From ee050cfd01a29d33f77862541c21f6fc61c65da0 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Thu, 17 Oct 2013 22:57:32 +0200
Subject: [PATCH] Worked on #8

Also:
- changed URL schema for posts from /posts/action/id to /posts/id/action
- moved XXXController::locateXXX methods to Model_XXX::locate
---
 config.ini                              |   7 +++
 public_html/media/css/comment-list.css  |  16 +++++
 public_html/media/css/comment-small.css |  30 ++++++++++
 public_html/media/css/core.css          |   8 +++
 public_html/media/css/post-list.css     |  17 ------
 public_html/media/css/post-small.css    |  19 ++++++
 public_html/media/css/post-view.css     |  17 +++---
 public_html/media/img/preview.png       | Bin 0 -> 1622 bytes
 public_html/media/js/core.js            |  16 +++++
 public_html/media/js/post-view.js       |  59 ++++++++++++++++++-
 src/Controllers/CommentController.php   |  74 +++++++++++++++++++++++-
 src/Controllers/PostController.php      |  64 +++++++++-----------
 src/Controllers/UserController.php      |  22 +++----
 src/Helpers/TextHelper.php              |   5 ++
 src/Models/Model_Comment.php            |  22 +++++++
 src/Models/Model_Post.php               |  17 ++++++
 src/Models/Model_User.php               |   8 +++
 src/Models/Privilege.php                |   2 +
 src/Views/comment-list.phtml            |  41 +++++++++++++
 src/Views/comment-small.phtml           |  35 +++++++++++
 src/Views/post-list.phtml               |   5 +-
 src/Views/post-small.phtml              |   3 +
 src/Views/post-view.phtml               |  33 ++++++++++-
 src/core.php                            |   3 +-
 24 files changed, 437 insertions(+), 86 deletions(-)
 create mode 100644 public_html/media/css/comment-list.css
 create mode 100644 public_html/media/css/comment-small.css
 create mode 100644 public_html/media/css/post-small.css
 create mode 100644 public_html/media/img/preview.png
 create mode 100644 src/Models/Model_Comment.php
 create mode 100644 src/Views/comment-list.phtml
 create mode 100644 src/Views/comment-small.phtml
 create mode 100644 src/Views/post-small.phtml

diff --git a/config.ini b/config.ini
index bff51835..34819c19 100644
--- a/config.ini
+++ b/config.ini
@@ -18,6 +18,11 @@ thumbStyle=outside
 endlessScrolling=1
 maxSearchTokens=4
 
+[comments]
+minLength = 5
+maxLength = 2000
+commentsPerPage = 20
+
 [registration]
 staffActivation   = 0
 passMinLength     = 5
@@ -79,4 +84,6 @@ deleteUser.own=registered
 deleteUser.all=nobody
 
 listComments=anonymous
+addComment=registered
+
 listTags=anonymous
diff --git a/public_html/media/css/comment-list.css b/public_html/media/css/comment-list.css
new file mode 100644
index 00000000..ce00d486
--- /dev/null
+++ b/public_html/media/css/comment-list.css
@@ -0,0 +1,16 @@
+.comment-group .post-wrapper {
+	float: left;
+}
+.comment-group .comments {
+	float: left;
+}
+
+.comment-group .post img {
+	margin-right: 1em;
+	margin-bottom: 1em;
+}
+
+.comment-group {
+	border-bottom: 1px solid #eee;
+	margin-bottom: 1em;
+}
diff --git a/public_html/media/css/comment-small.css b/public_html/media/css/comment-small.css
new file mode 100644
index 00000000..358ea583
--- /dev/null
+++ b/public_html/media/css/comment-small.css
@@ -0,0 +1,30 @@
+.comment {
+	margin: 0 0 1em 0;
+}
+.comment .body,
+.comment .avatar {
+	float: left;
+}
+.comment .header {
+	margin-bottom: 0.2em;
+}
+.comment .avatar a {
+	display: inline-block;
+}
+.comment .avatar img {
+	width: 40px;
+	height: 40px;
+	background-image: url('http://www.gravatar.com/avatar/0?f=y&d=mm&s=40');
+	margin-right: 0.5em;
+}
+.comment {
+	clear: left;
+}
+.comment .date:before {
+	content: ' on ';
+	margin: 0 0.2em;
+}
+.comment .date {
+	color: silver;
+	font-size: small;
+}
diff --git a/public_html/media/css/core.css b/public_html/media/css/core.css
index c4e48d48..e37f2acb 100644
--- a/public_html/media/css/core.css
+++ b/public_html/media/css/core.css
@@ -155,6 +155,14 @@ footer {
 	overflow: hidden;
 }
 
