2013-10-05 12:55:03 +02:00
|
|
|
<?php
|
2013-10-05 21:24:20 +02:00
|
|
|
class PostController
|
2013-10-05 12:55:03 +02:00
|
|
|
{
|
2013-10-07 00:44:17 +02:00
|
|
|
public function workWrapper($callback)
|
|
|
|
|
{
|
|
|
|
|
$this->context->stylesheets []= 'jquery.tagit.css';
|
|
|
|
|
$this->context->scripts []= 'jquery.tagit.js';
|
|
|
|
|
$callback();
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-05 12:55:03 +02:00
|
|
|
/**
|
2013-10-05 19:24:08 +02:00
|
|
|
* @route /posts
|
|
|
|
|
* @route /posts/{query}
|
|
|
|
|
* @validate query .*
|
2013-10-05 12:55:03 +02:00
|
|
|
*/
|
2013-10-05 19:24:08 +02:00
|
|
|
public function listAction($query = null)
|
2013-10-05 12:55:03 +02:00
|
|
|
{
|
2013-10-05 22:52:55 +02:00
|
|
|
#redirect requests in form of /posts/?query=... to canonical address
|
|
|
|
|
$formQuery = InputHelper::get('query');
|
|
|
|
|
if (!empty($formQuery))
|
|
|
|
|
{
|
|
|
|
|
$url = \Chibi\UrlHelper::route('post', 'list', ['query' => $formQuery]);
|
|
|
|
|
\Chibi\UrlHelper::forward($url);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-05 21:22:28 +02:00
|
|
|
$this->context->subTitle = 'browsing posts';
|
2013-10-05 22:52:55 +02:00
|
|
|
$this->context->searchQuery = $query;
|
2013-10-07 20:44:14 +02:00
|
|
|
|
|
|
|
|
PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListPosts);
|
|
|
|
|
|
|
|
|
|
$page = 1;
|
|
|
|
|
$params = [];
|
|
|
|
|
$params[':limit'] = 20;
|
|
|
|
|
$params[':offset'] = ($page - 1) * $params[':limit'];
|
|
|
|
|
|
|
|
|
|
//todo safety
|
|
|
|
|
//todo construct WHERE based on filters
|
|
|
|
|
$whereSql = '';
|
|
|
|
|
|
|
|
|
|
//todo construct ORDER based on filers
|
|
|
|
|
$orderSql = 'ORDER BY upload_date DESC';
|
|
|
|
|
|
|
|
|
|
$limitSql = 'LIMIT :limit OFFSET :offset';
|
|
|
|
|
|
|
|
|
|
$posts = R::findAll('post', sprintf('%s %s %s', $whereSql, $orderSql, $limitSql), $params);
|
|
|
|
|
$this->context->transport->posts = $posts;
|
2013-10-05 19:24:08 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @route /post/upload
|
|
|
|
|
*/
|
|
|
|
|
public function uploadAction()
|
|
|
|
|
{
|
2013-10-07 00:44:17 +02:00
|
|
|
$this->context->stylesheets []= 'upload.css';
|
|
|
|
|
$this->context->scripts []= 'upload.js';
|
2013-10-05 21:22:28 +02:00
|
|
|
$this->context->subTitle = 'upload';
|
2013-10-07 00:44:17 +02:00
|
|
|
|
|
|
|
|
PrivilegesHelper::confirmWithException($this->context->user, Privilege::UploadPost);
|
|
|
|
|
|
|
|
|
|
if (isset($_FILES['file']))
|
|
|
|
|
{
|
|
|
|
|
$suppliedSafety = intval(InputHelper::get('safety'));
|
|
|
|
|
if (!in_array($suppliedSafety, PostSafety::getAll()))
|
|
|
|
|
throw new SimpleException('Invalid safety type "' . $suppliedSafety . '"');
|
|
|
|
|
|
|
|
|
|
$suppliedTags = InputHelper::get('tags');
|
|
|
|
|
$suppliedTags = preg_split('/[,;\s+]/', $suppliedTags);
|
|
|
|
|
$suppliedTags = array_filter($suppliedTags);
|
|
|
|
|
$suppliedTags = array_unique($suppliedTags);
|
|
|
|
|
foreach ($suppliedTags as $tag)
|
2013-10-07 20:44:14 +02:00
|
|
|
if (!preg_match('/^[a-zA-Z0-9_-]+$/i', $tag))
|
2013-10-07 00:44:17 +02:00
|
|
|
throw new SimpleException('Invalid tag "' . $tag . '"');
|
|
|
|
|
|
|
|
|
|
$suppliedFile = $_FILES['file'];
|
|
|
|
|
|
|
|
|
|
switch ($suppliedFile['type'])
|
|
|
|
|
{
|
|
|
|
|
case 'image/gif':
|
|
|
|
|
case 'image/png':
|
|
|
|
|
case 'image/jpeg':
|
|
|
|
|
$postType = PostType::Image;
|
|
|
|
|
break;
|
|
|
|
|
case 'application/x-shockwave-flash':
|
|
|
|
|
$postType = PostType::Flash;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
throw new SimpleException('Invalid file type "' . $suppliedFile['type'] . '"');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//todo: find out duplicate files
