MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into kevin-prototype

Browse Source
This commit is contained in:
K. Nobel
2017-02-01 12:27:07 +01:00
parent 69b0b24176 028c2373c1
commit 3ca7536cc2
41 changed files with 664 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
website/public/API/adminChangeUser.php
View File

@@ -6,15 +6,20 @@ require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
$userinfo = getRoleByID($_SESSION['userID']);
if (isset($_POST["actions"]) && isset($_POST["userID"])) {
changeUserStatusByID($_POST["userID"], $_POST["actions"]);
} else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
} else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
if ($userinfo == 'owner') {
changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
} else {
changeMultipleUserStatusByIDAdmin($_POST["checkbox-user"], $_POST["batchactions"]);
}
} else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
} else if (isset($_POST['bancommentuserID']) && isset($_POST['bancommenttext'])) {
editBanCommentByID($_POST['bancommentuserID'], $_POST['bancommenttext']);
}
//header("location: ../admin.php");
print_r($_POST);

18
website/public/API/adminPageNumber.php
View File

@@ -5,6 +5,7 @@ session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
$search = "";
if (isset($_POST["search"])) {
@@ -21,8 +22,17 @@ if (isset($_POST['status'])) {
$status = $_POST["status"];
}
if ($pagetype == "user") {
include ("../../views/adminpanel-page.php");
} else {
echo "Pagenumber failed!";
$groupstatus = array();
if (isset($_POST['groupstatus'])) {
$groupstatus = $_POST["groupstatus"];
}
$entries = 20;
$currentpage = 1;
if (isset($_POST['currentpage'])) {
$currentpage = (int) test_input($_POST["currentpage"]);
}
$offset = (int) $currentpage * $entries - $entries;
include ("../../views/adminpanel-page.php");

10
website/public/API/adminSearchUsers.php
View File

@@ -8,13 +8,11 @@ require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
$offset = 0;
if (isset($_POST["n"])) {
$offset = (int) test_input($_POST["n"]);
}
$entries = 20;
if (isset($_POST["m"])) {
$entries = (int) test_input($_POST["m"]);
if (isset($_POST["currentpage"])) {
$offset = (int) test_input($_POST["currentpage"]) * $entries - $entries;
}
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
@@ -35,6 +33,8 @@ if (isset($_POST['groupstatus'])) {
$groupstatus = $_POST["groupstatus"];
}
$userinfo = getRoleByID($_SESSION['userID']);
if ($pagetype == "user") {
include ("../../views/adminpanel-table.php");
} else if ($pagetype == "group") {

9
website/public/API/loadFriendRequest.php
View File

@@ -4,5 +4,12 @@ session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/friendship.php");
require_once ("../../queries/user.php");
echo selectAllFriendRequests();
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'frozen' &&
getRoleByID($_SESSION["userID"]) != 'banned') {
echo selectAllFriendRequests();
} else {
echo "[]";
}

14
website/public/API/loadFriends.php
View File

@@ -6,11 +6,15 @@ require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/friendship.php");
if (isset($_POST["limit"])) {
echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_POST["limit"]));
} else if (isset($_GET["limit"])) {
echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_GET["limit"]));
if (isset($_SESSION["userID"])) {
if (isset($_POST["limit"])) {
echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"]));
} else if (isset($_GET["limit"])) {
echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"]));
} else {
echo selectFriends($_SESSION["userID"]);
}
} else {
echo selectFriends($_SESSION["userID"]);
echo "[]";
}

38
website/public/API/postComment.php
View File

@@ -2,28 +2,36 @@
session_start();
require("../../queries/post.php");
require_once("../../queries/post.php");
require_once("../../queries/connect.php");
require("../../queries/checkInput.php");
print_r($_POST);
if ($_POST['button'] == 'reaction') {
if (empty($_POST['newcomment-content'])) {
echo 0;
} else {
if (makeComment($_POST['postID'],
$_SESSION['userID'],
test_input($_POST['newcomment-content']))) {
require_once("../../queries/checkInput.php");
require_once("../../queries/user.php");
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'frozen' &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if ($_POST['button'] == 'reaction') {
if (empty($_POST['newcomment-content'])) {
echo 0;
} else {
if (makeComment($_POST['postID'],
$_SESSION['userID'],
test_input($_POST['newcomment-content']))) {
echo 1;
} else {
echo 0;
}
}
} else if ($_POST['button'] == 'nietslecht') {
if (makeNietSlecht($_POST["postID"], $_SESSION["userID"])) {
echo 1;
} else {
echo 0;
}
}
} else if ($_POST['button'] == 'nietslecht') {
if (makeNietSlecht($_POST["postID"], $_SESSION["userID"])) {
echo 1;
} else {
echo 0;
}
} else {
echo 0;
echo "frozen";
}

41
website/public/API/searchPageNumber.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
$user_perpage = $group_perpage = 20;
$user_currentpage = $group_currentpage = 1;
if (isset($_POST['user-pageselect'])) {
$user_currentpage = test_input($_POST['user-pageselect']);
}
if (isset($_POST['group-pageselect'])) {
$group_currentpage = test_input($_POST['group-pageselect']);
}
$user_n = $user_currentpage * $user_perpage - $user_perpage;
$group_n = $group_currentpage * $group_perpage - $group_perpage;
$search = "";
if (isset($_POST['search'])) {
$search = test_input($_POST['search']);
}
$user_count = countSomeUsers($search)->fetchColumn();
$group_count = countSomeGroups($search)->fetchColumn();
$filter = "all";
if (isset($_POST['filter'])) {
$filter = test_input($_POST['filter']);
}
$option = "user";
if (isset($_POST['option'])) {
$option = test_input($_POST['option']);
}
include ("../../views/searchPageNumber.php");

