Permalink
Browse files

Merge pull request #53 from flashwave/master

@
  • Loading branch information...
flashwave committed Aug 18, 2018
2 parents 1a48c29 + 1187b88 commit 54276ddb3b8b6308b5db3013f87f41fbee7c04fc
Showing with 97 additions and 18 deletions.
  1. +10 −0 assets/less/mio/classes/comment.less
  2. +0 −2 public/auth.php
  3. +7 −0 src/Users/user.php
  4. +3 −10 src/Users/validation.php
  5. +70 −4 src/comments.php
  6. +7 −2 templates/_layout/comments.twig
@@ -21,6 +21,16 @@
margin-bottom: 3px;
}
&__mention {
color: inherit;
text-decoration: none;
font-weight: 700;
&:hover {
text-decoration: underline;
}
}
&__actions {
list-style: none;
display: flex;
View
@@ -13,9 +13,7 @@
'trim' => 'Your username may not start or end with spaces!',
'short' => sprintf('Your username is too short, it has to be at least %d characters!', MSZ_USERNAME_MIN_LENGTH),
'long' => sprintf("Your username is too long, it can't be longer than %d characters!", MSZ_USERNAME_MAX_LENGTH),
'double-spaces' => "Your username can't contain double spaces.",
'invalid' => 'Your username contains invalid characters.',
'spacing' => 'Please use either underscores or spaces, not both!',
'in-use' => 'This username is already taken!',
];
View
@@ -48,6 +48,13 @@ function user_password_hash(string $password): string
return password_hash($password, MSZ_USERS_PASSWORD_HASH_ALGO);
}
function user_id_from_username(string $username): int
{
$getId = Database::prepare('SELECT `user_id` FROM `msz_users` WHERE LOWER(`username`) = LOWER(:username)');
$getId->bindValue('username', $username);
return $getId->execute() ? (int)$getId->fetchColumn() : 0;
}
define('MSZ_USER_AVATAR_FORMAT', '%d.msz');
function user_avatar_delete(int $userId): void
View
@@ -8,7 +8,8 @@
define('MSZ_USERNAME_MAX_LENGTH', 16);
// Username character constraint.
define('MSZ_USERNAME_REGEX', '#^[A-Za-z0-9-_]+$#u');
define('MSZ_USERNAME_REGEX', '[A-Za-z0-9-_]+');
define('MSZ_USERNAME_REGEX_FULL', '#^' . MSZ_USERNAME_REGEX . '$#u');
// Minimum entropy value for passwords.
define('MSZ_PASSWORD_MIN_ENTROPY', 32);
@@ -29,18 +30,10 @@ function user_validate_username(string $username, bool $checkInUse = false): str
return 'long';
}
if (strpos($username, ' ') !== false) {
return 'double-spaces';
}
if (!preg_match(MSZ_USERNAME_REGEX, $username)) {
if (!preg_match(MSZ_USERNAME_REGEX_FULL, $username)) {
return 'invalid';
}
if (strpos($username, '_') !== false && strpos($username, ' ') !== false) {
return 'spacing';
}
if ($checkInUse) {
$getUser = Database::prepare('
SELECT COUNT(`user_id`)
View
@@ -1,6 +1,8 @@
<?php
use Misuzu\Database;
require_once __DIR__ . '/Users/validation.php';
define('MSZ_COMMENTS_PERM_CREATE', 1);
define('MSZ_COMMENTS_PERM_EDIT_OWN', 1 << 1);
define('MSZ_COMMENTS_PERM_EDIT_ANY', 1 << 2);
@@ -19,6 +21,52 @@
-1 => MSZ_COMMENTS_VOTE_DISLIKE,
]);
// gets parsed on post
define('MSZ_COMMENTS_MARKUP_USERNAME', '#\B(?:@{1}(' . MSZ_USERNAME_REGEX . '))#u');
// gets parsed on fetch
define('MSZ_COMMENTS_MARKUP_USER_ID', '#\B(?:@{2}([0-9]+))#u');
function comments_parse_for_store(string $text): string
{
return preg_replace_callback(MSZ_COMMENTS_MARKUP_USERNAME, function ($matches) {
return ($userId = user_id_from_username($matches[1])) < 1
? $matches[0]
: "@@{$userId}";
}, $text);
}
function comments_parse_for_display(string $text): string
{
return preg_replace_callback(MSZ_COMMENTS_MARKUP_USER_ID, function ($matches) {
