From 4a7a91ecd964f1cb0827765078314d04ac6534dc Mon Sep 17 00:00:00 2001 From: "K. Nobel" Date: Thu, 2 Feb 2017 14:20:17 +0100 Subject: [PATCH 1/5] Fixed bug (not showing profile when on own profile) --- website/public/profile.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/website/public/profile.php b/website/public/profile.php index d9a317c..aa4cf7c 100644 --- a/website/public/profile.php +++ b/website/public/profile.php @@ -21,19 +21,14 @@ include_once("../queries/calcAge.php"); if(empty($_GET["username"])) { $userID = $_SESSION["userID"]; - $showProfile = True; } else { $userID = getUserID($_GET["username"]); - $showProfile = False; } $user = selectUser($_SESSION["userID"], $userID); $profile_friends = selectAllFriends($userID); $profile_groups = selectAllUserGroups($userID); -$showProfile = $showProfile || $user["showProfile"] || ($user["status"] == 'confirmed'); -echo " friendship status: " . $user["status"]; -echo " showprofile: $showProfile"; -echo " userID: " . $user["userID"]; +$showProfile = $user["showProfile"] || ($user["status"] == 'confirmed') || $_SESSION["userID"] == $userID; if ($userID == $_SESSION["userID"]) { From 8a3cfebf55bbc8380034c25741f52682beb2b9aa Mon Sep 17 00:00:00 2001 From: "K. Nobel" Date: Thu, 2 Feb 2017 15:34:45 +0100 Subject: [PATCH 2/5] Redirect to 404 from profile and group --- website/public/group.php | 9 ++++++++- website/public/profile.php | 7 ++++++- website/queries/group_page.php | 7 ++++++- website/queries/user.php | 4 +++- 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/website/public/group.php b/website/public/group.php index bb393e3..84726fa 100644 --- a/website/public/group.php +++ b/website/public/group.php @@ -13,9 +13,16 @@ include_once("../queries/group_page.php"); -$group = selectGroupByName($_GET["groupname"]); +if(!$group = selectGroupByName($_GET["groupname"])) { + header("HTTP/1.0 404 Not Found"); + header("Location: error/404.php"); + die(); +} + + $members = selectGroupMembers($group["groupID"]); + /* * This view adds the main layout over the screen. * Header, menu, footer. diff --git a/website/public/profile.php b/website/public/profile.php index aa4cf7c..126c87f 100644 --- a/website/public/profile.php +++ b/website/public/profile.php @@ -25,7 +25,12 @@ if(empty($_GET["username"])) { $userID = getUserID($_GET["username"]); } -$user = selectUser($_SESSION["userID"], $userID); +if(!$user = selectUser($_SESSION["userID"], $userID)) { + header("HTTP/1.0 404 Not Found"); + header("Location: error/404.php"); + die(); +} + $profile_friends = selectAllFriends($userID); $profile_groups = selectAllUserGroups($userID); $showProfile = $user["showProfile"] || ($user["status"] == 'confirmed') || $_SESSION["userID"] == $userID; diff --git a/website/queries/group_page.php b/website/queries/group_page.php index f2f028f..a6676c4 100644 --- a/website/queries/group_page.php +++ b/website/queries/group_page.php @@ -33,7 +33,12 @@ function selectGroupByName($name) { if (!$stmt->execute()) { return False; } - return $stmt->fetch(); + $row = $stmt->fetch(); + if($row["groupID"] == null) { + return False; + } + + return $row; } function selectGroupRole(int $groupID) { diff --git a/website/queries/user.php b/website/queries/user.php index 972937d..836c956 100644 --- a/website/queries/user.php +++ b/website/queries/user.php @@ -101,7 +101,9 @@ function selectUser($me, $other) { $stmt->bindParam(':me', $me, PDO::PARAM_INT); $stmt->bindParam(':other', $other, PDO::PARAM_INT); - $stmt->execute(); + if(!$stmt->execute() || $stmt->rowCount() == 0) { + return False; + } return $stmt->fetch(); } From 1c53eab2fa77c02aaeb7340a38b053d38c0cf335 Mon Sep 17 00:00:00 2001 From: "K. Nobel" Date: Thu, 2 Feb 2017 15:50:12 +0100 Subject: [PATCH 3/5] Fixed user group list on profile page. --- website/queries/user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/queries/user.php b/website/queries/user.php index 06487be..422edc4 100644 --- a/website/queries/user.php +++ b/website/queries/user.php @@ -122,7 +122,7 @@ function selectAllUserGroups($userID) { `group_page`.