uohlhv/blog-app
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
uohlhv
2021-09-16 20:27:51 +08:00
commit 5ed6195cc1
41 changed files with 3429 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
core/Bootstrap.php Normal file
View File

@ -0,0 +1,35 @@
<?php
session_start();
header("X-Frame-Options: DENY");
if (! isset($_SESSION['_token'])) {
$_SESSION['_token'] = Illuminate\Support\Str::random(40);
}
use Phroute\Phroute\Dispatcher;
use Phroute\Phroute\Exception\HttpMethodNotAllowedException;
use Phroute\Phroute\Exception\HttpRouteNotFoundException;
use Phroute\Phroute\RouteCollector;
use Phroute\Phroute\RouteParser;
$route = new RouteCollector(new RouteParser);
require 'Routes.php';
$dispatcher = new Dispatcher($route->getData());
try {
$response = $dispatcher->dispatch(
$_SERVER['REQUEST_METHOD'],
parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
);
echo $response;
} catch (HttpRouteNotFoundException $e) {
header('Location: /404');
die();
} catch (HttpMethodNotAllowedException $e) {
header('HTTP/1.0 403 Forbidden');
die();
}

118
core/Helpers.php Normal file
View File

@ -0,0 +1,118 @@
<?php
if (! function_exists('db')) {
function db()
{
$config = new Core\Config;
return new Core\Database\QueryBuilder(
Core\Database\Connection::make($config->get('database'))
);
}
}
if (! function_exists('view')) {
function view($name, $data = [])
{
if (isset($_SESSION['errors'])) {
$data['errors'] = $_SESSION['errors'];
unset($_SESSION['errors']);
}
if (isset($_SESSION['comment_errors'])) {
$data['comment_errors'] = $_SESSION['comment_errors'];
unset($_SESSION['comment_errors']);
}
if (isset($_SESSION['messages'])) {
$data['messages'] = $_SESSION['messages'];
unset($_SESSION['messages']);
}
if (isset($_SESSION['inputs'])) {
$inputs = $_SESSION['inputs'];
foreach ($inputs as $key => $value) {
$data[$key] = $value;
}
unset($_SESSION['inputs']);
}
$blade = new Jenssegers\Blade\Blade('views', 'views/cache');
$blade->compiler()->directive('markdown', function ($expression) {
return "<?php echo markdown({$expression}) ?>";
});
return $blade->make($name)->with($data);
}
}
if (! function_exists('markdown')) {
function markdown($content)
{
$parsedown = new \Parsedown;
$html = $parsedown->text($content);
$config = \HTMLPurifier_Config::createDefault();
$purifier = new \HTMLPurifier($config);
return $purifier->purify($html);
}
}
if (! function_exists('valid_username')) {
function valid_username($username)
{
$sql = 'SELECT * FROM users WHERE name=?';
$query = db()->prepare($sql);
$query->execute([$username]);
$user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
return strlen($username) <= 32 &&
preg_match('/^[\w\d._]+$/', $username) &&
! count($user);
}
}
if (! function_exists('valid_email')) {
function valid_email($email)
{
$sql = 'SELECT * FROM users WHERE email=?';
$query = db()->prepare($sql);
$query->execute([$email]);
$user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
return filter_var($email, FILTER_VALIDATE_EMAIL) &&
! count($user);
}
}
if (! function_exists('valid_password')) {
function valid_password($password1, $password2)
{
return preg_match('/^[!-~]+$/', $password1) &&
$password1 == $password2;
}
}
if (! function_exists('send_mail')) {
function send_mail($options)
{
$config = new Core\Config;
$mail = new PHPMailer\PHPMailer\PHPMailer(true);
$mail->SMTPDebug = 0;
$mail->isSMTP();
$mail->Host = $config->get('mailer')['host'];
$mail->SMTPAuth = true;
$mail->Username = $config->get('mailer')['username'];
$mail->Password = $config->get('mailer')['password'];
$mail->SMTPSecure = 'tls';
$mail->Port = 465;
$mail->setFrom($config->get('mailer')['from']);
$mail->addAddress($options['email']);
$mail->isHTML(true);
$mail->Subject = $options['title'];
$mail->Body = $options['body'];
$mail->send();
}
}
if (! function_exists('port')) {
function port()
{
$config = new Core\Config;
return $config->get('port');
}
}