+.footer-unit {
+	padding: 0.5em 1em;
+	border: 1px solid #eee;
+	border-bottom: 0;
+	padding-bottom: 0;
+	margin: 1em 0 2em 0;
+}
+
 
 
 h1, h2, h3 {
diff --git a/public_html/media/css/post-list.css b/public_html/media/css/post-list.css
index 2951e2a7..56502c3e 100644
--- a/public_html/media/css/post-list.css
+++ b/public_html/media/css/post-list.css
@@ -1,20 +1,3 @@
 .posts img {
-	border: 1px solid #ddd;
-	box-shadow: 0.25em 0.25em #eee;
 	margin: 0.5em;
-	padding: 0;
-	width: 140px;
-	height: 140px;
-}
-
-.posts .post-type-flash img {
-	border-color: #dd5;
-	box-shadow: 0.25em 0.25em #eeb, 0.1em 0.1em 0.5em 0.1em rgba(238,238,187,0.5);
-}
-
-.posts a:focus img,
-.posts a:hover img {
-	border: 1px solid firebrick;
-	box-shadow: 0.25em 0.25em pink;
-	opacity: .9;
 }
diff --git a/public_html/media/css/post-small.css b/public_html/media/css/post-small.css
new file mode 100644
index 00000000..1a32c960
--- /dev/null
+++ b/public_html/media/css/post-small.css
@@ -0,0 +1,19 @@
+.post img {
+	border: 1px solid #ddd;
+	box-shadow: 0.25em 0.25em #eee;
+	padding: 0;
+	width: 140px;
+	height: 140px;
+}
+
+.post-type-flash img {
+	border-color: #dd5;
+	box-shadow: 0.25em 0.25em #eeb, 0.1em 0.1em 0.5em 0.1em rgba(238,238,187,0.5);
+}
+
+.post:focus img,
+.post:hover img {
+	border: 1px solid firebrick;
+	box-shadow: 0.25em 0.25em pink;
+	opacity: .9;
+}
diff --git a/public_html/media/css/post-view.css b/public_html/media/css/post-view.css
index 7729cb85..b40ff200 100644
--- a/public_html/media/css/post-view.css
+++ b/public_html/media/css/post-view.css
@@ -90,15 +90,11 @@ i.icon-dl {
 	margin: 2px;
 }
 
