* @link http://www.pioder.pl/ * @license see LICENSE.txt **/ require ('./inc/controller.class.php'); class MainController extends Controller { public function loadDefault() { $this->main(); } private function loadDependencies() // zależności (sesje itp) { $this->loadModel('SessionModel'); //initalizing session $this->loadModel('ConfigModel'); //overall forum configuration $this->loadView('MainView'); $this->getView('MainView')->putExistingModel('SessionModel', $this->getModel('SessionModel')); $this->getView('MainView')->putExistingModel('ConfigModel', $this->getModel('ConfigModel')); //przekierowanie! if ($_GET['mode'] == 'editprofile' || $_GET['mode'] == 'register' || $_GET['mode'] == 'login') { if ($_SERVER['REQUEST_SCHEME'] != 'https' && USE_HTTPS) $this->forward(buildURL($_SERVER['REQUEST_URI'], true)); } else if ($_SERVER['REQUEST_SCHEME'] != 'http') $this->forward(buildURL($_SERVER['REQUEST_URI'])); } public function main() { $this->loadDependencies(); $this->loadModel('UsersModel'); $this->getView('MainView')->main(); } public function viewforum() { $this->loadDependencies(); $this->loadModel('ForumsModel'); $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0; $f = $this->getModel('ForumsModel')->getForum($_GET['id']); if ($f == null) $this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php')); else { $this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel')); $this->getView('MainView')->viewforum(); } } public function userlist() { $this->loadDependencies(); if (isset($_GET['rank'])) { switch ($_GET['rank']) { case 'admin': $_GET['rank'] = RANK_ADMIN; break; case 'mod': $_GET['rank'] = RANK_MOD; break; case 'user': $_GET['rank'] = RANK_USER; break; default: $_GET['rank'] = ''; break; } } else $_GET['rank'] = ''; $_POST['sort_type'] = (isset($_POST['sort_type'])) ? $this->db->real_escape_string($_POST['sort_type']) : 'regdate'; $allowed_sorting = array('regdate', 'lastvisit', 'nick', 'post_count'); if (!in_array($_POST['sort_type'], $allowed_sorting)) $_POST['sort_type'] = ''; $_POST['sort_desc'] = (isset($_POST['sort_desc'])) ? 'DESC' : 'ASC'; $this->getView('MainView')->userlist(); } public function viewtopic() { $this->loadDependencies(); $this->loadModel('PostsModel'); $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0; $t = $this->getModel('PostsModel')->getTopic($_GET['id']); if ($t == null) $this->getView('MainView')->forum_message('Topic does not exist!', buildURL('index.php')); else { $this->getView('MainView')->putExistingModel('PostsModel', $this->getModel('PostsModel')); $this->getView('MainView')->viewtopic(); } } public function newtopic() { $this->posting(POSTING_NEWTOPIC); } public function reply() { $this->posting(POSTING_REPLY); } public function editpost() { $this->posting(POSTING_EDIT); } public function quote() { $this->posting(POSTING_QUOTE); } public function moderate() { $this->loadDependencies(); $this->loadModel('PostsModel'); $this->loadModel('ForumsModel'); $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0; $_GET['submode'] = (isset($_GET['submode'])) ? trim(strip_tags($this->db->real_escape_string($_GET['submode']))) : 0; if (!$this->getModel('SessionModel')->isLogged()) { $this->getView('MainView')->forum_message('You are not logged.', buildURL('index.php?mode=login', true)); $lockv = true; } if ($this->getModel('SessionModel')->getRank() == RANK_USER && !isset($lockv)) { $this->getView('MainView')->forum_message('Only mods have access to this menu', buildURL('index.php')); $lockv = true; } //sprawdź czy wątek/post istnieje if (!isset($lockv)) switch($_GET['submode']) { case 'deletetopic': case 'locktopic': case 'sticktopic': case 'movetopic': $t = $this->getModel('PostsModel')->getTopic($_GET['id']); if ($t == null) { $this->getView('MainView')->forum_message('Topic does not exist!', buildURL('index.php')); $lockv = true; } break; case 'deletepost': $p = $this->getModel('PostsModel')->getPost($_GET['id']); if ($p == null) { $this->getView('MainView')->forum_message('Post does not exist!', buildURL('index.php')); $lockv = true; } else { $t = $this->getModel('PostsModel')->getTopic($p['topic_id']); if ($t['post_count'] == 1) { $this->getView('MainView')->forum_message('If topic has only one post, use delete topic option.', buildURL('index.php?mode=viewtopic&id='.