Merge branch 'master' into hendrik-testing
This commit is contained in:
Hendrik
@@ -124,11 +124,11 @@ function matchPassword(){
|
||||
/* Checks if captcha is correctly filled in */
|
||||
function checkCaptcha($captcha){
|
||||
if(!$captcha){
|
||||
throw new captchaException("Captcha needs to be filled in!");
|
||||
throw new captchaException("Captcha moet ingevuld worde!");
|
||||
} else {
|
||||
$response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Lc72xIUAAAAAPizuF3nUbklCPljVCVzgYespz8o&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));
|
||||
if($response->success==false) {
|
||||
throw new captchaException("You are a spammer!");
|
||||
throw new captchaException("Je bent een spammer!");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,58 @@
|
||||
<?php
|
||||
|
||||
require("connect.php");
|
||||
|
||||
function selectGroupByName($name) {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
SELECT
|
||||
`group_page`.`groupID`,
|
||||
`name`,
|
||||
`description`,
|
||||
`picture`,
|
||||
`status`,
|
||||
COUNT(`group_member`.`groupID`) as `members`
|
||||
FROM
|
||||
`group_page`
|
||||
LEFT JOIN
|
||||
`group_member`
|
||||
ON
|
||||
`group_page`.`groupID` = `group_member`.`groupID`
|
||||
WHERE
|
||||
name LIKE :name
|
||||
");
|
||||
|
||||
$stmt->bindParam(':name', $name);
|
||||
if (!$stmt->execute()) {
|
||||
return False;
|
||||
}
|
||||
return $stmt->fetch();
|
||||
}
|
||||
|
||||
function selectGroupMembers(int $groupID) {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
SELECT
|
||||
`username`,
|
||||
`fname`,
|
||||
`lname`,
|
||||
`profilepicture`
|
||||
FROM
|
||||
`group_member`
|
||||
LEFT JOIN
|
||||
`user`
|
||||
ON
|
||||
`group_member`.`userID` = `user`.`userID`
|
||||
WHERE
|
||||
`groupID` = :groupID
|
||||
LIMIT 20
|
||||
");
|
||||
|
||||
$stmt->bindParam(':groupID', $groupID);
|
||||
if (!$stmt->execute()) {
|
||||
return False;
|
||||
}
|
||||
return $stmt->fetchAll();
|
||||
}
|
||||
|
||||
function selectGroupById($groupID) {
|
||||
$q = $GLOBALS["db"]->prepare("
|
||||
SELECT
|
||||
|
||||
@@ -13,7 +13,7 @@ function getUser() {
|
||||
`email` LIKE :username
|
||||
");
|
||||
|
||||
$stmt->bindParam(":username", test_input($_POST["user"]));
|
||||
$stmt->bindValue(":username", test_input($_POST["user"]));
|
||||
$stmt->execute();
|
||||
return $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
}
|
||||
@@ -42,6 +42,9 @@ function validateLogin($username, $password){
|
||||
</script>";
|
||||
} else {
|
||||
$_SESSION["userID"] = $userID;
|
||||
// if($_POST[rememberMe] == 1){
|
||||
// ini_set("session.gc_maxlifetime", "10");
|
||||
// }
|
||||
header("location: profile.php");
|
||||
}
|
||||
} else {
|
||||
|
||||
@@ -75,7 +75,7 @@ function makePost($userID, $groupID, $title, $content) {
|
||||
$stmt->execute();
|
||||
}
|
||||
|
||||
function makeComment($postID, $userID, $content) {
|
||||
function makeComment($postID, $userID, $content) : int {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
INSERT INTO
|
||||
`comment` (
|
||||
@@ -94,4 +94,55 @@ function makeComment($postID, $userID, $content) {
|
||||
$stmt->bindParam(':userID', $userID);
|
||||
$stmt->bindParam(':content', $content);
|
||||
$stmt->execute();
|
||||
}
|
||||
return $stmt->rowCount();
|
||||
}
|
||||
|
||||
function makeNietSlecht(int $postID, int $userID) : int {
|
||||
if (checkNietSlecht($postID, $userID)) {
|
||||
return deleteNietSlecht($postID, $userID);
|
||||
} else {
|
||||
return addNietSlecht($postID, $userID);
|
||||
}
|
||||
}
|
||||
|
||||
function checkNietSlecht(int $postID, int $userID) {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
SELECT
|
||||
*
|
||||
FROM
|
||||
`niet_slecht`
|
||||
WHERE
|
||||
`userID` = :userID AND
|
||||
`postID` = :postID
|
||||
");
|
||||
