From e464f5bca2535a1d80df8a535f318cc1c6329c21 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Mon, 30 Jan 2017 16:32:57 +0100
Subject: [PATCH 01/18] cleaned admin.js, add admin/owner check (frontend), fix
 submit ajax

---
 website/public/API/adminChangeUser.php  |  3 --
 website/public/API/adminSearchUsers.php |  2 +
 website/public/admin.php                |  2 +-
 website/public/js/admin.js              | 56 ++++++++++++++++---------
 website/public/styles/adminpanel.css    |  2 +-
 website/views/adminpanel-grouptable.php |  6 +--
 website/views/adminpanel-table.php      | 28 ++++++++-----
 website/views/adminpanel.php            | 27 ++++++++----
 8 files changed, 79 insertions(+), 47 deletions(-)

diff --git a/website/public/API/adminChangeUser.php b/website/public/API/adminChangeUser.php
index 067a7ba..5c9384c 100644
--- a/website/public/API/adminChangeUser.php
+++ b/website/public/API/adminChangeUser.php
@@ -15,6 +15,3 @@ if (isset($_POST["actions"]) && isset($_POST["userID"])) {
 } else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
     changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
 }
-
-//header("location: ../admin.php");
-print_r($_POST);
\ No newline at end of file
diff --git a/website/public/API/adminSearchUsers.php b/website/public/API/adminSearchUsers.php
index c809db7..f1d7fc1 100644
--- a/website/public/API/adminSearchUsers.php
+++ b/website/public/API/adminSearchUsers.php
@@ -35,6 +35,8 @@ if (isset($_POST['groupstatus'])) {
     $groupstatus = $_POST["groupstatus"];
 }
 
+$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+
 if ($pagetype == "user") {
     include ("../../views/adminpanel-table.php");
 } else if ($pagetype == "group") {
diff --git a/website/public/admin.php b/website/public/admin.php
index 2785606..13a025d 100644
--- a/website/public/admin.php
+++ b/website/public/admin.php
@@ -8,7 +8,7 @@
     <style>
         @import url("styles/adminpanel.css");
     </style>
-    <script src="js/admin.js" charset="utf-8"></script>
+<script src="js/admin.js" charset="utf-8"></script>
 </head>
 <body>
 <?php
diff --git a/website/public/js/admin.js b/website/public/js/admin.js
index 140c99a..c43e6ae 100644
--- a/website/public/js/admin.js
+++ b/website/public/js/admin.js
@@ -4,39 +4,45 @@ $(window).on("load", function () {
         adminSearch();
     });
     // all inputs and labels directly under admin filter and groupfilter
-    $("#admin-filter, #admin-groupfilter > input, label").click(function(){
+    $("#admin-filter, #admin-groupfilter > input, label").change(function(){
         adminSearch();
     });
     $("#pagetype").change(function(){
         adminSearch();
     });
 
+    /* Update hidden input to be equal to submit pressed,
+        because serialize doesn't take submit values. */
+    $('#admin-batchform > button').click(function () {
+        $('#batchinput').prop('value', $(this).prop('value'));
+        console.log($('#batchinput').prop('value'));
+    });
+
+    $('#admin-groupbatchform > button').click(function () {
+        $('#groupbatchinput').prop('value', $(this).prop('value'));
+        console.log($('#batchinput').prop('value'));
+    });
+
     adminSearch();
 });
 
-function checkAll(allbox) {
-    var checkboxes = document.getElementsByClassName('checkbox-list');
-
-    for (var i = 0; i < checkboxes.length; i++) {
-        if (checkboxes[i].type == 'checkbox') {
-            checkboxes[i].checked = allbox.checked;
-        }
-    }
+function checkAll() {
+    $('.checkbox-list').each(function () {
+        $(this).prop('checked', $('#checkall').prop('checked'));
+    });
 }
 
-function checkCheckAll(allbox) {
-    var checkboxes = document.getElementsByClassName('checkbox-list');
+function checkCheckAll() {
     var checked = true;
 
-    for (var i = 0; i < checkboxes.length; i++) {
-        if (checkboxes[i].type == 'checkbox') {
-            if (checkboxes[i].checked == false) {
-                checked = false;
-                break;
-            }
+    $('.checkbox-list').each(function () {
+        if ($(this).prop('checked') == false) {
+            checked = false;
+            return;
         }
-    }
-    allbox.checked = checked;
+    });
+
+    $('#checkall').prop('checked', checked);
 }
 
 function changeFilter() {
@@ -60,11 +66,21 @@ function adminSearch() {
         "API/adminSearchUsers.php",
         $("#admin-searchform").serialize()
     ).done(function (data) {
-        console.log(data);
+        // console.log(data);
         $("#usertable").html(data);
     })
 }
 
+function adminUpdate(form) {
+    console.log($(form).serialize());
+    $.post(
+        "API/adminChangeUser.php",
+        $(form).serialize()
+    ).done(function () {
+        adminSearch();
+    })
+}
+
 function updatePageN() {
     $.post(
         "API/adminPageNumber.php",
diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index f9410e1..75fa8b1 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -44,7 +44,7 @@
     padding: 3px;
 }
 
-.usertable tr {
+.usertable th, tr {
     text-align: left;
 }
 
diff --git a/website/views/adminpanel-grouptable.php b/website/views/adminpanel-grouptable.php
index 4999666..9d2c8e8 100644
--- a/website/views/adminpanel-grouptable.php
+++ b/website/views/adminpanel-grouptable.php
@@ -16,7 +16,6 @@ while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
     $name = $group['name'];
     $role = $group['status'];
     $description = $group['description'];
-    $function = "checkCheckAll(document.getElementById('checkall'))";
 
     echo("
         <tr>
@@ -25,15 +24,14 @@ while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
                        class='checkbox-list'
                        value='$groupID'
                        form='admin-groupbatchform'
-                       onchange='$function'>
+                       onchange='checkCheckAll();'>
             </td>
             <td>$name</td>
             <td>$role</td>
             <td>$description</td>
             <td>
                 <form class='admin-groupaction'
-                      action='API/adminChangeUser.php'
-                      method='post'>
+                      onsubmit=\"adminUpdate(this);  return false;\">
                     <select class='action' name='actions'>
                         <option value='hidden'>Hidden</option>
                         <option value='public'>Public</option>
diff --git a/website/views/adminpanel-table.php b/website/views/adminpanel-table.php
index a21c9d6..7ac0873 100644
--- a/website/views/adminpanel-table.php
+++ b/website/views/adminpanel-table.php
@@ -1,5 +1,5 @@
 <tr>
-    <th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
+    <th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll()"></th>
     <th class="table-username">Gebruikersnaam</th>
     <th class="table-status">Status</th>
     <th class="table-comment">Aantekening</th>
@@ -14,7 +14,6 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
     $username = $user['username'];
     $role = $user['role'];
     $bancomment = $user['bancomment'];
-    $function = "checkCheckAll(document.getElementById('checkall'))";
 
     echo("
         <tr>
@@ -24,20 +23,29 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                        class='checkbox-list'
                        value='$userID'
                        form='admin-batchform'
-                       onchange='$function'>
+                       onchange='checkCheckAll();'>
             </td>
             <td>$username</td>
             <td>$role</td>
             <td>$bancomment</td>
             <td>
                 <form class='admin-useraction'
-                      action='API/adminChangeUser.php'
-                      method='post'>
-                    <select class='action' name='actions'>
-                        <option value='frozen'>Bevries</option>
-                        <option value='banned'>Ban</option>
-                        <option value='user'>Activeer</option>
-                    </select>
+                      onsubmit=\"adminUpdate(this);  return false;\">
+                    <select class='action' name='actions'>");
+                        if (!($userinfo['role'] == 'admin'
+                              AND ($user['role'] == 'admin'
+                              OR $user['role'] == 'owner'))) {
+                            echo "<option value='frozen'>Bevries</option>
+                                  <option value='banned'>Ban</option>
+                                  <option value='user'>Activeer</option>";
+
+                            if ($userinfo['role'] == 'owner') {
+                                echo "<option value='admin'>Admin</option>
+                                      <option value='owner'>Owner</option>";
+                            }
+                        }
+
+                    echo ("</select>
                     <input type='hidden' name='userID' value='$userID'>
                     <input type='submit' value='Confirm'>
                 </form>
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index c48a28d..d2b83d2 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -7,6 +7,7 @@ $perpage = 20;
 $status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
 $groupstatus = array("hidden", "public", "membersonly");
 $pagetype = "user";
+$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
 
 if (isset($_GET["search"])) {
     $search = test_input($_GET["search"]);
@@ -123,20 +124,30 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
                 <span style="float: right" id="admin-pageinfo">
 
                 </span>
-                <form
-                        id="admin-batchform"
-                        action="API/adminChangeUser.php"
-                        method="post">
+                <form id="admin-batchform"
+                      onsubmit="adminUpdate(this); return false;">
 
+                    <input type="hidden" name="batchactions" id="batchinput">
                     <button type="submit" name="batchactions" id="freeze" value="frozen">Bevries</button>
                     <button type="submit" name="batchactions" id="ban" value="banned">Ban</button>
                     <button type="submit" name="batchactions" id="restore" value="user">Activeer</button>
+                    <?php
+                    if ($userinfo['role'] == 'owner') {
+                        echo "<button type=\"submit\" 
+                                      name=\"batchactions\" 
+                                      id=\"admin\" 
+                                      value=\"admin\">Maak Admin</button>
+                              <button type=\"submit\" 
+                                      name=\"batchactions\" 
+                                      id=\"owner\" 
+                                      value=\"owner\">Maak Owner</button>";
+                    }
+                    ?>
                 </form>
-                <form
-                        id="admin-groupbatchform"
-                        action="API/adminChangeUser.php"
-                        method="post">
+                <form id="admin-groupbatchform"
+                      onsubmit="adminUpdate(this);  return false;">
 
