Merge branch 'master' into hendrik-testing

2017-01-18 16:02:02 +01:00
parent e7e3ae9c8b 32ff271b5e
commit 38e5b28ff5
27 changed files with 1107 additions and 389 deletions
--- a/website/queries/connect.php
+++ b/website/queries/connect.php
@@ -5,9 +5,7 @@ if ($dbconf === FALSE) {
    die("Error parsing XML file");
 }
 else {
-    $db = new PDO("mysql:host=$dbconf->mysql_host;dbname=$dbconf->mysql_database;charset=utf8",
+    $GLOBALS["db"] = new PDO("mysql:host=$dbconf->mysql_host;dbname=$dbconf->mysql_database;charset=utf8",
        "$dbconf->mysql_username", "$dbconf->mysql_password")
    or die('Error connecting to mysql server');
-}
-
-?>
+}
--- a/website/queries/friendship.php
+++ b/website/queries/friendship.php
@@ -3,6 +3,7 @@
 function selectAllFriends($db, $userID) {
    return $db->query("
    SELECT
+        `user`.`userID`,
        `user`.`username`,
        `user`.`profilepicture`,
        `user`.`onlinestatus`,
--- a/website/queries/login.php
+++ b/website/queries/login.php
@@ -0,0 +1,19 @@
+<?php
+
+function hashPassword() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `password`,
+      `userID`
+    FROM
+      `user`
+    WHERE
+      `username` LIKE :username
+    ");
+
+    $stmt->bindParam(":username", $_POST["uname"]);
+    $stmt->execute();
+    return $stmt->fetch(PDO::FETCH_ASSOC);
+}
+
+?>
--- a/website/queries/private_message.php
+++ b/website/queries/private_message.php
@@ -0,0 +1,85 @@
+<?php
+
+include_once("connect.php");
+
+session_start();
+
+function getOldChatMessages($user2ID) {
+    $db = $GLOBALS["db"];
+    $user1ID = $_SESSION["userID"];
+
+    $stmt = $db->prepare("
+    SELECT
+        *
+    FROM
+        `private_message`
+    WHERE
+        `origin` = :user1 AND 
+        `destination` = :user2 OR 
+        `origin` = :user2 AND
+        `destination` = :user1
+    ORDER BY
+        `messageID` ASC
+    ");
+
+    $stmt->bindParam(":user1", $user1ID);
+    $stmt->bindParam(":user2", $user2ID);
+
+    $stmt->execute();
+
+    return json_encode($stmt->fetchAll());
+}
+
+function sendMessage($destination, $content) {
+    $db = $GLOBALS["db"];
+    $stmt = $db->prepare("
+    INSERT INTO
+        `private_message`
+    (
+        `origin`,
+        `destination`,
+        `content`
+    )
+    VALUES
+    (
+        :origin,
+        :destination,
+        :content
+    )
+    ");
+
+    return $stmt->execute(array(
+        "origin" => $_SESSION["userID"],
+        "destination" => $destination,
+        "content" => $content
+    ));
+}
+
+function getNewChatMessages($lastID, $destination) {
+    $db = $GLOBALS["db"];
+    $origin = $_SESSION["userID"];
+
+    $stmt = $db->prepare("
+    SELECT
+        *
+    FROM
+        `private_message`
+    WHERE
+        (
+        `origin` = :user1 AND 
+        `destination` = :user2 OR 
+        `origin` = :user2 AND
+        `destination` = :user1) AND
+        `messageID` > :lastID
+    ORDER BY
+        `messageID` ASC
+    ");
+
+    $stmt->bindParam(':user1', $origin);
+    $stmt->bindParam(':user2', $destination);
+    $stmt->bindParam(':lastID', $lastID);
+
+    $stmt->execute();
+
+    return json_encode($stmt->fetchAll());
+}
--- a/website/queries/register.php
+++ b/website/queries/register.php
@@ -0,0 +1,68 @@
+<?php
+
+function getExistingUsername() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `username`
+    FROM
+      `user`
+    WHERE
+      `username` LIKE :username
+    ");
+
+    $stmt->bindParam(":username", $_POST["username"]);
+    $stmt->execute();
+    return $stmt->rowCount();
+
+}
+
+function getExistingEmail() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `email`
+    FROM
+      `user`
+    WHERE
+      `email` LIKE :email
+    ");
+
+    $stmt->bindParam(":email", $_POST["email"]);
+    $stmt->execute();