$p['topic_id']), 3); $lockv = true; } } break; default: $this->getView('MainView')->forum_message('Invalid mode', buildURL('index.php')); $lockv = true; break; } //wysyłanie formularza if (isset($_POST['confirmed']) && !isset($lockv)) { if (!isset($_POST['rejected'])) { switch($_GET['submode']) { case 'deletepost': $this->getModel('PostsModel')->deletePost($_GET['id']); $this->getView('MainView')->forum_message('Post deleted. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$p['topic_id'])); $lockv = true; break; case 'deletetopic': $this->getModel('PostsModel')->deleteTopic($_GET['id']); $this->getView('MainView')->forum_message('Topic deleted. Redirecting...', buildURL('index.php?mode=viewforum&id='.$t['forum_id'])); $lockv = true; break; case 'locktopic': if ($t['topic_locked'] == false) { $this->getModel('PostsModel')->lockTopic($_GET['id']); $this->getView('MainView')->forum_message('Topic locked. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id'])); } else { $this->getModel('PostsModel')->lockTopic($_GET['id'], false); $this->getView('MainView')->forum_message('Topic unlocked. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id'])); } $lockv = true; break; case 'sticktopic': if ($t['topic_sticky'] == false) { $this->getModel('PostsModel')->stickTopic($_GET['id']); $this->getView('MainView')->forum_message('Topic sticked. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id'])); } else { $this->getModel('PostsModel')->stickTopic($_GET['id'], false); $this->getView('MainView')->forum_message('Topic unsticked. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id'])); } $lockv = true; break; case 'movetopic': if ($this->getModel('ForumsModel')->getForum($_POST['forum_id']) == null) $this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php?mode=viewtopic&id='.$_GET['id'])); else { $this->getModel('PostsModel')->moveTopic($_GET['id'], $_POST['forum_id']); $this->getView('MainView')->forum_message('Topic moved. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id'])); } $lockv = true; break; } } else { switch ($_GET['submode']) { case 'deletetopic': case 'locktopic': case 'sticktopic': case 'movetopic': $this->forward(buildURL('index.php?mode=viewtopic&id='.$_GET['id'])); break; case 'deletepost': $this->forward(buildURL('index.php?mode=viewtopic&id='.$p['topic_id'])); } } } if (!isset($lockv)) switch($_GET['submode']) { case 'deletepost': $this->getView('MainView')->confirm_action('Do you really want delete post #'.$_GET['id'].'?'); break; case 'deletetopic': $this->getView('MainView')->confirm_action('Do you really want delete topic #'.$_GET['id'].' with all posts? This operation cannot undone.'); break; case 'locktopic': if ($t['topic_locked'] == false) $this->getView('MainView')->confirm_action('Do you want lock topic #'.$_GET['id'].'?'); else $this->getView('MainView')->confirm_action('Do you want unlock topic #'.$_GET['id'].'?'); break; case 'sticktopic': if ($t['topic_sticky'] == false) $this->getView('MainView')->confirm_action('Do you want stick topic #'.$_GET['id'].'?'); else $this->getView('MainView')->confirm_action('Do you want unstick topic #'.$_GET['id'].'?'); break; case 'movetopic': $this->getView('MainView')->putExistingModel('PostsModel', $this->getModel('PostsModel')); $this->getView('MainView')->move_topic(); break; } } public function posting($type) { $this->loadDependencies(); $msg = ''; $this->loadModel('PostsModel'); $this->loadModel('ForumsModel'); $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0; if (!