From 164eb2dde6983b239287175c69ff39913bbabd08 Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 14:26:34 +0100
Subject: [PATCH] Frozen users cant chat with other people

---
 website/public/API/loadFriendRequest.php |  9 ++++++++-
 website/public/API/loadFriends.php       | 14 +++++++++-----
 website/public/API/sendMessage.php       | 16 ++++++++++++----
 website/public/admin.php                 |  4 ++--
 website/public/js/chat.js                |  6 +++++-
 website/queries/user.php                 |  4 ++--
 website/views/notification-center.php    |  4 ++--
 7 files changed, 40 insertions(+), 17 deletions(-)

diff --git a/website/public/API/loadFriendRequest.php b/website/public/API/loadFriendRequest.php
index b99d2c3..02dedb3 100644
--- a/website/public/API/loadFriendRequest.php
+++ b/website/public/API/loadFriendRequest.php
@@ -4,5 +4,12 @@ session_start();
 
 require_once ("../../queries/connect.php");
 require_once ("../../queries/friendship.php");
+require_once ("../../queries/user.php");
 
-echo selectAllFriendRequests();
\ No newline at end of file
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    echo selectAllFriendRequests();
+} else {
+    echo "[]";
+}
diff --git a/website/public/API/loadFriends.php b/website/public/API/loadFriends.php
index 38158c9..c5c8797 100644
--- a/website/public/API/loadFriends.php
+++ b/website/public/API/loadFriends.php
@@ -6,11 +6,15 @@ require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/friendship.php");
 
-if (isset($_POST["limit"])) {
-    echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_POST["limit"]));
-} else if (isset($_GET["limit"])) {
-    echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_GET["limit"]));
+if (isset($_SESSION["userID"])) {
+    if (isset($_POST["limit"])) {
+        echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"]));
+    } else if (isset($_GET["limit"])) {
+        echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"]));
+    } else {
+        echo selectFriends($_SESSION["userID"]);
+    }
 } else {
-    echo selectFriends($_SESSION["userID"]);
+    echo "[]";
 }
 
diff --git a/website/public/API/sendMessage.php b/website/public/API/sendMessage.php
index c5d47d1..9864403 100644
--- a/website/public/API/sendMessage.php
+++ b/website/public/API/sendMessage.php
@@ -4,11 +4,19 @@ session_start();
 require_once("../../queries/connect.php");
 require_once("../../queries/private_message.php");
 require_once("../../queries/checkInput.php");
+require_once("../../queries/user.php");
 
-if (!empty(test_input($_POST["destination"])) &&
-    !empty(test_input($_POST["content"]))) {
-    if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
-        echo 1;
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    if (!empty(test_input($_POST["destination"])) &&
+        !empty(test_input($_POST["content"]))
+    ) {
+        if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
+            echo 1;
+        } else {
+            echo 0;
+        }
     } else {
         echo 0;
     }
diff --git a/website/public/admin.php b/website/public/admin.php
index 2785606..b264c25 100644
--- a/website/public/admin.php
+++ b/website/public/admin.php
@@ -19,9 +19,9 @@
 include_once ("../queries/user.php");
 
 // auth
-$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+$role = getRoleByID($_SESSION['userID']);
 
-if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
+if ($role != 'admin' AND $role != 'owner') {
     header("location:profile.php");
 }
 
diff --git a/website/public/js/chat.js b/website/public/js/chat.js
index e35f85c..0b63d65 100644
--- a/website/public/js/chat.js
+++ b/website/public/js/chat.js
@@ -33,7 +33,11 @@ function sendMessage() {
     $.post(
         "API/sendMessage.php",
         $("#sendMessageForm").serialize()
-    );
+    ).done(function(data) {
+        if (data == "0") {
+            alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denk dat dit onjuist is.");
+        }
+    });
 
     $("#newContent").val("");
     loadMessages();
diff --git a/website/queries/user.php b/website/queries/user.php
index b1bb93c..3c48e41 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -9,7 +9,7 @@ function updateLastActivity() {
       SET
         `lastactivity` = NOW()
       WHERE
-      `userID` = :userID
+        `userID` = :userID
     ");
     $stmt->bindParam(":userID", $_SESSION["userID"]);
     return $stmt->execute();
@@ -417,5 +417,5 @@ function getRoleByID($userID) {
 
     $stmt->bindParam(':userID', $userID);
     $stmt->execute();
-    return $stmt;
+    return $stmt->fetch()["role"];
 }
\ No newline at end of file
diff --git a/website/views/notification-center.php b/website/views/notification-center.php
index 7630b75..7bd03ea 100644
--- a/website/views/notification-center.php
+++ b/website/views/notification-center.php
@@ -7,9 +7,9 @@
         include_once ("../queries/user.php");
 
         // auth
-        $userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+        $role = getRoleByID($_SESSION['userID']);
 
-        if ($userinfo['role'] == 'admin' OR $userinfo['role'] == 'owner') {
+        if ($role == 'admin' OR $role == 'owner') {
             echo "<a href=\"admin.php\" data-title=\"Admin\"><i class=\"fa fa-lock\"></i></a>";
             echo "<style>@import url('styles/adminbutton.css'); </style>";
         }