MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into hendrik-testing

Browse Source
This commit is contained in:
Hendrik
2017-02-03 10:40:44 +01:00
parent fde736b8c5 87b0ab5892
commit 0f202088a1
52 changed files with 776 additions and 570 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
website/queries/checkInput.php
View File

@@ -68,7 +68,7 @@ function validateBday($variable){
}
}
// Checks for date
/* Checks for date */
function validateDate($date, $format)
{
$d = DateTime::createFromFormat($format, $date);
@@ -124,7 +124,7 @@ function validateEmail($variable){
throw new emailException("Mag maximaal 50 karakters!");
}
}
//255
/* checks if an input is a valid email. */
function validateFBEmail($variable){
if (empty($variable)) {
@@ -138,6 +138,7 @@ function validateFBEmail($variable){
}
}
/* checks if email is the same */
function matchEmail(){
if (strtolower($_POST["email"]) != strtolower($_POST["confirmEmail"])){
throw new confirmEmailException("Emails matchen niet!");
@@ -153,7 +154,6 @@ function resetEmail($variable){
}
}
/* checks if two passwords matches. */
function matchPassword(){
if ($_POST["password"] != $_POST["confirmpassword"]) {

37
website/queries/createGroup.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
require_once "../queries/checkInput.php";
require_once "../queries/picture.php";
require_once "../queries/alerts.php";
function createGroup()
{
$createGroup = prepareQuery("
INSERT INTO
`group_page` (`name`, `description`)
VALUES (:name, :description);
");
$createGroup->bindValue(':name', test_input($_POST["groupName"]), PDO::PARAM_STR);
$createGroup->bindValue(':description', test_input($_POST["bio"]));
$createGroup->execute();
$getGroupID = prepareQuery("
SELECT
`groupID`
FROM
`group_page`
WHERE
`name` LIKE :name");
$getGroupID->bindValue(':name', test_input($_POST["groupName"]), PDO::PARAM_STR);
$getGroupID->execute();
$groupID = $getGroupID->fetch()["groupID"];
$makeUserAdmin = prepareQuery("
INSERT INTO
`group_member` (userID, groupID, role)
VALUES (:userID, :groupID, 'admin')
");
$makeUserAdmin->bindValue(":userID", $_SESSION["userID"]);
$makeUserAdmin->bindValue("groupID", $groupID);
$makeUserAdmin->execute();
updateAvatar($groupID);
}

109
website/queries/groupAdmin.php Normal file
View File

@@ -0,0 +1,109 @@
<?php
function getGroupSettings(int $groupID) {
$stmt = prepareQuery("
SELECT
`name`,
`picture`,
`description`
FROM
`group_page`
WHERE
`groupID` = :groupID
");
$stmt->bindParam(":groupID", $groupID);
$stmt->execute();
return $stmt->fetch();
}
function updateGroupSettings(int $groupID)
{
if (!checkGroupAdmin($groupID, $_SESSION["userID"])) {
throw new AngryAlert("Je hebt geen rechten in deze groep");
}
$stmt = prepareQuery("
UPDATE
`group_page`
SET
`name` = :name,
`description` = :bio
WHERE
`groupID` = :groupID
");
$stmt->bindValue(":bio", test_input($_POST["bio"]));
$stmt->bindValue(":name", test_input($_POST["name"]));
$stmt->bindValue(":groupID", test_input($_POST["groupID"]));
$stmt->execute();
if ($stmt->rowCount()) {
throw new HappyAlert("Groep aangepast!");
} else {
throw new AngryAlert("Er is iets mis gegaan");
}
}
function checkGroupAdmin(int $groupID, int $userID) : bool {
$stmt = prepareQuery("
SELECT
`role`
FROM
`group_member`
WHERE
`groupID` = :groupID AND
`userID` = :userID
");
$stmt->bindValue(":userID", $userID);
$stmt->bindValue(":groupID", $groupID);
$stmt->execute();
if (!$stmt->rowCount()) {
return false;
}
$role = $stmt->fetch()["role"];
return ($role == "admin");
}
function getAllGroupMembers(int $groupID) {
$stmt = prepareQuery("
SELECT
`username`,
`user`.`userID`,
CONCAT(`fname`, ' ', `lname`) AS `fullname`,
`group_member`.`role`
FROM
`group_member`
LEFT JOIN
`user`
ON
`group_member`.`userID` = `user`.`userID`
WHERE
`groupID` = :groupID AND `group_member`.`role` = 'member'
");
$stmt->bindParam(':groupID', $groupID);
if (!$stmt->execute()) {
return False;
}
return $stmt->fetchAll();
}
function upgradeUser(int $groupID, int $userID, string $role) {
if (!checkGroupAdmin($groupID, $_SESSION["userID"])) {
throw new AngryAlert("Geen toestemming om te wijzigen");
}
$stmt = prepareQuery("
UPDATE
`group_member`
SET
`role` = :role
WHERE
`userID` = :userID AND `groupID` = :groupID
");
$stmt->bindValue(":groupID", $groupID);
$stmt->bindValue(":userID", $userID);
$stmt->bindValue(":role", $role);
$stmt->execute();
if ($stmt->rowCount()) {
throw new HappyAlert("Permissie aangepast!");
} else {
throw new AngryAlert("Er is iets mis gegaan");
}
}