-form.edit {
+form.edit-post,
+form.edit-comment {
 	display: none;
-	padding: 0.5em 1em;
-	border: 1px solid #eee;
-	border-bottom: 0;
-	padding-bottom: 0;
-	margin: 1em 0;
 }
-form.edit .safety label:not(.left) {
+form.edit-post .safety label:not(.left) {
 	margin-right: 0.75em;
 }
 ul.tagit {
@@ -107,3 +103,10 @@ ul.tagit {
 	margin: 0;
 	font-size: 1em;
 }
+
+.preview {
+	border: 1px solid yellow;
+	background: url('../img/preview.png') lemonchiffon;
+	padding: 0.5em;
+	display: none;
+}
diff --git a/public_html/media/img/preview.png b/public_html/media/img/preview.png
new file mode 100644
index 0000000000000000000000000000000000000000..dac27f275f651e602ceed44c79aca0e99e901e6e
GIT binary patch
literal 1622
zcmZ{kYh02C6vkgKQIf39R8-W;<^6{CQbt&zs2~GGtZZEnNX^uFolS>YmXbLk(WO&H
z3Te1XMP2iPim5r%%(mLJLYuf!{24f7sY#CQ%l2g-p7TG?Ilt%YQy4}LfkADc006)U
zcwD%i*?NU-GS*LFXLGO~#<5ru767EY&1;MedT)>x9ufdFjM~oW&2|<(oCE+_P5^N3
zA^@!FPv>R<;BzDZsG<M>T>${_WI+cNqkkAOi6J;(ox>aH(L0l5{LwT$@&71zD1JWx
zY@iTu*oZHlE>s;mE5e)S_k3p<A=^1Oy0%UqFYS-BsF751(B>7wqeKvz(Q*xRXr6eL
zvuRC=45Z7Sj5pn5z038nUcKKKaL*>BxN~MWYxZUj6v7#73DCJdhEc4lE$`ds4iW6P
z5D&}q%!m%AzTBPz+9R#Y83m48J4t?T{2wW;*{tXG16!Y+{-Z01ZT<un9}~$27Z3XJ
z9x1e>WM0iGKi0GWUX5P4PKuA4D&^9()|D10K=@T&dxdO&;k*f%yXq-H{NgbtlbU6t
zY<LiG+swBti@}`Q2Nm^6KT`e7LPIS@(vMV^^F+!Op+KiTm_51`N<q$>4VSEy)_m!v
zB3ILNX3wqaZ?OAb0QroE6x$b4>dHZ|M&1&eAIKQj7A>;G!X_pb<^rPBk){aHlH)vo
zWsfMe*KGL9shJGyL@sS+BuIVP2-UQsSG-~%U+b5<=bU^`Qx47Vg^nw!=VF5&2-MPj
z$Be?F_WjDnmQONmAxU321<?$+*1`{^rQE?ik2-OsAKFfjdzbQfS)(>QXK_ER^m2o+
zVKC64m^ff~;dh<QbRUf_mf&LXegV#Wcg!*9_SWw<KkBYlP1P3{t_qyNt8S_UN&O=8
zryaB-i+D~*VJ;oyqX&{1uMzEI7ZbrnN1$^#Cx1GK8!_8hcE;~XmrGR&AWJ{_Y28f{
z<n7G%*7)~x2Z~m5O>bn;sK$+6IAiAyIDbZ77|m|#^11~h`YZQ#?`N+rY{^uQ1N|#R
zd}0!vh<F{RDL|!l81-92!yZ3AH*ef&#&Zs0`Tdb{V$K)T3Shl$#bsVm(~X?ByFb`b
zxwE`k7pm?)pxx`8km8eEd)?Mx@HhrNwq&QULkX3ROWL%QcseCB`g}C0*ZzW`Z2|0>
zksU}ND{j<x)T$UVbDOa;qpRU-2+%#}zGlbQS)R`eCbW*K%r=GYgzw;xV4%6^)X93K
zq`s`+jW`h1P6~Tx@dLHX71QStJ#0Yn>P>hkYT11{nB=MOcA;{_?~B1v%9ex_E8&ns
zZ=MGq64plfS<9&<C+yF#^|>`<vM8Ht=S5nUwAIPVOQtG2ifK#MHJ&hg`fuoX5#QtR
z%inc{xhE>BTKdH<eoVsA%>+lIjeUdO!HJR7lT&B65EM<=AoZPu^Q6Hl*oJ+X+H|uA
z8wa$Io{~Gha^i+b@~5DhIfh8Zw2&=xqf`rA+~=wQp8q$k5pAO-5EKrxZc%;!`?bcy
zA8wUlK9h0}(!}zzo3PQO+-^b?seZ*^UWy3o)eC*;rpNakg@XnZMkb;%xo8;Hz0lZa
z<r<=-mPy0DA7NR+2njp0Hohs=Y!1I9exYV+81$b6REDdI$w&UT4A;Bq=d-+4B@HWF
zte6lfy<z7BxqlmWI_A1<?VhQYuIQ<3*U>|YrZQC6QWxJ&<K`$4i7wp~Y2Y6}c(o~R
zW9X}>A-Ahy*xgDAzlML8mfXLq^dZXP$?}M7o3@8}I|hBB?n=+IsB*k(n*0i5Jk@H~
z;*!KUfV@=D7ivR`i0nW#*O6~ZW(b$4O2NeOPDmD{RWkX>*coV{#%;IAsI^*`!c{3m
z=}yt1nuY3wf$-0Q(Z{!CAXJ|1FXw8<F5a=La1LyFb**NO?XS(y!Dq|ag6ked%y(8X
zlhbQwUgy8u%h4_Dc6i&r;(jSnMw%FdXD6vphaED}%Pg0(b(5sjsv7TilaH%R8zdob
zWQu{=XRY0Lb4L!ZZ^Hc9V@$3<GVWe9+3NJke;4Cr__wi7r=H3)&g(nYF+C_U{S+fT
z8qG?L)&uZG`t0)bL3;Y^iSYG7gMMff${p#8Mk3Sf{r|4^e*=k0r{ZEV|36?Dn14tg
N00=>3Tth%q-d{)S;~@Y5

literal 0
HcmV?d00001

diff --git a/public_html/media/js/core.js b/public_html/media/js/core.js
index 9c2323d7..2cf0a3c7 100644
--- a/public_html/media/js/core.js
+++ b/public_html/media/js/core.js
@@ -85,4 +85,20 @@ $(function()
 			}
 		});
 	});
+
+
+	//attach data from submit buttons to forms before .submit() gets called
+	$(':submit').each(function()
+	{
+		$(this).click(function()
+		{
+			var form = $(this).closest('form');
+			form.find('.faux-submit').remove();
+			var input = $('<input class="faux-submit" type="hidden"/>').attr({
+				name: $(this).attr('name'),
+				value: $(this).val()
+			});
+			form.append(input);
+		});
+	});
 });
diff --git a/public_html/media/js/post-view.js b/public_html/media/js/post-view.js
index b3073274..a4d81540 100644
--- a/public_html/media/js/post-view.js
+++ b/public_html/media/js/post-view.js
@@ -23,11 +23,11 @@ $(function()
 			$('.tags input').tagit(tagItOptions);
 
 			e.preventDefault();
-			$('form.edit').slideDown();
+			$('form.edit-post').slideDown();
 		});
 	});
 
-	$('form.edit').submit(function(e)
+	$('form.edit-post').submit(function(e)
 	{
 		e.preventDefault();
 
@@ -65,4 +65,59 @@ $(function()
 