+                    <input type="hidden" name="groupbatchactions" id="groupbatchinput">
                     <button type="submit" name="batchactions" id="hide" value="hidden">Hide</button>
                     <button type="submit" name="batchactions" id="ban" value="public">Public</button>
                     <button type="submit" name="batchactions" id="members" value="membersonly">Members</button>

From f26097f55fab9a19fa2fc59b087aa4c813f84b5f Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 12:25:28 +0100
Subject: [PATCH 02/18] Fixed online status

---
 website/public/bits/friend-item.php |  2 +-
 website/public/group.php            |  2 +-
 website/public/profile.php          |  8 ++++----
 website/public/styles/main.css      | 10 +++++++++-
 website/public/styles/profile.css   |  2 +-
 website/queries/friendship.php      | 11 ++++++-----
 website/queries/user.php            | 13 +++++++++++++
 website/views/head.php              |  5 ++++-
 website/views/profile.php           |  4 ++--
 9 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/website/public/bits/friend-item.php b/website/public/bits/friend-item.php
index a69d12a..40bc8a8 100644
--- a/website/public/bits/friend-item.php
+++ b/website/public/bits/friend-item.php
@@ -33,7 +33,7 @@ foreach($friends as $i => $friend) {
                     }
                     ?>'>
                 <div class='friend'>
-                    <img alt='PF' class='profile-picture' src='<?= $friend->profilepicture ?>'/>
+                    <img alt='PF' class='profile-picture <?= $friend->onlinestatus ?>' src='<?= $friend->profilepicture ?>'/>
                     <div class='friend-name'>
                         <?= $friend->fullname ?><br/>
                         <span style='color: #666'><?php
diff --git a/website/public/group.php b/website/public/group.php
index 2ef3493..cd1560d 100644
--- a/website/public/group.php
+++ b/website/public/group.php
@@ -11,7 +11,7 @@
 <body>
 <?php
 
-include("../queries/group_page.php");
+include_once("../queries/group_page.php");
 
 $group = selectGroupByName($_GET["groupname"]);
 $members = selectGroupMembers(2);
diff --git a/website/public/profile.php b/website/public/profile.php
index 83b9d10..c67b60d 100644
--- a/website/public/profile.php
+++ b/website/public/profile.php
@@ -13,10 +13,10 @@
 </head>
 <body>
 <?php
-include("../queries/user.php");
-include("../queries/friendship.php");
-include("../queries/nicetime.php");
-include("../queries/post.php");
+include_once("../queries/user.php");
+include_once("../queries/friendship.php");
+include_once("../queries/nicetime.php");
+include_once("../queries/post.php");
 
 if(empty($_GET["username"])) {
     $userID = $_SESSION["userID"];
diff --git a/website/public/styles/main.css b/website/public/styles/main.css
index baff345..7909687 100644
--- a/website/public/styles/main.css
+++ b/website/public/styles/main.css
@@ -92,6 +92,14 @@ p {
     border-radius: 50%;
 }
 
+.online {
+    border: #4CAF50 solid 3px;
+}
+
+.offline {
+    border: #666666 solid 3px;
+}
+
 .group-picture {
     border-radius: 5px;
 }
@@ -184,7 +192,7 @@ button.green {
 }
 
 button.gray{
-    background-color: #FFF;
+    background-color: inherit;
     color: #333;
 }
 
diff --git a/website/public/styles/profile.css b/website/public/styles/profile.css
index 37aaaa1..61f3615 100644
--- a/website/public/styles/profile.css
+++ b/website/public/styles/profile.css
@@ -45,7 +45,7 @@
 
 .main-picture {
     position: relative;
-    border: #4CAF50 solid 5px;
+    border-width: 5px;
 
     display: inline-block;
     width: 150px;
diff --git a/website/queries/friendship.php b/website/queries/friendship.php
index 450fd20..a16d859 100644
--- a/website/queries/friendship.php
+++ b/website/queries/friendship.php
@@ -16,6 +16,10 @@ function selectLimitedFriends($userID, $limit) {
                 `profilepicture`,
                 '../img/avatar-standard.png'
             ) AS profilepicture,
+            CASE `lastactivity` >= DATE_SUB(NOW(),INTERVAL 15 MINUTE)
+              WHEN TRUE THEN 'online'
+              WHEN FALSE THEN 'offline'
+            END AS `onlinestatus`,
             `role`
         FROM
             `user`
@@ -28,11 +32,8 @@ function selectLimitedFriends($userID, $limit) {
             `friendship`.`user1ID` = `user`.`userID`) AND
             `user`.`role` != 'banned' AND
             `friendship`.`status` = 'confirmed'
-        ORDER BY 
-            CASE
-            WHEN `friendship`.`user2ID` = `user`.`userID` THEN `friendship`.`chatLastVisted1`
-            WHEN `friendship`.`user1ID` = `user`.`userID` THEN `friendship`.`chatLastVisted2`
-            END
+        ORDER BY
+            `user`.`lastactivity`
             DESC
         LIMIT :limitCount
     ");
diff --git a/website/queries/user.php b/website/queries/user.php
index 0900d9f..b1bb93c 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -2,6 +2,19 @@
 
 require_once ("connect.php");
 
+function updateLastActivity() {
+    $stmt = prepareQuery("
+      UPDATE
+        `user`
+      SET
+        `lastactivity` = NOW()
+      WHERE
+      `userID` = :userID
+    ");
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    return $stmt->execute();
+}
+
 function getUserID($username) {
     $stmt = prepareQuery("
         SELECT
diff --git a/website/views/head.php b/website/views/head.php
index 6e8ca0a..284abb4 100644
--- a/website/views/head.php
+++ b/website/views/head.php
@@ -19,9 +19,12 @@
 
 require_once ("../queries/checkInput.php");
 require_once ("../queries/connect.php");
+require_once ("../queries/user.php");
 
 session_start();
 
 if(!isset($_SESSION["userID"])){
     header("location:login.php");
-}
\ No newline at end of file
+} else {
+    updateLastActivity();
+}
diff --git a/website/views/profile.php b/website/views/profile.php
index 90a368d..8cf555f 100644
--- a/website/views/profile.php
+++ b/website/views/profile.php
@@ -1,10 +1,10 @@
 <div class="content">
     <div class="user-box">
-        <img class="profile-picture main-picture" src="<?= $user["profilepicture"] ?>"><br />
+        <img class="profile-picture main-picture <?= $user["online"] ?>" src="<?= $user["profilepicture"] ?>"><br />
         <div class="platform">
             <div class="status-buttons-container">
                 <button disabled class="gray">
-                    <?= $user["onlinestatus"]  ?>
+                    <?= $user["onlinestatus"] ?>
                 </button>
                 <button disabled class="gray"><?= $user["role"] ?></button>
             </div>

From f67dd019c46c67ca604423d00ac04b7c956a8ac7 Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 12:47:24 +0100
Subject: [PATCH 03/18] Inputs are now mobile friendly

---
 website/public/styles/main.css | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/website/public/styles/main.css b/website/public/styles/main.css
index 7909687..f2d7535 100644
--- a/website/public/styles/main.css
+++ b/website/public/styles/main.css
@@ -192,7 +192,7 @@ button.green {
 }
 
 button.gray{
-    background-color: inherit;
+    background-color: #FFF;
     color: #333;
 }
 
@@ -307,8 +307,9 @@ div[data-title]:hover:after {
     body {
         font-size: 28px!important;
     }
-    button {
+    button, input {
         font-size: 28px;
+        height: 42px;
     }
 
 }
\ No newline at end of file

From eb12b6ba7da8194d479358a904837f919ead8c87 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Tue, 31 Jan 2017 13:11:23 +0100
Subject: [PATCH 04/18] fixed pageselector in admin

---
 website/public/API/adminChangeUser.php  |  8 ++++-
 website/public/API/adminPageNumber.php  | 18 +++++++++---
 website/public/API/adminSearchUsers.php |  8 ++---
 website/public/js/admin.js              | 19 +++++++-----
 website/queries/user.php                | 19 ++++++++++++
 website/views/adminpanel-page.php       | 39 ++++++++++++-------------
 website/views/adminpanel.php            | 15 ++--------
 7 files changed, 77 insertions(+), 49 deletions(-)

diff --git a/website/public/API/adminChangeUser.php b/website/public/API/adminChangeUser.php
index 5c9384c..72acb8c 100644
--- a/website/public/API/adminChangeUser.php
+++ b/website/public/API/adminChangeUser.php
@@ -6,12 +6,18 @@ require_once ("../../queries/checkInput.php");
 require_once ("../../queries/user.php");
 require_once ("../../queries/group_page.php");
 
+$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+
 if (isset($_POST["actions"]) && isset($_POST["userID"])) {
     changeUserStatusByID($_POST["userID"], $_POST["actions"]);
 } else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
     changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
 } else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
-    changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
+    if ($userinfo['role'] == 'owner') {
+        changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
+    } else {
+        changeMultipleUserStatusByIDAdmin($_POST["checkbox-user"], $_POST["batchactions"]);
+    }
 } else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
     changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
 }
diff --git a/website/public/API/adminPageNumber.php b/website/public/API/adminPageNumber.php
index a6ac554..c829249 100644
--- a/website/public/API/adminPageNumber.php
+++ b/website/public/API/adminPageNumber.php
@@ -5,6 +5,7 @@ session_start();
 require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/user.php");
+require_once ("../../queries/group_page.php");
 