7
website/queries/group_page.php
View File

@@ -33,7 +33,12 @@ function selectGroupByName($name) {
if (!$stmt->execute()) {
return False;
}
return $stmt->fetch();
$row = $stmt->fetch();
if($row["groupID"] == null) {
return False;
}
return $row;
}
function selectGroupRole(int $groupID) {

26
website/queries/login.php
View File

@@ -1,5 +1,6 @@
<?php
//Find matching password with the inputted username/emailadress.
function getUser() {
$stmt = prepareQuery("
SELECT
@@ -33,7 +34,8 @@ function getUserID() {
return $stmt->fetch(PDO::FETCH_ASSOC);
}
function validateLogin($username, $password){
function validateLogin($username, $password, $url){
echo $url;
// Empty username or password field
if (empty($username) || empty($password)) {
throw new loginException("Inloggegevens zijn niet ingevuld");
@@ -44,26 +46,42 @@ function validateLogin($username, $password){
$userID = getUser()["userID"];
$role = getUser()["role"];
// If there's an account, go to the profile page
// If there's an account, check if the account is banned, frozen or unconfirmed.
if(password_verify($psw, $hash)) {
if ($role == "banned"){
echo "<script>
window.onload=bannedAlert();
</script>";
} else if ($role == "frozen"){
} else if ($role == "frozen") {
$_SESSION["userID"] = $userID;
if (!isset($url) or $url = "") {
echo "<script>
window.onload=frozenAlert();
window.location.href= 'profile.php';
</script>";
} else {
echo "<script>
window.onload=frozenAlert();
window.location.href= $url;
</script>";
}
} else if ($role == "unconfirmed"){
sendConfirmEmail(getUser()["userID"]);
echo "<script>
window.onload=emailNotConfirmed();
</script>";
} else {
$_SESSION["userID"] = $userID;
header("location: profile.php");
if(!isset($url) or $url == "") {
header("location: profile.php");
echo "succes";
} else{
header("location: ".$url);
}
}
} else {
throw new loginException("Inloggevens zijn niet correct");