12
website/public/API/searchUsers.php
View File

@@ -8,13 +8,15 @@ require_once ("../../queries/friendship.php");
require_once ("../../queries/user.php");
$n = 0;
if (isset($_POST["n"])) {
$n = (int) test_input($_POST["n"]);
}
$m = 20;
if (isset($_POST["m"])) {
$m = (int) test_input($_POST["m"]);
$page = 1;
if (isset($_POST["user-pageselect"])) {
$page = (int) test_input($_POST['user-pageselect']);
}
$n = ($page - 1) * $m;
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);

18
website/public/API/sendMessage.php
View File

@@ -4,14 +4,22 @@ session_start();
require_once("../../queries/connect.php");
require_once("../../queries/private_message.php");
require_once("../../queries/checkInput.php");
require_once("../../queries/user.php");
if (!empty(test_input($_POST["destination"])) &&
!empty(test_input($_POST["content"]))) {
if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
echo 1;
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'frozen' &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (!empty(test_input($_POST["destination"])) &&
!empty(test_input($_POST["content"]))
) {
if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
echo 1;
} else {
echo 0;
}
} else {
echo 0;
}
} else {
echo 0;
echo "frozen";
}

6
website/public/admin.php
View File

@@ -8,7 +8,7 @@
<style>
@import url("styles/adminpanel.css");
</style>
<script src="js/admin.js" charset="utf-8"></script>
<script src="js/admin.js" charset="utf-8"></script>
</head>
<body>
<?php
@@ -19,9 +19,9 @@
include_once ("../queries/user.php");
// auth
$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
$role = getRoleByID($_SESSION['userID']);
if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
if ($role != 'admin' AND $role != 'owner') {
header("location:profile.php");
}

2
website/public/bits/friend-item.php
View File

@@ -33,7 +33,7 @@ foreach($friends as $i => $friend) {
}
?>'>
<div class='friend'>
<img alt='PF' class='profile-picture' src='<?= $friend->profilepicture ?>'/>
<img alt='PF' class='profile-picture <?= $friend->onlinestatus ?>' src='<?= $friend->profilepicture ?>'/>
<div class='friend-name'>
<?= $friend->fullname ?><br/>
<span style='color: #666'><?php

2
website/public/group.php
View File

@@ -11,7 +11,7 @@
<body>
<?php
include("../queries/group_page.php");
include_once("../queries/group_page.php");
$group = selectGroupByName($_GET["groupname"]);
$members = selectGroupMembers(2);

82
website/public/js/admin.js
View File

@@ -1,42 +1,48 @@
$(window).on("load", function () {
changeFilter();
searchFromOne();
$(".admin-searchinput").keyup(function(){
adminSearch();
searchFromOne();
});
// all inputs and labels directly under admin filter and groupfilter
$("#admin-filter, #admin-groupfilter > input, label").click(function(){
adminSearch();
$("#admin-filter, #admin-groupfilter > input, label").change(function(){
searchFromOne();
});
$("#pagetype").change(function(){
adminSearch();
searchFromOne();
});
adminSearch();
/* Update hidden input to be equal to submit pressed,
because serialize doesn't take submit values. */
$('#admin-batchform > button').click(function () {
$('#batchinput').prop('value', $(this).prop('value'));
console.log($('#batchinput').prop('value'));
});
$('#admin-groupbatchform > button').click(function () {
$('#groupbatchinput').prop('value', $(this).prop('value'));
console.log($('#batchinput').prop('value'));
});
});
function checkAll(allbox) {
var checkboxes = document.getElementsByClassName('checkbox-list');
for (var i = 0; i < checkboxes.length; i++) {
if (checkboxes[i].type == 'checkbox') {
checkboxes[i].checked = allbox.checked;
}
}
function checkAll() {
$('.checkbox-list').each(function () {
$(this).prop('checked', $('#checkall').prop('checked'));
});
}
function checkCheckAll(allbox) {
var checkboxes = document.getElementsByClassName('checkbox-list');
function checkCheckAll() {
var checked = true;
for (var i = 0; i < checkboxes.length; i++) {
if (checkboxes[i].type == 'checkbox') {
if (checkboxes[i].checked == false) {
checked = false;
break;
}
$('.checkbox-list').each(function () {
if ($(this).prop('checked') == false) {
checked = false;
return;
}
}
allbox.checked = checked;
});
$('#checkall').prop('checked', checked);
}
function changeFilter() {
@@ -55,12 +61,28 @@ function changeFilter() {
}
}
function searchFromOne() {
$('#currentpage').prop('value', 1);
adminSearch();
}
function adminSearch() {
console.log($("#admin-searchform").serialize());
$.post(
"API/adminSearchUsers.php",
$("#admin-searchform").serialize()
).done(function (data) {
$("#usertable").html(data);
updatePageN();
})
}
function adminUpdate(form) {
$.post(
"API/adminChangeUser.php",
$(form).serialize()
).done(function () {
adminSearch();
})
}
@@ -71,4 +93,18 @@ function updatePageN() {
).done(function (data) {
$("#admin-pageinfo").html(data);
})
}
function toggleBancomment(button) {
$(button).siblings("div").toggle();
$(button).toggle();
}
function editComment(form) {
$.post(
"API/adminChangeUser.php",
$(form).serialize()
).done(function (data) {
adminSearch();
});
}

