Add deleating future-post.

common.php

@@ -16,6 +16,7 @@ define('SESSION_NAME', 'bibis');
 date_default_timezone_set('UTC');
 
 ini_set('zlib.output_compression', 1);
+ini_set('session.use_strict_mode', 1);
 
 if (OPEN_BASEDIR > '') {
 	ini_set('open_basedir', OPEN_BASEDIR);
@@ -183,9 +184,13 @@ function get_style_css() {
 
 // Limit and permission
 
+function is_logged_in() {
+	return isset($_SESSION['user']);
+}
+
 function can_post() {
 	if (!post_limited()) { return false; }
-	if (!ENABLE_GUEST && !isset($_SESSION['user'])) { return false; }
+	if (!ENABLE_GUEST && !is_logged_in()) { return false; }
 	return true;
 }
 

data-post.php

@@ -165,6 +165,7 @@ function load_post_by_id($id) {
 }
 
 function search_post($options = []) {
+	$includes_future = $options['includes_future'] ?? false;
 	$pagesize = $options['pagesize'] ?? 0;
 	$has_paging = $pagesize > 0;
 	$thread = false;
@@ -188,17 +189,18 @@ function search_post($options = []) {
 	$key = null;
 	$value = null;
 
-
 	$now = date('Y-m-d\\TH:i:s\\Z');
 	$files = glob(POST_DIR . $pattern);
-	$files = array_filter(
-		$files,
-		function ($v) use($now) {
-			$datetime = substr(basename($v), 0, 20);
-			return $datetime <= $now;
-		},
-		ARRAY_FILTER_USE_BOTH
-	);
+	if (!$includes_future) {
+		$files = array_filter(
+			$files,
+			function ($v) use($now) {
+				$datetime = substr(basename($v), 0, 20);
+				return $datetime <= $now;
+			},
+			ARRAY_FILTER_USE_BOTH
+		);
+	}
 	if (!$thread) {
 		$files = array_reverse($files);
 	}
@@ -330,7 +332,7 @@ function save_uploaded_image($key, $attachment_id) {
 	return [];
 }
 
-function delete_post($id) {
+function delete_post($id, $hard = false) {
 	$files = glob(POST_DIR . '2*Z*.id' . $id . '.*.txt');
 	if (sizeof($files) !== 1) { return ['書き込みのファイルが存在しない。']; }
 
@@ -349,7 +351,11 @@ function delete_post($id) {
 		}
 	}
 
-	$result = file_put_contents($filepath, '', LOCK_EX);
+	if ($hard) {
+		$result = unlink($filepath);
+	} else {
+		$result = file_put_contents($filepath, '', LOCK_EX);
+	}
 	if ($result === false) { return ['書き込みの削除に失敗。']; }
 
 	@chmod($filepath, 0600);

public/login/index.php

@@ -25,6 +25,7 @@ function do_post() {
 	$user = auth_user($id, $password);
 	if (!$user) { return on_error(400, ['ID またはパスワードが不一致。']); }
 
+	session_regenerate_id(true);
 	$_SESSION['user'] = $user;
 	http_response_code(301);
 	header('Location: ' . sitebase());

public/post-delete/index.php

@@ -32,7 +32,7 @@ function do_post() {
 	// 削除済み投稿はuseridが空になるからここにくる。
 	if ($post['userid'] !== ($_SESSION['user']['id'] ?? '')) { return on_error(403, ['権限無し。']); }
 
-	$errors = delete_post($id);
+	$errors = delete_post($id, $post['is_future'] ?? false);
 	if ($errors) { return on_error('500', $errors); }
 
 	$_SESSION['messages'] = ['書き込みを削除しました。'];

public/register/index.php

@@ -52,6 +52,7 @@ function do_post() {
 	if ($errors) { return on_error(500, $errors); }
 
 	$username_raw = $username;
+	session_regenerate_id(true);
 	$_SESSION['user'] = compact('id', 'username', 'username_raw');
 	$_SESSION['messages'] = ['登録完了。よろしくね。'];
 	http_response_code(301);

public/user/index.php

@@ -24,6 +24,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
 		'page' => $page,
 		'pagesize' => POSTS_PER_PAGE,
 		'pager_prefix' => "?id={$id}&page=",
+		'includes_future' => ($id === ($_SESSION['user']['id'] ?? '')),
 	]);
 	$view['post_list'] = $result['post_list'];
 	$view['post_count'] = $result['total'];

view/header.php

@@ -1,7 +1,6 @@
 <?php
 // HTML Header, and global navigation
 
-$view['logged_in'] = isset($_SESSION['user']);
 $view['login_user'] = $_SESSION['user'] ?? null;
 $view['messages'] = $_SESSION['messages'] ?? null;
 $_SESSION['messages'] = null;
@@ -12,7 +11,7 @@ $_SESSION['messages'] = null;
 <title><?= htmlspecialchars(SITENAME); ?></title><body>
 <h1><a href="<?= sitebase() ?>"><?= htmlspecialchars(SITENAME); ?></a></h1>
 <ul class="menu">
-<?php if ($view['logged_in']): ?>
+<?php if (is_logged_in()): ?>
 <li><a href="<?= sitebase('user/?id=' . htmlspecialchars(urlencode($view['login_user']['id']))) ?>"><?= '@' . htmlspecialchars($view['login_user']['id']) ?></a>
 <li><a href="<?= sitebase() ?>">タイムライン・Timeline</a>
 <li><a href="<?= sitebase('thread/') ?>">スレッド一覧・Threads</a>

view/post-common.php

@@ -55,6 +55,9 @@ function view_post($post, $options = []) {
 	$html_attachment_items = join(PHP_EOL, $attachment_items);
 ?>
 <dl<?= ($res_num > 0 ? ' id="N' . $res_num . '"' : '') ?>>
+<?php if ($post['is_future'] ?? false): ?>
+<dt><strong>【予約投稿】</strong></dt>
+<?php endif; ?>
 <?php if (!$is_single && $title > ''): ?>
 <dt>件名:<b><?= $title ?></b></dt>
 <?php endif; ?>

view/post-form.php

@@ -6,7 +6,11 @@
 <h2 id="REPLY_FORM">返信・Reply</h2>
 <?php endif; ?>
 <?php if (!can_post()): ?>
-<?php if (!post_limited()): ?>
+<?php if (!ENABLE_GUEST && !is_logged_in()): ?>
+<ul>
+<li>書き込みするにはログインしてください。
+</ul>
+<?php elseif (!post_limited()): ?>
 <ul>
 <li>書き込み制限中。
 </ul>
@@ -29,7 +33,7 @@ $view['form'] = $view['form'] ?? [];
 ?>
 <form method="POST" action="<?= sitebase('post/') ?>" enctype="multipart/form-data">
 <ul>
-<li><?= $view['logged_in'] ? 'ログイン中:<b>' . htmlspecialchars($view['login_user']['username']) . '</b>' : '<b>' . htmlspecialchars(GUESTNAME) . '</b>' ?>
+<li><?= is_logged_in() ? 'ログイン中:<b>' . htmlspecialchars($view['login_user']['username']) . '</b>' : '<b>' . htmlspecialchars(GUESTNAME) . '</b>' ?>
 <?php if (!(isset($view['form']['thread_id']) && $view['form']['thread_id'] > '')): ?>
 <li><label for="TITLE">件名 (省略可)・Title (Optional)</label> <input type="text" id="TITLE" name="title">
 <?php endif; ?>