 $search = "";
 if (isset($_POST["search"])) {
@@ -21,8 +22,17 @@ if (isset($_POST['status'])) {
     $status = $_POST["status"];
 }
 
-if ($pagetype == "user") {
-    include ("../../views/adminpanel-page.php");
-} else {
-    echo "Pagenumber failed!";
+$groupstatus = array();
+if (isset($_POST['groupstatus'])) {
+    $groupstatus = $_POST["groupstatus"];
 }
+
+$entries = 20;
+$currentpage = 1;
+if (isset($_POST['currentpage'])) {
+    $currentpage = (int) test_input($_POST["currentpage"]);
+}
+
+$offset = (int) $currentpage * $entries - $entries;
+
+include ("../../views/adminpanel-page.php");
diff --git a/website/public/API/adminSearchUsers.php b/website/public/API/adminSearchUsers.php
index f1d7fc1..58b170a 100644
--- a/website/public/API/adminSearchUsers.php
+++ b/website/public/API/adminSearchUsers.php
@@ -8,13 +8,11 @@ require_once ("../../queries/user.php");
 require_once ("../../queries/group_page.php");
 
 $offset = 0;
-if (isset($_POST["n"])) {
-    $offset = (int) test_input($_POST["n"]);
-}
 $entries = 20;
-if (isset($_POST["m"])) {
-    $entries = (int) test_input($_POST["m"]);
+if (isset($_POST["currentpage"])) {
+    $offset = (int) test_input($_POST["currentpage"]) * $entries - $entries;
 }
+
 $search = "";
 if (isset($_POST["search"])) {
     $search = test_input($_POST["search"]);
diff --git a/website/public/js/admin.js b/website/public/js/admin.js
index c43e6ae..7e2efad 100644
--- a/website/public/js/admin.js
+++ b/website/public/js/admin.js
@@ -1,14 +1,16 @@
 $(window).on("load", function () {
     changeFilter();
+    searchFromOne();
+
     $(".admin-searchinput").keyup(function(){
-        adminSearch();
+        searchFromOne();
     });
     // all inputs and labels directly under admin filter and groupfilter
     $("#admin-filter, #admin-groupfilter > input, label").change(function(){
-        adminSearch();
+        searchFromOne();
     });
     $("#pagetype").change(function(){
-        adminSearch();
+        searchFromOne();
     });
 
     /* Update hidden input to be equal to submit pressed,
@@ -22,8 +24,6 @@ $(window).on("load", function () {
         $('#groupbatchinput').prop('value', $(this).prop('value'));
         console.log($('#batchinput').prop('value'));
     });
-
-    adminSearch();
 });
 
 function checkAll() {
@@ -61,18 +61,23 @@ function changeFilter() {
     }
 }
 
+function searchFromOne() {
+    $('#currentpage').prop('value', 1);
+    adminSearch();
+}
+
 function adminSearch() {
+    console.log($("#admin-searchform").serialize());
     $.post(
         "API/adminSearchUsers.php",
         $("#admin-searchform").serialize()
     ).done(function (data) {
-        // console.log(data);
         $("#usertable").html(data);
+        updatePageN();
     })
 }
 
 function adminUpdate(form) {
-    console.log($(form).serialize());
     $.post(
         "API/adminChangeUser.php",
         $(form).serialize()
diff --git a/website/queries/user.php b/website/queries/user.php
index 0900d9f..bf20e7d 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -307,6 +307,25 @@ function changeMultipleUserStatusByID($ids, $status) {
     return $q;
 }
 
+function changeMultipleUserStatusByIDAdmin($ids, $status) {
+    $q = prepareQuery("
+    UPDATE
+        `user`
+    SET
+        `role` = :status
+    WHERE
+        FIND_IN_SET (`userID`, :ids)
+        AND NOT `role` = 'admin'
+        AND NOT `role` = 'owner'
+    ");
+
+    $ids = implode(',', $ids);
+    $q->bindParam(':ids', $ids);
+    $q->bindParam(':status', $status);
+    $q->execute();
+    return $q;
+}
+
 function selectRandomNotFriendUser($userID) {
     $stmt = prepareQuery("
     SELECT
diff --git a/website/views/adminpanel-page.php b/website/views/adminpanel-page.php
index a17ce50..cfd73bc 100644
--- a/website/views/adminpanel-page.php
+++ b/website/views/adminpanel-page.php
@@ -5,27 +5,26 @@ if ($pagetype == "user") {
     $pages = countSomeGroupsByStatus($search, $groupstatus);
 }
 $countresults = $pages->fetchColumn();
-$mincount = min($listm, $countresults);
-$minlist = min($listn + 1, $countresults);
+
 ?>
-    Pagina: <form class="admin-pageselector"
-                  action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
-                  method="post">
-    <select class="admin-pageselect"
-            name="pageselect"
-            onchange="this.form.submit()"
-            value="">
-        <?php
-        for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
-            if ($currentpage == $i) {
-                echo "<option value='$i' selected>$i</option>";
-            } else {
-                echo "<option value='$i'>$i</option>";
-            }
+Pagina:
+<select class="admin-pageselect"
+        name="currentpage"
+        id="currentpage"
+        form="admin-searchform"
+        onchange="adminSearch();">
+    <?php
+    for ($i=1; $i <= ceil($countresults / $entries); $i++) {
+        if ($currentpage == $i) {
+            echo "<option value='$i' selected>$i</option>";
+        } else {
+            echo "<option value='$i'>$i</option>";
         }
-        ?>
-    </select>
-</form>
+    }
+    ?>
+</select>
 <?php
-echo "$minlist tot $mincount ($countresults totaal)";
+$n = min($offset + 1, $countresults);
+$m = min($offset + $entries, $countresults);
+echo " $n tot $m ($countresults totaal)";
 ?>
\ No newline at end of file
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index d2b83d2..f1d27a1 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -2,8 +2,6 @@
 <!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
 <?php
 $search = "";
-$currentpage = 1;
-$perpage = 20;
 $status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
 $groupstatus = array("hidden", "public", "membersonly");
 $pagetype = "user";
@@ -25,13 +23,6 @@ if (isset($_GET["groupstatus"])) {
     $groupstatus = $_GET["groupstatus"];
 }
 
-
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    if (isset($_POST["pageselect"])) {
-        $currentpage = $_POST["pageselect"];
-    }
-}
-
 ?>
 
 <div class="content">
@@ -40,7 +31,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         <div class="admin-options">
             <form class="admin-searchform"
                   id="admin-searchform"
-                  action="javascript:adminSearch();"
+                  action="javascript:searchFromOne();"
                   method="get">
 
                 <div class="admin-searchbar">
@@ -121,9 +112,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         <div class="admin-users">
             <div class="admin-usertitle">
                 <h4>Resultaat:</h4>
-                <span style="float: right" id="admin-pageinfo">
+                <div style="float: right" id="admin-pageinfo">
 
-                </span>
+                </div>
                 <form id="admin-batchform"
                       onsubmit="adminUpdate(this); return false;">
 

From 1c9c88e030012ce6c2818d602313a0c1949316bc Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Tue, 31 Jan 2017 13:36:32 +0100
Subject: [PATCH 05/18] Fixed and spilt Avatar upload and Alerts

---
 website/queries/alerts.php   |  44 +++++++++++
 website/queries/picture.php  | 138 +++++++++++++++++++++++++++++++++++
 website/queries/settings.php | 116 +----------------------------
 3 files changed, 184 insertions(+), 114 deletions(-)
 create mode 100644 website/queries/alerts.php
 create mode 100644 website/queries/picture.php