$stmt->bindParam(":userID", $userID);
|
||||
$stmt->bindParam(":postID", $postID);
|
||||
$stmt->execute();
|
||||
return $stmt->rowCount();
|
||||
}
|
||||
|
||||
function addNietSlecht(int $postID, int $userID) {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
INSERT INTO
|
||||
`niet_slecht` (`userID`, `postID`)
|
||||
VALUES (:userID, :postID)
|
||||
");
|
||||
$stmt->bindParam(":userID", $userID);
|
||||
$stmt->bindParam(":postID", $postID);
|
||||
$stmt->execute();
|
||||
return $stmt->rowCount();
|
||||
}
|
||||
|
||||
function deleteNietSlecht(int $postID, int $userID) {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
DELETE FROM
|
||||
`niet_slecht`
|
||||
WHERE
|
||||
`userID` = :userID AND
|
||||
`postID` = :postID
|
||||
");
|
||||
$stmt->bindParam(":userID", $userID);
|
||||
$stmt->bindParam(":postID", $postID);
|
||||
$stmt->execute();
|
||||
return $stmt->rowCount();
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ function getExistingUsername() {
|
||||
`username` LIKE :username
|
||||
");
|
||||
|
||||
$stmt->bindParam(":username", test_input($_POST["username"]));
|
||||
$stmt->bindValue(":username", test_input($_POST["username"]));
|
||||
$stmt->execute();
|
||||
return $stmt->rowCount();
|
||||
|
||||
@@ -26,7 +26,7 @@ function getExistingEmail() {
|
||||
`email` LIKE :email
|
||||
");
|
||||
|
||||
$stmt->bindParam(":email", test_input($_POST["email"]));
|
||||
$stmt->bindValue(":email", test_input($_POST["email"]));
|
||||
$stmt->execute();
|
||||
return $stmt->rowCount();
|
||||
|
||||
@@ -42,7 +42,7 @@ function getResetEmail() {
|
||||
`email` LIKE :email
|
||||
");
|
||||
|
||||
$stmt->bindParam(":email", test_input($_POST["forgotEmail"]));
|
||||
$stmt->bindValue(":email", test_input($_POST["forgotEmail"]));
|
||||
$stmt->execute();
|
||||
return $stmt->rowCount();
|
||||
|
||||
@@ -70,13 +70,13 @@ function registerAccount() {
|
||||
|
||||
$hash=password_hash($_POST["password"], PASSWORD_DEFAULT);
|
||||
|
||||
$stmt->bindParam(":fname", test_input($_POST["name"]));
|
||||
$stmt->bindParam(":lname", test_input($_POST["surname"]));
|
||||
$stmt->bindParam(":bday", test_input($_POST["bday"]));
|
||||
$stmt->bindParam(":username", test_input($_POST["username"]));
|
||||
$stmt->bindParam(":password", test_input($hash));
|
||||
$stmt->bindParam(":location", test_input($_POST["location"]));
|
||||
$stmt->bindParam(":email", test_input(strtolower($_POST["email"])));
|
||||
$stmt->bindValue(":fname", test_input($_POST["name"]));
|
||||
$stmt->bindValue(":lname", test_input($_POST["surname"]));
|
||||
$stmt->bindValue(":bday", test_input($_POST["bday"]));
|
||||
$stmt->bindValue(":username", test_input($_POST["username"]));
|
||||
$stmt->bindValue(":password", test_input($hash));
|
||||
$stmt->bindValue(":location", test_input($_POST["location"]));
|
||||
$stmt->bindValue(":email", test_input(strtolower($_POST["email"])));
|
||||
|
||||
$stmt->execute();
|
||||
$stmt->rowCount();
|
||||
|
||||
@@ -50,5 +50,5 @@ function setHashToDatabase(int $userID, string $hash) {
|
||||
$stmt->bindParam(":hash", $hash);
|
||||
$stmt->bindParam(":userID", $userID);
|
||||
$stmt->execute();
|
||||
return $stmt->rowCount();
|
||||
$stmt->rowCount();
|
||||
}
|
||||
@@ -1,6 +1,10 @@
|
||||
<?php
|
||||
include_once "../queries/emailconfirm.php";
|
||||
|
||||
/**
|
||||
* Class AlertMessage
|
||||
* abstract class for alertMessages used in
|
||||
*/
|
||||
abstract class AlertMessage extends Exception {
|
||||
public function __construct($message = "", $code = 0, Exception $previous = null)
|
||||
{
|
||||
@@ -10,6 +14,10 @@ abstract class AlertMessage extends Exception {
|
||||
abstract public function getClass();
|
||||
}
|
||||
|
||||
/**
|
||||
* Class HappyAlert
|
||||
* class for a happy alert as an exception.