7
core/Record.php Normal file
View File

@ -0,0 +1,7 @@
<?php
namespace Core;
class Record
{
}

85
core/controllers/Comment.php Normal file
View File

@ -0,0 +1,85 @@
<?php
namespace Controllers;
class Comment
{
public function create()
{
if (! $this->commentValid()) {
header('Location: /post/' . $_POST['post_id']);
return false;
}
$sql = 'INSERT INTO comments VALUES (NULL, ?, ?, DEFAULT, DEFAULT, ?)';
$query = db()->prepare($sql);
$query->execute([
trim($_POST['content']),
$_SESSION['username'],
$_POST['post_id']
]);
header("Location: /post/{$_POST['post_id']}");
return false;
}
public function update($id)
{
if (! $this->isCommentAuthor($id)) {
header('HTTP/1.0 403 Forbidden');
die();
return false;
}
if (! $this->commentValid()) {
header('Location: /post/' . $_POST['post_id']);
return false;
}
$sql = 'UPDATE comments SET content=? WHERE id=?';
$query = db()->prepare($sql);
$query->execute([trim($_POST['content']), $id]);
header("Location: /post/{$_POST['post_id']}");
return false;
}
public function delete($id)
{
if (! $this->isAuthor($id)) {
header('HTTP/1.0 403 Forbidden');
die();
return false;
}
$sql = 'DELETE FROM comments WHERE id=?';
$query = db()->prepare($sql);
$query->execute([$id]);
header("Location: /post/{$_POST['post_id']}");
return false;
}
private function isCommentAuthor($id)
{
$sql = 'SELECT author FROM comments WHERE id=?';
$query = db()->prepare($sql);
$query->execute([$id]);
$comment = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
return (count($comment) != 0 &&
$comment[0]->author == $_SESSION['username']);
}
private function isAuthor($id)
{
$sql = 'SELECT author FROM posts WHERE id IN ( ' .
'SELECT comment_to FROM comments WHERE id=? )';
$query = db()->prepare($sql);
$query->execute([$id]);
$post = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
return (count($post) != 0 &&
$post[0]->author == $_SESSION['username']);
}
private function commentValid()
{
if (empty(trim($_POST['content']))) {
$_SESSION['comment_errors'] = ['Comment cannot be empty.'];
return false;
}
return true;
}
}

