Merge branch 'master' into lars

website/queries/checkInput.php

@@ -97,6 +97,18 @@ function validateEmail($variable){
     }
 }
 
+/* checks if an input is a valid email. */
+function resetEmail($variable){
+    if (empty($variable)) {
+        throw new emailException("Verplicht!");
+    } else if (!filter_var($variable, FILTER_VALIDATE_EMAIL)) {
+        throw new emailException("Geldige email invullen");
+    } else if (getResetEmail() == 0){
+        throw new emailException("Email bestaat niet!");
+    }
+}
+
+
 /* checks if two passwords matches. */
 function matchPassword(){
     if ($_POST["password"] != $_POST["confirmpassword"]) {

website/queries/friendship.php

@@ -105,6 +105,16 @@ function selectAllFriendRequests() {
 }
 
 function getFriendshipStatus($userID) {
+    # -2: Query failed.
+    # -1: user1 and 2 are the same user
+    # 0 : no record found
+    # 1 : confirmed
+    # 2 : user1 sent request (you)
+    # 3 : user2 sent request (other)
+    if($_SESSION["userID"] == $userID) {
+        return -1;
+    }
+
     $stmt = $GLOBALS["db"]->prepare("
     SELECT
       CASE `status` IS NULL
@@ -131,8 +141,10 @@ function getFriendshipStatus($userID) {
 
     $stmt->bindParam(':me', $_SESSION["userID"], PDO::PARAM_INT);
     $stmt->bindParam(':other', $userID, PDO::PARAM_INT);
-    $stmt->execute();
-    return $stmt->fetch()["friend_state"];
+    if(!$stmt->execute()) {
+        return -2;
+    }
+    return intval($stmt->fetch()["friend_state"]);
 }
 
 function requestFriendship($userID) {
@@ -143,7 +155,7 @@ function requestFriendship($userID) {
 
     $stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT);
     $stmt->bindParam(':user2', $userID, PDO::PARAM_INT);
-    $stmt->execute();
+    return $stmt->execute();
 }
 
 function removeFriendship($userID) {
@@ -154,11 +166,12 @@ function removeFriendship($userID) {
           `user2ID` = :user2 OR
           `user1ID` = :user2 AND
           `user2ID` = :user1
+        LIMIT 1
     ");
 
     $stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT);
     $stmt->bindParam(':user2', $userID, PDO::PARAM_INT);
-    $stmt->execute();
+    return $stmt->execute();
 }
 
 function acceptFriendship($userID) {
@@ -173,7 +186,7 @@ function acceptFriendship($userID) {
 
     $stmt->bindParam(':user1', $userID, PDO::PARAM_INT);
     $stmt->bindParam(':user2', $_SESSION["userID"], PDO::PARAM_INT);
-    $stmt->execute();
+    return $stmt->execute();
 }
 
 function setLastVisited($friend) {

website/queries/post.php

@@ -0,0 +1,97 @@
+<?php
+
+function selectPostById($postID) {
+    $stmt = $GLOBALS["db"]->prepare("
+        SELECT
+            `user`.`fname`,
+            `user`.`lname`,
+            `user`.`username`,
+            `post`.`groupID`,
+            `post`.`title`,
+            `post`.`content`,
+            `post`.`creationdate`
+        FROM
+            `post`
+        INNER JOIN
+            `user`
+        ON
+            `post`.`author` = `user`. `userID`
+        WHERE
+            `post`.`postID` = :postID
+    ");
+
+    $stmt->bindParam(':postID', $postID);
+    $stmt->execute();
+    return $stmt;
+}
+
+function selectCommentsByPostId($postID) {
+    $stmt = $GLOBALS["db"]->prepare("
+        SELECT
+            `comment`.`commentID`,
+            `comment`.`postID`,
+            `comment`.`author`,
+            `comment`.`content`,
+            `comment`.`creationdate`,
+            `user`.`fname`,
+            `user`.`lname`,
+            `user`.`username`
+        FROM
+            `comment`
+        INNER JOIN
+            `user`
+        ON
+            `comment`.`author` = `user`.`userID`
+        WHERE
+            `comment`.`postID` = :postID
+    ");
+
+    $stmt->bindParam(':postID', $postID);
+    $stmt->execute();
+    return $stmt;
+}
+
+function makePost($userID, $groupID, $title, $content) {
+    $stmt = $GLOBALS["db"]->prepare("
+        INSERT INTO
+            `post` (
+                `author`,
+                `groupID`,
+                `title`,
+                `content`
+            )
+            VALUES (
+                :userID,
+                :groupID,
+                :title,
+                :content
+            )
+    ");
+
+    $stmt->bindParam(':userID', $userID);
+    $stmt->bindParam(':groupID', $groupID);
+    $stmt->bindParam(':title', $title);
+    $stmt->bindParam(':content', $content);
+    $stmt->execute();
+}
+
+function makeComment($postID, $userID, $content) {
+    $stmt = $_GLOBAL["db"]->prepare("
+        INSERT INTO
+            `comment` (
+                `postID`, 
+                `author`, 
+                `content`
+            ) 
+            VALUES (
+                :postID,
+                :userID,
+                :content
+            )
+    ");
+
+    $stmt->bindParam(':postID', $postID);
+    $stmt->bindParam(':userID', $userID);
+    $stmt->bindParam(':content', $content);
+    $stmt->execute();
+}

