Initial commit of packet editor (NOT WORKING YET)

carlbennett · carlbennett · commit 6330e18066e7 · 2017-03-28T03:48:02.000Z
diff --git a/src/controllers/Packet/Edit.php b/src/controllers/Packet/Edit.php
@@ -0,0 +1,157 @@
+<?php
+
+namespace BNETDocs\Controllers\Packet;
+
+use \BNETDocs\Libraries\CSRF;
+use \BNETDocs\Libraries\Exceptions\PacketNotFoundException;
+use \BNETDocs\Libraries\Logger;
+use \BNETDocs\Libraries\Packet;
+use \BNETDocs\Libraries\User;
+use \BNETDocs\Models\Packet\Edit as PacketEditModel;
+use \CarlBennett\MVC\Libraries\Common;
+use \CarlBennett\MVC\Libraries\Controller;
+use \CarlBennett\MVC\Libraries\DatabaseDriver;
+use \CarlBennett\MVC\Libraries\Router;
+use \CarlBennett\MVC\Libraries\View;
+use \DateTime;
+use \DateTimeZone;
+use \InvalidArgumentException;
+
+class Edit extends Controller {
+
+  public function &run(Router &$router, View &$view, array &$args) {
+
+    $data              = $router->getRequestQueryArray();
+    $model             = new PacketEditModel();
+    $model->content    = null;
+    $model->csrf_id    = mt_rand();
+    $model->csrf_token = CSRF::generate($model->csrf_id, 900); // 15 mins
+    $model->packet     = null;
+    $model->packet_id  = (isset($data["id"]) ? $data["id"] : null);
+    $model->error      = null;
+    $model->markdown   = null;
+    $model->published  = null;
+    $model->title      = null;
+    $model->user = (
+      isset($_SESSION['user_id']) ? new User($_SESSION['user_id']) : null
+    );
+
+    $model->acl_allowed = ($model->user && $model->user->getAcl(
+      User::OPTION_ACL_PACKET_MODIFY
+    ));
+
+    try { $model->packet = new Packet($model->packet_id); }
+    catch (PacketNotFoundException $e) { $model->packet = null; }
+    catch (InvalidArgumentException $e) { $model->packet = null; }
+
+    if ($model->packet === null) {
+      $model->error = "NOT_FOUND";
+    } else {
+      $flags = $model->packet->getOptionsBitmask();
+
+      $model->content   = $model->packet->getContent(false);
+      $model->markdown  = ($flags & Packet::OPTION_MARKDOWN);
+      $model->published = ($flags & Packet::OPTION_PUBLISHED);
+      $model->title     = $model->packet->getTitle();
+
+      if ($router->getRequestMethod() == "POST") {
+        $this->handlePost($router, $model);
+      }
+    }
+
+    $view->render($model);
+
+    $model->_responseCode = ($model->acl_allowed ? 200 : 403);
+    $model->_responseHeaders["Content-Type"] = $view->getMimeType();
+    $model->_responseTTL = 0;
+
+    return $model;
+
+  }
+
+  protected function handlePost(Router &$router, PacketEditModel &$model) {
+    if (!$model->acl_allowed) {
+      $model->error = "ACL_NOT_SET";
+      return;
+    }
+    if (!isset(Common::$database)) {
+      Common::$database = DatabaseDriver::getDatabaseObject();
+    }
+
+    $data       = $router->getRequestBodyArray();
+    $csrf_id    = (isset($data["csrf_id"   ]) ? $data["csrf_id"   ] : null);
+    $csrf_token = (isset($data["csrf_token"]) ? $data["csrf_token"] : null);
+    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
+    $category   = (isset($data["category"  ]) ? $data["category"  ] : null);
+    $title      = (isset($data["title"     ]) ? $data["title"     ] : null);
+    $markdown   = (isset($data["markdown"  ]) ? $data["markdown"  ] : null);
+    $content    = (isset($data["content"   ]) ? $data["content"   ] : null);
+    $publish    = (isset($data["publish"   ]) ? $data["publish"   ] : null);
+    $save       = (isset($data["save"      ]) ? $data["save"      ] : null);
+
+    $model->category = $category;
+    $model->title    = $title;
+    $model->markdown = $markdown;
+    $model->content  = $content;
+
+    if (!$csrf_valid) {
+      $model->error = "INVALID_CSRF";
+      return;
+    }
+    CSRF::invalidate($csrf_id);
+
+    if (empty($title)) {
+      $model->error = "EMPTY_TITLE";
+    } else if (empty($content)) {
+      $model->error = "EMPTY_CONTENT";
+    }
+
+    $user_id = $model->user->getId();
+
+    try {
+
+      $model->packet->setTitle($model->title);
+      $model->packet->setMarkdown($model->markdown);
+      $model->packet->setContent($model->content);
+      $model->packet->setPublished($publish);
+
+      $model->packet->setEditedCount(
+        $model->packet->getEditedCount() + 1
+      );
+      $model->packet->setEditedDateTime(
+        new DateTime("now", new DateTimeZone("UTC"))
+      );
+
+      $success = $model->packet->save();
+
+    } catch (QueryException $e) {
+
+      // SQL error occurred. We can show a friendly message to the user while
+      // also notifying this problem to staff.
