)) {
    if (!csrf_verify('forum_post', $_POST['csrf'] ?? '')) {
        $notices[] = 'Could not verify request.';
    } else {
        $topicTitle = $_POST['post']['title'] ?? '';
        $setTopicTitle = empty($topic) || ($mode === 'edit' && $post['is_opening_post'] && $topicTitle !== $topic['topic_title']);
        $postText = $_POST['post']['text'] ?? '';
        $postParser = (int)($_POST['post']['parser'] ?? MSZ_PARSER_BBCODE);

        if (!parser_is_valid($postParser)) {
            $notices[] = 'Invalid parser selected.';
        }

        switch (forum_validate_post($postText)) {
            case 'too-short':
                $notices[] = 'Post content was too short.';
                break;

            case 'too-long':
                $notices[] = 'Post content was too long.';
                break;
        }

        if ($setTopicTitle) {
            switch (forum_validate_title($topicTitle)) {
                case 'too-short':
                    $notices[] = 'Topic title was too short.';
                    break;

                case 'too-long':
                    $notices[] = 'Topic title was too long.';
                    break;
            }
        }

        if (empty($notices)) {
            switch ($mode) {
                case 'create':
                    if (!empty($topic)) {
                        forum_topic_bump($topic['topic_id']);
                    } else {
                        $topicId = forum_topic_create($forum['forum_id'], user_session_current('user_id', 0), $topicTitle);
                    }

                    $postId = forum_post_create(
                        $topicId,
                        $forum['forum_id'],
                        user_session_current('user_id', 0),
                        ip_remote_address(),
                        $postText,
                        $postParser
                    );
                    forum_topic_mark_read(user_session_current('user_id', 0), $topicId, $forum['forum_id']);
                    break;

                case 'edit':
                    if (!forum_post_update($postId, ip_remote_address(), $postText, $postParser)) {
                        $notices[] = 'Post edit failed.';
                    }

                    if ($setTopicTitle) {
                        if (!forum_topic_update($topicId, $topicTitle)) {
                            $notices[] = 'Topic update failed.';
                        }
                    }
                    break;
            }

            if (empty($notices)) {
                header("Location: /forum/topic.php?p={$postId}#p{$postId}");
                return;
            }
        }
    }
}

if (!empty($topic)) {
    tpl_var('posting_topic', $topic);
}

if ($mode === 'edit') { // $post is pretty much sure to be populated at this point
    tpl_var('posting_post', $post);
}

// fetches additional data for simulating a forum post
$getDisplayInfo = db_prepare('
    SELECT u.`user_country`, u.`user_created`, (
        SELECT COUNT(`post_id`)
        FROM `msz_forum_posts`
        WHERE `user_id` = u.`user_id`
    ) AS `user_forum_posts`
    FROM `msz_users` as u
    WHERE `user_id` = :user_id
');
$getDisplayInfo->bindValue('user_id', user_session_current('user_id'));
$displayInfo = $getDisplayInfo->execute() ? $getDisplayInfo->fetch(PDO::FETCH_ASSOC) : [];

echo tpl_render('forum.posting', [
    'posting_breadcrumbs' => forum_get_breadcrumbs($forumId),
    'global_accent_colour' => forum_get_colour($forumId),
    'posting_forum' => $forum,
    'posting_info' => $displayInfo,
    'posting_notices' => $notices,
    'posting_mode' => $mode,
]);
SQL is black magic 2018-05-22 01:05:25 +02:00			`<?php`
New config system, define a root dir constant and deprecate more of Application. 2018-10-04 22:30:55 +02:00			`require_once '../../misuzu.php';`
SQL is black magic 2018-05-22 01:05:25 +02:00
Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			`if (!user_session_active()) {`
Finished implementation of warning and banning system, closes #87. 2018-12-28 06:03:42 +01:00			`echo render_error(401);`
			`return;`
			`}`

			`if (user_warning_check_restriction(user_session_current('user_id', 0))) {`
finishing touches for the baseline (nowhere near done tho) 2018-05-26 22:33:05 +02:00			`echo render_error(403);`
SQL is black magic 2018-05-22 01:05:25 +02:00			`return;`
			`}`

Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`$forumPostingModes = [`
			`'create', 'edit', 'quote',`
			`'delete', 'restore', 'nuke',`
			`];`

Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`if (!empty($_POST)) {`
Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`$mode = $_POST['post']['mode'] ?? 'create';`
			`$postId = max(0, (int)($_POST['post']['id'] ?? 0));`
SQL is black magic 2018-05-22 01:05:25 +02:00			`$topicId = max(0, (int)($_POST['post']['topic'] ?? 0));`
			`$forumId = max(0, (int)($_POST['post']['forum'] ?? 0));`
			`} else {`
Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`$mode = $_GET['m'] ?? 'create';`
SQL is black magic 2018-05-22 01:05:25 +02:00			`$postId = max(0, (int)($_GET['p'] ?? 0));`
			`$topicId = max(0, (int)($_GET['t'] ?? 0));`
			`$forumId = max(0, (int)($_GET['f'] ?? 0));`
			`}`

Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`if (!in_array($mode, $forumPostingModes, true)) {`
			`echo render_error(400);`
			`return;`
			`}`

login checks and some minor javascriptery 2018-05-22 04:09:53 +02:00			`if (empty($postId) && empty($topicId) && empty($forumId)) {`
finishing touches for the baseline (nowhere near done tho) 2018-05-26 22:33:05 +02:00			`echo render_error(404);`
login checks and some minor javascriptery 2018-05-22 04:09:53 +02:00			`return;`
			`}`

SQL is black magic 2018-05-22 01:05:25 +02:00			`if (!empty($postId)) {`
Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`$post = forum_post_get($postId);`
SQL is black magic 2018-05-22 01:05:25 +02:00
			`if (isset($post['topic_id'])) { // should automatic cross-quoting be a thing? if so, check if $topicId is < 1 first`
			`$topicId = (int)$post['topic_id'];`
			`}`
			`}`

			`if (!empty($topicId)) {`
Database stuff is now also procedural, would ya look at that. 2018-10-07 01:30:48 +02:00			`$getTopic = db_prepare('`
functions yay 2018-05-23 03:41:57 +02:00			SELECT `topic_id`, `forum_id`, `topic_title`, `topic_locked`
SQL is black magic 2018-05-22 01:05:25 +02:00			FROM `msz_forum_topics`
			WHERE `topic_id` = :topic_id
			`');`
			`$getTopic->bindValue('topic_id', $topicId);`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`$topic = $getTopic->execute() ? $getTopic->fetch(PDO::FETCH_ASSOC) : false;`
SQL is black magic 2018-05-22 01:05:25 +02:00
			`if (isset($topic['forum_id'])) {`
			`$forumId = (int)$topic['forum_id'];`
			`}`
			`}`

			`if (!empty($forumId)) {`
Database stuff is now also procedural, would ya look at that. 2018-10-07 01:30:48 +02:00			`$getForum = db_prepare('`
functions yay 2018-05-23 03:41:57 +02:00			SELECT `forum_id`, `forum_name`, `forum_type`, `forum_archived`
SQL is black magic 2018-05-22 01:05:25 +02:00			FROM `msz_forum_categories`
			WHERE `forum_id` = :forum_id
			`');`
			`$getForum->bindValue('forum_id', $forumId);`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`$forum = $getForum->execute() ? $getForum->fetch(PDO::FETCH_ASSOC) : false;`
SQL is black magic 2018-05-22 01:05:25 +02:00			`}`

login checks and some minor javascriptery 2018-05-22 04:09:53 +02:00			`if (empty($forum)) {`
finishing touches for the baseline (nowhere near done tho) 2018-05-26 22:33:05 +02:00			`echo render_error(404);`
login checks and some minor javascriptery 2018-05-22 04:09:53 +02:00			`return;`
			`}`

Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`$perms = forum_perms_get_user(MSZ_FORUM_PERMS_GENERAL, $forum['forum_id'], user_session_current('user_id'));`
Implemented permission checks everywhere, manage is next. 2018-08-23 22:06:48 +02:00
			`if ($forum['forum_archived']`
			`\|\| !empty($topic['topic_locked'])`
			`\|\| !perms_check($perms, MSZ_FORUM_PERM_VIEW_FORUM \| MSZ_FORUM_PERM_CREATE_POST)`
			`\|\| (empty($topic) && !perms_check($perms, MSZ_FORUM_PERM_CREATE_TOPIC))) {`
			`echo render_error(403);`
login checks and some minor javascriptery 2018-05-22 04:09:53 +02:00			`return;`
			`}`

Implemented permission checks everywhere, manage is next. 2018-08-23 22:06:48 +02:00			`if (!forum_may_have_topics($forum['forum_type'])) {`
			`echo render_error(400);`
functions yay 2018-05-23 03:41:57 +02:00			`return;`
			`}`

Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`// edit mode stuff`
			`if ($mode === 'edit') {`
			`if (empty($post)) {`
			`echo render_error(404);`
			`return;`
			`}`

			`if (!perms_check($perms, $post['poster_id'] === user_session_current('user_id') ? MSZ_FORUM_PERM_EDIT_POST : MSZ_FORUM_PERM_EDIT_ANY_POST)) {`
			`echo render_error(403);`
			`return;`
			`}`
			`}`

Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`$notices = [];`
functions yay 2018-05-23 03:41:57 +02:00
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`if (!empty($_POST)) {`
			`if (!csrf_verify('forum_post', $_POST['csrf'] ?? '')) {`
			`$notices[] = 'Could not verify request.';`
SQL is black magic 2018-05-22 01:05:25 +02:00			`} else {`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`$topicTitle = $_POST['post']['title'] ?? '';`
Allow editing of the topic name when editing the original post. 2018-12-30 04:23:04 +01:00			`$setTopicTitle = empty($topic) \|\| ($mode === 'edit' && $post['is_opening_post'] && $topicTitle !== $topic['topic_title']);`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`$postText = $_POST['post']['text'] ?? '';`
			`$postParser = (int)($_POST['post']['parser'] ?? MSZ_PARSER_BBCODE);`

