Improve error handling when viewing submissions

config/apache/app.sixfold.org.conf

@@ -93,8 +93,9 @@
 	RewriteRule ^/games/([0-9]+)/submit$ /games/submit.php?game=$1
 	RewriteRule ^/games/([0-9]+)/update$ /games/update.php?game=$1
 
-	RewriteRule ^/doc/([a-z0-9]+)$ /docs/$1 [L,R=301]
-	RewriteRule ^/docs/([a-z0-9]+)$ /docs/index.php?hash=$1 [L,QSA]
+	RewriteRule ^/doc/([a-z0-9]+)$ /docs/$1 [L,R=301] # Old site URL
+	RewriteRule ^/docs/([a-z0-9]+)$ /docs/submission.php?hash=$1 [L,QSA]
+
 	RewriteRule ^/members/([^\.]+?)$ /members/member.php?handle=$1 [L]
 
 	# PayPal order processing rewrites

www/docs/index.php

@@ -1,69 +1,13 @@
 <?php
-
 $title = "Documents";
-$description = "Read a document.";
-
-if (isset($_GET["hash"])):
-    $sql = "SELECT
-id,
-member_id AS owner,
-game_id,
-basename,
-title,
-doc_is_public AS is_public
-FROM submissions
-WHERE hash = :hash
-";
-
-    $stmt = $db["data"]->prepare($sql);
-    $stmt->execute([
-        "hash" => $_GET["hash"],
-    ]);
-
-    $doc = $stmt->fetch(PDO::FETCH_OBJ);
-
-    $sql = "SELECT
-member_id
-FROM assignments
-WHERE submission_id = :submission_id
-";
-
-    $stmt = $db["data"]->prepare($sql);
-    $stmt->execute([
-        "submission_id" => $doc->id,
-    ]);
-
-    $doc->readers = $stmt->fetchAll(PDO::FETCH_COLUMN);
-
-    $IS_OWNER = LOGGED_IN ? $_SESSION["account"]->id === $doc->owner : false;
-    $IS_READER = LOGGED_IN ? in_array($_SESSION["account"]->id, $doc->readers, true) : false;
-
-    if ($IS_OWNER || $IS_READER || IS_ADMIN || $doc->is_public) :
-    header('Content-Type: application/pdf');
-    header('Content-Disposition: inline; filename="' . slugify($doc->title) . '.pdf"');
-
-    echo file_get_contents(sprintf('%s/assets/docs/%s/%s', ABS_PATH, $doc->game_id, $doc->basename));
-    die;
-    endif;
-
-else:
-    include "partials/head.php"; ?>
-    <body>
-        <?php include "partials/header.php"; ?>
-    <main id="main" class="flow">
-        <header>
-            <h1><?= $title ?></h1>
-        </header>
-        <?php if (!LOGGED_IN && isset($_GET['hash']) && !$doc->is_public): ?>
-        <p>You must log in to access this page.</p>
-        <?php
-        http_response_code(401);
-        include "partials/login-form.php";
-        ?>
-        <?php elseif (!isset($_GET["hash"])): ?>
-        <p><a href='/docs/random' class='call-to-action'>Read a random document</a></p>
-        <?php endif; ?>
-    </main>
-    <?php include "partials/footer.php"; ?>
-    <?php
-endif; ?>
+?>
+<?php include "partials/head.php"; ?>
+<body>
+    <?php include "partials/header.php"; ?>
+<main id="main" class="flow">
+    <header>
+        <h1><?= $title ?></h1>
+    </header>
+    <p><a href='/docs/random' class='call-to-action'>Read a random document</a></p>
+</main>
+<?php include "partials/footer.php";

www/docs/submission.php

@@ -0,0 +1,123 @@
+<?php
+$sql = "SELECT
+id,
+member_id AS owner,
+game_id,
+basename,
+title,
+doc_is_public AS is_public
+FROM submissions
+WHERE hash = :hash
+";
+
+$stmt = $db["data"]->prepare($sql);
+$stmt->execute([
+    "hash" => $_GET["hash"],
+]);
+
+$submission = $stmt->fetch(PDO::FETCH_OBJ);
+
+if (!$submission):
+
+    $title = "Submission Not Found";
+    $description =
+        "We couldn't find a submission with that hash.";
+    http_response_code(404);
+    include "partials/head.php";
+    ?>
+<body>
+        <?php include "partials/header.php"; ?>
+        <main id="main" class="flow">
+        <header>
+            <h1><?= $title ?></h1>
+        </header>
+        <p>We couldn't find a submission with that hash.</p>
+            </main>
+        <?php include "partials/footer.php"; ?>
+        </body>
+        </html>
+        <?php die();
+endif;
+
+$sql = "SELECT
+member_id
+FROM assignments
+WHERE submission_id = :submission_id
+";
+
+$stmt = $db["data"]->prepare($sql);
+$stmt->execute([
+    "submission_id" => $submission->id,
+]);
+
+$submission->readers = $stmt->fetchAll(PDO::FETCH_COLUMN);
+
+$IS_OWNER = LOGGED_IN ? $_SESSION["account"]->id === $submission->owner : false;
+$IS_READER = LOGGED_IN
+    ? in_array($_SESSION["account"]->id, $submission->readers, true)
+    : false;
+
+if ($IS_OWNER || $IS_READER || IS_ADMIN || $submission->is_public):
+    $file = file_get_contents(
+        sprintf(
+            "%s/assets/docs/%s/%s",
+            ABS_PATH,
+            $submission->game_id,
+            $submission->basename
+        )
+    );
+
+    if ($file) {
+        header("Content-Type: application/pdf");
+        header(
+            'Content-Disposition: inline; filename="' .
+                slugify($submission->title) .
+                '.pdf"'
+        );
+        echo $file;
+    } else {
+
+        $title = "Internal Server Error";
+        $description =
+            "The server encountered an error when attempting to open the requested file.";
+        http_response_code(500);
+        include "partials/head.php";
+        ?>
+    <body>
+            <?php include "partials/header.php"; ?>
+            <main id="main" class="flow">
+            <header>
+                <h1><?= $title ?></h1>
+            </header>
+                <p>The server encountered an error when attempting to open the requested file. Please try again later.</p>
+                </main>
+            <?php include "partials/footer.php"; ?>
+            </body>
+            </html>
+            <?php
+            die();
+            echo "error";
+
+    }
+    die();
+elseif (!LOGGED_IN):
+
+    http_response_code(401);
+    $title = "Log In";
+    $description = "Log in to read this submission.";
+    include "partials/head.php";
+    ?>
+<body>
+        <?php include "partials/header.php"; ?>
+        <main id="main" class="flow">
+        <header>
+            <h1><?= $title ?></h1>
+        </header>
+        <p>You must log in to view this submission.</p>
+            <?php include "partials/login-form.php"; ?>
+            </main>
+        <?php include "partials/footer.php"; ?>
+        </body>
+        </html>
+        <?php die();
+endif;