From 1a3efe9669089acffc404151616d26b1d3f9d984 Mon Sep 17 00:00:00 2001
From: Joey Lai <joeylai96@hotmail.com>
Date: Fri, 3 Feb 2017 10:12:37 +0100
Subject: [PATCH] Fixed W3Validation and url GETs

---
 website/public/fb-callback.php           |  71 --------------
 website/public/register(stash).php       | 116 -----------------------
 website/public/styles/index.css          |   6 --
 website/queries/checkInput.php           |   6 +-
 website/queries/login.php                |   7 +-
 website/views/facebookRegisterModal.php  |   8 +-
 website/{public => views}/fbRegister.php |   0
 website/views/forgotPasswordModal.php    |   4 +-
 website/views/homeLoginRegister.php      |  38 ++++----
 website/views/login-view.php             |  13 ++-
 website/{public => views}/register.php   |   0
 website/views/registerModal.php          |  13 +--
 12 files changed, 43 insertions(+), 239 deletions(-)
 delete mode 100644 website/public/fb-callback.php
 delete mode 100644 website/public/register(stash).php
 rename website/{public => views}/fbRegister.php (100%)
 rename website/{public => views}/register.php (100%)

diff --git a/website/public/fb-callback.php b/website/public/fb-callback.php
deleted file mode 100644
index 0ed0369..0000000
--- a/website/public/fb-callback.php
+++ /dev/null
@@ -1,71 +0,0 @@
-<?php
-$fb = new Facebook\Facebook([
-    'app_id' => $appID, // Replace {app-id} with your app id
-    'app_secret' => $appSecret,
-    'default_graph_version' => 'v2.2',
-]);
-
-$helper = $fb->getRedirectLoginHelper();
-
-try {
-    $accessToken = $helper->getAccessToken();
-} catch(Facebook\Exceptions\FacebookResponseException $e) {
-    // When Graph returns an error
-    echo 'Graph returned an error: ' . $e->getMessage();
-    exit;
-} catch(Facebook\Exceptions\FacebookSDKException $e) {
-    // When validation fails or other local issues
-    echo 'Facebook SDK returned an error: ' . $e->getMessage();
-    exit;
-}
-
-if (! isset($accessToken)) {
-    if ($helper->getError()) {
-        header('HTTP/1.0 401 Unauthorized');
-        echo "Error: " . $helper->getError() . "\n";
-        echo "Error Code: " . $helper->getErrorCode() . "\n";
-        echo "Error Reason: " . $helper->getErrorReason() . "\n";
-        echo "Error Description: " . $helper->getErrorDescription() . "\n";
-    } else {
-        header('HTTP/1.0 400 Bad Request');
-        echo 'Bad request';
-    }
-    exit;
-}
-
-// Logged in
-echo '<h3>Access Token</h3>';
-var_dump($accessToken->getValue());
-
-// The OAuth 2.0 client handler helps us manage access tokens
-$oAuth2Client = $fb->getOAuth2Client();
-
-// Get the access token metadata from /debug_token
-$tokenMetadata = $oAuth2Client->debugToken($accessToken);
-echo '<h3>Metadata</h3>';
-var_dump($tokenMetadata);
-
-// Validation (these will throw FacebookSDKException's when they fail)
-$tokenMetadata->validateAppId($appID); // Replace {app-id} with your app id
-// If you know the user ID this access token belongs to, you can validate it here
-//$tokenMetadata->validateUserId('123');
-$tokenMetadata->validateExpiration();
-
-if (! $accessToken->isLongLived()) {
-    // Exchanges a short-lived access token for a long-lived one
-    try {
-        $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
-    } catch (Facebook\Exceptions\FacebookSDKException $e) {
-        echo "<p>Error getting long-lived access token: " . $helper->getMessage() . "</p>\n\n";
-        exit;
-    }
-
-    echo '<h3>Long-lived</h3>';
-    var_dump($accessToken->getValue());
-}
-
-$_SESSION['fb_access_token'] = (string) $accessToken;
-
-// User is logged in with a long-lived access token.
-// You can redirect them to a members-only page.
-//header('Location: https://example.com/members.php');
\ No newline at end of file
diff --git a/website/public/register(stash).php b/website/public/register(stash).php
deleted file mode 100644
index 99ebc02..0000000
--- a/website/public/register(stash).php
+++ /dev/null
@@ -1,116 +0,0 @@
-<!DOCTYPE html>
-<html>
-<?php
-    include("../views/login_head.php");
-    require_once("../queries/connect.php");
-    include_once("../queries/register.php");
-    include_once("../queries/checkInput.php");
-    include_once("../queries/emailconfirm.php");
-?>
-<body>
-<?php
-    session_start();
-