|
||||
*/
|
||||
class HappyAlert extends AlertMessage {
|
||||
|
||||
public function __construct($message = "Gelukt!", $code = 0, Exception $previous = null)
|
||||
@@ -22,6 +30,10 @@ class HappyAlert extends AlertMessage {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Class AngryAlert
|
||||
* class for an angry alert as as exception.
|
||||
*/
|
||||
class AngryAlert extends AlertMessage {
|
||||
public function __construct($message = "Er is iets fout gegaan.", $code = 0, Exception $previous = null)
|
||||
{
|
||||
@@ -46,7 +58,9 @@ function getSettings() {
|
||||
`location`,
|
||||
`birthdate`,
|
||||
`bio`,
|
||||
`profilepicture`
|
||||
`profilepicture`,
|
||||
`showBday`,
|
||||
`showEmail`
|
||||
FROM
|
||||
`user`
|
||||
WHERE
|
||||
@@ -58,6 +72,10 @@ function getSettings() {
|
||||
return $stmt->fetch();
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the passwordHas form the database
|
||||
* @return mixed passwordhash
|
||||
*/
|
||||
function getPasswordHash() {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
SELECT
|
||||
@@ -73,6 +91,10 @@ function getPasswordHash() {
|
||||
return $stmt->fetch();
|
||||
}
|
||||
|
||||
/**
|
||||
* Changes the setting from post.
|
||||
* @throws HappyAlert
|
||||
*/
|
||||
function updateSettings() {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
UPDATE
|
||||
@@ -82,7 +104,9 @@ function updateSettings() {
|
||||
`lname` = :lname,
|
||||
`location` = :location,
|
||||
`birthdate` = :bday,
|
||||
`bio` = :bio
|
||||
`bio` = :bio,
|
||||
`showEmail` = :showEmail,
|
||||
`showBday` = :showBday
|
||||
WHERE
|
||||
`userID` = :userID
|
||||
");
|
||||
@@ -92,15 +116,22 @@ function updateSettings() {
|
||||
$stmt->bindValue(":location", test_input($_POST["location"]));
|
||||
$stmt->bindValue(":bday", test_input($_POST["bday"]));
|
||||
$stmt->bindValue(":bio", test_input($_POST["bio"]));
|
||||
$stmt->bindValue(":showEmail", test_input($_POST["showEmail"]));
|
||||
$stmt->bindValue(":showBday", test_input($_POST["showBday"]));
|
||||
|
||||
$stmt->bindValue(":userID", $_SESSION["userID"]);
|
||||
$stmt->execute();
|
||||
throw new HappyAlert("Instellingen zijn opgeslagen.");
|
||||
}
|
||||
|
||||
/**
|
||||
* Change
|
||||
* @throws AngryAlert
|
||||
*/
|
||||
function changePassword() {
|
||||
$user = getPasswordHash();
|
||||
if (password_verify($_POST["password-old"], $user["password"])) {
|
||||
if ($_POST["password-new"] == $_POST["password-confirm"] && (strlen($_POST["password-new"]) >= 8)) {
|
||||
if (password_verify($_POST["password-old"], test_input($user["password"]))) {
|
||||
if (test_input($_POST["password-new"]) == test_input($_POST["password-confirm"]) && (strlen(test_input($_POST["password-new"])) >= 8)) {
|
||||
doChangePassword();
|
||||
} else {
|
||||