			`if (!parser_is_valid($postParser)) {`
			`$notices[] = 'Invalid parser selected.';`
			`}`

Allow editing of the topic name when editing the original post. 2018-12-30 04:23:04 +01:00			`switch (forum_validate_post($postText)) {`
functions yay 2018-05-23 03:41:57 +02:00			`case 'too-short':`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`$notices[] = 'Post content was too short.';`
			`break;`
functions yay 2018-05-23 03:41:57 +02:00
			`case 'too-long':`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`$notices[] = 'Post content was too long.';`
			`break;`
functions yay 2018-05-23 03:41:57 +02:00			`}`

Allow editing of the topic name when editing the original post. 2018-12-30 04:23:04 +01:00			`if ($setTopicTitle) {`
			`switch (forum_validate_title($topicTitle)) {`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`case 'too-short':`
			`$notices[] = 'Topic title was too short.';`
			`break;`
SQL is black magic 2018-05-22 01:05:25 +02:00
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`case 'too-long':`
			`$notices[] = 'Topic title was too long.';`
			`break;`
			`}`
			`}`

			`if (empty($notices)) {`
Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`switch ($mode) {`
			`case 'create':`
			`if (!empty($topic)) {`
			`forum_topic_bump($topic['topic_id']);`
			`} else {`
			`$topicId = forum_topic_create($forum['forum_id'], user_session_current('user_id', 0), $topicTitle);`
			`}`

			`$postId = forum_post_create(`
			`$topicId,`
			`$forum['forum_id'],`
			`user_session_current('user_id', 0),`
			`ip_remote_address(),`
			`$postText,`
			`$postParser`
			`);`
			`forum_topic_mark_read(user_session_current('user_id', 0), $topicId, $forum['forum_id']);`
			`break;`

			`case 'edit':`
Allow editing of the topic name when editing the original post. 2018-12-30 04:23:04 +01:00			`if (!forum_post_update($postId, ip_remote_address(), $postText, $postParser)) {`
Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`$notices[] = 'Post edit failed.';`
			`}`
Allow editing of the topic name when editing the original post. 2018-12-30 04:23:04 +01:00
			`if ($setTopicTitle) {`
			`if (!forum_topic_update($topicId, $topicTitle)) {`
			`$notices[] = 'Topic update failed.';`
			`}`
			`}`
Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`break;`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`}`

Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`if (empty($notices)) {`
			`header("Location: /forum/topic.php?p={$postId}#p{$postId}");`
			`return;`
			`}`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`}`
			`}`
SQL is black magic 2018-05-22 01:05:25 +02:00			`}`

Posting page 2018-05-22 02:54:20 +02:00			`if (!empty($topic)) {`
Restructure templating system. 2018-08-15 03:12:58 +02:00			`tpl_var('posting_topic', $topic);`
Posting page 2018-05-22 02:54:20 +02:00			`}`
SQL is black magic 2018-05-22 01:05:25 +02:00
Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`if ($mode === 'edit') { // $post is pretty much sure to be populated at this point`
			`tpl_var('posting_post', $post);`
			`}`

Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`// fetches additional data for simulating a forum post`
			`$getDisplayInfo = db_prepare('`
			SELECT u.`user_country`, u.`user_created`, (
			SELECT COUNT(`post_id`)
			FROM `msz_forum_posts`
			WHERE `user_id` = u.`user_id`
			) AS `user_forum_posts`
			FROM `msz_users` as u
			WHERE `user_id` = :user_id
			`');`
			`$getDisplayInfo->bindValue('user_id', user_session_current('user_id'));`
			`$displayInfo = $getDisplayInfo->execute() ? $getDisplayInfo->fetch(PDO::FETCH_ASSOC) : [];`

Restructure templating system. 2018-08-15 03:12:58 +02:00			`echo tpl_render('forum.posting', [`
functions yay 2018-05-23 03:41:57 +02:00			`'posting_breadcrumbs' => forum_get_breadcrumbs($forumId),`
Use new style on the forum. 2018-10-22 00:11:14 +02:00			`'global_accent_colour' => forum_get_colour($forumId),`
Posting page 2018-05-22 02:54:20 +02:00			`'posting_forum' => $forum,`
Redid the topic create/reply form. 2018-12-27 05:25:51 +01:00			`'posting_info' => $displayInfo,`
			`'posting_notices' => $notices,`
Added post editing, closes #97. 2018-12-30 04:02:35 +01:00			`'posting_mode' => $mode,`
Posting page 2018-05-22 02:54:20 +02:00			`]);`