6
website/public/js/chat.js
View File

@@ -33,7 +33,11 @@ function sendMessage() {
$.post(
"API/sendMessage.php",
$("#sendMessageForm").serialize()
);
).done(function(response) {
if (response == "frozen") {
alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denkt dat dit onjuist is.");
}
});
$("#newContent").val("");
loadMessages();

14
website/public/js/main.js
View File

@@ -3,7 +3,7 @@ var months = ["januari", "februari", "maart", "april", "mei", "juni", "juli", "a
function fancyText(text) {
// Add links, images, gifs and (youtube) video's.
var regex = /(https?:\/\/.[^ ]*)/ig;
var regex = /(https?:\/\/.[^ <>"]*)/ig;
text = text.replace(regex, function(link) {
// Add images
if (link.match(/(https?:\/\/.[^ ]*\.(?:png|jpg|jpeg|gif))/ig)) {
@@ -93,4 +93,14 @@ function showGroups(groups, list) {
} else {
return false;
}
}
}
$(document).ready(function() {
$("body").delegate("textarea[maxlength]", "keydown", function() {
if ($(this).val().length / .9 >= $(this).attr("maxlength")) {
$(this).next().text($(this).val().length + "/" + $(this).attr("maxlength"));
} else {
$(this).next().text("");
}
});
});

8
website/public/js/masonry.js
View File

@@ -19,7 +19,7 @@ function requestPost(postID) {
var scrollBarWidth = window.innerWidth - document.body.offsetWidth;
scrollbarMargin(scrollBarWidth, 'hidden');
$('#modal-response').show();
$('#modal-response').html(data);
$('#modal-response').html(fancyText(data));
});
}
@@ -78,7 +78,7 @@ function masonry(mode) {
* Initialise columns.
*/
var columns = new Array(columnCount);
var $columns = new Array(columnCount);
for (i = 0; i < columnCount; i++) {
$column = $("<div class=\"column\">");
$column.width(100/columnCount + "%");
@@ -96,7 +96,7 @@ function masonry(mode) {
}
$form.append($("<input class=\"newpost\" name=\"title\" placeholder=\"Titel\" type=\"text\">"));
$form.append($("<textarea class=\"newpost\" name=\"content\" placeholder=\"Schrijf een berichtje...\">"));
$form.append($("<textarea class=\"newpost\" name=\"content\" placeholder=\"Schrijf een berichtje...\" maxlength='1000'></textarea><span></span>"));
$form.append($("<input value=\"Plaats!\" type=\"submit\">"));
columns[0][1].append($postInput);
@@ -130,7 +130,7 @@ function masonry(mode) {
$.each(posts, function() {
$post = $("<div class=\"post platform\" onclick=\"requestPost(\'"+this['postID']+"\')\">");
$post.append($("<h2>").html(this["title"]));
$post.append($("<p>").html(this["content"]));
$post.append($("<p>").html(fancyText(this["content"])));
$post.append($("<p class=\"subscript\">").text(this["nicetime"]));
$post.append($("<p class=\"subscript\">").text("comments: " + this["comments"] + ", niet slechts: " + this["niet_slechts"]));

8
website/public/js/post.js
View File

@@ -4,8 +4,10 @@ function postComment(buttonValue) {
$.post(
"API/postComment.php",
formData
).done(function(data) {
console.log(data);
).done(function (response) {
if (response == "frozen") {
alert("Je account is bevroren, dus je kan geen comments plaatsen of \"niet slechten\". Contacteer een admin als je denkt dat dit onjuist is.");
}
});
$("#newcomment").val("");
@@ -15,6 +17,6 @@ function postComment(buttonValue) {
"API/loadPost.php",
$("#newcommentform").serialize()
).done(function (data) {
$('#modal-response').html(data);
$('#modal-response').html(fancyText(data));
});
}

38
website/public/js/search.js
View File

@@ -1,12 +1,11 @@
function searchUsers(n, m) {
$(window).on('load', function () {
pageNumber();
});
function searchUsers() {
$.post(
"API/searchUsers.php",
{
n: n,
m: m,
search: $("#search-input").val(),
filter: $("#search-filter").val()
}
$('#search-form').serialize()
).done(function(data) {
if (!showFriends(data, "#search-users-list", 0, "profile.php", "GET")) {
$("#search-users-list").text("Niemand gevonden");
@@ -14,18 +13,29 @@ function searchUsers(n, m) {
});
}
function searchGroups(n, m) {
function searchGroups() {
$.post(
"API/searchGroups.php",
{
n: n,
m: m,
search: $("#search-input").val(),
filter: $("#search-filter").val()
}
$('#search-form').serialize()
).done(function(data) {
if (!showGroups(data, "#search-groups-list")) {
$("#search-groups-list").text("Geen groepen gevonden");
}
});
}
function pageNumber() {
var input = input2 = $('#search-form').serialize();
$.post(
"API/searchPageNumber.php",
input + "&option=user"
).done(function (data) {
$('#user-pageselect').html(data);
});
$.post(
"API/searchPageNumber.php",
input2 + "&option=group"
).done(function (data) {
$('#group-pageselect').html(data);
});
}