 		$.ajax(ajaxData);
 	});
+
+	$('form.add-comment, form.edit-comment').submit(function(e)
+	{
+		e.preventDefault();
+
+		var formDom = $(this);
+		if (formDom.hasClass('inactive'))
+			return;
+		formDom.addClass('inactive');
+		formDom.find(':input').attr('readonly', true);
+
+		var url = formDom.attr('action') + '?json';
+		var fd = new FormData(formDom[0]);
+
+		var preview = false;
+		$.each(formDom.serializeArray(), function(i, x)
+		{
+			if (x.name == 'sender' && x.value == 'preview')
+				preview = true;
+		});
+
+		var ajaxData =
+		{
+			url: url,
+			data: fd,
+			processData: false,
+			contentType: false,
+			type: 'POST',
+
+			success: function(data)
+			{
+				if (data['success'])
+				{
+					if (preview)
+					{
+						formDom.find('.preview').html(data['textPreview']).show();
+						formDom.find(':input').attr('readonly', false);
+						formDom.removeClass('inactive');
+					}
+					else
+					{
+						window.location.reload();
+					}
+				}
+				else
+				{
+					alert(data['errorMessage']);
+					formDom.find(':input').attr('readonly', false);
+					formDom.removeClass('inactive');
+				}
+			}
+		};
+
+		$.ajax(ajaxData);
+	});
 });
diff --git a/src/Controllers/CommentController.php b/src/Controllers/CommentController.php
index 30e80a29..b5907f10 100644
--- a/src/Controllers/CommentController.php
+++ b/src/Controllers/CommentController.php
@@ -3,11 +3,79 @@ class CommentController
 {
 	/**
 	* @route /comments
+	* @route /comments/{page}
+	* @validate page [0-9]+
 	*/
-	public function listAction()
+	public function listAction($page)
 	{
-		$this->context->activeSection = 'comments';
+		$this->context->stylesheets []= 'post-small.css';
+		$this->context->stylesheets []= 'comment-list.css';
+		$this->context->stylesheets []= 'comment-small.css';
 		$this->context->subTitle = 'comments';
-		throw new SimpleException('Not implemented');
+		if ($this->config->browsing->endlessScrolling)
+			$this->context->scripts []= 'paginator-endless.js';
+
+		$page = intval($page);
+		$commentsPerPage = intval($this->config->comments->commentsPerPage);
+		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListComments);
+
+		$buildDbQuery = function($dbQuery)
+		{
+			$dbQuery->from('comment');
+			$dbQuery->orderBy('comment_date')->desc();
+		};
+
+		$countDbQuery = R::$f->begin();
+		$countDbQuery->select('COUNT(1)')->as('count');
+		$buildDbQuery($countDbQuery);
+		$commentCount = intval($countDbQuery->get('row')['count']);
+		$pageCount = ceil($commentCount / $commentsPerPage);
+		$page = max(1, min($pageCount, $page));
+
+		$searchDbQuery = R::$f->begin();
+		$searchDbQuery->select('comment.*');
+		$buildDbQuery($searchDbQuery);
+		$searchDbQuery->limit('?')->put($commentsPerPage);
+		$searchDbQuery->offset('?')->put(($page - 1) * $commentsPerPage);
+
+		$comments = $searchDbQuery->get();
+		$comments = R::convertToBeans('comment', $comments);
+		R::preload($comments, ['commenter' => 'user']);
+		$this->context->postGroups = true;
+		$this->context->transport->paginator = new StdClass;
+		$this->context->transport->paginator->page = $page;
+		$this->context->transport->paginator->pageCount = $pageCount;
+		$this->context->transport->paginator->entityCount = $commentCount;
+		$this->context->transport->paginator->entities = $comments;
+		$this->context->transport->paginator->params = func_get_args();
+		$this->context->transport->comments = $comments;
+	}
+
+	/**
+	* @route /post/{postId}/add-comment
+	* @valdiate postId [0-9]+
+	*/
+	public function addAction($postId)
+	{
+		PrivilegesHelper::confirmWithException($this->context->user, Privilege::AddComment);
+		if ($this->config->registration->needEmailForCommenting)
+			PrivilegesHelper::confirmEmail($this->context->user);
+
+		$post = Model_Post::locate($postId);
+
+		$text = InputHelper::get('text');
+		if (!empty($text))
+		{
+			$text = Model_Comment::validateText($text);
+			$comment = R::dispense('comment');
+			$comment->post = $post;
+			$comment->commenter = $this->context->user;
+			$comment->comment_date = time();
+			$comment->text = $text;
+			if (InputHelper::get('sender') != 'preview')
+				R::store($comment);
+			$this->context->transport->textPreview = $comment->getText();
+			$this->context->transport->success = true;
+		}
 	}
 }
diff --git a/src/Controllers/PostController.php b/src/Controllers/PostController.php
index 96efeb80..69b4423e 100644
--- a/src/Controllers/PostController.php
+++ b/src/Controllers/PostController.php
@@ -8,23 +8,6 @@ class PostController
 		$callback();
 	}
 