105
core/controllers/Password.php Normal file
View File

@ -0,0 +1,105 @@
<?php
namespace Controllers;
class Password
{
public function getReset()
{
return view('password.reset');
}
public function getCreate()
{
if ($this->hasToken() && $this->tokenValid()) {
return view('password.create');
}
header('HTTP/1.0 403 Forbidden');
die();
return false;
}
public function reset()
{
if ($id = $this->getUserId()) {
$db = db();
$forget_token = \Illuminate\Support\Str::random(40);
$sql = 'INSERT INTO forget_tokens VALUES (:id, :token)';
$query = $db->prepare($sql);
$query->bindValue(':id', $id, \PDO::PARAM_INT);
$query->bindValue(':token', $forget_token);
$query->execute();
send_mail([
'email' => $_POST['email'],
'title' => '[Blog App] A Password Reset Requested!',
'body' => 'Click <a href="http://localhost' . port() . '/user/password/create?id=' . $id .
'&forget_token=' . $forget_token . '">here</a> to confirm that ' .
'you really want to reset your password.'
]);
$sql = 'SET global event_scheduler = 1;' .
'DROP EVENT IF EXISTS clear_forget_token_:id;' .
'CREATE EVENT clear_forget_token_:id ' .
'ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 1 HOUR ' .
'DO DELETE FROM forget_tokens WHERE id=:id';
$query = $db->prepare($sql);
$query->bindValue(':id', $id, \PDO::PARAM_INT);
$query->execute();
$message = 'Check your email inbox. We have sent you a confirmation mail.';
return view('redirect', ['message' => $message]);
}
$_SESSION['errors'] = ['This E-mail is not registered or is already requested.'];
header('Location: /user/password/reset');
return false;
}
public function create()
{
if (! valid_password($_POST['password'], $_POST['confirm-password'])) {
$_SESSION['errors'] = ['Invalid password.'];
header("Location: /user/password/create?id={$_POST['id']}&forget_token={$_POST['forget_token']}");
return false;
}
$sql = 'UPDATE users SET password=? WHERE id=?';
$db = db();
$query = $db->prepare($sql);
$query->execute([
password_hash($_POST['password'], PASSWORD_DEFAULT),
$_POST['id']
]);
$sql = 'DELETE FROM forget_tokens WHERE id=?';
$db = db();
$query = $db->prepare($sql);
$query->execute([$_POST['id']]);
header('Location: /user/login');
return false;
}
private function hasToken()
{
return (isset($_GET['id']) &&
isset($_GET['forget_token']));
}
private function tokenValid()
{
$sql = 'SELECT * FROM (users AS u JOIN ' .
'forget_tokens AS t ON u.id=t.id) WHERE u.id=? AND token=?';
$query = db()->prepare($sql);
$query->execute([$_GET['id'], $_GET['forget_token']]);
$user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
return (count($user) != 0);
}
private function getUserId()
{
$sql = 'SELECT u.id FROM users AS u WHERE email=? AND NOT EXISTS (' .
'SELECT * FROM forget_tokens AS t WHERE u.id=t.id)';
$query = db()->prepare($sql);
$query->execute([$_POST['email']]);
$user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
if (count($user) != 0) {
return $user[0]->id;
}
return null;
}
}