-    if(isset($_SESSION["userID"])){
-        header("location: login.php");
-    }
-    // define variables and set to empty values
-    $name = $surname = $bday = $username = $password = $confirmpassword = $location = $housenumber = $email = $confirmEmail = $captcha = $ip = "";
-    $genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $locationErr = $housenumberErr = $emailErr = $confirmEmailErr = $captchaErr = "";
-    $correct = true;
-    $day_date = "dag";
-    $month_date = "maand";
-    $year_date = "jaar";
-
-    // Trying to register an account
-    if ($_SERVER["REQUEST_METHOD"] == "POST") {
-        try {
-            $name = test_input(($_POST["name"]));
-            checkInputChoice($name, "lettersAndSpaces");
-        } catch(lettersAndSpacesException $e){
-            $correct = false;
-            $nameErr = $e->getMessage();
-        }
-
-        try {
-            $surname = test_input(($_POST["surname"]));
-            checkInputChoice($surname, "lettersAndSpaces");
-        }
-        catch(lettersAndSpacesException $e){
-            $correct = false;
-            $surnameErr = $e->getMessage();
-        }
-
-        try{
-            $day_date = test_input(($_POST["day_date"]));
-            $month_date = test_input(($_POST["month_date"]));
-            $year_date = test_input(($_POST["year_date"]));
-            $bday = $year_date . "-" . $month_date . "-" . $day_date;
-            checkInputChoice($bday, "bday");
-        } catch(bdayException $e){
-            $correct = false;
-            $bdayErr = $e->getMessage();
-        }
-
-        try{
-            $username = str_replace(' ', '', test_input(($_POST["username"])));
-            checkInputChoice($username, "username");
-        } catch(usernameException $e){
-            $correct = false;
-            $usernameErr = $e->getMessage();
-        }
-
-        try{
-            $password = str_replace(' ', '', test_input(($_POST["password"])));
-            checkInputChoice($password, "longerEight");
-            matchPassword();
-        } catch(passwordException $e){
-            $correct = false;
-            $passwordErr = $e->getMessage();
-        } catch(confirmPasswordException $e){
-            $correct = false;
-            $confirmPasswordErr = $e->getMessage();
-        }
-
-        try{
-            $location = test_input(($_POST["location"]));
-            checkInputChoice($location, "lettersAndSpaces");
-        } catch(lettersAndSpacesException $e){
-            $correct = false;
-            $locationErr = $e->getMessage();
-        }
-
-        try{
-            $email = test_input(($_POST["email"]));
-            checkInputChoice($email, "email");
-            $confirmEmail = test_input(($_POST["confirmEmail"]));
-            matchEmail();
-        } catch(emailException $e){
-            $correct = false;
-            $emailErr = $e->getMessage();
-        } catch(confirmEmailException $e){
-            $correct = false;
-            $confirmEmailErr = $e->getMessage();
-        }
-
-        try{
-            $captcha = $_POST['g-recaptcha-response'];
-            checkCaptcha($captcha);
-        } catch(captchaException $e){
-            $correct = false;
-            $captchaErr = $e->getMessage();
-        }
-
-        try {
-            getIp();
-            registerCheck($correct);
-            sendConfirmEmailUsername($username);
-        } catch(registerException $e){
-            $genericErr = $e->getMessage();
-        }
-    }
-/* This view adds register view */
-include("../views/register-view.php");
-?>
-</body>
-</html>
diff --git a/website/public/styles/index.css b/website/public/styles/index.css
index c7a0aa8..68191ad 100644
--- a/website/public/styles/index.css
+++ b/website/public/styles/index.css
@@ -198,12 +198,6 @@ ul {
     animation-duration: 0.4s
 }
 
-/* Add Animation */
-@-webkit-keyframes animatetop {
-    from {top:-300px; opacity:0}
-    to {top:0; opacity:1}
-}
-
 @keyframes animatetop {
     from {top:-300px; opacity:0}
     to {top:0; opacity:1}
diff --git a/website/queries/checkInput.php b/website/queries/checkInput.php
index 69274ce..247050b 100644
--- a/website/queries/checkInput.php
+++ b/website/queries/checkInput.php
@@ -68,7 +68,7 @@ function validateBday($variable){
     }
 }
 