-	private static function locatePost($key, $disallowNumeric = false)
-	{
-		if (is_numeric($key) and !$disallowNumeric)
-		{
-			$post = R::findOne('post', 'id = ?', [$key]);
-			if (!$post)
-				throw new SimpleException('Invalid post ID "' . $key . '"');
-		}
-		else
-		{
-			$post = R::findOne('post', 'name = ?', [$key]);
-			if (!$post)
-				throw new SimpleException('Invalid post name "' . $key . '"');
-		}
-		return $post;
-	}
-
 	private static function serializeTags($post)
 	{
 		$x = [];
@@ -74,6 +57,7 @@ class PostController
 	*/
 	public function listAction($query = null, $page = 1)
 	{
+		$this->context->stylesheets []= 'post-small.css';
 		$this->context->stylesheets []= 'post-list.css';
 		$this->context->stylesheets []= 'paginator.css';
 		if ($this->config->browsing->endlessScrolling)
@@ -255,11 +239,11 @@ class PostController
 
 
 	/**
-	* @route /post/edit/{id}
+	* @route /post/{id}/edit
 	*/
 	public function editAction($id)
 	{
-		$post = self::locatePost($id);
+		$post = Model_Post::locate($id);
 		R::preload($post, ['uploader' => 'user']);
 		$edited = false;
 		$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
@@ -323,11 +307,11 @@ class PostController
 
 
 	/**
-	* @route /post/hide/{id}
+	* @route /post/{id}/hide
 	*/
 	public function hideAction($id)
 	{
-		$post = self::locatePost($id);
+		$post = Model_Post::locate($id);
 		$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::HidePost, $secondary);
 		$post->hidden = true;
@@ -336,11 +320,11 @@ class PostController
 	}
 
 	/**
-	* @route /post/unhide/{id}
+	* @route /post/{id}/unhide
 	*/
 	public function unhideAction($id)
 	{
-		$post = self::locatePost($id);
+		$post = Model_Post::locate($id);
 		$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::HidePost, $secondary);
 		$post->hidden = false;
@@ -349,11 +333,11 @@ class PostController
 	}
 
 	/**
-	* @route /post/delete/{id}
+	* @route /post/{id}/delete
 	*/
 	public function deleteAction($id)
 	{
-		$post = self::locatePost($id);
+		$post = Model_Post::locate($id);
 		$secondary = $post->uploader->id == $this->context->user->id ? 'own' : 'all';
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::DeletePost, $secondary);
 		//remove stuff from auxiliary tables
@@ -367,12 +351,12 @@ class PostController
 
 
 	/**
-	* @route /post/add-fav/{id}
-	* @route /post/fav-add/{id}
+	* @route /post/{id}/add-fav
+	* @route /post/{id}/fav-add
 	*/
 	public function addFavoriteAction($id)
 	{
-		$post = self::locatePost($id);
+		$post = Model_Post::locate($id);
 		R::preload($post, ['favoritee' => 'user']);
 
 		if (!$this->context->loggedIn)
@@ -389,12 +373,12 @@ class PostController
 	}
 
 	/**
-	* @route /post/rem-fav/{id}
-	* @route /post/fav-rem/{id}
+	* @route /post/{id}/rem-fav
+	* @route /post/{id}/fav-rem
 	*/
 	public function remFavoriteAction($id)
 	{
-		$post = self::locatePost($id);
+		$post = Model_Post::locate($id);
 		R::preload($post, ['favoritee' => 'user']);
 
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::FavoritePost);
@@ -422,8 +406,13 @@ class PostController
 	*/
 	public function viewAction($id)
 	{
-		$post = self::locatePost($id);
-		R::preload($post, ['favoritee' => 'user', 'uploader' => 'user', 'tag']);
+		$post = Model_Post::locate($id);
+		R::preload($post, [
+			'favoritee' => 'user',
+			'uploader' => 'user',
+			'tag',
+			'comment',
+			'ownComment.commenter' => 'user']);
 
 		if ($post->hidden)
 			PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost, 'hidden');
@@ -471,6 +460,7 @@ class PostController
 			$this->context->transport->tagDistribution[$row['name']] = $row['count'];
 
 		$this->context->stylesheets []= 'post-view.css';
+		$this->context->stylesheets []= 'comment-small.css';
 		$this->context->scripts []= 'post-view.js';
 		$this->context->subTitle = 'showing @' . $post->id;
 		$this->context->favorite = $favorite;
@@ -484,12 +474,12 @@ class PostController
 
 	/**
 	* Action that renders the thumbnail of the requested file and sends it to user.
-	* @route /post/thumb/{id}
+	* @route /post/{id}/thumb
 	*/
 	public function thumbAction($id)
 	{
 		$this->context->layoutName = 'layout-file';
-		$post = self::locatePost($id);
+		$post = Model_Post::locate($id);
 
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost);
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewPost, PostSafety::toString($post->safety));
@@ -556,12 +546,12 @@ class PostController
 