+      Logger::logException($e);
+
+      $success = false;
+
+    }
+
+    if (!$success) {
+      $model->error = "INTERNAL_ERROR";
+    } else {
+      $model->error = false;
+    }
+
+    Logger::logEvent(
+      "packet_edited",
+      $user_id,
+      getenv("REMOTE_ADDR"),
+      json_encode([
+        "error"           => $model->error,
+        "packet_id"     => $model->packet_id,
+        "options_bitmask" => $model->packet->getOptionsBitmask(),
+        "title"           => $model->packet->getTitle(),
+        "content"         => $model->packet->getContent(false),
+      ])
+    );
+  }
+
+}
diff --git a/src/models/Packet/Edit.php b/src/models/Packet/Edit.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace BNETDocs\Models\Packet;
+
+use \CarlBennett\MVC\Libraries\Model;
+
+class Edit extends Model {
+
+  public $acl_allowed;
+  public $content;
+  public $csrf_id;
+  public $csrf_token;
+  public $document;
+  public $document_id;
+  public $error;
+  public $markdown;
+  public $published;
+  public $title;
+  public $user;
+
+}
diff --git a/src/templates/Packet/Edit.phtml b/src/templates/Packet/Edit.phtml
@@ -0,0 +1,94 @@
+<?php
+
+namespace BNETDocs\Templates\Packet;
+
+use \CarlBennett\MVC\Libraries\Common;
+use \CarlBennett\MVC\Libraries\Pair;
+
+$title       = "Edit Packet";
+$description = "This form allows an individual to edit a packet.";
+
+$this->opengraph->attach(new Pair("url", "/packet/edit"));
+$this->opengraph->attach(new Pair("type", "article"));
+
+switch ($this->getContext()->error) {
+  case "ACL_NOT_SET":
+    $message = "You do not have the privilege to edit packets.";
+    break;
+  case "NOT_FOUND":
+    $message = "Cannot find packet by that id.";
+    break;
+  case "INVALID_CSRF":
+    $message = "The Cross-Site Request Forgery token was invalid. Either the"
+      . "edit packet form expired, or this may have been a malicious attempt"
+      . "to create a packet.";
+    break;
+  case "EMPTY_TITLE":
+    $message = "The title of the packet is required.";
+    break;
+  case "EMPTY_CONTENT":
+    $message = "The content of the packet is required.";
+    break;
+  case "INTERNAL_ERROR":
+    $message = "An internal error occurred while processing your request. "
+      . "Our staff has been notified of the issue. Try again later.";
+    break;
+  default:
+    $message = $this->getContext()->error;
+}
+
+$this->additional_css[] = "/a/forms.css";
+require("./header.inc.phtml");
+?>
+      <article>
+<?php if ($this->getContext()->error !== false) { ?>
+        <header>Edit Packet</header>
+<?php if (!empty($message)) { ?>
+        <section class="red"><p><?php echo $message; ?></p></section>
+<?php } ?>
+<?php if ($this->getContext()->error != "NOT_FOUND") { ?>
+        <form method="POST" action="?id=<?php echo
+            htmlspecialchars($this->getContext()->packet_id, ENT_HTML5, "UTF-8"); ?>">
+          <input type="hidden" name="csrf_id" value="<?php echo
+            htmlspecialchars($this->getContext()->csrf_id, ENT_HTML5, "UTF-8");
+          ?>"/>
+          <input type="hidden" name="csrf_token" value="<?php echo
+            htmlspecialchars($this->getContext()->csrf_token, ENT_HTML5, "UTF-8");
+          ?>"/>
+          <section>
+            <label for="title">Title:</label><br/>
+            <input type="text" name="title" id="title" tabindex="1" required
+              autofocus="autofocus" value="<?php echo
+                filter_var($this->getContext()->title, FILTER_SANITIZE_STRING);
+              ?>"/>
+          </section>
+          <section>
+            <label for="content">Content:</label>
+            <span style="float:right;">
+              <label for="markdown" title="Use markdown or use raw HTML">Markdown</label>
+              <input type="checkbox" name="markdown" id="markdown" tabindex="3"
+                title="Use markdown or use raw HTML" value="1"<?php
+                  if ($this->getContext()->markdown)
+                    echo " checked=\"checked\"";
+                ?>/>
+            </span>
+            <textarea name="content" id="content" tabindex="2" required
+              style="height:200px;"><?php echo
+                htmlspecialchars($this->getContext()->content, ENT_HTML5, "UTF-8");
+              ?></textarea>
+          </section>
+          <section>
+            <input type="submit" name="publish" value="Publish" tabindex="4"/>
+            <input type="submit" name="save" value="Unpublish" tabindex="5"/>
+          </section>
+        </form>
+<?php } ?>
+<?php } else { ?>
+        <header class="green">Edit Packet</header>
+        <section class="green">
+          <p>Your packet has been edited.</p>
+          <p>Use the navigation to the left to move to another page.</p>
+        </section>
+<?php } ?>
+      </article>
+<?php require("./footer.inc.phtml"); ?>
diff --git a/src/views/Packet/EditHtml.php b/src/views/Packet/EditHtml.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace BNETDocs\Views\Packet;
+
+use \BNETDocs\Models\Packet\Edit as PacketEditModel;
+use \CarlBennett\MVC\Libraries\Exceptions\IncorrectModelException;
+use \CarlBennett\MVC\Libraries\Model;
+use \CarlBennett\MVC\Libraries\Template;
+use \CarlBennett\MVC\Libraries\View;
+
+class EditHtml extends View {
+
+  public function getMimeType() {
+    return "text/html;charset=utf-8";
+  }
+
+  public function render(Model &$model) {
+    if (!$model instanceof PacketEditModel) {
+      throw new IncorrectModelException();
+    }
+    (new Template($model, "Packet/Edit"))->render();
+  }
+
+}
