function threadClosePost()
{
//gets Post
$thread = ModelFacade::getThread($_GET["id"]);
//get Comment Count
include_once '/Views/AdminCloseThread.html';
}
function ChangePassword()
{
if (isset($_GET['id'])) {
$currentUser = ModelFacade::getLoggedInUser();
$userDetails = ModelFacade::getUserDetails($_GET['id']);
}
$oldPassword = htmlspecialchars($_POST['oldPassword']);
$newPassword = htmlspecialchars($_POST['newPassword']);
$confirmPassword = htmlspecialchars($_POST['confirmPassword']);
//Confirm old password is correct:
if (ModelFacade::confirmPassword($_GET['id'], $oldPassword)) {
if (strlen($newPassword) < 6) {
$error = "Password must be more then 6 characters";
} else {
if ($newPassword == "" || $newPassword == null) {
$error = "password must not be empty";
} else {
if ($newPassword != $confirmPassword) {
$error = "passwords do not match";
} else {
$errorCode = ModelFacade::updatePassword($_GET['id'], $newPassword);
if ($errorCode[0] == 0) {
$success = "Password successfully updated!";
} else {
$error = "There was an error updating your password: Code " . $errorCode[0];
}
}
}
}
include_once '/Views/UserChangePassword.html';
} else {
$error = "The password you entered was incorrect";
include_once '/Views/UserChangePassword.html';
}
}
function AdminEditSubcategory($id, $subCategoryName)
{
$id = htmlspecialchars($id);
$subCategoryName = htmlspecialchars($subCategoryName);
if ($id != -1) {
if (!empty($subCategoryName)) {
$result = ModelFacade::AdminEditSubcategory($id, $subCategoryName);
if ($result) {
switch ($result[0]) {
case 0:
$success = "Board " . $subCategoryName . " successfully updated!";
break;
default:
$error = "There was an error editing " . $subCategoryName . ": code = " . $result[0];
break;
}
} else {
$error = $subCategoryName . " already exists!";
}
} else {
$error = "Error - Subcategory Name must not be empty!";
}
} else {
$error = "Error - Subcategory to edit must be selected!";
}
$categories = ModelFacade::getAllCategoriesWithSubcategories();
include_once '/Views/Admin/EditSubcategory.html';
}
function AdminAddSubcategory($categoryId, $subcategoryName)
{
$categoryId = htmlspecialchars($categoryId);
$subcategoryName = htmlspecialchars($subcategoryName);
$result = ModelFacade::AdminAddSubcategory($categoryId, $subcategoryName);
$category = ModelFacade::getCategory($categoryId);
if ($categoryId != -1) {
if (!empty($subcategoryName)) {
if ($result) {
switch ($result[0]) {
case 0:
$success = "Subcategory '" . $subcategoryName . "' successfully added to '" . $category['category'] . "'!";
break;
default:
$error = "There was an error adding '" . $subcategoryName . "' to '" . $category['category'] . "': code = " . $result[0];
break;
}
} else {
$error = "'" . $subcategoryName . "' already exists in Category '" . $category['category'] . "'!";
}
} else {
$error = "Error - Subcategory Name must not be empty!";
}
} else {
$error = "Error - Parent Category must be selected!";
}
$categories = ModelFacade::getAllCategoriesWithSubcategories();
include_once '/Views/Admin/AddSubcategory.html';
}
function OnRequest()
{
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$isError = false;
$categories = ModelFacade::getAllCategoriesWithSubcategories();
foreach ($categories as $category) {
foreach ($category->subcategories as $subcategory) {
$isOffline = false;
if (isset($_POST['boardState'])) {
foreach ($_POST['boardState'] as $offlineId) {
if ($subcategory->id === $offlineId) {
$isOffline = true;
}
}
}
$errorCode = ModelFacade::UpdateSubcategoryState($subcategory->id, $isOffline);