|
|
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
$name = md5(mt_rand() . uniqid());
|
|
|
|
|
$path = $this->config->main->filesPath . DIRECTORY_SEPARATOR . $name;
|
|
|
|
|
}
|
|
|
|
|
while (file_exists($path));
|
|
|
|
|
|
|
|
|
|
$dbTags = [];
|
|
|
|
|
foreach ($suppliedTags as $tag)
|
|
|
|
|
{
|
|
|
|
|
$dbTag = R::findOne('tag', 'name = ?', [$tag]);
|
|
|
|
|
if (!$dbTag)
|
|
|
|
|
{
|
|
|
|
|
$dbTag = R::dispense('tag');
|
|
|
|
|
$dbTag->name = $tag;
|
|
|
|
|
R::store($dbTag);
|
|
|
|
|
}
|
|
|
|
|
$dbTags []= $dbTag;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$dbPost = R::dispense('post');
|
|
|
|
|
$dbPost->type = $postType;
|
|
|
|
|
$dbPost->name = $name;
|
2013-10-07 20:44:14 +02:00
|
|
|
$dbPost->mime_type = $suppliedFile['type'];
|
2013-10-07 00:44:17 +02:00
|
|
|
$dbPost->safety = $suppliedSafety;
|
2013-10-07 20:44:14 +02:00
|
|
|
$dbPost->upload_date = time();
|
2013-10-07 00:44:17 +02:00
|
|
|
$dbPost->sharedTag = $dbTags;
|
2013-10-07 20:44:14 +02:00
|
|
|
$dbPost->ownUser = $this->context->user;
|
2013-10-07 00:44:17 +02:00
|
|
|
|
|
|
|
|
move_uploaded_file($suppliedFile['tmp_name'], $path);
|
|
|
|
|
R::store($dbPost);
|
|
|
|
|
|
|
|
|
|
//todo: generate thumbnail
|
|
|
|
|
|
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
|
}
|
2013-10-05 19:24:08 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2013-10-07 20:44:14 +02:00
|
|
|
* Action that decorates the page containing the post.
|
2013-10-05 19:24:08 +02:00
|
|
|
* @route /post/{id}
|
|
|
|
|
*/
|
2013-10-07 20:44:14 +02:00
|
|
|
public function viewAction($id)
|
2013-10-05 19:24:08 +02:00
|
|
|
{
|
2013-10-07 20:44:14 +02:00
|
|
|
$post = R::findOne('post', 'id = ?', [$id]);
|
|
|
|
|
if (!$post)
|
|
|
|
|
throw new SimpleException('Invalid post ID "' . $id . '"');
|
|
|
|
|
|
|
|
|
|
//todo: verify access rank...?
|
|
|
|
|
//todo: verify sketchy, nsfw, sfw
|
|
|
|
|
|
|
|
|
|
$this->context->subTitle = 'showing @' . $post->id;
|
|
|
|
|
$this->context->transport->post = $post;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Action that renders the requested file itself and sends it to user.
|
|
|
|
|
* @route /post/send/{name}
|
|
|
|
|
*/
|
|
|
|
|
public function sendAction($name)
|
|
|
|
|
{
|
|
|
|
|
$this->context->layoutName = 'layout-file';
|
|
|
|
|
|
|
|
|
|
$post = R::findOne('post', 'name = ?', [$name]);
|
|
|
|
|
if (!$post)
|
|
|
|
|
throw new SimpleException('Invalid post name "' . $name . '"');
|
|
|
|
|
|
|
|
|
|
//I guess access rank shouldn't be verified here. If someone arrives
|
|
|
|
|
//here, they already know the full name of the post (not just the ID)
|
|
|
|
|
//either by visiting the HTML container page or by having hotlink.
|
|
|
|
|
//Such users should be trusted.
|
|
|
|
|
|
|
|
|
|
$path = $this->config->main->filesPath . DIRECTORY_SEPARATOR . $post->name;
|
|
|
|
|
if (!file_exists($path))
|
|
|
|
|
throw new SimpleException('Post file does not exist');
|
|
|
|
|
if (!is_readable($path))
|
|
|
|
|
throw new SimpleException('Post file is not readable');
|
|
|
|
|
|
|
|
|
|
$this->context->transport->mimeType = $post->mimeType;
|
|
|
|
|
$this->context->transport->filePath = $path;
|
2013-10-05 12:55:03 +02:00
|
|
|
}
|
2013-10-05 22:52:55 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @route /favorites
|
|
|
|
|
*/
|
|
|
|
|
public function favoritesAction()
|
|
|
|
|
{
|
|
|
|
|
$this->listAction('favmin:1');
|
2013-10-07 20:44:14 +02:00
|
|
|
$this->context->viewName = 'post-list';
|
2013-10-05 22:52:55 +02:00
|
|
|
}
|
2013-10-05 12:55:03 +02:00
|
|
|
}
|