-// Checks for date
+/* Checks for date */
 function validateDate($date, $format)
 {
     $d = DateTime::createFromFormat($format, $date);
@@ -124,7 +124,7 @@ function validateEmail($variable){
         throw new emailException("Mag maximaal 50 karakters!");
     }
 }
-//255
+
 /* checks if an input is a valid email. */
 function validateFBEmail($variable){
     if (empty($variable)) {
@@ -138,6 +138,7 @@ function validateFBEmail($variable){
     }
 }
 
+/* checks if email is the same */
 function matchEmail(){
     if (strtolower($_POST["email"]) != strtolower($_POST["confirmEmail"])){
         throw new confirmEmailException("Emails matchen niet!");
@@ -153,7 +154,6 @@ function resetEmail($variable){
     }
 }
 
-
 /* checks if two passwords matches. */
 function matchPassword(){
     if ($_POST["password"] != $_POST["confirmpassword"]) {
diff --git a/website/queries/login.php b/website/queries/login.php
index 27c1f3b..3480991 100644
--- a/website/queries/login.php
+++ b/website/queries/login.php
@@ -1,5 +1,6 @@
 <?php
 
+//Find matching password with the inputted username/emailadress.
 function getUser() {
     $stmt = prepareQuery("
     SELECT
@@ -34,6 +35,7 @@ function getUserID() {
 }
 
 function validateLogin($username, $password, $url){
+    echo $url;
     // Empty username or password field
     if (empty($username) || empty($password)) {
         throw new loginException("Inloggegevens zijn niet ingevuld");
@@ -44,7 +46,7 @@ function validateLogin($username, $password, $url){
         $userID = getUser()["userID"];
         $role = getUser()["role"];
 
-        // If there's an account, go to the profile page
+        // If there's an account, check if the account is banned, frozen or unconfirmed.
         if(password_verify($psw, $hash)) {
             if ($role == "banned"){
                 echo "<script>
@@ -75,8 +77,9 @@ function validateLogin($username, $password, $url){
                 $_SESSION["userID"] = $userID;
                 if(!isset($url) or $url == "") {
                     header("location: profile.php");
+                    echo "succes";
                 } else{
-                    header("location: $url");
+                    header("location: ".$url);
                 }
 
             }
diff --git a/website/views/facebookRegisterModal.php b/website/views/facebookRegisterModal.php
index 7271d63..a38a3a3 100644
--- a/website/views/facebookRegisterModal.php
+++ b/website/views/facebookRegisterModal.php
@@ -1,7 +1,6 @@
 <!-- The Modal -->
 <div id="fbModal" class="modal">
     <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
-          return= $correct
           method="post"
           name="fbModal">
 
@@ -66,17 +65,16 @@
                 </div>
                 <?php } ?>
             </div>
-            *<span class="error"> <?php echo $fbEmailErr;?></span>
+            <span class="error"> <?php echo $fbEmailErr;?></span>
             <div class="modal-footer">
                 <button type="submit"
                         value="fbRegister"
-                        name="submit"
-                        id="frm1_submit">
+                        name="submit">
                     Registreer account
                 </button>
             </div>
         </div>
-
+        <!-- Facebook information-->
         <input type="hidden"
                name="fbName"
                value="<?php echo $fbName ?>">
diff --git a/website/public/fbRegister.php b/website/views/fbRegister.php
similarity index 100%
rename from website/public/fbRegister.php
rename to website/views/fbRegister.php
diff --git a/website/views/forgotPasswordModal.php b/website/views/forgotPasswordModal.php
index 2ebdbb9..ebb9d64 100644
--- a/website/views/forgotPasswordModal.php
+++ b/website/views/forgotPasswordModal.php
@@ -4,7 +4,6 @@
 <!-- The Modal -->
 <div id="myModal" class="modal">
     <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
-          return= $correct
           method="post"
           name="forgotPassword">
 
