Merge branch 'develop' into phoenix

Author: carlbennett

src/controllers/Packet/Delete.php

@@ -0,0 +1,122 @@
+<?php
+
+namespace BNETDocs\Controllers\Packet;
+
+use \BNETDocs\Libraries\Authentication;
+use \BNETDocs\Libraries\CSRF;
+use \BNETDocs\Libraries\Packet;
+use \BNETDocs\Libraries\EventTypes;
+use \BNETDocs\Libraries\Exceptions\PacketNotFoundException;
+use \BNETDocs\Libraries\Logger;
+use \BNETDocs\Libraries\User;
+use \BNETDocs\Models\Packet\Delete as PacketDeleteModel;
+
+use \CarlBennett\MVC\Libraries\Common;
+use \CarlBennett\MVC\Libraries\Controller;
+use \CarlBennett\MVC\Libraries\Router;
+use \CarlBennett\MVC\Libraries\View;
+
+use \InvalidArgumentException;
+
+class Delete extends Controller {
+
+  public function &run(Router &$router, View &$view, array &$args) {
+
+    $data                = $router->getRequestQueryArray();
+    $model               = new PacketDeleteModel();
+    $model->csrf_id      = mt_rand();
+    $model->csrf_token   = CSRF::generate($model->csrf_id);
+    $model->error        = null;
+    $model->id           = (isset($data["id"]) ? $data["id"] : null);
+    $model->packet       = null;
+    $model->title        = null;
+    $model->user         = Authentication::$user;
+
+    $model->acl_allowed = ($model->user && $model->user->getAcl(
+      User::OPTION_ACL_PACKET_DELETE
+    ));
+
+    try { $model->packet = new Packet($model->id); }
+    catch (PacketNotFoundException $e) { $model->packet = null; }
+    catch (InvalidArgumentException $e) { $model->packet = null; }
+
+    if ($model->packet === null) {
+      $model->error = "NOT_FOUND";
+    } else {
+      $model->title = $model->packet->getPacketDirectionTag() . 
+        ' ' . $model->packet->getPacketName();
+
+      if ($router->getRequestMethod() == "POST") {
+        $this->tryDelete($router, $model);
+      }
+    }
+
+    $view->render($model);
+
+    $model->_responseCode = ($model->acl_allowed ? 200 : 403);
+    $model->_responseHeaders["Content-Type"] = $view->getMimeType();
+    $model->_responseTTL = 0;
+
+    return $model;
+
+  }
+
+  protected function tryDelete(Router &$router, PacketDeleteModel &$model) {
+    if (!isset($model->user)) {
+      $model->error = "NOT_LOGGED_IN";
+      return;
+    }
+
+    $data       = $router->getRequestBodyArray();
+    $csrf_id    = (isset($data["csrf_id"   ]) ? $data["csrf_id"   ] : null);
+    $csrf_token = (isset($data["csrf_token"]) ? $data["csrf_token"] : null);
+    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
+
+    if (!$csrf_valid) {
+      $model->error = "INVALID_CSRF";
+      return;
+    }
+    CSRF::invalidate($csrf_id);
+
+    if (!$model->acl_allowed) {
+      $model->error = "ACL_NOT_SET";
+      return;
+    }
+
+    $model->error = false;
+
+    $id      = (int) $model->id;
+    $user_id = $model->user->getId();
+
+    try {
+
+      $success = Packet::delete($id);
+
+    } catch (QueryException $e) {
+
+      // SQL error occurred. We can show a friendly message to the user while
+      // also notifying this problem to staff.
+      Logger::logException($e);
+
+      $success = false;
+
+    }
+
+    if (!$success) {
+      $model->error = "INTERNAL_ERROR";
+    } else {
+      $model->error = false;
+    }
+
+    Logger::logEvent(
+      EventTypes::PACKET_DELETED,
+      $user_id,
+      getenv("REMOTE_ADDR"),
+      json_encode([
+        "error"     => $model->error,
+        "packet_id" => $id,
+      ])
+    );
+  }
+
+}

src/libraries/NewsPost.php

@@ -408,14 +408,22 @@ public function save() {
         LIMIT 1;
       ");
       $stmt->bindParam(":category_id", $this->category_id, PDO::PARAM_INT);
-      $stmt->bindParam(":content", $this->content, PDO::PARAM_INT);
-      $stmt->bindParam(":created_dt", $this->created_datetime, PDO::PARAM_INT);
+      $stmt->bindParam(":content", $this->content, PDO::PARAM_STR);
+      $stmt->bindParam(":created_dt", $this->created_datetime, PDO::PARAM_STR);
       $stmt->bindParam(":edited_count", $this->edited_count, PDO::PARAM_INT);
-      $stmt->bindParam(":edited_dt", $this->edited_datetime, PDO::PARAM_INT);
+      if (is_null($this->edited_datetime)) {
+        $stmt->bindParam(":edited_dt", null, PDO::PARAM_NULL);
+      } else {
+        $stmt->bindParam(":edited_dt", $this->edited_datetime, PDO::PARAM_STR);
+      }
       $stmt->bindParam(":id", $this->id, PDO::PARAM_INT);
       $stmt->bindParam(":options", $this->options_bitmask, PDO::PARAM_INT);
-      $stmt->bindParam(":title", $this->title, PDO::PARAM_INT);
-      $stmt->bindParam(":user_id", $this->user_id, PDO::PARAM_INT);
+      $stmt->bindParam(":title", $this->title, PDO::PARAM_STR);
+      if (is_null($this->user_id)) {
+        $stmt->bindParam(":user_id", null, PDO::PARAM_NULL);
+      } else {
+        $stmt->bindParam(":user_id", $this->user_id, PDO::PARAM_INT);
+      }
       if (!$stmt->execute()) {
         throw new QueryException("Cannot save news post");
       }