9
website/public/profile.php
View File

@@ -13,10 +13,11 @@
</head>
<body>
<?php
include("../queries/user.php");
include("../queries/friendship.php");
include("../queries/nicetime.php");
include("../queries/post.php");
include_once("../queries/user.php");
include_once("../queries/friendship.php");
include_once("../queries/nicetime.php");
include_once("../queries/post.php");
include_once("../queries/calcAge.php");
if(empty($_GET["username"])) {
$userID = $_SESSION["userID"];

13
website/public/styles/adminpanel.css
View File

@@ -4,7 +4,7 @@
.admin-panel input[type="radio"], input[type="checkbox"] {
vertical-align: middle;
height: auto;
height: 28px;
margin: 2px;
}
@@ -34,7 +34,6 @@
width: 100%;
}
.usertable .table-checkbox {width: 20px}
.usertable .table-username {width: 150px}
.usertable .table-status {width: 100px}
.usertable .table-action {width: 200px}
@@ -44,10 +43,18 @@
padding: 3px;
}
.usertable tr {
.usertable th, tr {
text-align: left;
}
.usertable tr:hover {
background-color: #f5f5f5;
}
.bancommentedit {
display: none;
}
.bancommentform input[type="text"] {
width: 100%;
}

2
website/public/styles/header.css
View File

@@ -49,7 +49,7 @@ header div {
}
#open-notifications {
padding: 5px 20px 5px 0px;
padding: 20px 20px 20px 0px;
}
@media only screen and (max-width: 1080px) {

18
website/public/styles/main.css
View File

@@ -92,6 +92,14 @@ p {
border-radius: 50%;
}
.online {
border: #4CAF50 solid 3px;
}
.offline {
border: #666666 solid 3px;
}
.group-picture {
border-radius: 5px;
border: none;
@@ -300,8 +308,16 @@ div[data-title]:hover:after {
body {
font-size: 28px!important;
}
button {
button, input, select {
font-size: 28px;
height: 42px;
}
textarea {
font-size: 28px;
}
input[type="checkbox"], input[type="radio"] {
width: 28px;
height: 28px;
}
}

6
website/public/styles/profile.css
View File

@@ -49,7 +49,7 @@
.main-picture {
position: relative;
border: #4CAF50 solid 5px;
border-width: 5px;
display: inline-block;
width: 150px;
@@ -134,4 +134,8 @@ div.posts .post form textarea.newpost {
.post-box {
width: calc(100% - 65px);
}
.modal {
left: 0!important;
width: 100%!important;
}
}

44
website/queries/alerts.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
/**
* Class AlertMessage
* abstract class for alertMessages used in
*/
abstract class AlertMessage extends Exception {
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
abstract public function getClass();
}
/**
* Class HappyAlert
* class for a happy alert as an exception.
*/
class HappyAlert extends AlertMessage {
public function __construct($message = "Gelukt!", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
public function getClass() {
return "settings-message-happy";
}
}
/**
* Class AngryAlert
* class for an angry alert as as exception.
*/
class AngryAlert extends AlertMessage {
public function __construct($message = "Er is iets fout gegaan.", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
public function getClass() {
return "settings-message-angry";
}
}

11
website/queries/friendship.php
View File

@@ -16,6 +16,10 @@ function selectLimitedFriends($userID, $limit) {
`profilepicture`,
'../img/avatar-standard.png'
) AS profilepicture,
CASE `lastactivity` >= DATE_SUB(NOW(),INTERVAL 15 MINUTE)
WHEN TRUE THEN 'online'
WHEN FALSE THEN 'offline'
END AS `onlinestatus`,
`role`
FROM
`user`
@@ -28,11 +32,8 @@ function selectLimitedFriends($userID, $limit) {
`friendship`.`user1ID` = `user`.`userID`) AND
`user`.`role` != 'banned' AND
`friendship`.`status` = 'confirmed'
ORDER BY
CASE
WHEN `friendship`.`user2ID` = `user`.`userID` THEN `friendship`.`chatLastVisted1`
WHEN `friendship`.`user1ID` = `user`.`userID` THEN `friendship`.`chatLastVisted2`
END
ORDER BY
`user`.`lastactivity`
DESC
LIMIT :limitCount
");