if ($errorCode[0] != 0) {
$isError = true;
}
}
}
if ($isError) {
$error = "There was an error updating the subcategory states";
} else {
$success = "Subcategory Online/Offline states successfully updated";
}
$categories = ModelFacade::getAllCategoriesWithSubcategories();
include_once '/Views/Admin/EnableSubcategory.html';
} else {
$categories = ModelFacade::getAllCategoriesWithSubcategories();
include_once '/Views/Admin/EnableSubcategory.html';
}
}
function OnRequest()
{
$selectedMsg = ModelFacade::getMsg($_GET["msgId"]);
if (!$selectedMsg->isRead) {
ModelFacade::markMsgRead($selectedMsg->id);
}
include_once '/Views/DirectMsg.html';
}
function OnRequest()
{
$threads = null;
if (isset($_GET['search'])) {
$threads = ModelFacade::SearchThreads($_GET["search"]);
include_once '/Views/Search.html';
} else {
header('Location: Index.php');
}
}
function SignupPost()
{
$username = htmlspecialchars($_POST["username"]);
$email = htmlspecialchars($_POST['email']);
$password = htmlspecialchars($_POST['password']);
$passwordConfirm = htmlspecialchars($_POST['passwordconfirm']);
//username validation
if (!ModelFacade::checkUsernameAvaiable($username)) {
$message = "Username: "******" is not available";
} else {
if (strlen($username) < 6) {
$message = "username must be 6 or more characters";
} else {
if (!preg_match("/^[a-zA-Z0-9]*\$/", $username)) {
$message = "username must be alphanumeric";
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = $email . " is not a valid email address";
} else {
if ($_POST["email"] == "" || $_POST["email"] == null) {
$message = "email must not be empty";
} else {
if (!ModelFacade::checkEmailAvaiable($email)) {
$message = "Email: " . $email . " has already been used to create an account.";
} else {
if (strlen($password) < 6) {
$message = "password must be more then 6 characters";
} else {
if ($password == "" || $password == null) {
$message = "password must not be empty";
} else {
if ($password != $passwordConfirm) {
$message = "passwords do not match";
} else {
//signup user
ModelFacade::signup($_POST["username"], $_POST["password"], $_POST['email']);
//log user in
ModelFacade::login($_POST["username"], $_POST["password"]);
//store that this is a new signup so user gets nice notification
$_SESSION['newsignup'] = true;
//redirect to index
header('Location: Index.php');
exit;
}
}
}
}
}
}
}
}
}
//
include_once "/Views/Signup.html";
}
function deleteConfirmPost()
{
$currentUserId = ModelFacade::getLoggedInUser()->id;
if (isset($_POST['deleteAccount']) && $_POST['deleteAccount'] == "confirm") {
ModelFacade::DeleteUser($currentUserId);
ModelFacade::logout();
header("location: /Signup.php?delAccount=success");
} else {
header("location: /Index.php");
}
}
function newThreadPost()
{
$subcategory = $_GET["subcategory"];
$title = trim($_POST["title"]);
$content = trim($_POST["content"]);
if (empty($title) or empty($content)) {
checkEmptyValues($title, $content);
} else {
$postId = ModelFacade::insertThread($title, $content, $subcategory, ModelFacade::getLoggedInUser()->id);
header("location:Thread.php?id=" . $postId);
}
}
function OnRequest()
{
$user = ModelFacade::getLoggedInUser();
$messages = DirectMessages::getUsersInbox($user->id);
if (isset($_POST['delMsg'])) {
foreach ($_POST['delMsg'] as $eachDelMsg) {
ModelFacade::deleteMsg($eachDelMsg);
}
header('Location: /DirectMsgInbox.php');
}
include_once '/Views/DirectMsgInbox.html';
}
function newMessagePost()
{
// sanitises data input from form.
