MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into hendrik-post

Browse Source
This commit is contained in:
Hendrik
2017-01-26 13:46:24 +01:00
parent 91aca6baa7 e24960c319
commit 51cc736aca
42 changed files with 1103 additions and 457 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
website/queries/checkInput.php
View File

@@ -97,6 +97,18 @@ function validateEmail($variable){
}
}
/* checks if an input is a valid email. */
function resetEmail($variable){
if (empty($variable)) {
throw new emailException("Verplicht!");
} else if (!filter_var($variable, FILTER_VALIDATE_EMAIL)) {
throw new emailException("Geldige email invullen");
} else if (getResetEmail() == 0){
throw new emailException("Email bestaat niet!");
}
}
/* checks if two passwords matches. */
function matchPassword(){
if ($_POST["password"] != $_POST["confirmpassword"]) {

82
website/queries/friendship.php
View File

@@ -1,13 +1,51 @@
<?php
require("connect.php");
require_once ("connect.php");
function selectFriends($userID) {
return selectLimitedFriends($userID, 9999);
}
function selectLimitedFriends($userID, $limit) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `fullname`,
IFNULL(
`profilepicture`,
'../img/avatar-standard.png'
) AS profilepicture,
`onlinestatus`,
`role`
FROM
`user`
INNER JOIN
`friendship`
WHERE
(`friendship`.`user1ID` = :userID AND
`friendship`.`user2ID` = `user`.`userID` OR
`friendship`.`user2ID` = :userID AND
`friendship`.`user1ID` = `user`.`userID`) AND
`user`.`role` != 'banned' AND
`friendship`.`status` = 'confirmed'
LIMIT :limitCount
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->bindParam(':limitCount', $limit, PDO::PARAM_INT);
$stmt->execute();
return json_encode($stmt->fetchAll());
}
function selectAllFriends($userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `fullname`,
IFNULL(
`profilepicture`,
'../img/avatar-standard.png'
@@ -39,22 +77,7 @@ function selectAllFriendRequests() {
SELECT
`userID`,
`username`,
CASE `status` IS NULL
WHEN TRUE THEN 0
WHEN FALSE THEN
CASE `status` = 'confirmed'
WHEN TRUE THEN
1
WHEN FALSE THEN
CASE `user1ID` = :userID
WHEN TRUE THEN
2
WHEN FALSE THEN
3
END
END
END AS `friend_state`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `fullname`,
IFNULL(
`profilepicture`,
'../img/avatar-standard.png'
@@ -82,6 +105,16 @@ function selectAllFriendRequests() {
}
function getFriendshipStatus($userID) {
# -2: Query failed.
# -1: user1 and 2 are the same user
# 0 : no record found
# 1 : confirmed
# 2 : user1 sent request (you)
# 3 : user2 sent request (other)
if($_SESSION["userID"] == $userID) {
return -1;
}
$stmt = $GLOBALS["db"]->prepare("
SELECT
CASE `status` IS NULL
@@ -108,8 +141,10 @@ function getFriendshipStatus($userID) {
$stmt->bindParam(':me', $_SESSION["userID"], PDO::PARAM_INT);
$stmt->bindParam(':other', $userID, PDO::PARAM_INT);
$stmt->execute();
return $stmt->fetch()["friend_state"];
if(!$stmt->execute()) {
return -2;
}
return intval($stmt->fetch()["friend_state"]);
}
function requestFriendship($userID) {
@@ -120,7 +155,7 @@ function requestFriendship($userID) {
$stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT);
$stmt->bindParam(':user2', $userID, PDO::PARAM_INT);
$stmt->execute();
return $stmt->execute();
}
function removeFriendship($userID) {
@@ -131,11 +166,12 @@ function removeFriendship($userID) {
`user2ID` = :user2 OR
`user1ID` = :user2 AND
`user2ID` = :user1
LIMIT 1
");
$stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT);
$stmt->bindParam(':user2', $userID, PDO::PARAM_INT);
$stmt->execute();
return $stmt->execute();
}
function acceptFriendship($userID) {
@@ -150,7 +186,7 @@ function acceptFriendship($userID) {
$stmt->bindParam(':user1', $userID, PDO::PARAM_INT);
$stmt->bindParam(':user2', $_SESSION["userID"], PDO::PARAM_INT);
$stmt->execute();
return $stmt->execute();
}
function setLastVisited($friend) {