138
website/queries/picture.php Normal file
View File

@@ -0,0 +1,138 @@
<?php
/**
* Uploads Avatar, checks it, and removes the old one.
* @param bool $group
* @throws AngryAlert
* @throws HappyAlert
*/
function updateAvatar(bool $group = false) {
$publicDir = "/var/www/html/public/";
$tmpImg = $_FILES["pp"]["tmp_name"];
$avatarDir = $group ? "uploads/groupavatar/" : "uploads/profilepictures/";
checkAvatarSize($tmpImg);
if (getimagesize($tmpImg)["mime"] == "image/gif") {
if ($_FILES["pp"]["size"] > 4000000) {
throw new AngryAlert("Bestand is te groot, maximaal 4MB toegestaan.");
}
$relativePath = $avatarDir . $_SESSION["userID"] . "_avatar.gif";
$group ? removeOldGroupAvatar($_POST["groupID"]) : removeOldUserAvatar();
move_uploaded_file($tmpImg, $publicDir . $relativePath);
} else {
$relativePath = $avatarDir . $_SESSION["userID"] . "_avatar.png";
$scaledImg = scaleAvatar($tmpImg);
$group ? removeOldGroupAvatar($_POST["groupID"]) : removeOldUserAvatar();
imagepng($scaledImg, $publicDir . $relativePath);
}
$group ? setGroupAvatarToDatabase("../" . $relativePath, $_POST["groupID"]) : setUserAvatarToDatabase("../" . $relativePath);
throw new HappyAlert("Profielfoto veranderd.");
}
/**
* Removes the old avatar from the uploads folder, for a user.
*/
function removeOldUserAvatar() {
$stmt = prepareQuery("
SELECT
`profilepicture`
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
$old_avatar = $stmt->fetch()["profilepicture"];
if ($old_avatar != NULL) {
unlink("/var/www/html/public/uploads/" . $old_avatar);
}
}
/**
* Removes the old avatar from the uploads folder, for a group.
* @param int $groupID
*/
function removeOldGroupAvatar(int $groupID) {
$stmt = prepareQuery("
SELECT
`picture`
FROM
`group_page`
WHERE
groupID = :groupID
");
$stmt->bindParam(":groupID", $groupID);
$stmt->execute();
$old_avatar = $stmt->fetch()["picture"];
if ($old_avatar != NULL) {
unlink("/var/www/html/public/uploads/" . $old_avatar);
}
}
/**
* Inserts the the path to the avatar into the database, for Users.
* @param string $url path to the avatar
*/
function setUserAvatarToDatabase(string $url) {
$stmt = prepareQuery("
UPDATE
`user`
SET
`profilepicture` = :avatar
WHERE
`userID` = :userID
");
$stmt->bindParam(":avatar", $url);
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
}
/**
* Inserts the the path to the avatar into the database, for Groups.
* @param string $url path to the avatar
* @param int $groupID
*/
function setGroupAvatarToDatabase(string $url, int $groupID) {
$stmt = prepareQuery("
UPDATE
`group_page`
SET
`picture` = :avatar
WHERE
`groupID` = :groupID
");
$stmt->bindParam(":avatar", $url);
$stmt->bindParam(":groupID", $groupID);
$stmt->execute();
}
/**
* Checks the resoluton of a picture.
* @param string $img
* @throws AngryAlert
*/
function checkAvatarSize(string $img) {
$minResolution = 200;
$imgSize = getimagesize($img);
if ($imgSize[0] < $minResolution or $imgSize[1] < $minResolution) {
throw new AngryAlert("Afbeelding te klein, minimaal 200x200 pixels.");
}
}
/**
* Scales a picture, standard width is 600px.
* @param string $imgLink Path to a image file
* @param int $newWidth Custom image width.
* @return bool|resource Returns the image as an Resource.
* @throws AngryAlert
*/
function scaleAvatar(string $imgLink, int $newWidth = 600) {
$img = imagecreatefromstring(file_get_contents($imgLink));
if ($img) {
return imagescale($img, $newWidth);
} else {
throw new AngryAlert("Afbeelding wordt niet ondersteund.");
}
}

2
website/queries/private_message.php
View File

@@ -16,6 +16,8 @@ function getOldChatMessages($user2ID) {
`destination` = :user1
ORDER BY
`creationdate` ASC
LIMIT
100
");
$stmt->bindParam(":user1", $user1ID);

116
website/queries/settings.php
View File

@@ -1,49 +1,7 @@
<?php
include_once "../queries/emailconfirm.php";
/**
* Class AlertMessage
* abstract class for alertMessages used in
*/
abstract class AlertMessage extends Exception {
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
abstract public function getClass();
}
/**
* Class HappyAlert
* class for a happy alert as an exception.
*/
class HappyAlert extends AlertMessage {
public function __construct($message = "Gelukt!", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
public function getClass() {
return "settings-message-happy";
}
}
/**
* Class AngryAlert
* class for an angry alert as as exception.
*/
class AngryAlert extends AlertMessage {
public function __construct($message = "Er is iets fout gegaan.", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
public function getClass() {
return "settings-message-angry";
}
}
include_once "../queries/picture.php";
include_once "../queries/alerts.php";
/**
* Gets the settings form the database.
@@ -232,74 +190,4 @@ function doChangeEmail($email) {
} else {
throw new AngryAlert();
}
}
function updateAvatar() {
$profilePictureDir = "/var/www/html/public/";
$tmpImg = $_FILES["pp"]["tmp_name"];
checkAvatarSize($tmpImg);
if (getimagesize($tmpImg)["mime"] == "image/gif") {
if ($_FILES["pp"]["size"] > 4000000) {
throw new AngryAlert("Bestand is te groot, maximaal 4MB toegestaan.");
}
$relativePath = "uploads/profilepictures/" . $_SESSION["userID"] . "_avatar.gif";
move_uploaded_file($tmpImg, $profilePictureDir . $relativePath);
} else {
$relativePath = "uploads/profilepictures/" . $_SESSION["userID"] . "_avatar.png";
$scaledImg = scaleAvatar($tmpImg);
imagepng($scaledImg, $profilePictureDir . $relativePath);
}
removeOldAvatar();
setAvatarToDatabase("../" . $relativePath);
throw new HappyAlert("Profielfoto veranderd.");
}
function removeOldAvatar() {
$stmt = prepareQuery("
SELECT
`profilepicture`
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
$old_avatar = $stmt->fetch()["profilepicture"];
if ($old_avatar != NULL) {
unlink("/var/www/html/public/uploads/" . $old_avatar);
}
}
function setAvatarToDatabase(string $url) {
$stmt = prepareQuery("
UPDATE
`user`
SET
`profilepicture` = :avatar
WHERE
`userID` = :userID
");
$stmt->bindParam(":avatar", $url);
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
}
function checkAvatarSize(string $img) {
$minResolution = 200;
$imgSize = getimagesize($img);
if ($imgSize[0] < $minResolution or $imgSize[1] < $minResolution) {
throw new AngryAlert("Afbeelding te klein, minimaal 200x200 pixels.");
}
}
function scaleAvatar(string $imgLink, int $newWidth = 600) {
$img = imagecreatefromstring(file_get_contents($imgLink));
if ($img) {
return imagescale($img, $newWidth);
} else {
throw new AngryAlert("Afbeelding wordt niet ondersteund.");
}
}