280
core/controllers/Post.php Normal file
View File

@ -0,0 +1,280 @@
<?php
namespace Controllers;
class Post
{
public function index($page = '1')
{
$db = db();
$offset = ($page >= 1) ? ($page - 1) : 0;
$offset *= 10;
$sql = 'SELECT * FROM posts ORDER BY create_at DESC LIMIT ?,10';
$query = $db->prepare($sql);
$query->bindValue(1, $offset, \PDO::PARAM_INT);
$query->execute();
$posts = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$offset += 10;
$query->bindValue(1, $offset, \PDO::PARAM_INT);
$query->execute();
$next = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$sql = 'SELECT id, keyword, COUNT(id) AS num_of_posts FROM ('.
'tags JOIN post_tag ON id=tag_id) GROUP BY id ORDER BY keyword';
$query = $db->prepare($sql);
$query->execute();
$tags = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$is_last = count($next) == 0 ? true : false;
return view('post.index', [
'posts' => $posts,
'tags' => $tags,
'page' => $page,
'is_last' => $is_last,
'pager_uri' => ''
]);
}
public function showCreate()
{
return view('post.create', [
'title' => '',
'content' => '',
'tags' => ''
]);
}
public function show($id)
{
$post = $this->getPost($id);
if ($post != null) {
return view('post.show', [
'post' => $post,
'tags' => $this->getTags($id),
'comments' => $this->getComments($id)
]);
}
throw new \Phroute\Phroute\Exception\HttpRouteNotFoundException;
}
public function showUpdate($id)
{
if (! $this->isAuthor($id)) {
header('HTTP/1.0 403 Forbidden');
die();
return false;
}
if ($post = $this->getPostWithTags($id)) {
return view('post.edit', ['post' => $post]);
}
throw new \Phroute\Phroute\Exception\HttpRouteNotFoundException;
}
public function create()
{
if (! $this->titleValid()) {
header('Location: /post/create');
return false;
}
$id = $this->setPost();
$tags = array_values(array_filter(
array_map('trim', explode(',', $_POST['tags']))
));
$this->setTags($tags);
$this->syncPostTag($id, $tags);
header("Location: /post/$id");
return false;
}
public function update($id)
{
if (! $this->isAuthor($id)) {
header('HTTP/1.0 403 Forbidden');
die();
return false;
}
if (! $this->titleValid()) {
header("Location: /post/$id/edit");
return false;
}
$this->updatePost($id);
$tags = array_values(array_filter(
array_map('trim', explode(',', $_POST['tags']))
));
$this->setTags($tags);
$this->syncPostTag($id, $tags);
header("Location: /post/$id");
return false;
}
public function delete($id)
{
if (! $this->isAuthor($id)) {
header('HTTP/1.0 403 Forbidden');
die();
return false;
}
$sql = 'DELETE FROM posts WHERE id=?';
$query = db()->prepare($sql);
$query->execute([$id]);
$path = parse_url($_SERVER['HTTP_REFERER'])['path'];
if (preg_match('/^\/post\//', $path)) {
header('Location: /');
return false;
}
header("Location: $path");
return false;
}
private function isAuthor($id)
{
$sql = 'SELECT author FROM posts WHERE id=?';
$query = db()->prepare($sql);
$query->execute([$id]);
$post = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
return (count($post) != 0 &&
$post[0]->author == $_SESSION['username']);
}
private function titleValid()
{
if (empty(trim($_POST['title']))) {
$_SESSION['errors'] = ['Post title cannot be empty.'];
$_SESSION['inputs'] = [
'title' => $_POST['title'],
'content' => $_POST['content'],
'tags' => $_POST['tags']
];
return false;
}
return true;
}
private function getPost($id)
{
$sql = 'SELECT p.*, COUNT(c.id) AS num_of_comments FROM posts AS p ' .
'LEFT JOIN comments AS c ON p.id=c.comment_to WHERE p.id=:id';
$query = db()->prepare($sql);
$query->bindValue(':id', $id, \PDO::PARAM_INT);
$query->execute();
$post = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
if (count($post) != 0) {
return $post[0];
}
return null;
}
private function getTags($id)
{
$sql = 'SELECT * FROM tags WHERE id IN ( ' .
"SELECT tag_id FROM post_tag WHERE post_id=? ) ORDER BY keyword";
$query = db()->prepare($sql);
$query->execute([$id]);
return $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
}
private function getComments($id)
{
$sql = 'SELECT c.*, u.email FROM comments AS c, users AS u ' .
'WHERE c.comment_to=? AND c.author=u.name ORDER BY c.create_at';
$query = db()->prepare($sql);
$query->execute([$id]);
return $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
}
private function getPostWithTags($id)
{
$sql = "SELECT p.*, GROUP_CONCAT(DISTINCT t.keyword SEPARATOR ', ') AS tags " .
'FROM posts AS p, tags AS t WHERE p.id=:id AND t.id IN ( ' .
'SELECT tag_id FROM post_tag WHERE post_id=:id ) ORDER BY t.keyword';
$query = db()->prepare($sql);
$query->bindValue(':id', $id, \PDO::PARAM_INT);
$query->execute();
$post = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
if (count($post) != 0) {
return $post[0];
}
return null;
}
private function setPost()
{
$db = db();
$sql = 'INSERT INTO posts VALUES (NULL, ?, ?, ?, DEFAULT, DEFAULT)';
$query = $db->prepare($sql);
$query->execute([
trim($_POST['title']),
trim($_POST['content']),
$_SESSION['username']
]);
return $db->lastInsertId();
}
private function updatePost($id)
{
$sql = 'UPDATE posts SET title=?, content=? WHERE id=?';
$query = db()->prepare($sql);
$query->execute([
trim($_POST['title']),
trim($_POST['content']),
$id
]);
}
private function setTags($tags)
{
if (count($tags) != 0) {
$rows = [];
foreach ($tags as $tag) {
array_push($rows, "(NULL, ?)");
}
$sql = 'INSERT INTO tags VALUES ' . implode(', ', $rows) .
' ON DUPLICATE KEY UPDATE keyword=keyword';
$query = db()->prepare($sql);
$query->execute($tags);
}
}
private function syncPostTag($post_id, $tags)
{
$db = db();
if (count($tags) != 0) {
$tuple_holders = [];
$element_holders = [];
$rows = [];
$tag_ids = $this->tagsToIds($tags);
foreach ($tag_ids as $tag_id) {
array_push($tuple_holders, '(?, ?)');
array_push($element_holders, '?');
array_push($rows, $post_id, $tag_id);
}
$sql = 'INSERT INTO post_tag VALUES ' . implode(', ', $tuple_holders) .
' ON DUPLICATE KEY UPDATE post_id=post_id';
$query = $db->prepare($sql);
$query->execute($rows);
$sql = 'DELETE FROM post_tag WHERE post_id=? AND tag_id NOT IN ' .
'(' . implode(', ', $element_holders) . ')';
$query = $db->prepare($sql);
$query->bindValue(1, $post_id, \PDO::PARAM_INT);
foreach ($tag_ids as $index => $tag_id) {
$query->bindValue($index + 2, $tag_id, \PDO::PARAM_INT);
}
$query->execute();
} else {
$sql = 'DELETE FROM post_tag WHERE post_id=?';
$query = $db->prepare($sql);
$query->execute([$post_id]);
}
}
private function tagsToIds($tags)
{
$element_holders = [];
foreach ($tags as $tag) {
array_push($element_holders, '?');
}
$sql = 'SELECT DISTINCT id FROM tags WHERE keyword IN ' .
'(' . implode(', ', $element_holders) . ') ORDER BY id';
$query = db()->prepare($sql);
$query->execute($tags);
return $query->fetchAll(\PDO::FETCH_COLUMN, 0);
}
}

