function has_permission($user, $permission)
{
$mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database());
$stmt = $mysqli->prepare("SELECT permission.permission FROM `user`, `group`, `user_group`, `permission` WHERE user.id = ? AND user_group.group_id = group.id AND user_group.user_id = user.id AND permission.group_id = group.id AND permission.permission = ?");
$stmt->bind_param("is", $user->get_id(), $permission);
$stmt->execute();
$res = $stmt->get_result();
if ($res->num_rows > 0) {
return true;
} else {
return false;
}
}
public function draw_post($post_id)
{
$thread_id = $this->get_id();
$mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database());
$stmt = $mysqli->prepare("SELECT post.id AS post_id, post.user AS user_id, post.text AS post_text, user.name AS user_name, user.email AS user_email FROM post, user WHERE post.id = ? AND post.user = user.id ORDER BY timestamp DESC");
$stmt->bind_param("i", $post_id);
$stmt->execute();
$res = $stmt->get_result();
while ($post = $res->fetch_array(MYSQL_ASSOC)) {
$gravatar_url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($post['user_email']))) . "?s=64";
echo '<table class="post">';
echo '<tr>';
echo '<td class="post-userinfo"><img src="' . $gravatar_url . '"><br /><a href="/profile/?id=' . $post['user_id'] . '">' . $post['user_name'] . '</a></td>';
echo '<td class="post-content">' . $post['post_text'] . '</td>';
echo '</tr>';
if (isset($_SESSION['user'])) {
echo '<tr>';
echo '<td class="post-buttons" colspan=2>';
echo '<a href="/forum/thread/reply/?thread_id=' . $this->get_id() . '&post_id=' . $post_id . '"><span class="fa fa-reply post-button"></span></a>';
echo '</td>';
echo '</tr>';
}
echo '</table>';
$repliesstmt = $mysqli->prepare("SELECT id FROM post WHERE reply_to = ?");
$repliesstmt->bind_param("i", $post_id);
$repliesstmt->execute();
$repliesres = $repliesstmt->get_result();
if ($repliesres->num_rows > 0) {
echo '<div class="replies">';
while ($reply = $repliesres->fetch_array(MYSQL_ASSOC)) {
$this->draw_post($reply['id']);
}
echo '</div>';
}
$repliesstmt->close();
}
$stmt->close();
}
/** Get PDO from the loaded database core module */
public static function getPDO($uid = null)
{
// Set uid to logged user
if ($uid === null) {
$uid = get_user_id();
}
// Return cached pdo if same uid
if (PDOBuilder::$pdo !== null && $uid === PDOBuilder::$pdoUid) {
return PDOBuilder::$pdo;
}
$dsn = null;
switch (get_db_type($uid)) {
case 'mysql':
$dsn = "mysql:dbname=" . get_db_name($uid) . ";host=" . get_db_host($uid) . ";port=" . get_db_port($uid);
$options = array(\PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES \'UTF8\'');
$attributes = array(\PDO::ATTR_CASE => \PDO::CASE_UPPER);
break;
case 'postgresql':
$dsn = "pgsql:dbname=" . get_db_name($uid) . ";host=" . get_db_host($uid) . ";port=" . get_db_port($uid);
$options = array();
$attributes = array(\PDO::ATTR_CASE => \PDO::CASE_UPPER);
break;
default:
die("Config error");
}
try {
PDOBuilder::$pdo = new \PDO($dsn, get_db_user($uid), get_db_password($uid), $options);
foreach ($attributes as $key => $value) {
PDOBuilder::$pdo->setAttribute($key, $value);
}
PDOBuilder::$pdoUid = $uid;
return PDOBuilder::$pdo;
} catch (\PDOException $e) {
die("Connexion error " . $e);
}
}
function create_user($name, $email, $password)
{
if (is_null(get_user_by_name($name))) {
$user = new User();
$user->set_name($name)->set_email($email)->set_password($password);
$mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database());
$stmt = $mysqli->prepare("INSERT INTO user(name, email, password_hash) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $user->get_name(), $user->get_email(), $user->get_password_hash());
$stmt->execute();