54
website/queries/user.php
View File

@@ -2,6 +2,19 @@
require_once ("connect.php");
function updateLastActivity() {
$stmt = prepareQuery("
UPDATE
`user`
SET
`lastactivity` = NOW()
WHERE
`userID` = :userID
");
$stmt->bindParam(":userID", $_SESSION["userID"]);
return $stmt->execute();
}
function getUserID($username) {
$stmt = prepareQuery("
SELECT
@@ -265,6 +278,25 @@ function changeMultipleUserStatusByID($ids, $status) {
return $q;
}
function changeMultipleUserStatusByIDAdmin($ids, $status) {
$q = prepareQuery("
UPDATE
`user`
SET
`role` = :status
WHERE
FIND_IN_SET (`userID`, :ids)
AND NOT `role` = 'admin'
AND NOT `role` = 'owner'
");
$ids = implode(',', $ids);
$q->bindParam(':ids', $ids);
$q->bindParam(':status', $status);
$q->execute();
return $q;
}
function selectRandomNotFriendUser($userID) {
$stmt = prepareQuery("
SELECT
@@ -335,9 +367,10 @@ function countSomeUsers($search) {
FROM
`user`
WHERE
`username` LIKE :keyword OR
(`username` LIKE :keyword OR
`fname` LIKE :keyword OR
`lname` LIKE :keyword
`lname` LIKE :keyword) AND
`role` != 'banned'
ORDER BY
`fname`,
`lname`,
@@ -362,5 +395,20 @@ function getRoleByID($userID) {
$stmt->bindParam(':userID', $userID);
$stmt->execute();
return $stmt;
return $stmt->fetch()["role"];
}
function editBanCommentByID($userID, $comment) {
$stmt = prepareQuery("
UPDATE
`user`
SET
`bancomment` = :comment
WHERE
`userID` = :userID
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->bindParam(':comment', $comment);
$stmt->execute();
}

6
website/views/adminpanel-grouptable.php
View File

@@ -16,7 +16,6 @@ while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
$name = $group['name'];
$role = $group['status'];
$description = $group['description'];
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
@@ -25,15 +24,14 @@ while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
class='checkbox-list'
value='$groupID'
form='admin-groupbatchform'
onchange='$function'>
onchange='checkCheckAll();'>
</td>
<td>$name</td>
<td>$role</td>
<td>$description</td>
<td>
<form class='admin-groupaction'
action='API/adminChangeUser.php'
method='post'>
onsubmit=\"adminUpdate(this); return false;\">
<select class='action' name='actions'>
<option value='hidden'>Hidden</option>
<option value='public'>Public</option>

39
website/views/adminpanel-page.php
View File

@@ -5,27 +5,26 @@ if ($pagetype == "user") {
$pages = countSomeGroupsByStatus($search, $groupstatus);
}
$countresults = $pages->fetchColumn();
$mincount = min($listm, $countresults);
$minlist = min($listn + 1, $countresults);
?>
Pagina: <form class="admin-pageselector"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
method="post">
<select class="admin-pageselect"
name="pageselect"
onchange="this.form.submit()"
value="">
<?php
for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
if ($currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
Pagina:
<select class="admin-pageselect"
name="currentpage"
id="currentpage"
form="admin-searchform"
onchange="adminSearch();">
<?php
for ($i=1; $i <= ceil($countresults / $entries); $i++) {
if ($currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
?>
</select>
</form>
}
?>
</select>
<?php
echo "$minlist tot $mincount ($countresults totaal)";
$n = min($offset + 1, $countresults);
$m = min($offset + $entries, $countresults);
echo " $n tot $m ($countresults totaal)";
?>