@@ -26,8 +25,7 @@
                 <div class="login_containerfault"><span><?php echo $resetErr; ?></span></div>
                 <button type="submit"
                         value="reset"
-                        name="submit"
-                        id="frm1_submit">
+                        name="submit">
                     Reset password
                 </button>
             </div>
diff --git a/website/views/homeLoginRegister.php b/website/views/homeLoginRegister.php
index 55277e7..ad7be40 100644
--- a/website/views/homeLoginRegister.php
+++ b/website/views/homeLoginRegister.php
@@ -11,16 +11,16 @@ if(isset($_SESSION["userID"])){
 // Facebook variables
 $appID = "353857824997532";
 $appSecret = "db47e91ffbfd355fdd11b4b65eade851";
-$fbUsername = $fbPassword = $fbConfirmpassword = "";
+$fbUsername = $fbPassword = $fbConfirmpassword = $fbName = $fbSurname = $fbBday = $fbEmail = $fbUserID = "";
 $fbUsernameErr = $fbPasswordErr = $fbConfirmpasswordErr = $fbEmailErr = $fbBdayErr = "";
 $fbCorrect = true;
-$fbName = $fbSurname = $fbBday = $fbEmail = $fbUserID = "";
 
 // Register variables
 $name = $surname = $bday = $username = $password = $confirmpassword = $location = $housenumber = $email = $confirmEmail = $captcha = $ip = "";
 $genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $locationErr = $housenumberErr = $emailErr = $confirmEmailErr = $captchaErr = "";
 $correct = true;
 
+// Bday dates
 $day_date = $month_date = $year_date = "";
 $fbDay_date = $fbMonth_date = $fbYear_date = "";
 
@@ -28,22 +28,14 @@ $fbDay_date = $fbMonth_date = $fbYear_date = "";
 $user = $psw = $remember ="";
 $loginErr = $resetErr = $fbRegisterErr ="";
 
-//if ($_SERVER["REQUEST_METHOD"] == "GET") {
-//    try {
-//        $user = ($_POST["user"]);
-//        validateLogin($_POST["user"], $_POST["psw"], "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
-//    } catch(loginException $e) {
-//        $loginErr = $e->getMessage();
-//    }
-//}
-
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    $url = $_POST["url"];
     // Checks for which button is pressed
     switch ($_POST["submit"]) {
         case "login":
             try {
                 $user = ($_POST["user"]);
-                validateLogin($_POST["user"], $_POST["psw"], $_POST["url"]);
+                validateLogin($_POST["user"], $_POST["psw"], $url);
             } catch(loginException $e) {
                 $loginErr = $e->getMessage();
             }
@@ -62,18 +54,22 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             }
             break;
         case "register":
-            include("register.php");
+            include("../views/register.php");
             break;
         case "fbRegister":
-            include("fbRegister.php");
+            include("../views/fbRegister.php");
             break;
     }
 }
+
+// Get facebook information with facebook PHP SDK.
 $fb = new Facebook\Facebook([
     'app_id' => $appID,
     'app_secret' => $appSecret,
     'default_graph_version' => 'v2.2',
 ]);
+
+// Redirect back to login.php after logging/canceling with facebook.
 $redirect = "https://myhyvesbookplus.nl/login.php";
 $helper = $fb->getRedirectLoginHelper();
 
@@ -88,6 +84,7 @@ try {
     exit;
 }
 
+// If theres no facebook account logged in, ask for permission.
 if(!isset($acces_token)){
     $permission=["email", "user_birthday"];
     $loginurl=$helper->getLoginUrl($redirect,$permission);
@@ -96,13 +93,14 @@ if(!isset($acces_token)){
     $response = $fb->get('/me?fields=email,name,birthday');
     $usernode = $response->getGraphUser();
 
+    // Get facebook information
     $nameSplit = explode(" ", $usernode->getName());
     $fbName = $nameSplit[0];
     $fbSurname = $nameSplit[1];
     $fbUserID = $usernode->getID();
     $fbEmail = $usernode->getProperty("email");
-//        $image = 'https://graph.facebook.com/' . $usernode->getId() . '/picture?width=200';
 