diff --git a/website/queries/alerts.php b/website/queries/alerts.php
new file mode 100644
index 0000000..f311098
--- /dev/null
+++ b/website/queries/alerts.php
@@ -0,0 +1,44 @@
+<?php
+/**
+ * Class AlertMessage
+ * abstract class for alertMessages used in
+ */
+abstract class AlertMessage extends Exception {
+    public function __construct($message = "", $code = 0, Exception $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+
+    abstract public function getClass();
+}
+
+/**
+ * Class HappyAlert
+ * class for a happy alert as an exception.
+ */
+class HappyAlert extends AlertMessage {
+
+    public function __construct($message = "Gelukt!", $code = 0, Exception $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+
+    public function getClass() {
+        return "settings-message-happy";
+    }
+}
+
+/**
+ * Class AngryAlert
+ * class for an angry alert as as exception.
+ */
+class AngryAlert extends AlertMessage {
+    public function __construct($message = "Er is iets fout gegaan.", $code = 0, Exception $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+
+    public function getClass() {
+        return "settings-message-angry";
+    }
+}
\ No newline at end of file
diff --git a/website/queries/picture.php b/website/queries/picture.php
new file mode 100644
index 0000000..8e99d9a
--- /dev/null
+++ b/website/queries/picture.php
@@ -0,0 +1,138 @@
+<?php
+
+/**
+ * Uploads Avatar, checks it, and removes the old one.
+ * @param bool $group
+ * @throws AngryAlert
+ * @throws HappyAlert
+ */
+function updateAvatar(bool $group = false) {
+    $publicDir = "/var/www/html/public/";
+    $tmpImg = $_FILES["pp"]["tmp_name"];
+    $avatarDir = $group ? "uploads/groupavatar/" : "uploads/profilepictures/";
+    checkAvatarSize($tmpImg);
+    
+    if (getimagesize($tmpImg)["mime"] == "image/gif") {
+        if ($_FILES["pp"]["size"] > 4000000) {
+            throw new AngryAlert("Bestand is te groot, maximaal 4MB toegestaan.");
+        }
+        $relativePath = $avatarDir . $_SESSION["userID"] . "_avatar.gif";
+        $group ? removeOldGroupAvatar($_POST["groupID"]) : removeOldUserAvatar();
+        move_uploaded_file($tmpImg, $publicDir . $relativePath);
+    } else {
+        $relativePath = $avatarDir . $_SESSION["userID"] . "_avatar.png";
+        $scaledImg = scaleAvatar($tmpImg);
+        $group ? removeOldGroupAvatar($_POST["groupID"]) : removeOldUserAvatar();
+        imagepng($scaledImg, $publicDir . $relativePath);
+    }
+
+    $group ? setGroupAvatarToDatabase("../" . $relativePath, $_POST["groupID"]) : setUserAvatarToDatabase("../" . $relativePath);
+    throw new HappyAlert("Profielfoto veranderd.");
+}
+
+/**
+ * Removes the old avatar from the uploads folder, for a user.
+ */
+function removeOldUserAvatar() {
+    $stmt = prepareQuery("
+    SELECT
+        `profilepicture`
+    FROM 
+        `user`
+    WHERE 
+        `userID` = :userID
+    ");
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+    $old_avatar = $stmt->fetch()["profilepicture"];
+    if ($old_avatar != NULL) {
+        unlink("/var/www/html/public/uploads/" . $old_avatar);
+    }
+}
+/**
+ * Removes the old avatar from the uploads folder, for a group.
+ * @param int $groupID
+ */
+function removeOldGroupAvatar(int $groupID) {
+    $stmt = prepareQuery("
+    SELECT
+        `picture`
+    FROM
+        `group_page`
+    WHERE 
+        groupID = :groupID
+    ");
+    $stmt->bindParam(":groupID", $groupID);
+    $stmt->execute();
+    $old_avatar = $stmt->fetch()["picture"];
+    if ($old_avatar != NULL) {
+        unlink("/var/www/html/public/uploads/" . $old_avatar);
+    }
+}
+
+/**
+ * Inserts the the path to the avatar into the database, for Users.
+ * @param string $url path to the avatar
+ */
+function setUserAvatarToDatabase(string $url) {
+    $stmt = prepareQuery("
+    UPDATE
+        `user`
+    SET
+        `profilepicture` = :avatar
+    WHERE
+        `userID` = :userID
+    ");
+
+    $stmt->bindParam(":avatar", $url);
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+}
+
+/**
+ * Inserts the the path to the avatar into the database, for Groups.
+ * @param string $url path to the avatar
+ * @param int $groupID
+ */
+function setGroupAvatarToDatabase(string $url, int $groupID) {
+    $stmt = prepareQuery("
+    UPDATE
+        `group_page`
+    SET
+        `picture` = :avatar
+    WHERE
+        `groupID` = :groupID
+    ");
+    $stmt->bindParam(":avatar", $url);
+    $stmt->bindParam(":groupID", $groupID);
+    $stmt->execute();
+}
+
+/**
+ * Checks the resoluton of a picture.
+ * @param string $img
+ * @throws AngryAlert
+ */
+function checkAvatarSize(string $img) {
+    $minResolution = 200;
+    $imgSize = getimagesize($img);
+    if ($imgSize[0] < $minResolution or $imgSize[1] < $minResolution) {
+        throw new AngryAlert("Afbeelding te klein, minimaal 200x200 pixels.");
+    }
+}
+
+/**
+ * Scales a picture, standard width is 600px.
+ * @param string $imgLink Path to a image file
+ * @param int $newWidth Custom image width.
+ * @return bool|resource Returns the image as an Resource.
+ * @throws AngryAlert
+ */
+function scaleAvatar(string $imgLink, int $newWidth = 600) {
+    $img = imagecreatefromstring(file_get_contents($imgLink));
+    if ($img) {
+        return imagescale($img, $newWidth);
+    } else {
+        throw new AngryAlert("Afbeelding wordt niet ondersteund.");
+    }
+}
\ No newline at end of file
diff --git a/website/queries/settings.php b/website/queries/settings.php
index bdc9d38..03f794f 100644
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -1,49 +1,7 @@
 <?php
 include_once "../queries/emailconfirm.php";
-
-/**
- * Class AlertMessage
- * abstract class for alertMessages used in
- */
-abstract class AlertMessage extends Exception {
-    public function __construct($message = "", $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
-
-    abstract public function getClass();
-}
-
-/**
- * Class HappyAlert
- * class for a happy alert as an exception.
- */
-class HappyAlert extends AlertMessage {
-
-    public function __construct($message = "Gelukt!", $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
-
-    public function getClass() {
-        return "settings-message-happy";
-    }
-}
-
-/**
- * Class AngryAlert
- * class for an angry alert as as exception.
- */
-class AngryAlert extends AlertMessage {
-    public function __construct($message = "Er is iets fout gegaan.", $code = 0, Exception $previous = null)
-    {
-        parent::__construct($message, $code, $previous);
-    }
-
-    public function getClass() {
-        return "settings-message-angry";
-    }
-}
+include_once "../queries/picture.php";
+include_once "../queries/alerts.php";
 
 /**
  * Gets the settings form the database.
@@ -232,74 +190,4 @@ function doChangeEmail($email) {
     } else {
         throw new AngryAlert();
     }
-}
-
-function updateAvatar() {
-    $profilePictureDir = "/var/www/html/public/";
-    $tmpImg = $_FILES["pp"]["tmp_name"];
-
-    checkAvatarSize($tmpImg);
-    if (getimagesize($tmpImg)["mime"] == "image/gif") {
-        if ($_FILES["pp"]["size"] > 4000000) {
-            throw new AngryAlert("Bestand is te groot, maximaal 4MB toegestaan.");
-        }
-        $relativePath = "uploads/profilepictures/" . $_SESSION["userID"] . "_avatar.gif";
-        move_uploaded_file($tmpImg, $profilePictureDir . $relativePath);
-    } else {
-        $relativePath = "uploads/profilepictures/" . $_SESSION["userID"] . "_avatar.png";
-        $scaledImg = scaleAvatar($tmpImg);
-        imagepng($scaledImg, $profilePictureDir . $relativePath);
-    }
-    removeOldAvatar();
-    setAvatarToDatabase("../" . $relativePath);
-    throw new HappyAlert("Profielfoto veranderd.");
-}
-
-function removeOldAvatar() {
-    $stmt = prepareQuery("
-    SELECT
-        `profilepicture`
-     FROM 
-        `user`
-    WHERE 
-        `userID` = :userID
-    ");
-    $stmt->bindParam(":userID", $_SESSION["userID"]);
-    $stmt->execute();
-    $old_avatar = $stmt->fetch()["profilepicture"];
-    if ($old_avatar != NULL) {
-        unlink("/var/www/html/public/uploads/" . $old_avatar);
-    }
-}
-
-function setAvatarToDatabase(string $url) {
-    $stmt = prepareQuery("
-    UPDATE
-        `user`
-    SET
-        `profilepicture` = :avatar
-    WHERE
-        `userID` = :userID
-    ");
-
-    $stmt->bindParam(":avatar", $url);
-    $stmt->bindParam(":userID", $_SESSION["userID"]);
-    $stmt->execute();
-}
-
-function checkAvatarSize(string $img) {
-    $minResolution = 200;
-    $imgSize = getimagesize($img);
-    if ($imgSize[0] < $minResolution or $imgSize[1] < $minResolution) {
-        throw new AngryAlert("Afbeelding te klein, minimaal 200x200 pixels.");
-    }
-}
-
-function scaleAvatar(string $imgLink, int $newWidth = 600) {
-    $img = imagecreatefromstring(file_get_contents($imgLink));
-    if ($img) {
-        return imagescale($img, $newWidth);
-    } else {
-        throw new AngryAlert("Afbeelding wordt niet ondersteund.");
-    }
 }
\ No newline at end of file

From 794b5ab294b47d5343c630e288544df8dd5ea41e Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 13:54:31 +0100
Subject: [PATCH 06/18] Added fancy text to posts and comments

---
 website/public/API/postComment.php   | 6 +++---
 website/public/API/postPost.php      | 6 +++---
 website/public/js/main.js            | 2 +-
 website/public/js/masonry.js         | 6 +++---
 website/public/styles/adminpanel.css | 2 +-
 website/public/styles/main.css       | 9 ++++++++-
 website/queries/private_message.php  | 2 ++
 7 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/website/public/API/postComment.php b/website/public/API/postComment.php
index e1d7617..3bb3c3f 100644
--- a/website/public/API/postComment.php
+++ b/website/public/API/postComment.php
@@ -2,10 +2,10 @@
 
 session_start();
 
-require("../../queries/post.php");
+require_once("../../queries/post.php");
 require_once("../../queries/connect.php");
-require("../../queries/checkInput.php");
-print_r($_POST);
+require_once("../../queries/checkInput.php");
+
 if ($_POST['button'] == 'reaction') {
     if (empty($_POST['newcomment-content'])) {
         echo 0;
diff --git a/website/public/API/postPost.php b/website/public/API/postPost.php
index b52e96b..fdb86bc 100644
--- a/website/public/API/postPost.php
+++ b/website/public/API/postPost.php
@@ -2,9 +2,9 @@
 
 session_start();
 