39
core/controllers/Search.php Normal file
View File

@ -0,0 +1,39 @@
<?php
namespace Controllers;
class Search
{
public function show($keyword, $page = '1')
{
$db = db();
$keyword = urldecode($keyword);
$offset = ($page >= 1) ? ($page - 1) : 0;
$offset *= 10;
$sql = 'SELECT * FROM posts WHERE title LIKE ? ' .
'ORDER BY create_at DESC LIMIT ?,10';
$query = $db->prepare($sql);
$query->bindValue(1, '%' . preg_quote($keyword) . '%');
$query->bindValue(2, $offset, \PDO::PARAM_INT);
$query->execute();
$posts = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$offset += 10;
$query->bindValue(2, $offset, \PDO::PARAM_INT);
$query->execute();
$next = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$sql = 'SELECT id, keyword, COUNT(id) AS num_of_posts FROM (' .
'tags JOIN post_tag ON id=tag_id) GROUP BY id ORDER BY keyword';
$query = $db->prepare($sql);
$query->execute();
$tags = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$is_last = count($next) == 0 ? true : false;
return view('post.index', [
'keyword' => $keyword,
'posts' => $posts,
'tags' => $tags,
'page' => $page,
'is_last' => $is_last,
'pager_uri' => preg_replace('/\/\d+$/', '', $_SERVER['REQUEST_URI'])
]);
}
}