throw new AngryAlert("Wachtwoorden komen niet overeen.");
|
||||
@@ -110,6 +141,10 @@ function changePassword() {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws AngryAlert
|
||||
* @throws HappyAlert
|
||||
*/
|
||||
function doChangePassword() {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
UPDATE
|
||||
@@ -134,8 +169,8 @@ function doChangePassword() {
|
||||
|
||||
function changeEmail() {
|
||||
|
||||
if ($_POST["email"] == $_POST["email-confirm"]) {
|
||||
$email = strtolower($_POST["email"]);
|
||||
if (test_input($_POST["email"]) == test_input($_POST["email-confirm"])) {
|
||||
$email = strtolower(test_input($_POST["email"]));
|
||||
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
//check if email exists
|
||||
emailIsAvailableInDatabase($email);
|
||||
@@ -193,7 +228,6 @@ function updateAvatar() {
|
||||
$tmpImg = $_FILES["pp"]["tmp_name"];
|
||||
|
||||
checkAvatarSize($tmpImg);
|
||||
removeOldAvatar();
|
||||
if (getimagesize($tmpImg)["mime"] == "image/gif") {
|
||||
if ($_FILES["pp"]["size"] > 4000000) {
|
||||
throw new AngryAlert("Bestand is te groot, maximaal 4MB toegestaan.");
|
||||
@@ -205,6 +239,7 @@ function updateAvatar() {
|
||||
$scaledImg = scaleAvatar($tmpImg);
|
||||
imagepng($scaledImg, $profilePictureDir . $relativePath);
|
||||
}
|
||||
removeOldAvatar();
|
||||
setAvatarToDatabase("../" . $relativePath);
|
||||
throw new HappyAlert("Profielfoto veranderd.");
|
||||
}
|
||||
|
||||
@@ -106,24 +106,36 @@ function selectAllUserGroups($userID) {
|
||||
function selectAllUserPosts($userID) {
|
||||
$stmt = $GLOBALS["db"]->prepare("
|
||||
SELECT
|
||||
`postID`,
|
||||
`author`,
|
||||
`post`.`postID`,
|
||||
`post`.`author`,
|
||||
`title`,
|
||||
CASE LENGTH(`content`) >= 150 AND `content` NOT LIKE '<img%'
|
||||
CASE LENGTH(`post`.`content`) >= 150 AND `post`.`content` NOT LIKE '<img%'
|
||||
WHEN TRUE THEN
|
||||
CONCAT(LEFT(`content`, 150), '...')
|
||||
CONCAT(LEFT(`post`.`content`, 150), '...')
|
||||
WHEN FALSE THEN
|
||||
`content`
|
||||
`post`.`content`
|
||||
END
|
||||
AS `content`,
|
||||
`creationdate`
|
||||
AS `content`,
|
||||
`post`.`creationdate`,
|
||||
COUNT(`commentID`) AS `comments`,
|
||||
COUNT(`niet_slecht`.`postID`) AS `niet_slechts`
|
||||
FROM
|
||||
`post`
|
||||
LEFT JOIN
|
||||
`niet_slecht`
|
||||
ON
|
||||
`post`.`postID` = `niet_slecht`.`postID`
|
||||
LEFT JOIN
|
||||
`comment`
|
||||
ON
|
||||
`post`.`postID` = `comment`.`postID`
|
||||
WHERE
|
||||
`author` = :userID AND
|
||||
`post`.`author` = :userID AND
|
||||
`groupID` IS NULL
|
||||
GROUP BY
|
||||
`post`.`postID`
|
||||
ORDER BY
|
||||
`creationdate` DESC
|
||||
`post`.`creationdate` DESC
|
||||
");
|
||||
|
||||
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
|
||||
|
||||
Reference in New Issue
Block a user