$this->getModel('SessionModel')->isLogged()) { $this->getView('MainView')->forum_message('You are not logged.', buildURL('index.php?mode=login', true)); $lockv = true; } //CHECKING IF TOPIC/FORUM EXISTS AND IS NOT LOCKED if (!isset($lockv)) switch($type) { case POSTING_NEWTOPIC: //checking if forum exists and is not locked $f = $this->getModel('ForumsModel')->getForum($_GET['id']); if ($f == null) { $this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php')); $lockv = true; } else if ($f['locked'] == true) { $this->getView('MainView')->forum_message('Forum is locked', buildURL('index.php?mode=viewforum&id='.$_GET['id'])); $lockv = true; } break; case POSTING_REPLY: //checking if topic exists case POSTING_QUOTE: $t = $this->getModel('PostsModel')->getTopic($_GET['id']); if ($t == null) { $this->getView('MainView')->forum_message('Topic does not exist!', buildURL('index.php')); $lockv = true; } else { if ($t['forum_locked'] == true && $this->getModel('SessionModel')->getRank() < RANK_MOD) { $this->getView('MainView')->forum_message('Forum is locked', buildURL('index.php?mode=viewtopic&id='.$t['topic_id'])); $lockv = true; } if ($t['topic_locked'] == true && $this->getModel('SessionModel')->getRank() < RANK_MOD) { $this->getView('MainView')->forum_message('Topic is locked', buildURL('index.php?mode=viewtopic&id='.$t['topic_id'])); $lockv = true; } if ($type == POSTING_QUOTE) { $_GET['q'] = (isset($_GET['q'])) ? trim(strip_tags($this->db->real_escape_string($_GET['q']))) : 0; $qp = $this->getModel('PostsModel')->getPost($_GET['q']); if ($qp == null) { $this->getView('MainView')->forum_message('Invalid quoted post', buildURL('index.php?mode=viewtopic&id='.$t['topic_id'])); $lockv = true; } else { if ($qp['topic_id'] != $_GET['id']) { $this->getView('MainView')->forum_message('Invalid quoted post', buildURL('index.php?mode=viewtopic&id='.$t['topic_id'])); $lockv = true; } } } } break; case POSTING_EDIT: $p = $this->getModel('PostsModel')->getPost($_GET['id']); if ($p == null) { $this->getView('MainView')->forum_message('Post does not exist!', buildURL('index.php')); $lockv = true; } else { $t = $this->getModel('PostsModel')->getTopic($p['topic_id']); if ($t['forum_locked'] == true && $this->getModel('SessionModel')->getRank() < RANK_MOD) { $this->getView('MainView')->forum_message('Forum is locked', buildURL('index.php?mode=viewtopic&id='.$t['topic_id'])); $lockv = true; } if ($t['topic_locked'] == true && $this->getModel('SessionModel')->getRank() < RANK_MOD) { $this->getView('MainView')->forum_message('Topic is locked', buildURL('index.php?mode=viewtopic&id='.$t['topic_id'])); $lockv = true; } $first = $this->getModel('PostsModel')->getFirstPost($t['topic_id']); if ($first['post_id'] == $_GET['id']) $type = POSTING_EDITTOPIC; if ($p['user_id'] != $this->getModel('SessionModel')->getID() && $this->getModel('SessionModel')->getRank() < RANK_MOD) { $this->getView('MainView')->forum_message('You can edit only own posts', buildURL('index.php?mode=viewtopic&id='.$t['topic_id'])); $lockv = true; } } break; } //posting a HTML form -------------------------------------------------------------------------------- if (isset($_POST['post']) && !isset($_POST['preview']) && !isset($lockv)) { $_POST['post'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['post']))); if ($type == POSTING_NEWTOPIC || $type == POSTING_EDITTOPIC) //walidacja tytułu tematu (add, edit) { $_POST['topic'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['topic']))); if (strlen($_POST['topic']) < 3) $msg .= 'Topic title is too short (min 3 characters)
'; } if (strlen($_POST['post']) < 3) $msg .= 'Post content is too short (min 3 characters)
'; if ($msg == null) { switch ($type) { case POSTING_NEWTOPIC: //akcje dodania nowego tematu $topic_id = $this->getModel('PostsModel')->addTopic($_POST['topic'], $_POST['post'], $_GET['id'], $this->getModel('SessionModel')->getID()); if ($topic_id != null) { $this->getView('MainView')->forum_message('Topic created, Redirecting...', buildURL('index.php?mode=viewtopic&id='.$topic_id)); $lockv = true; } else $msg .