public function create()
{
if ($this->auth->guest()) {
$this->app->flash("info", "You must be logged on to create a post");
$this->app->redirect("/login");
} else {
$request = $this->app->request;
$title = $request->post('title');
$content = $request->post('content');
$author = $_SESSION['user'];
$date = date("dmY");
$paydoc = $request->post('paydoc');
$price = -10;
$validation = new PostValidation($title, $author, $content, $paydoc);
if ($validation->isGoodToGo()) {
$post = new Post();
$post->setAuthor($author);
$post->setTitle($title);
$post->setContent($content);
$post->setDate($date);
$post->setPayDoc($paydoc);
if ($paydoc != 0) {
$this->userRepository->updateBalance($author, $price);
}
$savedPost = $this->postRepository->save($post);
$this->app->redirect('/posts/' . $savedPost . '?msg="Post succesfully posted');
}
}
$this->app->flashNow('error', join('<br>', $validation->getValidationErrors()));
$this->app->render('createpost.twig');
}
public function save(Post $post)
{
$title = $post->getTitle();
$author = $post->getAuthor();
$content = $post->getContent();
$date = $post->getDate();
$payed = $post->isPayedPost();
$answered = $post->isAnswered();
// Can't update posts
if ($post->getPostId() !== null) {
return;
}
$stmt = $this->pdo->prepare("INSERT INTO posts (title, author, content, date, ispayedpost, isanswered) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->execute(array($title, $author, $content, $date, $payed, $answered));
return $this->pdo->lastInsertId();
}
public function save(Post $post)
{
$query = "INSERT INTO posts (title, author, content, date, paydoc) VALUES (:title, :author, :content, :date, :paydoc)";
$query_params = array(':title' => $post->getTitle(), ':author' => $post->getAuthor(), ':content' => $post->getContent(), ':date' => $post->getDate(), ':paydoc' => $post->getPayDoc());
try {
$stmt = $this->db->prepare($query);
$stmt->execute($query_params);
return $this->db->lastInsertId();
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
public function save(Post $post)
{
//VULN: SQL-Injection via postId variable (G21_0018)
// I believe this is fixed
if ($post->getPostId() === null) {
$query = "INSERT INTO posts (title, author, content, date, pay, lock_user, lock_tstamp) " . "VALUES (:title, :author, :content, :date, :pay, '', 0)";
$stmt = $this->db->prepare($query);
$title = $post->getTitle();
$author = $post->getAuthor();
$content = $post->getContent();
$date = $post->getDate();
$pay = $post->getPay();
$stmt->bindParam(':title', $title);
$stmt->bindParam(':author', $author);
$stmt->bindParam(':content', $content);
$stmt->bindParam(':date', $date);
$stmt->bindParam(':pay', $pay);
$stmt->execute();
}
return $this->db->lastInsertId();
//Bad-Practice: No erro check if insertion worked
}
public function create()
{
if (!$this->auth->check()) {
$this->app->flash("info", "You must be logged on to create a post");
$this->app->redirect("/login");
} else {
if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
$this->app->flash("info", "Something went wrong. Please reload the page and try again.");
$this->app->redirect("/posts/new");
}
$request = $this->app->request;
$title = $request->post('title');
$content = $request->post('content');
$author = $_SESSION['user'];
$date = date("dmY");
$validation = new PostValidation($author, $title, $content);
if ($validation->isGoodToGo()) {
$currentUser = $this->auth->user();
if ($this->userRepository->getIsPaying($author) == 1) {
//Pay $3 for doctorvisibility
$this->userRepository->saveSpendings($currentUser, 3);
}
$post = new Post();
$post->setAuthor($author);
$post->setTitle($title);
$post->setContent($content);
$post->setDate($date);
$post->setDoctor(0);
$savedPost = $this->postRepository->save($post);
$this->app->redirect('/posts/' . $savedPost . '?msg=Post successfully posted');
} else {
$this->app->flashNow('error', join('<br>', $validation->getValidationErrors()));
$this->app->render('createpost.twig');
}
}
}
public function create()
{
if ($this->auth->guest()) {
$this->app->flash("info", "You must be logged in to create a post");
$this->app->redirect("/login");
} else {
$request = $this->app->request;
$title = $request->post('title');
$content = $request->post('content');
$token = $request->post('csrf_token');
$payed = $request->post('ispayedpost');
$author = $this->auth->user()->getUsername();
// Username of logged in user
$date = date("dmY");
$missingBankAccountWhenNeeded = $payed == '1' && $this->auth->user()->getBankcard() == '';
$validation = new PostValidation($title, $author, $content, $token, $missingBankAccountWhenNeeded);
if ($validation->isGoodToGo()) {
$post = new Post();
$post->setAuthor($author);
$post->setTitle($title);
$post->setContent($content);
$post->setDate($date);
$post->setIsPayedPost($payed);
$savedPost = $this->postRepository->save($post);
$this->app->redirect('/posts/' . $savedPost . '?msg=Post succesfully posted');
}
}
$this->app->flash('error', join('<br>', $validation->getValidationErrors()));
$this->app->redirect('/posts/new');
// RENDER HERE
}
public function saveExistingPost(Post $post)
{
$postId = $post->getPostId();
$isAnsweredByDoctor = $post->getDoctor();
$stmt = $this->db->prepare("UPDATE posts " . "SET isAnsweredByDoctor=:isAnsweredByDoctor WHERE postId=:postId");
$stmt->execute([':postId' => $postId, ':isAnsweredByDoctor' => $isAnsweredByDoctor]);
}
public function create()
{
if ($this->auth->guest()) {
$this->app->flash("info", "You must be logged on to create a post");
$this->app->redirect("/login");
} else {
if ($this->userRepository->findByUser($_SESSION['user'])->isDoctor() == true) {
$this->app->flash("info", "Doctors cannot create posts");
$this->app->redirect("/posts");
} else {
$request = $this->app->request;
$title = $request->post('title');
$content = $request->post('content');
$pay = $request->post('pay');
$author = $_SESSION['user'];
$date = date("dmY");
$validation = new PostValidation($author, $title, $content, $request->post('csrftoken'));
if ($validation->isGoodToGo()) {
$post = new Post();
$post->setAuthor($author);
$post->setTitle($title);
$post->setContent($content);
$post->setDate($date);
$post->setPay($pay);
$savedPost = $this->postRepository->save($post);
$this->app->flash('info', 'Post succesfully posted');
$this->app->redirect('/posts/' . $savedPost);
}
}
}
// Does this ever occur?
$this->app->flashNow('error', join("\n", $validation->getValidationErrors()));
$username = $_SESSION['user'];
$user = $this->userRepository->findByUser($username);
$this->render('createpost.twig', ['user' => $user]);
}