 	/**
 	* Action that renders the requested file itself and sends it to user.
-	* @route /post/retrieve/{name}
+	* @route /post/{name}/retrieve
 	*/
 	public function retrieveAction($name)
 	{
 		$this->context->layoutName = 'layout-file';
-		$post = self::locatePost($name, true);
+		$post = Model_Post::locate($name, true);
 		R::preload($post, ['tag']);
 
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::RetrievePost);
diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php
index 610856a1..c74940d0 100644
--- a/src/Controllers/UserController.php
+++ b/src/Controllers/UserController.php
@@ -1,14 +1,6 @@
 <?php
 class UserController
 {
-	private static function locateUser($key)
-	{
-		$user = R::findOne('user', 'name = ?', [$key]);
-		if (!$user)
-			throw new SimpleException('Invalid user name "' . $key . '"');
-		return $user;
-	}
-
 	private static function sendEmailConfirmation(&$user)
 	{
 		$regConfig = \Chibi\Registry::getConfig()->registration;
@@ -134,7 +126,7 @@ class UserController
 	*/
 	public function banAction($name)
 	{
-		$user = self::locateUser($name);
+		$user = Model_User::locate($name);
 		$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::BanUser, $secondary);
 		$user->banned = true;
@@ -148,7 +140,7 @@ class UserController
 	*/
 	public function unbanAction($name)
 	{
-		$user = self::locateUser($name);
+		$user = Model_User::locate($name);
 		$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::BanUser, $secondary);
 		$user->banned = false;
@@ -162,7 +154,7 @@ class UserController
 	*/
 	public function acceptRegistrationAction($name)
 	{
-		$user = self::locateUser($name);
+		$user = Model_User::locate($name);
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::AcceptUserRegistration);
 		$user->staff_confirmed = true;
 		R::store($user);
@@ -178,7 +170,7 @@ class UserController
 	*/
 	public function deleteAction($name)
 	{
-		$user = self::locateUser($name);
+		$user = Model_User::locate($name);
 		$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewUser, $secondary);
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::DeleteUser, $secondary);
@@ -219,7 +211,7 @@ class UserController
 		try
 		{
 
-			$user = self::locateUser($name);
+			$user = Model_User::locate($name);
 			$edited = false;
 			$secondary = $user->id == $this->context->user->id ? 'own' : 'all';
 			PrivilegesHelper::confirmWithException($this->context->user, Privilege::ViewUser, $secondary);
@@ -297,7 +289,7 @@ class UserController
 		}
 		catch (Exception $e)
 		{
-			$this->context->transport->user = self::locateUser($name);
+			$this->context->transport->user = Model_User::locate($name);
 			throw $e;
 		}
 	}
@@ -314,7 +306,7 @@ class UserController
 	public function viewAction($name, $tab, $page)
 	{
 		$postsPerPage = intval($this->config->browsing->postsPerPage);
-		$user = self::locateUser($name);
+		$user = Model_User::locate($name);
 		if ($tab === null)
 			$tab = 'favs';
 		if ($page === null)
diff --git a/src/Helpers/TextHelper.php b/src/Helpers/TextHelper.php
index fae9bd5b..fc2b02b8 100644
--- a/src/Helpers/TextHelper.php
+++ b/src/Helpers/TextHelper.php
@@ -141,4 +141,9 @@ class TextHelper
 
 		return json_encode($obj);
 	}
+
+	public static function parseMarkdown($text)
+	{
+		return \Michelf\Markdown::defaultTransform($text);
+	}
 }
diff --git a/src/Models/Model_Comment.php b/src/Models/Model_Comment.php
new file mode 100644
index 00000000..72da56d5
--- /dev/null
+++ b/src/Models/Model_Comment.php
@@ -0,0 +1,22 @@
+<?php
+class Model_Comment extends RedBean_SimpleModel
+{
+	public static function validateText($text)
+	{
+		$text = trim($text);
+		$config = \Chibi\Registry::getConfig();
+
+		if (strlen($text) < $config->comments->minLength)
+			throw new SimpleException(sprintf('Comment must have at least %d characters', $config->comments->minLength));
+
+		if (strlen($text) > $config->comments->maxLength)
+			throw new SimpleException(sprintf('Comment must have at most %d characters', $config->comments->maxLength));
+
+		return $text;
+	}
+
+	public function getText()
+	{
+		return TextHelper::parseMarkdown($this->text);
+	}
+}
diff --git a/src/Models/Model_Post.php b/src/Models/Model_Post.php
index e9b34110..5e15d8f9 100644
--- a/src/Models/Model_Post.php
+++ b/src/Models/Model_Post.php
@@ -1,6 +1,23 @@
 <?php
 class Model_Post extends RedBean_SimpleModel
 {
+	public static function locate($key, $disallowNumeric = false)
+	{
+		if (is_numeric($key) and !$disallowNumeric)
+		{
+			$post = R::findOne('post', 'id = ?', [$key]);
+			if (!$post)
+				throw new SimpleException('Invalid post ID "' . $key . '"');
+		}
+		else
+		{
+			$post = R::findOne('post', 'name = ?', [$key]);
+			if (!$post)
+				throw new SimpleException('Invalid post name "' . $key . '"');
+		}
+		return $post;
+	}
+
 	public static function validateSafety($safety)
 	{
 		$safety = intval($safety);
diff --git a/src/Models/Model_User.php b/src/Models/Model_User.php
index 3f57e86a..dcba3f7b 100644
--- a/src/Models/Model_User.php
+++ b/src/Models/Model_User.php
@@ -1,6 +1,14 @@
 <?php
 class Model_User extends RedBean_SimpleModel
 {
+	public static function locate($key)
+	{
+		$user = R::findOne('user', 'name = ?', [$key]);
+		if (!$user)
+			throw new SimpleException('Invalid user name "' . $key . '"');
+		return $user;
+	}
+
 	public function getAvatarUrl($size = 32)
 	{
 		$subject = !empty($this->email_confirmed)
diff --git a/src/Models/Privilege.php b/src/Models/Privilege.php
index b4d429f5..9c9cc1d3 100644
--- a/src/Models/Privilege.php
+++ b/src/Models/Privilege.php
@@ -24,5 +24,7 @@ class Privilege extends Enum
 	const DeleteUser = 19;
 