41
core/controllers/Tag.php Normal file
View File

@ -0,0 +1,41 @@
<?php
namespace Controllers;
class Tag
{
public function show($id, $page = '1')
{
$db = db();
$offset = ($page >= 1) ? ($page - 1) : 0;
$offset *= 10;
$sql = 'SELECT * FROM posts WHERE id IN (' .
'SELECT post_id FROM post_tag WHERE tag_id=? ) ORDER BY create_at DESC LIMIT ?,10';
$query = $db->prepare($sql);
$query->bindValue(1, $id, \PDO::PARAM_INT);
$query->bindValue(2, $offset, \PDO::PARAM_INT);
$query->execute();
$posts = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$offset += 10;
$query->bindValue(2, $offset, \PDO::PARAM_INT);
$query->execute();
$next = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$sql = 'SELECT id, keyword, COUNT(id) AS num_of_posts FROM (' .
'tags JOIN post_tag ON id=tag_id) GROUP BY id ORDER BY keyword';
$query = $db->prepare($sql);
$query->execute();
$tags = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$is_last = count($next) == 0 ? true : false;
if (count($posts) != 0) {
return view('tag.index', [
'posts' => $posts,
'tags' => $tags,
'page' => $page,
'is_last' => $is_last,
'pager_uri' => preg_replace('/(\/\d+)(\/\d+)$/', '$1', $_SERVER['REQUEST_URI'])
]);
}
header('Location: /');
return false;
}
}