-require("../../queries/post.php");
-require("../../queries/connect.php");
-require("../../queries/checkInput.php");
+require_once("../../queries/post.php");
+require_once("../../queries/connect.php");
+require_once("../../queries/checkInput.php");
 
 if (empty($_POST['newpost-title'])) {
 } else {
diff --git a/website/public/js/main.js b/website/public/js/main.js
index d23bbbf..7d37d05 100644
--- a/website/public/js/main.js
+++ b/website/public/js/main.js
@@ -3,7 +3,7 @@ var months = ["januari", "februari", "maart", "april", "mei", "juni", "juli", "a
 
 function fancyText(text) {
     // Add links, images, gifs and (youtube) video's.
-    var regex = /(https?:\/\/.[^ ]*)/ig;
+    var regex = /(https?:\/\/.[^ <>"]*)/ig;
     text = text.replace(regex, function(link) {
         // Add images
         if (link.match(/(https?:\/\/.[^ ]*\.(?:png|jpg|jpeg|gif))/ig)) {
diff --git a/website/public/js/masonry.js b/website/public/js/masonry.js
index 8d2080b..b07e3bc 100644
--- a/website/public/js/masonry.js
+++ b/website/public/js/masonry.js
@@ -19,7 +19,7 @@ function requestPost(postID) {
         var scrollBarWidth = window.innerWidth - document.body.offsetWidth;
         scrollbarMargin(scrollBarWidth, 'hidden');
         $('#modal-response').show();
-        $('#modal-response').html(data);
+        $('#modal-response').html(fancyText(data));
     });
 }
 
@@ -52,7 +52,7 @@ function masonry(mode) {
      * Initialise columns.
      */
     var columns = new Array(columnCount);
-    var $columns = new Array(columnCount);
+
     for (i = 0; i < columnCount; i++) {
         $column = $("<div class=\"column\">");
         $column.width(100/columnCount + "%");
@@ -100,7 +100,7 @@ function masonry(mode) {
                $.each(posts, function() {
                    $post = $("<div class=\"post platform\" onclick=\"requestPost(\'"+this['postID']+"\')\">");
                    $post.append($("<h2>").html(this["title"]));
-                   $post.append($("<p>").html(this["content"]));
+                   $post.append($("<p>").html(fancyText(this["content"])));
                    $post.append($("<p class=\"subscript\">").text(this["nicetime"]));
                    $post.append($("<p class=\"subscript\">").text("comments: " + this["comments"] + ", niet slechts: " + this["niet_slechts"]));
 
diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index f9410e1..1dc2eb6 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -4,7 +4,7 @@
 
 .admin-panel input[type="radio"], input[type="checkbox"] {
     vertical-align: middle;
-    height: auto;
+    height: 28px;
     margin: 2px;
 }
 
diff --git a/website/public/styles/main.css b/website/public/styles/main.css
index f2d7535..7fc03e1 100644
--- a/website/public/styles/main.css
+++ b/website/public/styles/main.css
@@ -307,9 +307,16 @@ div[data-title]:hover:after {
     body {
         font-size: 28px!important;
     }
-    button, input {
+    button, input, select {
         font-size: 28px;
         height: 42px;
     }
+    textarea {
+        font-size: 28px;
+    }
+    input[type="checkbox"], input[type="radio"] {
+        width: 28px;
+        height: 28px;
+    }
 
 }
\ No newline at end of file
diff --git a/website/queries/private_message.php b/website/queries/private_message.php
index 430fddb..4ac04a7 100644
--- a/website/queries/private_message.php
+++ b/website/queries/private_message.php
@@ -16,6 +16,8 @@ function getOldChatMessages($user2ID) {
             `destination` = :user1
         ORDER BY
             `creationdate` ASC
+        LIMIT
+          100
         ");
 
         $stmt->bindParam(":user1", $user1ID);

From 2dd7dd8140d6e96cdbb044c080f5f279dd8aa2ae Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 13:56:34 +0100
Subject: [PATCH 07/18] Reload comments bug fix

---
 website/public/js/post.js | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/website/public/js/post.js b/website/public/js/post.js
index 4a8ebc7..e88d3eb 100644
--- a/website/public/js/post.js
+++ b/website/public/js/post.js
@@ -4,9 +4,7 @@ function postComment(buttonValue) {
     $.post(
         "API/postComment.php",
         formData
-    ).done(function(data) {
-        console.log(data);
-    });
+    );
 
     $("#newcomment").val("");
 
@@ -15,6 +13,6 @@ function postComment(buttonValue) {
         "API/loadPost.php",
         $("#newcommentform").serialize()
     ).done(function (data) {
-        $('#modal-response').html(data);
+        $('#modal-response').html(fancyText(data));
     });
 }
\ No newline at end of file

From 164eb2dde6983b239287175c69ff39913bbabd08 Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 14:26:34 +0100
Subject: [PATCH 08/18] Frozen users cant chat with other people

---
 website/public/API/loadFriendRequest.php |  9 ++++++++-
 website/public/API/loadFriends.php       | 14 +++++++++-----
 website/public/API/sendMessage.php       | 16 ++++++++++++----
 website/public/admin.php                 |  4 ++--
 website/public/js/chat.js                |  6 +++++-
 website/queries/user.php                 |  4 ++--
 website/views/notification-center.php    |  4 ++--
 7 files changed, 40 insertions(+), 17 deletions(-)

diff --git a/website/public/API/loadFriendRequest.php b/website/public/API/loadFriendRequest.php
index b99d2c3..02dedb3 100644
--- a/website/public/API/loadFriendRequest.php
+++ b/website/public/API/loadFriendRequest.php
@@ -4,5 +4,12 @@ session_start();
 
 require_once ("../../queries/connect.php");
 require_once ("../../queries/friendship.php");
+require_once ("../../queries/user.php");
 
-echo selectAllFriendRequests();
\ No newline at end of file
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    echo selectAllFriendRequests();
+} else {
+    echo "[]";
+}
diff --git a/website/public/API/loadFriends.php b/website/public/API/loadFriends.php
index 38158c9..c5c8797 100644
--- a/website/public/API/loadFriends.php
+++ b/website/public/API/loadFriends.php
@@ -6,11 +6,15 @@ require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/friendship.php");
 
-if (isset($_POST["limit"])) {
-    echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_POST["limit"]));
-} else if (isset($_GET["limit"])) {
-    echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_GET["limit"]));
+if (isset($_SESSION["userID"])) {
+    if (isset($_POST["limit"])) {
+        echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"]));
+    } else if (isset($_GET["limit"])) {
+        echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"]));
+    } else {
+        echo selectFriends($_SESSION["userID"]);
+    }
 } else {
-    echo selectFriends($_SESSION["userID"]);
+    echo "[]";
 }
 
diff --git a/website/public/API/sendMessage.php b/website/public/API/sendMessage.php
index c5d47d1..9864403 100644
--- a/website/public/API/sendMessage.php
+++ b/website/public/API/sendMessage.php
@@ -4,11 +4,19 @@ session_start();
 require_once("../../queries/connect.php");
 require_once("../../queries/private_message.php");
 require_once("../../queries/checkInput.php");
+require_once("../../queries/user.php");
 
-if (!empty(test_input($_POST["destination"])) &&
-    !empty(test_input($_POST["content"]))) {
-    if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
-        echo 1;
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    if (!empty(test_input($_POST["destination"])) &&
+        !empty(test_input($_POST["content"]))
+    ) {
+        if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
+            echo 1;
+        } else {
+            echo 0;
+        }
     } else {
         echo 0;
     }
diff --git a/website/public/admin.php b/website/public/admin.php
index 2785606..b264c25 100644
--- a/website/public/admin.php
+++ b/website/public/admin.php
@@ -19,9 +19,9 @@
 include_once ("../queries/user.php");
 
 // auth
-$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+$role = getRoleByID($_SESSION['userID']);
 
-if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
+if ($role != 'admin' AND $role != 'owner') {
     header("location:profile.php");
 }
 
diff --git a/website/public/js/chat.js b/website/public/js/chat.js
index e35f85c..0b63d65 100644
--- a/website/public/js/chat.js
+++ b/website/public/js/chat.js
@@ -33,7 +33,11 @@ function sendMessage() {
     $.post(
         "API/sendMessage.php",
         $("#sendMessageForm").serialize()
-    );
+    ).done(function(data) {
+        if (data == "0") {
+            alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denk dat dit onjuist is.");
+        }
+    });
 
     $("#newContent").val("");
     loadMessages();
diff --git a/website/queries/user.php b/website/queries/user.php
index b1bb93c..3c48e41 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -9,7 +9,7 @@ function updateLastActivity() {
       SET
         `lastactivity` = NOW()
       WHERE
-      `userID` = :userID
+        `userID` = :userID
     ");
     $stmt->bindParam(":userID", $_SESSION["userID"]);
     return $stmt->execute();
@@ -417,5 +417,5 @@ function getRoleByID($userID) {
 
     $stmt->bindParam(':userID', $userID);
     $stmt->execute();
-    return $stmt;
+    return $stmt->fetch()["role"];
 }
\ No newline at end of file
diff --git a/website/views/notification-center.php b/website/views/notification-center.php
index 7630b75..7bd03ea 100644
--- a/website/views/notification-center.php
+++ b/website/views/notification-center.php
@@ -7,9 +7,9 @@
         include_once ("../queries/user.php");
 
         // auth
-        $userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+        $role = getRoleByID($_SESSION['userID']);
 
-        if ($userinfo['role'] == 'admin' OR $userinfo['role'] == 'owner') {
+        if ($role == 'admin' OR $role == 'owner') {
             echo "<a href=\"admin.php\" data-title=\"Admin\"><i class=\"fa fa-lock\"></i></a>";
             echo "<style>@import url('styles/adminbutton.css'); </style>";
         }

From 44408ee429913c087a105d16a5a0a529e87b1583 Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 14:34:51 +0100
Subject: [PATCH 09/18] Frozen user cant comment or niet slecht on postst