+    // If there is an account, check if the account is banned or frozen.
     if (fbLogin($fbUserID) == 1) {
         $fbID = getfbUserID($fbUserID)["userID"];
         $fbRole = getfbUserID($fbUserID)["role"];
@@ -110,16 +108,20 @@ if(!isset($acces_token)){
             echo "<script>
                          window.onload=bannedAlert();
                     </script>";
+
         } else if($fbRole == "frozen"){
             $_SESSION["userID"] = $fbID;
             echo "<script>
-                         window.onload=frozenAlert();
-                         window.location.href= 'profile.php';
-                    </script>";
+                     window.onload=frozenAlert();
+                     window.location.href= 'profile.php';
+                  </script>";
+
         } else {
             $_SESSION["userID"] = $fbID;
             header("location: profile.php");
+
         }
+    // Registration with faceobook if theres no account.
     } else {
         echo "<script>
                     window.onload = function() {
diff --git a/website/views/login-view.php b/website/views/login-view.php
index 89487de..e3309db 100644
--- a/website/views/login-view.php
+++ b/website/views/login-view.php
@@ -13,12 +13,16 @@
     <h1>Welkom bij MyHyvesbook+</h1>
     <!-- Login content  -->
     <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
-          return=$correct
           method="post"
           name="login">
+
+        <!-- Url parameter  -->
         <input type="hidden"
                name="url"
-               value="<?= $_GET["url"] ?>"/>
+               value="<?php
+                        if(isset($_GET["url"])) {
+                            echo $_GET["url"];
+                        } ?>"/>
 
         <!-- Login name -->
         <div class="login_containerlogin">
@@ -50,8 +54,7 @@
         <div class="login_containerlogin">
             <button type="submit"
                     value="login"
-                    name="submit"
-                    id="frm1_submit">
+                    name="submit">
             Inloggen
             </button>
         </div>
@@ -72,5 +75,7 @@
 <?php
     if(!isset($acces_token)) {
         echo '<div class="login_containerlogin"><a class="fbButton" href="' . $loginurl . '"><i class="fa fa-facebook-square"></i> login met Facebook!</a></div>';
+    } else {
+        echo '<div class="login_containerlogin"><a class="fbButton" href="' . "https://myhyvesbookplus.nl/login.php" . '"><i class="fa fa-facebook-square"></i> loguit Facebook sessie</a></div>';
     }
 ?>
\ No newline at end of file
diff --git a/website/public/register.php b/website/views/register.php
similarity index 100%
rename from website/public/register.php
rename to website/views/register.php
diff --git a/website/views/registerModal.php b/website/views/registerModal.php
index 9ad48dc..b9f8d95 100644
--- a/website/views/registerModal.php
+++ b/website/views/registerModal.php
@@ -4,7 +4,6 @@
 <!-- The Modal -->
 <div id="registerModal" class="modal">
     <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
-          return= $correct
           method="post"
           name="forgotPassword">
 
@@ -15,14 +14,11 @@
                 <h3>Registreer uw account</h3>
             </div>
             <div class="modal-body">
-                <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
-                      return= $correct
-                      method="post">
 
                     <div class="login_containerregister"><label>U krijgt een bevestigingsemail na het registreren</label></div>
 
                     <!-- Error message -->
-                    <div class="login_containerfault"><?php echo $genericErr;?></span></div>
+                    <div class="login_containerfault"><span><?php echo $genericErr;?></span></div>
 
                     <!-- Register name -->
                     <div class="login_containerregister">
@@ -82,7 +78,6 @@
                                placeholder="Voer uw wachtwoord in"
                                name="password"
                                value="<?php echo $password ?>"
-                               id="password"
                                required>
                         *<span class="error"> <?php echo $passwordErr;?></span>
                         <ul>
@@ -96,7 +91,6 @@
                                placeholder="Herhaal wachtwoord"
                                name="confirmpassword"
                                value="<?php echo $confirmpassword ?>"
-                               id="confirmpassword"
                                title="Herhaal wachtwoord"
                                required>
                         *<span class="error"> <?php echo $confirmpasswordErr;?></span>
@@ -120,7 +114,6 @@
                                placeholder="Voer uw email in"
                                name="email"
                                value="<?php echo $email ?>"
-                               id="email"
                                title="Voer een geldige email in"
                                required>
                         *<span class="error"> <?php echo $emailErr;?></span>
@@ -133,7 +126,6 @@
                                placeholder="Herhaal uw email"
                                name="confirmEmail"
                                value="<?php echo $confirmEmail ?>"
-                               id="email"
                                title="Herhaal uw email"
                                required>
                         *<span class="error"> <?php echo $confirmEmailErr;?></span>
@@ -152,8 +144,7 @@
                 <!-- Register button -->
                 <button type="submit"
                         value="register"
-                        name="submit"
-                        id="frm1_submit">
+                        name="submit">
                     Registreer
                 </button>
             </div>