 	const ListComments = 20;
+	const AddComment = 23;
+
 	const ListTags = 21;
 }
diff --git a/src/Views/comment-list.phtml b/src/Views/comment-list.phtml
new file mode 100644
index 00000000..7c1b225c
--- /dev/null
+++ b/src/Views/comment-list.phtml
@@ -0,0 +1,41 @@
+<?php if (empty($this->context->transport->comments)): ?>
+	<p class="alert alert-warning">No comments to show.</p>
+<?php else: ?>
+	<div class="comments paginator-content">
+		<?php
+			$groups = [];
+			$posts = [];
+			$currentGroupPostId = null;
+			$currentGroup = null;
+			foreach ($this->context->transport->comments as $comment)
+			{
+				if ($comment->post_id != $currentGroupPostId)
+				{
+					unset($currentGroup);
+					$currentGroup = [];
+					$currentGroupPostId = $comment->post_id;
+					$posts[$comment->post_id] = $comment->post;
+					$groups[] = &$currentGroup;
+				}
+				$currentGroup []= $comment;
+			}
+		?>
+		<?php foreach ($groups as $group): ?>
+			<div class="comment-group">
+				<div class="post-wrapper">
+					<?php $this->context->post = $posts[reset($group)->post_id] ?>
+					<?php echo $this->renderFile('post-small') ?>
+				</div>
+				<div class="comments">
+					<?php foreach ($group as $comment): ?>
+						<?php $this->context->comment = $comment ?>
+						<?php echo $this->renderFile('comment-small') ?>
+					<?php endforeach ?>
+				</div>
+				<div class="clear"></div>
+			</div>
+		<?php endforeach ?>
+	</div>
+
+	<?php $this->renderFile('paginator') ?>
+<?php endif ?>
diff --git a/src/Views/comment-small.phtml b/src/Views/comment-small.phtml
new file mode 100644
index 00000000..7a15074e
--- /dev/null
+++ b/src/Views/comment-small.phtml
@@ -0,0 +1,35 @@
+<div class="comment">
+	<div class="avatar">
+		<?php if ($this->context->comment->commenter): ?>
+			<a href="<?php echo \Chibi\UrlHelper::route('user', 'view', ['name' => $this->context->comment->commenter->name]) ?>">
+				<img src="<?php echo $this->context->comment->commenter->getAvatarUrl(40) ?>" alt="<?php echo $this->context->comment->commenter->name ?: '[deleted user]' ?>"/>
+			</a>
+		<?php else: ?>
+			<img src="<?php echo \Chibi\UrlHelper::absoluteUrl('/media/img/pixel.gif') ?>" alt="[deleted user]">
+		<?php endif ?>
+	</div>
+
+	<div class="body">
+		<div class="header">
+			<span class="nickname">
+				<?php if ($this->context->comment->commenter): ?>
+					<a href="<?php echo \Chibi\UrlHelper::route('user', 'view', ['name' => $this->context->comment->commenter->name]) ?>">
+						<?php echo $this->context->comment->commenter->name ?>
+					</a>
+				<?php else: ?>
+					<div class="nickname">[deleted user]</div>
+				<?php endif ?>
+			</span>
+
+			<span class="date">
+				<?php echo date('Y-m-d H:i', $this->context->comment->comment_date) ?>
+			</span>
+		</div>
+
+		<div class="content">
+			<?php echo $this->context->comment->getText() ?>
+		</div>
+	</div>
+
+	<div class="clear"></div>
+</div>
diff --git a/src/Views/post-list.phtml b/src/Views/post-list.phtml
index 279d4eff..e2e4908b 100644
--- a/src/Views/post-list.phtml
+++ b/src/Views/post-list.phtml
@@ -3,9 +3,8 @@
 <?php else: ?>
 	<div class="posts paginator-content">
 		<?php foreach ($this->context->transport->posts as $post): ?>
-			<a class="post post-type-<?php echo TextHelper::camelCaseToHumanCase(PostType::toString($post['type'])) ?>" href="<?php echo \Chibi\UrlHelper::route('post', 'view', ['id' => $post['id']]) ?>">
-				<img src="<?php echo \Chibi\UrlHelper::route('post', 'thumb', ['id' => $post['id']]) ?>" alt="@<?php echo $post['id'] ?>"/>
-			</a>
+			<?php $this->context->post = $post ?>
+			<?php echo $this->renderFile('post-small') ?>
 		<?php endforeach ?>
 	</div>
 