---
 website/public/API/postComment.php | 32 +++++++++++++++++++-----------
 website/public/API/sendMessage.php |  2 +-
 website/public/js/chat.js          |  6 +++---
 website/public/js/post.js          |  6 +++++-
 website/views/profile.php          |  2 +-
 5 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/website/public/API/postComment.php b/website/public/API/postComment.php
index 3bb3c3f..3864cc8 100644
--- a/website/public/API/postComment.php
+++ b/website/public/API/postComment.php
@@ -5,25 +5,33 @@ session_start();
 require_once("../../queries/post.php");
 require_once("../../queries/connect.php");
 require_once("../../queries/checkInput.php");
+require_once("../../queries/user.php");
 
-if ($_POST['button'] == 'reaction') {
-    if (empty($_POST['newcomment-content'])) {
-        echo 0;
-    } else {
-        if (makeComment($_POST['postID'],
-            $_SESSION['userID'],
-            test_input($_POST['newcomment-content']))) {
+
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    if ($_POST['button'] == 'reaction') {
+        if (empty($_POST['newcomment-content'])) {
+            echo 0;
+        } else {
+            if (makeComment($_POST['postID'],
+                $_SESSION['userID'],
+                test_input($_POST['newcomment-content']))) {
+                echo 1;
+            } else {
+                echo 0;
+            }
+        }
+    } else if ($_POST['button'] == 'nietslecht') {
+        if (makeNietSlecht($_POST["postID"], $_SESSION["userID"])) {
             echo 1;
         } else {
             echo 0;
         }
-    }
-} else if ($_POST['button'] == 'nietslecht') {
-    if (makeNietSlecht($_POST["postID"], $_SESSION["userID"])) {
-        echo 1;
     } else {
         echo 0;
     }
 } else {
-    echo 0;
+    echo "frozen";
 }
\ No newline at end of file
diff --git a/website/public/API/sendMessage.php b/website/public/API/sendMessage.php
index 9864403..2d0b092 100644
--- a/website/public/API/sendMessage.php
+++ b/website/public/API/sendMessage.php
@@ -21,5 +21,5 @@ if (isset($_SESSION["userID"]) &&
         echo 0;
     }
 } else {
-    echo 0;
+    echo "frozen";
 }
\ No newline at end of file
diff --git a/website/public/js/chat.js b/website/public/js/chat.js
index 0b63d65..1d70834 100644
--- a/website/public/js/chat.js
+++ b/website/public/js/chat.js
@@ -33,9 +33,9 @@ function sendMessage() {
     $.post(
         "API/sendMessage.php",
         $("#sendMessageForm").serialize()
-    ).done(function(data) {
-        if (data == "0") {
-            alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denk dat dit onjuist is.");
+    ).done(function(response) {
+        if (response == "frozen") {
+            alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denkt dat dit onjuist is.");
         }
     });
 
diff --git a/website/public/js/post.js b/website/public/js/post.js
index e88d3eb..27bc34e 100644
--- a/website/public/js/post.js
+++ b/website/public/js/post.js
@@ -4,7 +4,11 @@ function postComment(buttonValue) {
     $.post(
         "API/postComment.php",
         formData
-    );
+    ).done(function (response) {
+        if (response == "frozen") {
+            alert("Je account is bevroren, dus je kan geen comments plaatsen of \"niet slechten\". Contacteer een admin als je denkt dat dit onjuist is.");
+        }
+    });
 
     $("#newcomment").val("");
 
diff --git a/website/views/profile.php b/website/views/profile.php
index 8cf555f..4db1a1e 100644
--- a/website/views/profile.php
+++ b/website/views/profile.php
@@ -1,6 +1,6 @@
 <div class="content">
     <div class="user-box">
-        <img class="profile-picture main-picture <?= $user["online"] ?>" src="<?= $user["profilepicture"] ?>"><br />
+        <img class="profile-picture main-picture <?= $user["onlinestatus"] ?>" src="<?= $user["profilepicture"] ?>"><br />
         <div class="platform">
             <div class="status-buttons-container">
                 <button disabled class="gray">

From 646e6dde48c88a346ffcce428865ef2f5569106a Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 15:16:40 +0100
Subject: [PATCH 10/18] Added max value in text area

---
 website/public/js/main.js       | 12 +++++++++++-
 website/public/js/masonry.js    |  2 +-
 website/views/post-view.php     |  2 +-
 website/views/settings-view.php |  3 ++-
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/website/public/js/main.js b/website/public/js/main.js
index 7d37d05..2983fdb 100644
--- a/website/public/js/main.js
+++ b/website/public/js/main.js
@@ -93,4 +93,14 @@ function showGroups(groups, list) {
     } else {
         return false;
     }
-}
\ No newline at end of file
+}
+
+$(document).ready(function() {
+    $("body").delegate("textarea[maxlength]", "keydown", function() {
+        if ($(this).val().length / .9 >= $(this).attr("maxlength")) {
+            $(this).next().text($(this).val().length + "/" + $(this).attr("maxlength"));
+        } else {
+            $(this).next().text("");
+        }
+    });
+});
\ No newline at end of file
diff --git a/website/public/js/masonry.js b/website/public/js/masonry.js
index 93b5fae..b4370b7 100644
--- a/website/public/js/masonry.js
+++ b/website/public/js/masonry.js
@@ -96,7 +96,7 @@ function masonry(mode) {
         }
 
         $form.append($("<input class=\"newpost\" name=\"title\" placeholder=\"Titel\" type=\"text\">"));
-        $form.append($("<textarea class=\"newpost\" name=\"content\" placeholder=\"Schrijf een berichtje...\">"));
+        $form.append($("<textarea class=\"newpost\" name=\"content\" placeholder=\"Schrijf een berichtje...\" maxlength='1000'></textarea><span></span>"));
         $form.append($("<input value=\"Plaats!\" type=\"submit\">"));
         columns[0][1].append($postInput);
 
diff --git a/website/views/post-view.php b/website/views/post-view.php
index 264d67c..d961334 100644
--- a/website/views/post-view.php
+++ b/website/views/post-view.php
@@ -24,7 +24,7 @@ echo("
     <div class="commentfield">
         <form id="newcommentform" onsubmit="return false;">
             <input type="hidden" id="newcomment-textarea" name="postID" value="<?= $postID ?>">
-            <textarea id="newcomment" name="newcomment-content" placeholder="Laat een reactie achter..."></textarea> <br>
+            <textarea id="newcomment" name="newcomment-content" placeholder="Laat een reactie achter..." maxlength="1000"></textarea><span></span> <br>
             <button onclick="postComment('reaction')" name="button" value="reaction">Reageer!</button>
             <button onclick="postComment('nietslecht')" name="button" value="nietslecht" class="nietslecht">
             <?php
diff --git a/website/views/settings-view.php b/website/views/settings-view.php
index b7f554a..41f093e 100644
--- a/website/views/settings-view.php
+++ b/website/views/settings-view.php
@@ -99,7 +99,8 @@ $settings = getSettings();
                               rows="5"
                               title="bio"
                               id="bio"
-                    ><?=$settings["bio"]?></textarea>
+                              maxlength="1000"
+                    ><?=$settings["bio"]?></textarea><span></span>
                 </li>
                 <li>
                     <label></label>

From 78e96d5a74a5475159f4ba2f7724a58b4db4b683 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Tue, 31 Jan 2017 15:30:48 +0100
Subject: [PATCH 11/18] add pageselector on search

---
 website/public/API/searchPageNumber.php | 41 +++++++++++++++++++++++
 website/public/API/searchUsers.php      | 12 ++++---
 website/public/js/search.js             | 38 +++++++++++++--------
 website/queries/user.php                |  5 +--
 website/views/search-view.php           | 44 +++++--------------------
 website/views/searchPageNumber.php      | 36 ++++++++++++++++++++
 6 files changed, 119 insertions(+), 57 deletions(-)
 create mode 100644 website/public/API/searchPageNumber.php
 create mode 100644 website/views/searchPageNumber.php

diff --git a/website/public/API/searchPageNumber.php b/website/public/API/searchPageNumber.php
new file mode 100644
index 0000000..4a76516
--- /dev/null
+++ b/website/public/API/searchPageNumber.php
@@ -0,0 +1,41 @@
+<?php
+
+session_start();
+
+require_once ("../../queries/connect.php");
+require_once ("../../queries/checkInput.php");
+require_once ("../../queries/user.php");
+require_once ("../../queries/group_page.php");
+
+$user_perpage = $group_perpage = 20;
+
+$user_currentpage = $group_currentpage = 1;
+if (isset($_POST['user-pageselect'])) {
+    $user_currentpage = test_input($_POST['user-pageselect']);
+}
+if (isset($_POST['group-pageselect'])) {
+    $group_currentpage = test_input($_POST['group-pageselect']);
+}
+
+$user_n = $user_currentpage * $user_perpage - $user_perpage;
+$group_n = $group_currentpage * $group_perpage - $group_perpage;
+
+$search = "";
+if (isset($_POST['search'])) {
+    $search = test_input($_POST['search']);
+}
+
+$user_count = countSomeUsers($search)->fetchColumn();
+$group_count = countSomeGroups($search)->fetchColumn();
+
+$filter = "all";
+if (isset($_POST['filter'])) {
+    $filter = test_input($_POST['filter']);
+}
+
+$option = "user";
+if (isset($_POST['option'])) {
+    $option = test_input($_POST['option']);
+}
+
+include ("../../views/searchPageNumber.php");
diff --git a/website/public/API/searchUsers.php b/website/public/API/searchUsers.php
index 15b03ed..f431f88 100644
--- a/website/public/API/searchUsers.php
+++ b/website/public/API/searchUsers.php
@@ -8,13 +8,15 @@ require_once ("../../queries/friendship.php");
 require_once ("../../queries/user.php");
 