= 'Something went wrong, try again.'; break; case POSTING_EDITTOPIC: case POSTING_EDIT: $this->getModel('PostsModel')->changePost($_GET['id'], $_POST['post']); if ($type == POSTING_EDITTOPIC) $this->getModel('PostsModel')->changeTopic($t['topic_id'], $_POST['topic']); $this->getView('MainView')->forum_message('Post edited. Redirecting to topic...', buildURL('index.php?mode=viewtopic&id='.$t['topic_id'])); $lockv = true; break; case POSTING_QUOTE: case POSTING_REPLY: $this->getModel('PostsModel')->addPost($_GET['id'], $this->getModel('SessionModel')->getID(), $_POST['post']); $this->getView('MainView')->forum_message('Reply saved. Redirecting to topic...', buildURL('index.php?mode=viewtopic&id='.$_GET['id'])); $lockv = true; break; } } } if (!isset($lockv)) { switch ($type) { case POSTING_NEWTOPIC: case POSTING_REPLY: $_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : ''; break; case POSTING_EDITTOPIC: $_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : $p['content']; $_POST['topic'] = (isset($_POST['topic'])) ? stripslashes($_POST['topic']) : $t['topic_title']; break; case POSTING_EDIT: $_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : $p['content']; break; case POSTING_QUOTE: $quote = ($qp['nick'] != null) ? '='.$qp['nick'] : ''; $_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : '[quote'.$quote.']'.$qp['content'].'[/quote]'; break; } if ($type == POSTING_NEWTOPIC) $_POST['topic'] = (isset($_POST['topic'])) ? stripslashes($_POST['topic']) : ''; $this->getView('MainView')->putExistingModel('PostsModel', $this->getModel('PostsModel')); $this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel')); $this->getView('MainView')->posting_form($type, $msg); } } public function myprofile() { $this->loadDependencies(); if (!$this->getModel('SessionModel')->isLogged()) $this->forward('index.php'); else $this->forward(buildURL('index.php?mode=viewprofile&id='.$this->getModel('SessionModel')->getID())); } public function viewprofile() { $this->loadDependencies(); $this->loadModel('UsersModel'); $this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel')); $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0; if ($this->getModel('UsersModel')->getUserInformation($_GET['id']) == null) $this->getView('MainView')->forum_message('User does not exist!', buildURL('index.php')); else { $this->getView('MainView')->viewprofile(); } } public function editprofile() { $this->loadDependencies(); $this->loadModel('UsersModel'); $user_info = $this->getModel('UsersModel')->getUserInformation($this->getModel('SessionModel')->getID(), true); if (!$this->getModel('SessionModel')->isLogged()) { $this->getView('MainView')->forum_message('You are not logged.', buildURL('index.php?mode=login', true)); } else { $msg = ''; if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email'])) { //secure pools $_POST['nick'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['nick']))); $_POST['passwd_old'] = trim($_POST['passwd_old']); $_POST['passwd'] = trim($_POST['passwd']); $_POST['passwd_confirm'] = trim($_POST['passwd_confirm']); $_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email']))); $_POST['location'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['location']))); $_POST['signature'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['signature']))); if ($_POST['email'] != $user_info['email'] || $_POST['passwd'] != '') { if ($this->getModel('UsersModel')->generatePasswordHash($user_info['nick'], $_POST['passwd_old']) != $user_info['password']) $msg .= 'Old password is incorrect!
'; } if ($_POST['passwd'] != '') { if (strlen($_POST['passwd']) < 8) $msg .= 'Password is too short (min 8 characters)
'; if ($_POST['passwd'] != $_POST['passwd_confirm']) $msg .= 'Password do not match!
'; } //check if avatar is uploaded if ($_FILES['avatar']['tmp_name'] != null) { global $allowed_avatars; $image_size = @getimagesize($_FILES['avatar']['tmp_name']); if ($image_size == null) $msg .= 'Type of uploaded file are not allowed.
'; else if (!in_array($image_size['mime'], $allowed_avatars)) $msg .= 'Type of uploaded avatar is not supported.
'; else if ($image_size[0] > 120 || $image_size[1] > 150) $msg .= 'Uploaded avatar is too big (maximum 120x150 px).