diff --git a/src/Views/post-small.phtml b/src/Views/post-small.phtml
new file mode 100644
index 00000000..ed75bec1
--- /dev/null
+++ b/src/Views/post-small.phtml
@@ -0,0 +1,3 @@
+<a class="post post-type-<?php echo TextHelper::camelCaseToHumanCase(PostType::toString($this->context->post['type'])) ?>" href="<?php echo \Chibi\UrlHelper::route('post', 'view', ['id' => $this->context->post['id']]) ?>">
+	<img src="<?php echo \Chibi\UrlHelper::route('post', 'thumb', ['id' => $this->context->post['id']]) ?>" alt="@<?php echo $this->context->post['id'] ?>"/>
+</a>
diff --git a/src/Views/post-view.phtml b/src/Views/post-view.phtml
index e928df9c..0e2f7a1e 100644
--- a/src/Views/post-view.phtml
+++ b/src/Views/post-view.phtml
@@ -201,7 +201,7 @@
 	</div>
 
 	<?php if ($canEditAnything): ?>
-		<form action="<?php echo \Chibi\UrlHelper::route('post', 'edit', ['id' => $this->context->transport->post->id]) ?>" method="post" enctype="multipart/form-data" class="edit aligned">
+		<form action="<?php echo \Chibi\UrlHelper::route('post', 'edit', ['id' => $this->context->transport->post->id]) ?>" method="post" enctype="multipart/form-data" class="edit-post aligned footer-unit">
 			<h1>edit post</h1>
 			<?php if ($editPostPrivileges[Privilege::EditPostSafety]): ?>
 				<div class="safety">
@@ -236,4 +236,35 @@
 			</div>
 		</form>
 	<?php endif ?>
+
+	<div class="comments footer-unit">
+		<h1>comments (<?php echo $this->context->transport->post->countOwn('comment') ?>)</h1>
+		<?php if (empty($this->context->transport->post->ownComment)): ?>
+			<p class="alert alert-warning">No comments to show.</p>
+		<?php else: ?>
+			<div class="comments">
+				<?php foreach ($this->context->transport->post->ownComment as $comment): ?>
+					<?php $this->context->comment = $comment ?>
+					<?php echo $this->renderFile('comment-small') ?>
+				<?php endforeach ?>
+			</div>
+		<?php endif ?>
+	</div>
+
+	<?php if (PrivilegesHelper::confirm($this->context->user, Privilege::AddComment)): ?>
+		<form action="<?php echo \Chibi\UrlHelper::route('comment', 'add', ['postId' => $this->context->transport->post->id]) ?>" method="post" class="add-comment aligned footer-unit">
+			<h1>add comment</h1>
+
+			<div class="preview"></div>
+
+			<div class="text">
+				<textarea name="text" cols="50" rows="3"></textarea>
+			</div>
+
+			<div>
+				<button name="sender" type="submit" value="preview">Preview</button>&nbsp;
+				<button name="sender" type="submit" value="submit">Submit</button>
+			</div>
+		</form>
+	<?php endif ?>
 </div>
diff --git a/src/core.php b/src/core.php
index 4f17e858..231c07d1 100644
--- a/src/core.php
+++ b/src/core.php
@@ -8,6 +8,7 @@ function trueStartTime()
 }
 trueStartTime();
 
+require_once 'lib/php-markdown/Michelf/Markdown.php';
 require_once 'lib/redbean/RedBean/redbean.inc.php';
 require_once 'lib/chibi-core/Facade.php';
 require_once 'lib/chibi-core/Registry.php';
@@ -42,7 +43,7 @@ function configFactory()
 
 $config = configFactory();
 R::setup('sqlite:' . $config->main->dbPath);
-R::dependencies(['tag' => ['post'], 'favoritee' => ['post', 'user']]);
+R::dependencies(['tag' => ['post'], 'favoritee' => ['post', 'user'], 'comment' => ['post', 'user']]);
 
 //wire models
 \Chibi\AutoLoader::init([$config->chibi->userCodeDir, __DIR__]);