website/queries/register.php

@@ -32,6 +32,22 @@ function getExistingEmail() {
 
 }
 
+function getResetEmail() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `email`
+    FROM
+      `user`
+    WHERE
+      `email` LIKE :email
+    ");
+
+    $stmt->bindParam(":email", $_POST["forgotEmail"]);
+    $stmt->execute();
+    return $stmt->rowCount();
+
+}
+
 function registerAccount() {
     $stmt = $GLOBALS["db"]->prepare("
     INSERT INTO

website/queries/requestpassword.php

@@ -0,0 +1,55 @@
+<?php
+include_once "../queries/connect.php";
+
+function sendPasswordRecovery(string $email) {
+    if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        $stmt = $GLOBALS["db"]->prepare("
+        SELECT 
+            `userID`,
+            `username`
+        FROM 
+            `user`
+        WHERE 
+            `email` = :email
+        ");
+        $stmt->bindParam(":email", $email);
+        $stmt->execute();
+        if (!$stmt->rowCount()) {
+            // TODO: Just stop.
+            return;
+        }
+        $result = $stmt->fetch();
+        $userID = $result["userID"];
+        $username = $result["username"];
+        $hash = md5(random_int(0, 1000000));
+        $hashedHash = password_hash($hash, PASSWORD_DEFAULT);
+        setHashToDatabase($userID, $hash);
+        doSendPasswordRecovery($userID, $email, $username, $hashedHash);
+
+
+    } else {
+        // TODO: Be angry!
+    }
+}
+
+function doSendPasswordRecovery(int $userID, string $email, string $username, string $hash) {
+    $resetLink = "https://myhyvesbookplus.nl/resetpassword.php?u=$userID&h=$hash";
+
+    $subject = "Reset uw wachtwoord";
+    $body = "Hallo $username,\r\n\r\nKlik op de onderstaande link om uw wachtwoord te resetten.\r\n\r\n$resetLink\r\n\r\nGroeten MyHyvesbook+";
+    $header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
+    mail($email, $subject, $body, $header);
+}
+
+function setHashToDatabase(int $userID, string $hash) {
+    $stmt = $GLOBALS["db"]->prepare("
+    UPDATE
+        `user`
+    SET
+        `password` = $hash
+    WHERE
+        `userID` = $userID
+    ");
+    $stmt->execute();
+    return $stmt->rowCount();
+}

website/queries/user.php

@@ -108,7 +108,7 @@ function selectAllUserPosts($userID) {
           `postID`,
           `author`,
           `title`,
-          CASE LENGTH(`content`) >= 150
+          CASE LENGTH(`content`) >= 150 AND `content` NOT LIKE '<img%'
           WHEN TRUE THEN
             CONCAT(LEFT(`content`, 150), '...')
           WHEN FALSE THEN
@@ -321,7 +321,10 @@ function searchSomeUsers($n, $m, $search)
     $stmt = $GLOBALS["db"]->prepare("
     SELECT
         `username`,
-        `profilepicture`,
+        IFNULL(
+            `profilepicture`,
+            '../img/notbad.jpg'
+        ) AS profilepicture,
         `fname`,
         `lname`
     FROM