330
core/controllers/User.php Normal file
View File

@ -0,0 +1,330 @@
<?php
namespace Controllers;
class User
{
public function activate()
{
if (! $this->hasToken()) {
header('Location: /');
return false;
}
if ($id = $this->getUserId()) {
$sql = 'DELETE FROM active_tokens WHERE id=?';
$query = db()->prepare($sql);
$query->execute([$id]);
$messages = ['Your account has been activated.'];
return view('user.login', ['messages' => $messages]);
}
header('HTTP/1.0 403 Forbidden');
die();
return false;
}
public function showCreate()
{
return view('user.register');
}
public function showLogin()
{
return view('user.login');
}
public function showSettings()
{
return view('user.settings');
}
public function show($name, $page = '1')
{
$db = db();
$offset = ($page >= 1) ? ($page - 1) : 0;
$offset *= 10;
$sql = 'SELECT * FROM posts WHERE author IN ( ' .
'SELECT name FROM users WHERE name=? ) ' .
'ORDER BY create_at DESC LIMIT ?,10';
$query = $db->prepare($sql);
$query->bindValue(1, $name);
$query->bindValue(2, $offset, \PDO::PARAM_INT);
$query->execute();
$posts = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$offset += 10;
$query->bindValue(2, $offset, \PDO::PARAM_INT);
$query->execute();
$next = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$sql = 'SELECT id, keyword, COUNT(id) AS num_of_posts FROM (' .
'tags JOIN post_tag ON id=tag_id) GROUP BY id ORDER BY keyword';
$query = $db->prepare($sql);
$query->execute();
$tags = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
$is_last = count($next) == 0 ? true : false;
return view('post.index', [
'posts' => $posts,
'tags' => $tags,
'page' => $page,
'is_last' => $is_last,
'pager_uri' => preg_replace('/\/\d+$/', '', $_SERVER['REQUEST_URI'])
]);
}
public function create()
{
if (! $this->validator()) {
header('Location: /user/register');
return false;
}
$active_token = \Illuminate\Support\Str::random(40);
$id = $this->setUser($active_token);
send_mail([
'email' => $_POST['email'],
'title' => '[Blog App] Active Your Account!',
'body' => 'Click <a href="http://localhost' . port() . '/user/activate?id=' . $id .
'&active_token=' . $active_token . '">here</a> to activate.'
]);
$sql = 'SET global event_scheduler = 1;' .
'DROP EVENT IF EXISTS clear_unactive_user_:id;' .
'CREATE EVENT clear_unactive_user_:id ' .
'ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 1 HOUR ' .
'DO DELETE FROM users WHERE id=:id AND EXISTS (' .
'SELECT * FROM active_tokens WHERE id=:id)';
$query = db()->prepare($sql);
$query->bindValue(':id', $id, \PDO::PARAM_INT);
$query->execute();
$message = 'Check your email inbox. We\'ve sent you an activation mail.';
return view('redirect', ['message' => $message]);
}
public function update()
{
$validation = [];
$usernameGiven = ($_POST['username'] != $_SESSION['username']);
$passwordGiven = (! empty(trim($_POST['password'])));
$emailGiven = ($_POST['email'] != $_SESSION['email']);
if ($usernameGiven) {
$validation['username'] = valid_username($_POST['username']);
}
if ($passwordGiven) {
$validation['password'] = valid_password(
$_POST['password'],
$_POST['confirm-password']
);
}
if ($emailGiven) {
$validation['email'] = valid_email($_POST['email']);
}
if (count($validation) != 0 && ! $this->validator($validation)) {
header('Location: /user/settings');
return false;
}
return $this->updateUser($usernameGiven, $passwordGiven, $emailGiven);
}
public function delete()
{
$sql = 'DELETE FROM users WHERE id=?';
$query = db()->prepare($sql);
$query->execute([$_SESSION['id']]);
return $this->logout();
}
public function verifyEmail()
{
$db = db();
$sql = 'SELECT token FROM verify_tokens WHERE id=?';
$query = $db->prepare($sql);
$query->execute([$_GET['id']]);
$verify_token = $query->fetchAll(\PDO::FETCH_COLUMN, 0);
if (count($verify_token) != 0) {
$verify_token = $verify_token[0];
if ($verify_token == $_GET['verify_token']) {
$sql = 'UPDATE users SET email=? WHERE id=?';
$query = $db->prepare($sql);
$query->execute([$_GET['email'], $_GET['id']]);
$sql = 'DELETE FROM verify_tokens WHERE id=?';
$query = $db->prepare($sql);
$query->execute([$_GET['id']]);
$_SESSION['messages'] = ['E-mail updated.'];
$_SESSION['email'] = $_GET['email'];
header('Location: /user/settings');
return false;
}
}
header('HTTP/1.0 403 Forbidden');
die();
return false;
}
public function login()
{
$sql = 'SELECT u.id, u.name, u.email, u.password ' .
'FROM users AS u WHERE name=? AND NOT EXISTS (' .
'SELECT * FROM active_tokens AS t WHERE u.id=t.id)';
$query = db()->prepare($sql);
$query->execute([$_POST['username']]);
$user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
if (count($user) != 0 &&
password_verify($_POST['password'], trim($user[0]->password))
) {
$_SESSION['is_auth'] = true;