 $n = 0;
-if (isset($_POST["n"])) {
-    $n = (int) test_input($_POST["n"]);
-}
 $m = 20;
-if (isset($_POST["m"])) {
-    $m = (int) test_input($_POST["m"]);
+
+$page = 1;
+if (isset($_POST["user-pageselect"])) {
+    $page = (int) test_input($_POST['user-pageselect']);
 }
+
+$n = ($page - 1) * $m;
+
 $search = "";
 if (isset($_POST["search"])) {
     $search = test_input($_POST["search"]);
diff --git a/website/public/js/search.js b/website/public/js/search.js
index c026b64..f7c4bbe 100644
--- a/website/public/js/search.js
+++ b/website/public/js/search.js
@@ -1,12 +1,11 @@
-function searchUsers(n, m) {
+$(window).on('load', function () {
+    pageNumber();
+});
+
+function searchUsers() {
     $.post(
         "API/searchUsers.php",
-        {
-            n: n,
-            m: m,
-            search: $("#search-input").val(),
-            filter: $("#search-filter").val()
-        }
+        $('#search-form').serialize()
     ).done(function(data) {
         if (!showFriends(data, "#search-users-list", 0, "profile.php", "GET")) {
             $("#search-users-list").text("Niemand gevonden");
@@ -14,18 +13,29 @@ function searchUsers(n, m) {
     });
 }
 
-function searchGroups(n, m) {
+function searchGroups() {
     $.post(
         "API/searchGroups.php",
-        {
-            n: n,
-            m: m,
-            search: $("#search-input").val(),
-            filter: $("#search-filter").val()
-        }
+        $('#search-form').serialize()
     ).done(function(data) {
         if (!showGroups(data, "#search-groups-list")) {
             $("#search-groups-list").text("Geen groepen gevonden");
         }
     });
+}
+
+function pageNumber() {
+    var input = input2 = $('#search-form').serialize();
+    $.post(
+        "API/searchPageNumber.php",
+        input + "&option=user"
+    ).done(function (data) {
+        $('#user-pageselect').html(data);
+    });
+    $.post(
+        "API/searchPageNumber.php",
+        input2 + "&option=group"
+    ).done(function (data) {
+        $('#group-pageselect').html(data);
+    });
 }
\ No newline at end of file
diff --git a/website/queries/user.php b/website/queries/user.php
index 0900d9f..21d018c 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -377,9 +377,10 @@ function countSomeUsers($search) {
     FROM
         `user`
     WHERE
-        `username` LIKE :keyword OR 
+        (`username` LIKE :keyword OR 
         `fname` LIKE :keyword OR 
-        `lname` LIKE :keyword
+        `lname` LIKE :keyword) AND 
+        `role` != 'banned'
     ORDER BY 
         `fname`, 
         `lname`, 
diff --git a/website/views/search-view.php b/website/views/search-view.php
index 392ea45..e42f985 100644
--- a/website/views/search-view.php
+++ b/website/views/search-view.php
@@ -21,10 +21,8 @@ if (isset($_GET['filter'])) {
 }
 
 $user_n = ($user_currentpage - 1) * $user_perpage;
-$user_count = countSomeUsers($search)->fetchColumn();
 
 $group_n = ($group_currentpage - 1) * $group_perpage;
-$group_count = countSomeGroups($search)->fetchColumn();
 ?>
 
 <div class="content">
@@ -40,8 +38,10 @@ $group_count = countSomeGroups($search)->fetchColumn();
                    id="search-input"
                    name="search"
                    onkeyup="
-                           searchUsers(<?= $user_n ?>, <?= $user_perpage ?>);
-                           searchGroups(<?= $group_n ?>, <?= $group_perpage ?>);"
+                           $('#user-pagenumber, #group-pagenumber').prop('value', 1);
+                           searchUsers();
+                           searchGroups();
+                           pageNumber();"
                    placeholder="Zoek"
                    value=<?php echo "$search";?>
             >
@@ -66,26 +66,12 @@ $group_count = countSomeGroups($search)->fetchColumn();
     <div class="platform item-box searchleft" id="search-friends-output">
         <h4>Gebruikers</h4>
 
-        <select class="user-pageselect"
-                name="user-pageselect"
-                id="user-pageselect"
-                form="search-form"
-                onchange="this.form.submit()">
-            <?php
-            for ($i=1; $i <= ceil($user_count / $user_perpage); $i++) {
-                if ($user_currentpage == $i) {
-                    echo "<option value='$i' selected>$i</option>";
-                } else {
-                    echo "<option value='$i'>$i</option>";
-                }
-            }
-            ?>
-        </select>
+        <div id="user-pageselect"></div>
 
         <ul id='search-users-list' class='nav-list'>
             <script>
             $(document).ready(function(){
-                searchUsers(<?= $user_n ?>, <?= $user_perpage ?>);
+                searchUsers();
             });
             </script>
         </ul>
@@ -94,26 +80,12 @@ $group_count = countSomeGroups($search)->fetchColumn();
     <div class="platform item-box searchright" id="search-group-output">
         <h4>Groepen</h4>
 
-        <select class="group-pageselect"
-                name="group-pageselect"
-                id="group-pageselect"
-                form="search-form"
-                onchange="this.form.submit()">
-            <?php
-            for ($i=1; $i <= ceil($group_count / $group_perpage); $i++) {
-                if ($group_currentpage == $i) {
-                    echo "<option value='$i' selected>$i</option>";
-                } else {
-                    echo "<option value='$i'>$i</option>";
-                }
-            }
-            ?>
-        </select>
+        <div id="group-pageselect"></div>
 
         <ul id="search-groups-list" class="nav-list">
             <script>
                 $(document).ready(function(){
-                    searchGroups(<?= $group_n ?>, <?= $group_perpage ?>);
+                    searchGroups();
                 });
             </script>
         </ul>
diff --git a/website/views/searchPageNumber.php b/website/views/searchPageNumber.php
new file mode 100644
index 0000000..b98d4ef
--- /dev/null
+++ b/website/views/searchPageNumber.php
@@ -0,0 +1,36 @@
+<?php
+if ($option == "user") {
+    echo "<select class=\"user-pageselect\"
+    name=\"user-pageselect\"
+    id='user-pagenumber'
+    form=\"search-form\"
+    onchange=\"pageNumber(); searchUsers();\">";
+
+    for ($i=1; $i <= ceil($user_count / $user_perpage); $i++) {
+        if ($user_currentpage == $i) {
+            echo "<option value='$i' selected>$i</option>";
+        } else {
+            echo "<option value='$i'>$i</option>";
+        }
+    }
+
+    echo "</select>";
+} else {
+    echo "<select class=\"group-pageselect\"
+    name=\"group-pageselect\"
+    id='group-pagenumber'
+    form=\"search-form\"
+    onchange=\"pageNumber(); searchGroups();\">";
+
+    for ($i=1; $i <= ceil($group_count / $group_perpage); $i++) {
+        if ($group_currentpage == $i) {
+            echo "<option value='$i' selected>$i</option>";
+        } else {
+            echo "<option value='$i'>$i</option>";
+        }
+    }
+
+    echo "</select>";
+}
+
+?>

From d6c2fab617a72b4c2502d8b61df967932f24bd95 Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 15:32:19 +0100
Subject: [PATCH 12/18] Post is now mobile friendly

---
 website/public/styles/header.css  | 2 +-
 website/public/styles/profile.css | 4 ++++
 website/views/header.php          | 3 +--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/website/public/styles/header.css b/website/public/styles/header.css
index 61727eb..d400e07 100644
--- a/website/public/styles/header.css
+++ b/website/public/styles/header.css
@@ -49,7 +49,7 @@ header div {
 }
 
 #open-notifications {
-    padding: 5px 20px 5px 0px;
+    padding: 20px 20px 20px 0px;
 }
 
 @media only screen and (max-width: 1080px) {
diff --git a/website/public/styles/profile.css b/website/public/styles/profile.css
index 61f3615..421e781 100644
--- a/website/public/styles/profile.css
+++ b/website/public/styles/profile.css
@@ -120,4 +120,8 @@ div.posts .post form textarea.newpost {
     .post-box {
         width: calc(100% - 65px);
     }
+    .modal {
+        left: 0!important;
+        width: 100%!important;
+    }
 }
diff --git a/website/views/header.php b/website/views/header.php
index 9d2aa56..c1379fc 100644
--- a/website/views/header.php
+++ b/website/views/header.php
@@ -25,8 +25,7 @@ $userinfo = getHeaderInfo();
             </div>
             <?=$userinfo["fname"]?>
         </div>
-        <img id="own-profile-picture" class="profile-picture" src="<?=$userinfo["profilepicture"]?>"/>
-        <i id="open-notifications" class="fa fa-bars"></i>
+        <img id="own-profile-picture" class="profile-picture" src="<?=$userinfo["profilepicture"]?>"/><i id="open-notifications" class="fa fa-bars"></i>
     </div>
 </header>
 <?php include("notification-center.php"); ?>

From 4d40bb60421a6cbf3aab914a1f786855a6fc81d6 Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 15:46:53 +0100
Subject: [PATCH 13/18] checkbox width fix

---
 website/public/styles/adminpanel.css | 1 -
 1 file changed, 1 deletion(-)

diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index 1dc2eb6..4d55945 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -34,7 +34,6 @@
     width: 100%;
 }
 
-.usertable .table-checkbox {width: 20px}
 .usertable .table-username {width: 150px}
 .usertable .table-status {width: 100px}
 .usertable .table-action {width: 200px}

From b41a365b609a83f60680e12c19bc98f61da8d8c2 Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 31 Jan 2017 16:11:20 +0100
Subject: [PATCH 14/18] Age instead of birthday