$stmt->close();
}
}
function create_post($thread, $user, $text, $reply_to = NULL)
{
$mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database());
if (is_null($reply_to)) {
$stmt = $mysqli->prepare("INSERT INTO post(thread, user, text) VALUES (?, ?, ?)");
$stmt->bind_param("iis", $thread->get_id(), $user->get_id(), $text);
$stmt->execute();
$stmt->close();
} else {
$stmt = $mysqli->prepare("INSERT INTO post(thread, reply_to, user, text) VALUES (?, ?, ?, ?)");
$stmt->bind_param("iiis", $thread->get_id(), $reply_to->get_id(), $user->get_id(), $text);
$stmt->execute();
$stmt->close();
}
return $mysqli->insert_id;
}
function print_profile_post($profile_post)
{
$profile_id = $profile_post->get_profile()->get_id();
$mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database());
$stmt = $mysqli->prepare("SELECT profile_post.id AS post_id, profile_post.user AS user_id, profile_post.text AS post_text, user.name AS user_name, user.email AS user_email FROM profile_post, user WHERE profile_post.id = ? AND profile_post.user = user.id ORDER BY timestamp");
$stmt->bind_param("i", $profile_post->get_id());
$stmt->execute();
$res = $stmt->get_result();
while ($post = $res->fetch_array(MYSQL_ASSOC)) {
$gravatar_url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($post['user_email']))) . "?s=64";
echo '<table class="post">';
echo '<tr>';
echo '<td class="post-userinfo"><img src="' . $gravatar_url . '"><br />' . $post['user_name'] . '</td>';
echo '<td class="post-content">' . $post['post_text'] . '</td>';
echo '</tr>';
if (isset($_SESSION['user'])) {
echo '<tr>';
echo '<td class="post-buttons" colspan=2>';
echo '<form action="/profile/processpost/?id=' . $profile_id . '" method="POST">';
echo '<textarea class="profile-reply" name="post"></textarea><br />';
echo '<input value="Reply" type="submit"><br />';
echo '<input type="hidden" name="reply_to" value="' . $post['post_id'] . '">';
echo '</form>';
echo '</td>';
echo '</tr>';
}
echo '</table>';
$repliesstmt = $mysqli->prepare("SELECT id FROM profile_post WHERE reply_to = ?");
$repliesstmt->bind_param("i", $profile_post->get_id());
$repliesstmt->execute();
$repliesres = $repliesstmt->get_result();
if ($repliesres->num_rows > 0) {
echo '<div class="replies">';
while ($reply = $repliesres->fetch_array(MYSQL_ASSOC)) {
print_profile_post(get_profile_post_by_id($reply['id']));
}
echo '</div>';
}
$repliesstmt->close();
}
$stmt->close();
}
function create_topic($title, $parent = NULL)
{
$mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database());
if (is_null($parent)) {
$stmt = $mysqli->prepare("INSERT INTO topic(title) VALUES (?)");
$stmt->bind_param("s", $title);
$stmt->execute();
$stmt->close();
} else {
$stmt = $mysqli->prepare("INSERT INTO topic(title, parent) VALUES (?, ?)");
$stmt->bind_param("si", $title, $parent->get_id());
$stmt->execute();
$stmt->close();
}
return $mysqli->insert_id;
}
?>
</head>
<body>
<div id="main">
<?php
include '../../includes/logo.php';
if (isset($_SESSION['user'])) {
include '../../includes/navigation.php';
} else {
include '../../includes/navigation_beforelogin.php';
}
$id = NULL;
if (isset($_GET['id'])) {
$id = $_GET['id'];
}
$mysqli = new mysqli(get_db_host(), get_db_user(), get_db_password(), get_db_database());
$stmt = NULL;
if (is_null($id)) {
$stmt = $mysqli->prepare("SELECT id, title FROM topic WHERE parent IS NULL");
} else {
echo '<div class="path">' . "\n";
get_topic_by_id($id)->print_path();
echo '</div>';
$stmt = $mysqli->prepare("SELECT id, title FROM topic WHERE parent = ?");
$stmt->bind_param("i", $id);
}
$stmt->execute();
$res = $stmt->get_result();
echo '<h1>Topics</h1>';
if (isset($_SESSION['user'])) {
if (!is_null($id)) {