$_SESSION['id'] = $user[0]->id;
$_SESSION['username'] = $user[0]->name;
$_SESSION['email'] = $user[0]->email;
header('Location: /');
return false;
}
$_SESSION['errors'] = ['Incorrect username or password.'];
$_SESSION['inputs'] = [
'username' => $_POST['username']
];
header('Location: /user/login');
return false;
}
public function logout()
{
session_unset();
session_destroy();
header('Location: /');
return false;
}
private function hasToken()
{
if (isset($_GET['id']) &&
isset($_GET['active_token'])
) {
return true;
}
return false;
}
private function getUserId()
{
$sql = 'SELECT u.id FROM (users AS u ' .
'JOIN active_tokens AS t ON u.id=t.id) ' .
'WHERE u.id=? AND t.token=?';
$query = db()->prepare($sql);
$query->execute([$_GET['id'], $_GET['active_token']]);
$user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
if (count($user) != 0) {
return $user[0]->id;
}
return null;
}
private function validator($validation = [])
{
if (count($validation) == 0) {
$validation = [
'username' => valid_username($_POST['username']),
'email' => valid_email($_POST['email']),
'password' => valid_password(
$_POST['password'],
$_POST['confirm-password']
)
];
}
$errors = [];
foreach ($validation as $input => $result) {
if (! $result) {
array_push($errors, "Invalid $input.");
}
}
if (count($errors) != 0) {
$_SESSION['errors'] = $errors;
if (isset($_POST['username'])) {
$_SESSION['inputs'] = [
'username' => $_POST['username'],
'email' => $_POST['email']
];
}
return false;
}
return true;
}
private function setUser($active_token)
{
$sql = 'INSERT INTO users VALUES (NULL, ?, ?, ?)';
$db = db();
$query = $db->prepare($sql);
$query->execute([
$_POST['username'],
$_POST['email'],
password_hash($_POST['password'], PASSWORD_DEFAULT)
]);
$id = $db->lastInsertId();
$sql = 'INSERT INTO active_tokens VALUES (:id, :token)';
$query = $db->prepare($sql);
$query->bindValue(':id', $id, \PDO::PARAM_INT);
$query->bindValue(':token', $active_token);
$query->execute();
return $id;
}
private function updateUser($usernameGiven, $passwordGiven, $emailGiven)
{
$db = db();
if ($usernameGiven) {
$sql = 'UPDATE users SET name=? WHERE id=?';
$query = $db->prepare($sql);
$query->execute([$_POST['username'], $_POST['id']]);
$_SESSION['messages'][] = 'Username updated.';
$_SESSION['username'] = $_POST['username'];
}
if ($passwordGiven) {
$sql = 'UPDATE users SET password=? WHERE id=?';
$query = $db->prepare($sql);
$query->execute([
password_hash($_POST['password'], PASSWORD_DEFAULT),
$_POST['id']
]);
$_SESSION['messages'][] = 'Password updated.';
}
if ($emailGiven) {
if (! $this->requested($_POST['id'])) {
$verify_token = \Illuminate\Support\Str::random(40);
$sql = 'INSERT INTO verify_tokens VALUES (:id, :token)';
$query = $db->prepare($sql);
$query->bindValue(':id', $_POST['id'], \PDO::PARAM_INT);
$query->bindValue(':token', $verify_token);
$query->execute();
send_mail([
'email' => $_POST['email'],
'title' => '[Blog App] Verify Your E-mail!',
'body' => 'Click <a href="http://localhost' . port() . '/user/email/verify' .
'?id=' . $_SESSION['id'] .
'&email=' . $_POST['email'] .
'&verify_token=' . $verify_token . '">here</a> to verify.'
]);
$sql = 'SET global event_scheduler = 1;' .
'DROP EVENT IF EXISTS clear_unverify_email_:id;' .
'CREATE EVENT clear_unverify_email_:id ' .
'ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 1 HOUR ' .
'DO DELETE FROM verify_tokens WHERE id=:id';
$query = $db->prepare($sql);
$query->bindValue(':id', $_POST['id'], \PDO::PARAM_INT);
$query->execute();
}
$_SESSION['messages'][] = 'Check your email inbox. ' .
'We\'ve sent you an verification mail ' .
'for email updating request.';
}
header('Location: /user/settings');
return false;
}
private function requested($id)
{
$sql = 'SELECT * FROM verify_tokens WHERE id=?';
$query = db()->prepare($sql);
$query->execute([$id]);
$verify_token = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
if (count($verify_token) != 0) {
return true;
}
return false;
}
}

20
core/database/Connection.php Normal file
View File

@ -0,0 +1,20 @@
<?php
namespace Core\Database;
class Connection
{
public static function make($config)
{
try {
return new \PDO(
"{$config['connection']};dbname={$config['name']};charset=utf8",
$config['username'],
$config['password'],
$config['options']
);
} catch (\PDOException $e) {
die($e->getMessage());
}
}
}

25
core/database/QueryBuilder.php Normal file
View File

@ -0,0 +1,25 @@
<?php
namespace Core\Database;
use \PDO;
class QueryBuilder
{
protected $pdo;
public function __construct(PDO $pdo)
{
$this->pdo = $pdo;
}
public function prepare($query)
{
return $this->pdo->prepare($query);
}
public function lastInsertId()
{
return $this->pdo->lastInsertId();
}
}