---
 website/public/profile.php | 1 +
 website/views/profile.php  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/website/public/profile.php b/website/public/profile.php
index c67b60d..05c661d 100644
--- a/website/public/profile.php
+++ b/website/public/profile.php
@@ -17,6 +17,7 @@ include_once("../queries/user.php");
 include_once("../queries/friendship.php");
 include_once("../queries/nicetime.php");
 include_once("../queries/post.php");
+include_once("../queries/calcAge.php");
 
 if(empty($_GET["username"])) {
     $userID = $_SESSION["userID"];
diff --git a/website/views/profile.php b/website/views/profile.php
index 4db1a1e..c72c01b 100644
--- a/website/views/profile.php
+++ b/website/views/profile.php
@@ -29,7 +29,7 @@
         <h3>Informatie</h3>
         <p>
             <ul>
-                <li>Geboren op: <?= $user["birthdate"] ?></li>
+                <li>Leeftijd: <?= getAge($user["birthdate"]) ?> jaar</li>
                 <li>Locatie: <?= $user["location"] ?></li>
                 <li>Lid sinds: <?= nicetime($user["creationdate"]) ?></li>
             </ul>

From b16dc1d4b70b1f0a8596885ae41e94682bb87889 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Tue, 31 Jan 2017 16:15:48 +0100
Subject: [PATCH 15/18] add bancomment change

---
 website/public/API/adminChangeUser.php |  2 ++
 website/public/js/admin.js             | 14 ++++++++++++++
 website/public/styles/adminpanel.css   |  8 ++++++++
 website/queries/user.php               | 15 +++++++++++++++
 website/views/adminpanel-table.php     | 20 +++++++++++++++++++-
 5 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/website/public/API/adminChangeUser.php b/website/public/API/adminChangeUser.php
index 72acb8c..359497a 100644
--- a/website/public/API/adminChangeUser.php
+++ b/website/public/API/adminChangeUser.php
@@ -20,4 +20,6 @@ if (isset($_POST["actions"]) && isset($_POST["userID"])) {
     }
 } else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
     changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
+} else if (isset($_POST['bancommentuserID']) && isset($_POST['bancommenttext'])) {
+    editBanCommentByID($_POST['bancommentuserID'], $_POST['bancommenttext']);
 }
diff --git a/website/public/js/admin.js b/website/public/js/admin.js
index 7e2efad..2b78e0b 100644
--- a/website/public/js/admin.js
+++ b/website/public/js/admin.js
@@ -93,4 +93,18 @@ function updatePageN() {
     ).done(function (data) {
         $("#admin-pageinfo").html(data);
     })
+}
+
+function toggleBancomment(button) {
+    $(button).siblings("div").toggle();
+    $(button).toggle();
+}
+
+function editComment(form) {
+    $.post(
+        "API/adminChangeUser.php",
+        $(form).serialize()
+    ).done(function (data) {
+        adminSearch();
+    });
 }
\ No newline at end of file
diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index 75fa8b1..7f117c6 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -51,3 +51,11 @@
 .usertable tr:hover {
     background-color: #f5f5f5;
 }
+
+.bancommentedit {
+    display: none;
+}
+
+.bancommentform input[type="text"] {
+    width: 100%;
+}
\ No newline at end of file
diff --git a/website/queries/user.php b/website/queries/user.php
index bf20e7d..39f1c4e 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -424,4 +424,19 @@ function getRoleByID($userID) {
     $stmt->bindParam(':userID', $userID);
     $stmt->execute();
     return $stmt;
+}
+
+function editBanCommentByID($userID, $comment) {
+    $stmt = prepareQuery("
+        UPDATE
+            `user`
+        SET
+            `bancomment` = :comment
+        WHERE
+            `userID` = :userID
+    ");
+
+    $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
+    $stmt->bindParam(':comment', $comment);
+    $stmt->execute();
 }
\ No newline at end of file
diff --git a/website/views/adminpanel-table.php b/website/views/adminpanel-table.php
index 7ac0873..9e6b9bc 100644
--- a/website/views/adminpanel-table.php
+++ b/website/views/adminpanel-table.php
@@ -27,7 +27,25 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
             </td>
             <td>$username</td>
             <td>$role</td>
-            <td>$bancomment</td>
+            <td>
+                <div class='bancomment'>$bancomment</div>
+                <div class='bancommentedit'>
+                    <form class='bancommentform'
+                          id='bancommentform'
+                          onsubmit='editComment(this); 
+                                    return false;'>
+                          <input type='text'
+                                 name='bancommenttext'
+                                 placeholder='Schrijf een aantekening'
+                                 value='$bancomment'>
+                          <input type='hidden'
+                                 name='bancommentuserID'
+                                 value='$userID'>
+                          <button type='submit'>Update</button>
+                    </form>
+                </div>
+                <button type='button' onclick='toggleBancomment(this)'>Verander</button>
+            </td>
             <td>
                 <form class='admin-useraction'
                       onsubmit=\"adminUpdate(this);  return false;\">

From c0a64e9ffd4af652b488ac18a39f31831de13523 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Tue, 31 Jan 2017 16:19:15 +0100
Subject: [PATCH 16/18] 1337 bday

---
 website/views/settings-view.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/views/settings-view.php b/website/views/settings-view.php
index b7f554a..b03133e 100644
--- a/website/views/settings-view.php
+++ b/website/views/settings-view.php
@@ -75,6 +75,9 @@ $settings = getSettings();
                             <?=$year?>
                         </option>
                         <?php endfor; ?>
+                        <option value="680" <?=(680 == $currentbday->format("Y")) ? "selected" : ""?>>
+                            680
+                        </option>
                     </select>
                 </li>
                 <li>

From 52a4822477432218965aff2bf0b9b15018f4112e Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Tue, 31 Jan 2017 16:20:02 +0100
Subject: [PATCH 17/18] post-merge fix

---
 website/public/API/adminSearchUsers.php | 2 +-
 website/views/adminpanel-table.php      | 2 +-
 website/views/adminpanel.php            | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/public/API/adminSearchUsers.php b/website/public/API/adminSearchUsers.php
index 58b170a..5f7944b 100644
--- a/website/public/API/adminSearchUsers.php
+++ b/website/public/API/adminSearchUsers.php
@@ -33,7 +33,7 @@ if (isset($_POST['groupstatus'])) {
     $groupstatus = $_POST["groupstatus"];
 }
 
-$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+$userinfo = getRoleByID($_SESSION['userID']);
 
 if ($pagetype == "user") {
     include ("../../views/adminpanel-table.php");
diff --git a/website/views/adminpanel-table.php b/website/views/adminpanel-table.php
index 9e6b9bc..3ae5da4 100644
--- a/website/views/adminpanel-table.php
+++ b/website/views/adminpanel-table.php
@@ -50,7 +50,7 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                 <form class='admin-useraction'
                       onsubmit=\"adminUpdate(this);  return false;\">
                     <select class='action' name='actions'>");
-                        if (!($userinfo['role'] == 'admin'
+                        if (!($userinfo == 'admin'
                               AND ($user['role'] == 'admin'
                               OR $user['role'] == 'owner'))) {
                             echo "<option value='frozen'>Bevries</option>
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index f1d27a1..a4da648 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -5,7 +5,7 @@ $search = "";
 $status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
 $groupstatus = array("hidden", "public", "membersonly");
 $pagetype = "user";
-$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+$userinfo = getRoleByID($_SESSION['userID']);
 
 if (isset($_GET["search"])) {
     $search = test_input($_GET["search"]);
@@ -123,7 +123,7 @@ if (isset($_GET["groupstatus"])) {
                     <button type="submit" name="batchactions" id="ban" value="banned">Ban</button>
                     <button type="submit" name="batchactions" id="restore" value="user">Activeer</button>
                     <?php
-                    if ($userinfo['role'] == 'owner') {
+                    if ($userinfo == 'owner') {
                         echo "<button type=\"submit\" 
                                       name=\"batchactions\" 
                                       id=\"admin\" 

From fb9d070d6ab8ce8b2333be94d40902e9a66a338f Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Tue, 31 Jan 2017 16:23:13 +0100
Subject: [PATCH 18/18] fixsquared

---
 website/public/API/adminChangeUser.php | 4 ++--
 website/views/adminpanel-table.php     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/public/API/adminChangeUser.php b/website/public/API/adminChangeUser.php
index 359497a..6ec50c9 100644
--- a/website/public/API/adminChangeUser.php
+++ b/website/public/API/adminChangeUser.php
@@ -6,14 +6,14 @@ require_once ("../../queries/checkInput.php");
 require_once ("../../queries/user.php");
 require_once ("../../queries/group_page.php");
 
-$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+$userinfo = getRoleByID($_SESSION['userID']);
 
 if (isset($_POST["actions"]) && isset($_POST["userID"])) {
     changeUserStatusByID($_POST["userID"], $_POST["actions"]);
 } else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
     changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
 } else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
-    if ($userinfo['role'] == 'owner') {
+    if ($userinfo == 'owner') {
         changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
     } else {
         changeMultipleUserStatusByIDAdmin($_POST["checkbox-user"], $_POST["batchactions"]);
diff --git a/website/views/adminpanel-table.php b/website/views/adminpanel-table.php
index 3ae5da4..aa790e6 100644
--- a/website/views/adminpanel-table.php
+++ b/website/views/adminpanel-table.php
@@ -57,7 +57,7 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                                   <option value='banned'>Ban</option>
                                   <option value='user'>Activeer</option>";
 
-                            if ($userinfo['role'] == 'owner') {
+                            if ($userinfo == 'owner') {
                                 echo "<option value='admin'>Admin</option>
                                       <option value='owner'>Owner</option>";
                             }