From f9ad3f4dc05252839457579303a4e0a0f94d8b80 Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Sat, 21 Mar 2026 22:55:13 +0100
Subject: Add likes, comments, email notifications, and pagination to gallery

---
 src/app/Controllers/GalleryController.php | 89 ++++++++++++++++++++++++++++++-
 1 file changed, 88 insertions(+), 1 deletion(-)

(limited to 'src/app/Controllers/GalleryController.php')

diff --git a/src/app/Controllers/GalleryController.php b/src/app/Controllers/GalleryController.php
index 2edcd17..bc76e21 100644
--- a/src/app/Controllers/GalleryController.php
+++ b/src/app/Controllers/GalleryController.php
@@ -1,20 +1,30 @@
 <?php
 
 declare(strict_types=1);
-// Gallery: public paginated feed of all posts, newest first.
+// Gallery: public paginated feed with likes, comments, and notifications.
 
 namespace App\Controllers;
 
+use App\Csrf;
+use App\Flash;
+use App\Mail;
+use App\Models\Comment;
+use App\Models\Like;
 use App\Models\Post;
+use App\Models\User;
 
 class GalleryController
 {
     private Post $post;
+    private Like $like;
+    private Comment $comment;
     private const POSTS_PER_PAGE = 5;
 
     public function __construct()
     {
         $this->post = new Post();
+        $this->like = new Like();
+        $this->comment = new Comment();
     }
 
     public function index(): void
@@ -26,7 +36,84 @@ class GalleryController
         $totalPosts = $this->post->countAll();
         $totalPages = max(1, (int) ceil($totalPosts / self::POSTS_PER_PAGE));
 
+        $userId = $_SESSION['user_id'] ?? null;
+
+        foreach ($posts as &$post) {
+            $post['like_count'] = $this->like->countByPost($post['id']);
+            $post['user_liked'] = $userId ? $this->like->hasUserLiked($userId, $post['id']) : false;
+            $post['comments'] = $this->comment->findByPostId($post['id']);
+        }
+        unset($post);
+
         $content = __DIR__ . '/../Views/gallery/index.php';
         include __DIR__ . '/../Views/layouts/main.php';
     }
+
+    public function like(string $id): void
+    {
+        if (!isset($_SESSION['user_id'])) {
+            header('Location: /login');
+            return;
+        }
+
+        if (!Csrf::validate($_POST['csrf_token'] ?? '')) {
+            Flash::set('error', 'Invalid CSRF token.');
+            header('Location: /gallery');
+            return;
+        }
+
+        $this->like->toggle($_SESSION['user_id'], (int) $id);
+
+        $page = (int) ($_POST['page'] ?? 1);
+        header('Location: /gallery?page=' . $page . '#post-' . $id);
+    }
+
+    public function comment(string $id): void
+    {
+        if (!isset($_SESSION['user_id'])) {
+            header('Location: /login');
+            return;
+        }
+
+        if (!Csrf::validate($_POST['csrf_token'] ?? '')) {
+            Flash::set('error', 'Invalid CSRF token.');
+            header('Location: /gallery');
+            return;
+        }
+
+        $content = trim($_POST['content'] ?? '');
+
+        if ($content === '') {
+            Flash::set('error', 'Comment cannot be empty.');
+            $page = (int) ($_POST['page'] ?? 1);
+            header('Location: /gallery?page=' . $page . '#post-' . $id);
+            return;
+        }
+
+        if (\strlen($content) > 500) {
+            Flash::set('error', 'Comment is too long (max 500 characters).');
+            $page = (int) ($_POST['page'] ?? 1);
+            header('Location: /gallery?page=' . $page . '#post-' . $id);
+            return;
+        }
+
+        $this->comment->create($_SESSION['user_id'], (int) $id, $content);
+
+        // Notify the post owner if they have comment notifications enabled
+        $post = $this->post->findById((int) $id);
+        if ($post && $post['user_id'] !== $_SESSION['user_id']) {
+            $user = new User();
+            $owner = $user->findById($post['user_id']);
+            if ($owner && $owner['notify_comments']) {
+                Mail::sendCommentNotification(
+                    $owner['email'],
+                    $_SESSION['username'],
+                    (int) $id
+                );
+            }
+        }
+
+        $page = (int) ($_POST['page'] ?? 1);
+        header('Location: /gallery?page=' . $page . '#post-' . $id);
+    }
 }
-- 
cgit v1.2.3