+    return $stmt->rowCount();
+
+}
+
+function registerAccount() {
+    $stmt = $GLOBALS["db"]->prepare("
+    INSERT INTO
+      `user`(fname,
+             lname,
+             birthdate,
+             username,
+             password,
+             location,
+             email)
+    VALUES(
+      :fname,
+      :lname,
+      :bday,
+      :username,
+      :password,
+      :location,
+      :email
+    )");
+
+    $hash=password_hash($_POST["password"].(strtolower($_POST["username"])), PASSWORD_DEFAULT);
+
+    $stmt->bindParam(":fname", $_POST["name"]);
+    $stmt->bindParam(":lname", $_POST["surname"]);
+    $stmt->bindParam(":bday", $_POST["bday"]);
+    $stmt->bindParam(":username", $_POST["username"]);
+    $stmt->bindParam(":password", $hash);
+    $stmt->bindParam(":location", $_POST["location"]);
+    $stmt->bindParam(":email", (strtolower($_POST["email"])));
+
+    $stmt->execute();
+    $stmt->rowCount();
+}
+?>
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -0,0 +1,109 @@
+<?php
+
+function getSettings() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `fname`,
+      `lname`,
+      `email`,
+      `location`,
+      `birthdate`,
+      `bio`,
+      `profilepicture`
+    FROM
+      `user`
+    WHERE
+      `userID` = :userID
+      ");
+
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+    return $stmt->fetch();
+}
+
+function getPasswordHash() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `password`,
+      `username`
+    FROM
+      `user`
+    WHERE
+      `userID` = :userID
+    ");
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+    return $stmt->fetch();
+}
+
+function updateSettings() {
+    $stmt = $GLOBALS["db"]->prepare("
+    UPDATE
+      `user`
+    SET
+      `fname` = :fname,
+      `lname` = :lname,
+      `location` = :location,
+      `birthdate` = :bday,
+      `bio` = :bio
+    WHERE
+      `userID` = :userID
+    ");
+
+    $stmt->bindParam(":fname", $_POST["fname"]);
+    $stmt->bindParam(":lname", $_POST["lname"]);
+    $stmt->bindParam(":location", $_POST["location"]);
+    $stmt->bindParam(":bday", $_POST["bday"]);
+    $stmt->bindParam(":bio", $_POST["bio"]);
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+
+    $stmt->execute();
+
+    return array (
+        "type" => "settings-message-happy",
+        "message" => "Instellingen zijn opgeslagen."
+        );
+}
+
+function updatePassword() {
+    $user = getPasswordHash();
+    if (password_verify($_POST["password-old"].strtolower($user["username"]), $user["password"])) {
+        if ($_POST["password-new"] == $_POST["password-confirm"] && (strlen($_POST["password-new"]) >= 8)) {
+            if (changePassword($user)) {
+                return array ("type" => "settings-message-happy",
+                    "message" => "Wachtwoord gewijzigd.");
+            } else {
+                return array (
+                "type" => "settings-message-angry",
+                "message" => "Er is iets mis gegaan.");
+            }
+        } else {
+            return array (
+                "type" => "settings-message-angry",
+                "message" => "Wachtwoorden komen niet oveeen."
+            );
+        }
+    } else {
+        return array(
+            "type" => "settings-message-angry",
+            "message" => "Oud wachtwoord niet correct."
+        );
+    }
+}
+
+function changePassword($user) {
+    $stmt =$GLOBALS["db"]->prepare("
+    UPDATE
+      `user`
+    SET
+      `password` = :new_password
+    WHERE
+      `userID` = :userID
+    ");
+
+    $hashed_password = password_hash($_POST["password-new"].strtolower($user["username"]), PASSWORD_DEFAULT);
+    $stmt->bindParam(":new_password", $hashed_password);
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+    return $stmt->rowCount();
+}