$getInfo = Database::prepare('
SELECT
u.`user_id`, u.`username`,
COALESCE(u.`user_colour`, r.`role_colour`) as `user_colour`
FROM `msz_users` as u
LEFT JOIN `msz_roles` as r
ON u.`display_role` = r.`role_id`
WHERE `user_id` = :user_id
');
$getInfo->bindValue('user_id', $matches[1]);
$info = $getInfo->execute() ? $getInfo->fetch(PDO::FETCH_ASSOC) : [];
if (!$info) {
return $matches[0];
}
return sprintf(
'<a href="/profile.php?u=%d" class="comment__mention", style="%s">@%s</a>',
$info['user_id'],
html_colour($info['user_colour'], [
'color' => '%s',
'text-shadow' => '0 0 5px %s',
]),
$info['username']
);
}, $text);
}
// usually this is not how you're suppose to handle permission checking,
// but in the context of comments this is fine since the same shit is used
// for every comment section.
@@ -202,14 +250,25 @@ function comments_category_get(int $category, int $user, ?int $parent = null): a
$commentsCount = count($comments);
for ($i = 0; $i < $commentsCount; $i++) {
$comments[$i]['comment_html'] = nl2br(comments_parse_for_display(htmlentities($comments[$i]['comment_text'])));
$comments[$i]['comment_replies'] = comments_category_get($category, $user, $comments[$i]['comment_id']);
}
return $comments;
}
function comments_post_create(int $user, int $category, string $text, bool $pinned = false, ?int $reply = null): int
{
function comments_post_create(
int $user,
int $category,
string $text,
bool $pinned = false,
?int $reply = null,
bool $parse = true
): int {
if ($parse) {
$text = comments_parse_for_store($text);
}
$create = Database::prepare('
INSERT INTO `msz_comments_posts`
(`user_id`, `category_id`, `comment_text`, `comment_pinned`, `comment_reply_to`)
@@ -236,7 +295,7 @@ function comments_post_delete(int $commentId, bool $delete = true): bool
return $deleteComment->execute();
}
function comments_post_get(int $commentId): array
function comments_post_get(int $commentId, bool $parse = true): array
{
$fetch = Database::prepare('
SELECT
@@ -253,7 +312,14 @@ function comments_post_get(int $commentId): array
WHERE `comment_id` = :id
');
$fetch->bindValue('id', $commentId);
return $fetch->execute() ? $fetch->fetch(PDO::FETCH_ASSOC) : [];
$comment = $fetch->execute() ? $fetch->fetch(PDO::FETCH_ASSOC) : false;
$comment = $comment ? $comment : []; // prevent type errors
if ($comment && $parse) {
$comment['comment_html'] = nl2br(comments_parse_for_display(htmlentities($comment['comment_text'])));
}
return $comment;
}
function comments_post_exists(int $commentId): bool
@@ -80,7 +80,7 @@
{% endif %}
</div>
<div class="comment__text{{ comment.comment_deleted is null ? '' : ' comment__text--deleted' }}">
{{ comment.comment_deleted is null ? comment.comment_text|nl2br : 'deleted' }}
{{ comment.comment_deleted is null ? (comment.comment_html is defined ? comment.comment_html|raw : comment.comment_text|nl2br) : 'deleted' }}
</div>
{% if comment.comment_deleted is null and user is not null %}
<div class="comment__actions">
@@ -347,7 +347,12 @@
var commentText = document.createElement('div');
commentText.className = 'comment__text';
commentText.textContent = comment.comment_text;
if (comment.comment_html)
commentText.innerHTML = comment.comment_html;
else
commentText.textContent = comment.comment_text;
commentContent.appendChild(commentText);
var commentActions = document.createElement('div');

0 comments on commit 54276dd

Please sign in to comment.