`groupID` = `group_member`.`groupID` WHERE `userID` = :userID AND - `role` = 'member' + `role` IN ('member', 'mod', 'admin') "); $stmt->bindParam(':userID', $userID, PDO::PARAM_INT); From 380d8fa83a7ea8780f09fd8c1a8df7965b8f45b1 Mon Sep 17 00:00:00 2001 From: Marijn Jansen Date: Thu, 2 Feb 2017 16:01:45 +0100 Subject: [PATCH 4/5] Group Shit --- website/public/createGroup.php | 36 +++++++++++++++ website/public/groupAdmin.php | 46 ++++++++++++++++++++ website/queries/createGroup.php | 37 ++++++++++++++++ website/queries/groupAdmin.php | 61 ++++++++++++++++++++++++++ website/queries/picture.php | 12 ++--- website/views/createGroup.php | 42 ++++++++++++++++++ website/views/groupAdmin.php | 77 +++++++++++++++++++++++++++++++++ website/views/menu.php | 2 +- 8 files changed, 306 insertions(+), 7 deletions(-) create mode 100644 website/public/createGroup.php create mode 100644 website/public/groupAdmin.php create mode 100644 website/queries/createGroup.php create mode 100644 website/queries/groupAdmin.php create mode 100644 website/views/createGroup.php create mode 100644 website/views/groupAdmin.php diff --git a/website/public/createGroup.php b/website/public/createGroup.php new file mode 100644 index 0000000..ffeb6e3 --- /dev/null +++ b/website/public/createGroup.php @@ -0,0 +1,36 @@ + + + + + + + + + + + diff --git a/website/public/groupAdmin.php b/website/public/groupAdmin.php new file mode 100644 index 0000000..13ff7e0 --- /dev/null +++ b/website/public/groupAdmin.php @@ -0,0 +1,46 @@ + + + + + + + + +getClass(); + $alertMessage = $w->getMessage(); + } +} + +/* Add your view files here. */ +include("../views/groupAdmin.php"); + +/* This adds the footer. */ +include("../views/footer.php"); +?> + + diff --git a/website/queries/createGroup.php b/website/queries/createGroup.php new file mode 100644 index 0000000..20ee28b --- /dev/null +++ b/website/queries/createGroup.php @@ -0,0 +1,37 @@ +bindValue(':name', test_input($_POST["groupName"]), PDO::PARAM_STR); + $createGroup->bindValue(':description', test_input($_POST["bio"])); + $createGroup->execute(); + + $getGroupID = prepareQuery(" + SELECT + `groupID` + FROM + `group_page` + WHERE + `name` LIKE :name"); + $getGroupID->bindValue(':name', test_input($_POST["groupName"]), PDO::PARAM_STR); + $getGroupID->execute(); + $groupID = $getGroupID->fetch()["groupID"]; + + $makeUserAdmin = prepareQuery(" + INSERT INTO + `group_member` (userID, groupID, role) + VALUES (:userID, :groupID, 'admin') + "); + $makeUserAdmin->bindValue(":userID", $_SESSION["userID"]); + $makeUserAdmin->bindValue("groupID", $groupID); + $makeUserAdmin->execute(); + + updateAvatar($groupID); +} \ No newline at end of file diff --git a/website/queries/groupAdmin.php b/website/queries/groupAdmin.php new file mode 100644 index 0000000..ae2abd3 --- /dev/null +++ b/website/queries/groupAdmin.php @@ -0,0 +1,61 @@ +bindParam(":groupID", $groupID); + $stmt->execute(); + return $stmt->fetch(); +} + +function updateGroupSettings(int $groupID) +{ + if (!checkGroupAdmin($groupID, $_SESSION["userID"])) { + throw new AngryAlert("Je hebt geen rechten in deze groep"); + } + $stmt = prepareQuery(" + UPDATE + `group_page` + SET + `name` = :name, + `description` = :bio + WHERE + `groupID` = :groupID + "); + $stmt->bindValue(":bio", test_input($_POST["bio"])); + $stmt->bindValue(":name", test_input($_POST["name"])); + $stmt->bindValue(":groupID", test_input($_POST["groupID"])); + $stmt->execute(); + if ($stmt->rowCount()) { + throw new HappyAlert("Groep aangepast!"); + } else { + throw new AngryAlert("Er is iets mis gegaan"); + } +} + +function checkGroupAdmin(int $groupID, int $userID) : bool { + $stmt = prepareQuery(" + SELECT + `role` + FROM + `group_member` + WHERE + `groupID` = :groupID AND + `userID` = :userID + "); + $stmt->bindValue(":userID", $userID); + $stmt->bindValue(":groupID", $groupID); + $stmt->execute(); + if (!