48
website/views/adminpanel-table.php
View File

@@ -1,5 +1,5 @@
<tr>
<th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
<th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll()"></th>
<th class="table-username">Gebruikersnaam</th>
<th class="table-status">Status</th>
<th class="table-comment">Aantekening</th>
@@ -14,7 +14,6 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
$username = $user['username'];
$role = $user['role'];
$bancomment = $user['bancomment'];
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
@@ -24,20 +23,47 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
class='checkbox-list'
value='$userID'
form='admin-batchform'
onchange='$function'>
onchange='checkCheckAll();'>
</td>
<td>$username</td>
<td>$role</td>
<td>$bancomment</td>
<td>
<div class='bancomment'>$bancomment</div>
<div class='bancommentedit'>
<form class='bancommentform'
id='bancommentform'
onsubmit='editComment(this);
return false;'>
<input type='text'
name='bancommenttext'
placeholder='Schrijf een aantekening'
value='$bancomment'>
<input type='hidden'
name='bancommentuserID'
value='$userID'>
<button type='submit'>Update</button>
</form>
</div>
<button type='button' onclick='toggleBancomment(this)'>Verander</button>
</td>
<td>
<form class='admin-useraction'
action='API/adminChangeUser.php'
method='post'>
<select class='action' name='actions'>
<option value='frozen'>Bevries</option>
<option value='banned'>Ban</option>
<option value='user'>Activeer</option>
</select>
onsubmit=\"adminUpdate(this); return false;\">
<select class='action' name='actions'>");
if (!($userinfo == 'admin'
AND ($user['role'] == 'admin'
OR $user['role'] == 'owner'))) {
echo "<option value='frozen'>Bevries</option>
<option value='banned'>Ban</option>
<option value='user'>Activeer</option>";
if ($userinfo == 'owner') {
echo "<option value='admin'>Admin</option>
<option value='owner'>Owner</option>";
}
}
echo ("</select>
<input type='hidden' name='userID' value='$userID'>
<input type='submit' value='Confirm'>
</form>

42
website/views/adminpanel.php
View File

@@ -2,11 +2,10 @@
<!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
<?php
$search = "";
$currentpage = 1;
$perpage = 20;
$status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
$groupstatus = array("hidden", "public", "membersonly");
$pagetype = "user";
$userinfo = getRoleByID($_SESSION['userID']);
if (isset($_GET["search"])) {
$search = test_input($_GET["search"]);
@@ -24,13 +23,6 @@ if (isset($_GET["groupstatus"])) {
$groupstatus = $_GET["groupstatus"];
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST["pageselect"])) {
$currentpage = $_POST["pageselect"];
}
}
?>
<div class="content">
@@ -39,7 +31,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
<div class="admin-options">
<form class="admin-searchform"
id="admin-searchform"
action="javascript:adminSearch();"
action="javascript:searchFromOne();"
method="get">
<div class="admin-searchbar">
@@ -120,23 +112,33 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
<div class="admin-users">
<div class="admin-usertitle">
<h4>Resultaat:</h4>
<span style="float: right" id="admin-pageinfo">
<div style="float: right" id="admin-pageinfo">
</span>
<form
id="admin-batchform"
action="API/adminChangeUser.php"
method="post">
</div>
<form id="admin-batchform"
onsubmit="adminUpdate(this); return false;">
<input type="hidden" name="batchactions" id="batchinput">
<button type="submit" name="batchactions" id="freeze" value="frozen">Bevries</button>
<button type="submit" name="batchactions" id="ban" value="banned">Ban</button>
<button type="submit" name="batchactions" id="restore" value="user">Activeer</button>
<?php
if ($userinfo == 'owner') {
echo "<button type=\"submit\"
name=\"batchactions\"
id=\"admin\"
value=\"admin\">Maak Admin</button>
<button type=\"submit\"
name=\"batchactions\"
id=\"owner\"
value=\"owner\">Maak Owner</button>";
}
?>
</form>
<form
id="admin-groupbatchform"
action="API/adminChangeUser.php"
method="post">
<form id="admin-groupbatchform"
onsubmit="adminUpdate(this); return false;">
<input type="hidden" name="groupbatchactions" id="groupbatchinput">
<button type="submit" name="batchactions" id="hide" value="hidden">Hide</button>
<button type="submit" name="batchactions" id="ban" value="public">Public</button>
<button type="submit" name="batchactions" id="members" value="membersonly">Members</button>

5
website/views/head.php
View File

@@ -19,9 +19,12 @@
require_once ("../queries/checkInput.php");
require_once ("../queries/connect.php");
require_once ("../queries/user.php");
session_start();
if(!isset($_SESSION["userID"])){
header("location:login.php");
}
} else {
updateLastActivity();
}

3
website/views/header.php
View File

@@ -25,8 +25,7 @@ $userinfo = getHeaderInfo();
</div>
<?=$userinfo["fname"]?>
</div>
<img id="own-profile-picture" class="profile-picture" src="<?=$userinfo["profilepicture"]?>"/>
<i id="open-notifications" class="fa fa-bars"></i>
<img id="own-profile-picture" class="profile-picture" src="<?=$userinfo["profilepicture"]?>"/><i id="open-notifications" class="fa fa-bars"></i>
</div>
</header>
<?php include("notification-center.php"); ?>

4
website/views/notification-center.php
View File

@@ -7,9 +7,9 @@
include_once ("../queries/user.php");
// auth
$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
$role = getRoleByID($_SESSION['userID']);
if ($userinfo['role'] == 'admin' OR $userinfo['role'] == 'owner') {
if ($role == 'admin' OR $role == 'owner') {
echo "<a href=\"admin.php\" data-title=\"Admin\"><i class=\"fa fa-lock\"></i></a>";
echo "<style>@import url('styles/adminbutton.css'); </style>";
}