15
website/queries/picture.php
View File

@@ -6,7 +6,10 @@
* @throws AngryAlert
* @throws HappyAlert
*/
function updateAvatar(bool $group = false) {
function updateAvatar(int $group = 0) {
if (!array_key_exists("pp", $_FILES)) {
throw new AngryAlert("Geen afbeelding meegegeven!");
}
$publicDir = "/var/www/html/public/";
$tmpImg = $_FILES["pp"]["tmp_name"];
$avatarDir = $group ? "uploads/groupavatar/" : "uploads/profilepictures/";
@@ -16,17 +19,17 @@ function updateAvatar(bool $group = false) {
if ($_FILES["pp"]["size"] > 4000000) {
throw new AngryAlert("Bestand is te groot, maximaal 4MB toegestaan.");
}
$relativePath = $avatarDir . $_SESSION["userID"] . "_avatar.gif";
$group ? removeOldGroupAvatar($_POST["groupID"]) : removeOldUserAvatar();
$relativePath = $group ? $avatarDir . $group . "_avatar.gif" : $avatarDir . $_SESSION["userID"] . "_avatar.gif";
$group ? removeOldGroupAvatar($group) : removeOldUserAvatar();
move_uploaded_file($tmpImg, $publicDir . $relativePath);
} else {
$relativePath = $avatarDir . $_SESSION["userID"] . "_avatar.png";
$relativePath = $group ? $avatarDir . $group . "_avatar.png": $avatarDir . $_SESSION["userID"] . "_avatar.png";
$scaledImg = scaleAvatar($tmpImg);
$group ? removeOldGroupAvatar($_POST["groupID"]) : removeOldUserAvatar();
$group ? removeOldGroupAvatar($group) : removeOldUserAvatar();
imagepng($scaledImg, $publicDir . $relativePath);
}
$group ? setGroupAvatarToDatabase("../" . $relativePath, $_POST["groupID"]) : setUserAvatarToDatabase("../" . $relativePath);
$group ? setGroupAvatarToDatabase("../" . $relativePath, $group) : setUserAvatarToDatabase("../" . $relativePath);
throw new HappyAlert("Profielfoto veranderd.");
}

27
website/queries/private_message.php
View File

@@ -6,18 +6,23 @@ function getOldChatMessages($user2ID) {
if (getFriendshipStatus($user2ID) == 1) {
$stmt = prepareQuery("
SELECT
*
*
FROM
`private_message`
WHERE
`origin` = :user1 AND
`destination` = :user2 OR
`origin` = :user2 AND
`destination` = :user1
(SELECT
*
FROM
`private_message`
WHERE
`origin` = :user1 AND
`destination` = :user2 OR
`origin` = :user2 AND
`destination` = :user1
ORDER BY
`messageID` DESC
LIMIT
100) sub
ORDER BY
`creationdate` ASC
LIMIT
100
`messageID` ASC
");
$stmt->bindParam(":user1", $user1ID);
@@ -76,7 +81,7 @@ function getNewChatMessages($lastID, $destination) {
`destination` = :user1) AND
`messageID` > :lastID
ORDER BY
`creationdate` ASC
`messageID` ASC
");
$stmt->bindParam(':user1', $_SESSION["userID"]);

15
website/queries/settings.php
View File

@@ -148,6 +148,10 @@ function doChangePassword() {
}
}
/**
* Changes the users email if it is valid.
* @throws AngryAlert
*/
function changeEmail() {
if (test_input($_POST["email"]) == test_input($_POST["email-confirm"])) {
@@ -164,6 +168,11 @@ function changeEmail() {
}
}
/**
* Checks if an emailadres is available in the database.
* @param $email
* @throws AngryAlert
*/
function emailIsAvailableInDatabase($email) {
$stmt = prepareQuery("
SELECT
@@ -181,6 +190,12 @@ function emailIsAvailableInDatabase($email) {
}
}
/**
* Does the actual changing of an email-adress.
* @param $email
* @throws AngryAlert
* @throws HappyAlert
*/
function doChangeEmail($email) {
$stmt = prepareQuery("
UPDATE

6
website/queries/user.php
View File

@@ -101,7 +101,9 @@ function selectUser($me, $other) {
$stmt->bindParam(':me', $me, PDO::PARAM_INT);
$stmt->bindParam(':other', $other, PDO::PARAM_INT);
$stmt->execute();
if(!$stmt->execute() || $stmt->rowCount() == 0) {
return False;
}
return $stmt->fetch();
}
@@ -120,7 +122,7 @@ function selectAllUserGroups($userID) {
`group_page`.`groupID` = `group_member`.`groupID`
WHERE
`userID` = :userID AND
`role` = 'member'
`role` IN ('member', 'mod', 'admin')
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);