src/libraries/Packet.php

@@ -89,6 +89,29 @@ public function __construct( $data ) {
     }
   }
 
+  public static function delete($id) {
+    if (!isset(Common::$database)) {
+      Common::$database = DatabaseDriver::getDatabaseObject();
+    }
+    $successful = false;
+    try {
+      $stmt = Common::$database->prepare("
+        DELETE FROM `packets` WHERE `id` = :id LIMIT 1;
+      ");
+      $stmt->bindParam(":id", $id, PDO::PARAM_INT);
+      $successful = $stmt->execute();
+      $stmt->closeCursor();
+      if ($successful) {
+        Common::$cache->delete("bnetdocs-packet-" . (int) $id);
+        Common::$cache->delete("bnetdocs-packets");
+      }
+    } catch (PDOException $e) {
+      throw new QueryException("Cannot delete packet");
+    } finally {
+      return $successful;
+    }
+  }
+
   public static function &getAllPackets(
     $order = null, $limit = null, $index = null
   ) {

src/main.php

@@ -165,6 +165,9 @@ function main() {
     //$router->addRoute( // URL: /packet/create
     //  "#^/packet/create/?$#", "Packet\\Create", "Packet\\CreateHtml"
     //);
+    $router->addRoute( // URL: /packet/delete
+      "#^/packet/delete/?$#", "Packet\\Delete", "Packet\\DeleteHtml"
+    );
     $router->addRoute( // URL: /packet/edit
       "#^/packet/edit/?$#", "Packet\\Edit", "Packet\\EditHtml"
     );

src/models/Packet/Delete.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace BNETDocs\Models\Packet;
+
+use \CarlBennett\MVC\Libraries\Model;
+
+class Delete extends Model {
+
+  public $acl_allowed;
+  public $csrf_id;
+  public $csrf_token;
+  public $error;
+  public $id;
+  public $packet;
+  public $title;
+  public $user;
+
+}

src/templates/Packet/Delete.phtml

@@ -0,0 +1,67 @@
+<?php
+
+namespace BNETDocs\Templates\Packet;
+
+use \CarlBennett\MVC\Libraries\Pair;
+
+$title       = "Delete Packet";
+$description = "This form allows an individual to delete a packet.";
+
+$this->opengraph->attach(new Pair("url", "/packet/delete"));
+$this->opengraph->attach(new Pair("type", "article"));
+
+switch ($this->getContext()->error) {
+  case "ACL_NOT_SET":
+    $message = "You do not have the privilege to delete packets.";
+    break;
+  case "NOT_FOUND":
+    $message = "Cannot find packet by that id.";
+    break;
+  case "NOT_LOGGED_IN":
+    $message = "You must be logged in to delete packets.";
+    break;
+  case "INVALID_CSRF":
+    $message = "The Cross-Site Request Forgery token was invalid. Either the "
+      . "delete packet form expired, or this may have been a malicious "
+      . "attempt to delete a packet.";
+    break;
+  case "INTERNAL_ERROR":
+    $message = "An internal error occurred while processing your request. "
+      . "Our staff has been notified of the issue. Try again later.";
+    break;
+  default:
+    $message = $this->getContext()->error;
+}
+
+$this->additional_css[] = "/a/forms.css";
+require("./header.inc.phtml");
+?>
+      <article>
+<?php if (is_null($this->getContext()->error)) { ?>
+        <header>Delete Packet</header>
+        <form method="POST" action="?id=<?php echo
+            htmlspecialchars($this->getContext()->id, ENT_HTML5, "UTF-8"); ?>">
+          <input type="hidden" name="csrf_id" value="<?php echo $this->getContext()->csrf_id; ?>"/>
+          <input type="hidden" name="csrf_token" value="<?php echo $this->getContext()->csrf_token; ?>"/>
+          <section>
+            <p>Are you sure you wish to delete this packet?</p>
+            <p><input type="text" readonly="readonly" value="<?php echo filter_var($this->getContext()->title, FILTER_SANITIZE_STRING); ?>" tabindex="1"/></p>
+            <p><input type="submit" value="Delete Packet" tabindex="2" autofocus="autofocus"/></p>
+          </section>
+        </form>
+<?php } else if ($this->getContext()->error === false) { ?>
+        <header class="green">Packet Deleted</header>
+        <section class="green">
+          <p>You have successfully deleted the packet!</p>
+          <p>Use the navigation to the left to move to another page.</p>
+        </section>
+<?php } else { ?>
+        <header class="red">Delete Packet</header>
+        <section class="red">
+          <p>An error occurred while attempting to delete the packet.</p>
+          <p><?php echo $message; ?></p>
+          <p>Use the navigation to the left to move to another page.</p>
+        </section>
+<?php } ?>
+      </article>
+<?php require("./footer.inc.phtml"); ?>

src/views/Packet/DeleteHtml.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace BNETDocs\Views\Packet;
+
+use \BNETDocs\Models\Packet\Delete as PacketDeleteModel;
+use \CarlBennett\MVC\Libraries\Exceptions\IncorrectModelException;
+use \CarlBennett\MVC\Libraries\Model;
+use \CarlBennett\MVC\Libraries\Template;
+use \CarlBennett\MVC\Libraries\View;
+
+class DeleteHtml extends View {
+
+  public function getMimeType() {
+    return "text/html;charset=utf-8";
+  }
+
+  public function render(Model &$model) {
+    if (!$model instanceof PacketDeleteModel) {
+      throw new IncorrectModelException();
+    }
+    (new Template($model, "Packet/Delete"))->render();
+  }
+
+}