9
website/queries/group_member.php
View File

@@ -1,6 +1,10 @@
<?php
function selectAllGroupsFromUser($userID) {
selectLimitedGroupsFromUser($userID, 9999);
}
function selectLimitedGroupsFromUser($userID, $limit) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`group_page`.`name`,
@@ -13,10 +17,13 @@ function selectAllGroupsFromUser($userID) {
`group_member`.`userID` = :userID AND
`group_member`.`groupID` = `group_page`.`groupID` AND
`group_page`.`status` != 'hidden'
LIMIT :limitCount
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->bindParam(':limitCount', $limit, PDO::PARAM_INT);
$stmt->execute();
return $stmt;
return json_encode($stmt->fetchAll());
}

15
website/queries/private_message.php
View File

@@ -79,11 +79,11 @@ function getNewChatMessages($lastID, $destination) {
function selectAllUnreadChat() {
$stmt = $GLOBALS["db"]->prepare("
SELECT
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `fullname`,
`user`.`userID`,
IFNULL(
`profilepicture`,
'../img/notbad.jpg'
`profilepicture`,
'../img/notbad.jpg'
) AS profilepicture,
LEFT(`private_message`.`content`, 15) as `content`
FROM
@@ -93,15 +93,18 @@ function selectAllUnreadChat() {
WHERE
(`friendship`.user2ID = `private_message`.`origin` AND
`friendship`.user1ID = `private_message`.`destination` AND
`friendship`.chatLastVisted1 < `private_message`.`creationdate` OR
(`friendship`.chatLastVisted1 < `private_message`.`creationdate` OR
`friendship`.chatLastVisted1 IS NULL) OR
`friendship`.user1ID = `private_message`.`origin` AND
`friendship`.user2ID = `private_message`.`destination` AND
`friendship`.chatLastVisted2 < `private_message`.`creationdate`) AND
`friendship`.user2ID = `private_message`.`destination` AND
(`friendship`.chatLastVisted2 < `private_message`.`creationdate` OR
`friendship`.chatLastVisted2 IS NULL)) AND
`private_message`.`origin` = `user`.`userID` AND
`private_message`.`destination` = :userID AND
`user`.`role` != 'banned'
GROUP BY `user`.`userID`
");
$stmt->bindParam(':userID', $_SESSION["userID"]);

16
website/queries/register.php
View File

@@ -32,6 +32,22 @@ function getExistingEmail() {
}
function getResetEmail() {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`email`
FROM
`user`
WHERE
`email` LIKE :email
");
$stmt->bindParam(":email", $_POST["forgotEmail"]);
$stmt->execute();
return $stmt->rowCount();
}
function registerAccount() {
$stmt = $GLOBALS["db"]->prepare("
INSERT INTO

54
website/queries/requestpassword.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
include_once "../queries/connect.php";
function sendPasswordRecovery(string $email) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`
FROM
`user`
WHERE
`email` = :email
");
$stmt->bindParam(":email", $email);
$stmt->execute();
if (!$stmt->rowCount()) {
return;
}
$result = $stmt->fetch();
$userID = $result["userID"];
$username = $result["username"];
$hash = md5(random_int(0, 1000000));
$hashedHash = password_hash($hash, PASSWORD_DEFAULT);
setHashToDatabase($userID, $hash);
doSendPasswordRecovery($userID, $email, $username, $hashedHash);
} else {
// TODO: Be angry!
}
}
function doSendPasswordRecovery(int $userID, string $email, string $username, string $hash) {
$resetLink = "https://myhyvesbookplus.nl/resetpassword.php?u=$userID&h=$hash";
$subject = "Reset uw wachtwoord";
$body = "Hallo $username,\r\n\r\nKlik op de onderstaande link om uw wachtwoord te resetten.\r\n\r\n$resetLink\r\n\r\nGroeten MyHyvesbook+";
$header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
mail($email, $subject, $body, $header);
}
function setHashToDatabase(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`password` = :hash
WHERE
`userID` = :userID
");
$stmt->bindParam(":hash", $hash);
$stmt->bindParam(":userID", $userID);
$stmt->execute();
return $stmt->rowCount();
}

6
website/queries/user.php
View File

@@ -108,7 +108,7 @@ function selectAllUserPosts($userID) {
`postID`,
`author`,
`title`,
CASE LENGTH(`content`) >= 150
CASE LENGTH(`content`) >= 150 AND `content` NOT LIKE '<img%'
WHEN TRUE THEN
CONCAT(LEFT(`content`, 150), '...')
WHEN FALSE THEN
@@ -126,7 +126,9 @@ function selectAllUserPosts($userID) {
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->execute();
if(!$stmt->execute()) {
return False;
}
return $stmt;
}