'; } if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) $msg .= 'Email is incorrect
'; if ($msg == '') { if ($_FILES['avatar']['tmp_name'] != null && !isset($_POST['delete_avatar'])) //change an avatar { if ($user_info['avatar'] != '') unlink('./'.$user_info['avatar']); $ext = pathinfo($_FILES['avatar']['name'], PATHINFO_EXTENSION); $av = 'images/avatars/'.$this->getModel('SessionModel')->getID().'.'.$ext; move_uploaded_file($_FILES['avatar']['tmp_name'], './'.$av); } else if (isset($_POST['delete_avatar'])) { unlink('./'.$user_info['avatar']); $av = ''; } else $av = $user_info['avatar']; //if new avatar is not set if ($_POST['passwd'] != '') $this->getModel('UsersModel')->changeUserPassword($this->getModel('SessionModel')->getID(), $user_info['nick'], $_POST['passwd']); $this->getModel('UsersModel')->updateUserProfile($this->getModel('SessionModel')->getID(), '', $_POST['email'], $_POST['location'], $_POST['signature'], $av); $this->getView('MainView')->forum_message('Your profile has changed.', buildURL('index.php?mode=viewprofile&id='.$this->getModel('SessionModel')->getID())); $lockv = true; } } $_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : $user_info['nick']; $_POST['email'] = (isset($_POST['email'])) ? stripslashes($_POST['email']) : $user_info['email']; $_POST['location'] = (isset($_POST['location'])) ? stripslashes($_POST['location']) : $user_info['location']; $_POST['signature'] = (isset($_POST['signature'])) ? stripslashes($_POST['signature']) : $user_info['signature']; $this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel')); if (!isset($lockv)) $this->getView('MainView')->edprofile_form($msg); } } public function logout() { $this->loadDependencies(); if (!$this->getModel('SessionModel')->isLogged()) $this->forward('index.php'); $this->getModel('SessionModel')->deleteSession(); $this->getView('MainView')->forum_message('You are logged out.', buildURL('index.php')); } public function login() { $this->loadDependencies(); $this->loadModel('BansModel'); $this->loadModel('UsersModel'); if ($this->getModel('SessionModel')->isLogged()) $this->forward(buildURL('index.php')); $msg = ''; if (isset($_POST['nick'], $_POST['passwd'])) { //secure pools $_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick']))); $_POST['passwd'] = $this->getModel('UsersModel')->generatePasswordHash($_POST['nick'], trim($this->db->real_escape_string($_POST['passwd']))); $userinfo = $this->getModel('SessionModel')->tryGetUser($_POST['nick'], $_POST['passwd']); if (count($userinfo) == 0) $msg = 'Invalid username or password.'; if ($msg == '') { $ban_info = $this->getModel('BansModel')->getUserBan($userinfo['user_id']); if ($ban_info == null) { $this->getModel('SessionModel')->registerNewSession($userinfo['user_id']); $this->getView('MainView')->forum_message('You are logged as: '.$userinfo['nick'].'', buildURL('index.php')); } else { $reason = ($ban_info['reason'] != '') ? '
Reason: '.$ban_info['reason'].'' : ''; $this->getView('MainView')->forum_message('You are banned!'.$reason); } $lockv = true; } } $_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : ''; if (!isset($lockv)) $this->getView('MainView')->login_form($msg); } public function register() { $this->loadDependencies(); $this->loadModel('UsersModel'); if ($this->getModel('SessionModel')->isLogged()) $this->forward('index.php'); $msg = ''; if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email'])) { //secure pools $_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick']))); $_POST['passwd'] = trim($_POST['passwd']); $_POST['passwd_confirm'] = trim($_POST['passwd_confirm']); $_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email']))); if (strlen($_POST['nick']) < 3) $msg .= 'Nick is too short (min 3 characters)
'; if (strlen($_POST['passwd']) < 8) $msg .= 'Password is too short (min 8 characters)
'; if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) $msg .= 'Email is incorrect
'; if ($this->getModel('UsersModel')->nickExists($_POST['nick']) == true) $msg .= 'Nick is in use. Type another one.
'; if ($_POST['passwd'] != $_POST['passwd_confirm']) $msg .= 'Password do not match'; if ($msg == '') { $this->getModel('UsersModel')->createNewUser($_POST['nick'], $_POST['passwd'], $_POST['email']); $this->getView('MainView')->forum_message('Your account has created. Log in to write new posts.', buildURL('index.php'), 3); $lockv = true; } } $_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : ''; $_POST['email'] = (isset($_POST['email'])) ? stripslashes($_POST['email']) : ''; if (!isset($lockv)) $this->getView('MainView')->register_form($msg); } public function checknick() { $this->loadModel('UsersModel'); if (!isset($_GET['nick'])) $_GET['nick'] = ''; $_GET['nick'] = trim($this->db->real_escape_string(strip_tags($_GET['nick']))); if ($this->getModel('UsersModel')->nickExists($_GET['nick']) == true) echo 'true'; else echo 'false'; } } ?>