Initial commit

2021-09-16 20:27:51 +08:00
commit 5ed6195cc1
41 changed files with 3429 additions and 0 deletions
--- a/core/controllers/Comment.php
+++ b/core/controllers/Comment.php
@ -0,0 +1,85 @@
+<?php
+
+namespace Controllers;
+
+class Comment
+{
+    public function create()
+    {
+        if (! $this->commentValid()) {
+            header('Location: /post/' . $_POST['post_id']);
+            return false;
+        }
+        $sql = 'INSERT INTO comments VALUES (NULL, ?, ?, DEFAULT, DEFAULT, ?)';
+        $query = db()->prepare($sql);
+        $query->execute([
+            trim($_POST['content']),
+            $_SESSION['username'],
+            $_POST['post_id']
+        ]);
+        header("Location: /post/{$_POST['post_id']}");
+        return false;
+    }
+
+    public function update($id)
+    {
+        if (! $this->isCommentAuthor($id)) {
+            header('HTTP/1.0 403 Forbidden');
+            die();
+            return false;
+        }
+        if (! $this->commentValid()) {
+            header('Location: /post/' . $_POST['post_id']);
+            return false;
+        }
+        $sql = 'UPDATE comments SET content=? WHERE id=?';
+        $query = db()->prepare($sql);
+        $query->execute([trim($_POST['content']), $id]);
+        header("Location: /post/{$_POST['post_id']}");
+        return false;
+    }
+
+    public function delete($id)
+    {
+        if (! $this->isAuthor($id)) {
+            header('HTTP/1.0 403 Forbidden');
+            die();
+            return false;
+        }
+        $sql = 'DELETE FROM comments WHERE id=?';
+        $query = db()->prepare($sql);
+        $query->execute([$id]);
+        header("Location: /post/{$_POST['post_id']}");
+        return false;
+    }
+
+    private function isCommentAuthor($id)
+    {
+        $sql = 'SELECT author FROM comments WHERE id=?';
+        $query = db()->prepare($sql);
+        $query->execute([$id]);
+        $comment = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
+        return (count($comment) != 0 &&
+                $comment[0]->author == $_SESSION['username']);
+    }
+
+    private function isAuthor($id)
+    {
+        $sql = 'SELECT author FROM posts WHERE id IN ( ' .
+               'SELECT comment_to FROM comments WHERE id=? )';
+        $query = db()->prepare($sql);
+        $query->execute([$id]);
+        $post = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
+        return (count($post) != 0 &&
+                $post[0]->author == $_SESSION['username']);
+    }
+
+    private function commentValid()
+    {
+        if (empty(trim($_POST['content']))) {
+            $_SESSION['comment_errors'] = ['Comment cannot be empty.'];
+            return false;
+        }
+        return true;
+    }
+}