$receiver = htmlspecialchars(trim($_POST["receiver"]));
$subject = htmlspecialchars(trim($_POST["subject"]));
$message = htmlspecialchars(trim($_POST["message"]));
//if successful redirect to sentbox with confirmation message
if (empty($receiver) or empty($subject) or empty($message)) {
checkEmptyValues($receiver, $subject, $message);
} else {
if (ModelFacade::createMsg($receiver, $subject, $message)) {
header("location:DirectMsgSent.php?newMsgSent=true");
} else {
header("location:DirectMsgSent.php?newMsgSent=false");
}
}
}
function OnRequest()
{
if (isset($_GET['id'])) {
$currentUser = ModelFacade::getLoggedInUser();
$userDetails = ModelFacade::getUserDetails($_GET['id']);
if ($userDetails == null) {
$message = "Sorry a user with that id does not exist";
include_once '/Views/ErrorPage.html';
} else {
$userThreads = ModelFacade::GetUsersThreads($_GET['id']);
include_once '/Views/UserProfile.html';
}
} else {
$message = "Sorry no user id was set";
include_once '/Views/ErrorPage.html';
}
}
function AdminAddBoard($categoryName)
{
$categoryName = htmlspecialchars($categoryName);
$result = ModelFacade::AdminAddBoard($categoryName);
if ($result) {
switch ($result[0]) {
case 0:
$success = "Board " . $categoryName . " successfully added!";
break;
default:
$error = "There was an error adding " . $categoryName . ": code = " . $result[0];
break;
}
} else {
$error = $categoryName . " already exists!";
}
include_once '/Views/Admin/AddBoard.html';
}
function threadPost()
{
ModelFacade::kickIfBannedOrDeleted();
$thread = ModelFacade::getThread($_GET["id"]);
//get Post Comments
//check if comment has text
$emptyComment = false;
if (trim($_POST["newComment"]) == "") {
$emptyComment = true;
} elseif (ModelFacade::checkThreadClosed($_GET["id"])) {
header("location:Thread.php?id=" . $_GET["id"]);
} else {
//add comment
ModelFacade::addComment($_GET["id"], htmlspecialchars($_POST["newComment"]), ModelFacade::getLoggedInUser()->id);
}
unset($_POST);
$comments = ModelFacade::getThreadComments($_GET["id"]);
//include_once('/Views/Thread.html');
header("location:Thread.php?id=" . $_GET["id"]);
}
function OnRequest()
{
if (isset($_POST['delMsg'])) {
foreach ($_POST['delMsg'] as $eachDelMsg) {
ModelFacade::deleteMsg($eachDelMsg);
}
header('Location: /DirectMsgSent.php');
}
$user = ModelFacade::getLoggedInUser();
$messages = ModelFacade::getUsersSentbox($user->id);
//display confirmation if message was just sent
if (isset($_GET['newMsgSent'])) {
$newMsgSent = $_GET['newMsgSent'];
if ($newMsgSent === 'true') {
$newMsgSent = "MESSAGE SENT SUCCESSFULLY";
} else {
$newMsgSent = "MESSAGE SEND FAILED - NO SUCH USER EXISTS";
}
} else {
$newMsgSent = "";
}
include_once '/Views/DirectMsgSent.html';
}
function loginPost()
{
if (isset($_POST["identify"]) && isset($_POST["password"])) {
//Attemp to log user in
ModelFacade::login($_POST["identify"], $_POST["password"]);
if (ModelFacade::checkLoggedIn()) {
//redirect
header('Location: Index.php');
exit;
} else {
if (ModelFacade::checkIfBanned($_POST["identify"])) {
$message = "Your account has been banned!";
include_once "/Views/Login.html";
} else {
$message = "Username or password does not exist";
include_once "/Views/Login.html";
}
}
} else {
$message = "Please enter username and password";
include_once "/Views/Login.html";
}
}
function OnRequest()
{
//get all categories and subcategories
$categories = ModelFacade::getAllCategoriesWithSubcategories();
include_once '/Views/Index.html';
}
public static function deleteMsg($msgId)
{
$userId = ModelFacade::getLoggedInUser()->id;
$isDeleted = DirectMessages::deleteMsg($msgId, $userId);
return $isDeleted;
}
<?php
require "/Model/ModelFacade.php";
//redirect if user not logged in as admin
ModelFacade::redirectUnauthorisedNotAdmin();
//get all categories and subcategories
OnRequest();
function OnRequest()
{
if (isset($_SESSION['deleteUser'])) {
$message = $_SESSION['deleteUser'];
}
include_once '/Views/Admin/Users.html';
}
function GetUserById($id)
{
$user = ModelFacade::GetUserById($id);
return $user;
}
function OnRequest()
{
ModelFacade::kickIfBannedOrDeleted();
include_once '/Views/Admin/Index.html';
}
function AdminDeleteComment($id)
{
$result = ModelFacade::AdminDeleteComment($id);
header("Location: " . $_SERVER['HTTP_REFERER']);
}
public function AdminDeleteComment($id)
{
$comment = "[Comment removed by " . ModelFacade::getLoggedInUser()->username . "]";
$connection = new DbConnect();
$pdo = $connection->connect();
$query = "UPDATE comments\n SET comment = :comment\n WHERE id = :id";
$stmt = $pdo->prepare($query);
$stmt->bindParam(":comment", $comment);
$stmt->bindParam(":id", $id);
$stmt->execute();
return $stmt->errorInfo();
}
<?php /** * Created by PhpStorm. * User: sinisterdeath * Date: 8/2/2015 * Time: 5:50 PM */ //Require Model require "/Model/ModelFacade.php"; ModelFacade::logout(); ModelFacade::redirectUnauthorised();