2
website/views/post-view.php
View File

@@ -24,7 +24,7 @@ echo("
<div class="commentfield">
<form id="newcommentform" onsubmit="return false;">
<input type="hidden" id="newcomment-textarea" name="postID" value="<?= $postID ?>">
<textarea id="newcomment" name="newcomment-content" placeholder="Laat een reactie achter..."></textarea> <br>
<textarea id="newcomment" name="newcomment-content" placeholder="Laat een reactie achter..." maxlength="1000"></textarea><span></span> <br>
<button onclick="postComment('reaction')" name="button" value="reaction">Reageer!</button>
<button onclick="postComment('nietslecht')" name="button" value="nietslecht" class="nietslecht">
<?php

6
website/views/profile.php
View File

@@ -1,10 +1,10 @@
<div class="content">
<div class="user-box">
<img class="profile-picture main-picture" src="<?= $user["profilepicture"] ?>"><br />
<img class="profile-picture main-picture <?= $user["onlinestatus"] ?>" src="<?= $user["profilepicture"] ?>"><br />
<div class="platform">
<div class="status-buttons-container">
<button disabled class="gray">
<?= $user["onlinestatus"] ?>
<?= $user["onlinestatus"] ?>
</button>
<button disabled class="gray"><?= $user["role"] ?></button>
</div>
@@ -29,7 +29,7 @@
<h3>Informatie</h3>
<p>
<ul>
<li>Geboren op: <?= $user["birthdate"] ?></li>
<li>Leeftijd: <?= getAge($user["birthdate"]) ?> jaar</li>
<li>Locatie: <?= $user["location"] ?></li>
<li>Lid sinds: <?= nicetime($user["creationdate"]) ?></li>
</ul>

44
website/views/search-view.php
View File

@@ -21,10 +21,8 @@ if (isset($_GET['filter'])) {
}
$user_n = ($user_currentpage - 1) * $user_perpage;
$user_count = countSomeUsers($search)->fetchColumn();
$group_n = ($group_currentpage - 1) * $group_perpage;
$group_count = countSomeGroups($search)->fetchColumn();
?>
<div class="content">
@@ -40,8 +38,10 @@ $group_count = countSomeGroups($search)->fetchColumn();
id="search-input"
name="search"
onkeyup="
searchUsers(<?= $user_n ?>, <?= $user_perpage ?>);
searchGroups(<?= $group_n ?>, <?= $group_perpage ?>);"
$('#user-pagenumber, #group-pagenumber').prop('value', 1);
searchUsers();
searchGroups();
pageNumber();"
placeholder="Zoek"
value=<?php echo "$search";?>
>
@@ -66,26 +66,12 @@ $group_count = countSomeGroups($search)->fetchColumn();
<div class="platform item-box searchleft" id="search-friends-output">
<h4>Gebruikers</h4>
<select class="user-pageselect"
name="user-pageselect"
id="user-pageselect"
form="search-form"
onchange="this.form.submit()">
<?php
for ($i=1; $i <= ceil($user_count / $user_perpage); $i++) {
if ($user_currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
}
?>
</select>
<div id="user-pageselect"></div>
<ul id='search-users-list' class='nav-list'>
<script>
$(document).ready(function(){
searchUsers(<?= $user_n ?>, <?= $user_perpage ?>);
searchUsers();
});
</script>
</ul>
@@ -94,26 +80,12 @@ $group_count = countSomeGroups($search)->fetchColumn();
<div class="platform item-box searchright" id="search-group-output">
<h4>Groepen</h4>
<select class="group-pageselect"
name="group-pageselect"
id="group-pageselect"
form="search-form"
onchange="this.form.submit()">
<?php
for ($i=1; $i <= ceil($group_count / $group_perpage); $i++) {
if ($group_currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
}
?>
</select>
<div id="group-pageselect"></div>
<ul id="search-groups-list" class="nav-list">
<script>
$(document).ready(function(){
searchGroups(<?= $group_n ?>, <?= $group_perpage ?>);
searchGroups();
});
</script>
</ul>

36
website/views/searchPageNumber.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
if ($option == "user") {
echo "<select class=\"user-pageselect\"
name=\"user-pageselect\"
id='user-pagenumber'
form=\"search-form\"
onchange=\"pageNumber(); searchUsers();\">";
for ($i=1; $i <= ceil($user_count / $user_perpage); $i++) {
if ($user_currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
}
echo "</select>";
} else {
echo "<select class=\"group-pageselect\"
name=\"group-pageselect\"
id='group-pagenumber'
form=\"search-form\"
onchange=\"pageNumber(); searchGroups();\">";
for ($i=1; $i <= ceil($group_count / $group_perpage); $i++) {
if ($group_currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
}
echo "</select>";
}
?>

6
website/views/settings-view.php
View File

@@ -75,6 +75,9 @@ $settings = getSettings();
<?=$year?>
</option>
<?php endfor; ?>
<option value="680" <?=(680 == $currentbday->format("Y")) ? "selected" : ""?>>
680
</option>
</select>
</li>
<li>
@@ -99,7 +102,8 @@ $settings = getSettings();
rows="5"
title="bio"
id="bio"
><?=$settings["bio"]?></textarea>
maxlength="1000"
><?=$settings["bio"]?></textarea><span></span>
</li>
<li>
<label></label>