$stmt->rowCount()) { + return false; + } + $role = $stmt->fetch()["role"]; + return ($role == "admin"); +} \ No newline at end of file diff --git a/website/queries/picture.php b/website/queries/picture.php index 8e99d9a..ba27f72 100644 --- a/website/queries/picture.php +++ b/website/queries/picture.php @@ -6,7 +6,7 @@ * @throws AngryAlert * @throws HappyAlert */ -function updateAvatar(bool $group = false) { +function updateAvatar(int $group = 0) { $publicDir = "/var/www/html/public/"; $tmpImg = $_FILES["pp"]["tmp_name"]; $avatarDir = $group ? "uploads/groupavatar/" : "uploads/profilepictures/"; @@ -16,17 +16,17 @@ function updateAvatar(bool $group = false) { if ($_FILES["pp"]["size"] > 4000000) { throw new AngryAlert("Bestand is te groot, maximaal 4MB toegestaan."); } - $relativePath = $avatarDir . $_SESSION["userID"] . "_avatar.gif"; - $group ? removeOldGroupAvatar($_POST["groupID"]) : removeOldUserAvatar(); + $relativePath = $group ? $avatarDir . $group . "_avatar.gif" : $avatarDir . $_SESSION["userID"] . "_avatar.gif"; + $group ? removeOldGroupAvatar($group) : removeOldUserAvatar(); move_uploaded_file($tmpImg, $publicDir . $relativePath); } else { - $relativePath = $avatarDir . $_SESSION["userID"] . "_avatar.png"; + $relativePath = $group ? $avatarDir . $group . "_avatar.png": $avatarDir . $_SESSION["userID"] . "_avatar.png"; $scaledImg = scaleAvatar($tmpImg); - $group ? removeOldGroupAvatar($_POST["groupID"]) : removeOldUserAvatar(); + $group ? removeOldGroupAvatar($group) : removeOldUserAvatar(); imagepng($scaledImg, $publicDir . $relativePath); } - $group ? setGroupAvatarToDatabase("../" . $relativePath, $_POST["groupID"]) : setUserAvatarToDatabase("../" . $relativePath); + $group ? setGroupAvatarToDatabase("../" . $relativePath, $group) : setUserAvatarToDatabase("../" . $relativePath); throw new HappyAlert("Profielfoto veranderd."); } diff --git a/website/views/createGroup.php b/website/views/createGroup.php new file mode 100644 index 0000000..736fc45 --- /dev/null +++ b/website/views/createGroup.php @@ -0,0 +1,42 @@ + + +
+
+
+
Maak een groep!
+
    +
  • + + +
    • +
  • + + +
    • +
  • + + +
    • +
  • + + +
    • +
+
+
+
diff --git a/website/views/groupAdmin.php b/website/views/groupAdmin.php new file mode 100644 index 0000000..66b38f5 --- /dev/null +++ b/website/views/groupAdmin.php @@ -0,0 +1,77 @@ + +
+
+ +
+ +
+ +
+
Groep Instellingen
+ "> +
    +
  • + + " + > +
    • +
  • + + + +
    • +
  • + + +
    • +
+
+
+
Verander groepsafbeelding.
+ "> +
    +
  • + + " + class="group-picture" + > +
    • +
  • + + +
    • +
  • + + +
    • +
+
+
+
\ No newline at end of file diff --git a/website/views/menu.php b/website/views/menu.php index dab8fce..03e0f56 100644 --- a/website/views/menu.php +++ b/website/views/menu.php @@ -14,7 +14,7 @@
  • - + Maak een groep aan
    • From 9165f8fa1b326928174f5faead81ecbc91558606 Mon Sep 17 00:00:00 2001 From: Marijn Jansen Date: Thu, 2 Feb 2017 16:18:15 +0100 Subject: [PATCH 5/5] Check if file had been uploaded. --- website/queries/picture.php | 3 +++ website/views/groupAdmin.php | 1 + 2 files changed, 4 insertions(+) diff --git a/website/queries/picture.php b/website/queries/picture.php index ba27f72..9c92540 100644 --- a/website/queries/picture.php +++ b/website/queries/picture.php @@ -7,6 +7,9 @@ * @throws HappyAlert */ function updateAvatar(int $group = 0) { + if (!array_key_exists("pp", $_FILES)) { + throw new AngryAlert("Geen afbeelding meegegeven!"); + } $publicDir = "/var/www/html/public/"; $tmpImg = $_FILES["pp"]["tmp_name"]; $avatarDir = $group ? "uploads/groupavatar/" : "uploads/profilepictures/"; diff --git a/website/views/groupAdmin.php b/website/views/groupAdmin.php index 66b38f5..aab4eea 100644 --- a/website/views/groupAdmin.php +++ b/website/views/groupAdmin.php @@ -62,6 +62,7 @@ $groupinfo = getGroupSettings($_GET["groupID"]); name="pp" accept="image/*" size="4000000" + required >