Merge branch 'master' into joey-testing

website/queries/group_page.php

@@ -193,7 +193,9 @@ function search20GroupsFromNByStatus($n, $keyword, $status) {
     return $q;
 }
 
-function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
+function searchSomeGroupsByStatus($n, $m, $search, $status) {
+//    parentheses not needed in where clause, for clarity as
+//      role search should override status filter.
     $q = prepareQuery("
     SELECT
         `groupID`,
@@ -203,16 +205,18 @@ function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
     FROM
         `group_page`
     WHERE
-        `name` LIKE :keyword AND
-        FIND_IN_SET (`status`, :statuses)
+        (`name` LIKE :keyword AND
+        FIND_IN_SET (`status`, :statuses)) OR 
+        `status` = :search
     ORDER BY
         `name`
     LIMIT
         :n, :m
     ");
 
-    $keyword = "%$keyword%";
+    $keyword = "%$search%";
     $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':search', $search);
     $q->bindParam(':n', $n, PDO::PARAM_INT);
     $q->bindParam(':m', $m, PDO::PARAM_INT);
     $statuses = implode(',', $status);
@@ -221,21 +225,23 @@ function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
     return $q;
 }
 
-function countSomeGroupsByStatus($keyword, $status) {
+function countSomeGroupsByStatus($search, $status) {
     $q = prepareQuery("
     SELECT
         COUNT(*)
     FROM
         `group_page`
     WHERE
-        `name` LIKE :keyword AND
-        FIND_IN_SET (`status`, :statuses)
+        (`name` LIKE :keyword AND
+        FIND_IN_SET (`status`, :statuses)) OR 
+        `status` = :search
     ORDER BY
         `name`
     ");
 
-    $keyword = "%$keyword%";
+    $keyword = "%$search%";
     $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':search', $search);
     $statuses = implode(',', $status);
     $q->bindParam(':statuses', $statuses);
     $q->execute();

website/queries/post.php

@@ -46,6 +46,57 @@ function selectAllPosts($userID, $groupID) {
 
 }
 
+function selectSomePosts($userID, $groupID, $offset, $limit) {
+    $stmt = prepareQuery("
+        SELECT
+          `post`.`postID`,
+          `post`.`author`,
+          `title`,
+          CASE LENGTH(`post`.`content`) >= 150 AND `post`.`content` NOT LIKE '<img%'
+          WHEN TRUE THEN
+            CONCAT(LEFT(`post`.`content`, 150), '...')
+          WHEN FALSE THEN
+            `post`.`content`
+          END
+                                        AS `content`,
+          `post`.`creationdate`,
+          COUNT(DISTINCT `commentID`) AS `comments`,
+          COUNT(DISTINCT `niet_slecht`.`postID`) AS `niet_slechts`
+        FROM
+          `post`
+          LEFT JOIN
+          `niet_slecht`
+            ON
+              `post`.`postID` = `niet_slecht`.`postID`
+          LEFT JOIN
+          `comment`
+            ON
+              `post`.`postID` = `comment`.`postID`
+        WHERE
+          `post`.`author` = :userID AND
+          `groupID` IS NULL OR
+          `groupID` = :groupID
+        GROUP BY
+          `post`.`postID`
+        ORDER BY
+          `post`.`creationdate` DESC
+        LIMIT 
+          :offset, :limit
+    ");
+    $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
+    $stmt->bindParam(':groupID', $groupID , PDO::PARAM_INT);
+    $stmt->bindParam(':offset', intval($offset), PDO::PARAM_INT);
+    $stmt->bindParam(':limit', intval($limit), PDO::PARAM_INT);
+    if(!$stmt->execute()) {
+        return False;
+    }
+    if($stmt->rowCount() == 0) {
+        return False;
+    }
+    return $stmt;
+
+}
+
 function selectPostById($postID) {
     $stmt = prepareQuery("
         SELECT
@@ -192,3 +243,56 @@ function deleteNietSlecht(int $postID, int $userID) {
     $stmt->execute();
     return $stmt->rowCount();
 }
+
+function deletePost(int $postID, int $userID) {
+    if (checkPermissionOnPost($postID, $userID)) {
+        $stmt = prepareQuery("
+        DELETE FROM
+            `post`
+        WHERE
+            `postID` = :postID
+        ");
+        $stmt->bindParam(":postID", $postID);
+        $stmt->execute();
+    }
+}
+
+function checkPermissionOnPost(int $postID, int $userID) : bool {
+    $getGroupID = prepareQuery("
+    SELECT
+        `author`,
+        `groupID`
+    FROM
+        `post`
+    WHERE
+        `postID` = :postID
+    ");
+    $getGroupID->bindParam(":postID", $postID);
+    $getGroupID->execute();
+    $postinfo = $getGroupID->fetch();
+
+    if ($postinfo["groupID"] == null) {
+        // User post
+        return ($userID == $postinfo["author"]);
+    } else {
+        // Group post
+        $roleInGroup = getRoleInGroup($userID, $postinfo["groupID"]);
+        return ($roleInGroup == "mod" or $roleInGroup == "admin");
+    }
+}
+
+function getRoleInGroup(int $userID, int $groupID) {
+    $stmt = prepareQuery("
+    SELECT
+        `role`
+    FROM
+        `group_member`
+    WHERE
+      `userID` = :userID AND
+      `groupID` = :groupID
+    ");
+    $stmt->bindParam(":userID", $userID);
+    $stmt->bindParam(":groupID", $groupID);
+    $stmt->execute();
+    return $stmt->fetch()["role"];
+}

website/queries/settings.php

@@ -18,7 +18,8 @@ function getSettings() {
       `bio`,
       `profilepicture`,
       `showBday`,
-      `showEmail`
+      `showEmail`,
+      `showProfile`
     FROM
       `user`
     WHERE
@@ -64,7 +65,8 @@ function updateSettings() {
       `birthdate` = :bday,
       `bio` = :bio,
       `showEmail` = :showEmail,
-      `showBday` = :showBday
+      `showBday` = :showBday,
+      `showProfile` = :showProfile
     WHERE
       `userID` = :userID
     ");
@@ -79,6 +81,7 @@ function updateSettings() {
     $stmt->bindValue(":bio", test_input($_POST["bio"]));
     $stmt->bindValue(":showEmail", (array_key_exists("showEmail", $_POST) ? "1" : "0"));
     $stmt->bindValue(":showBday", (array_key_exists("showBday", $_POST) ? "1" : "0"));
+    $stmt->bindValue(":showProfile", (array_key_exists("showProfile", $_POST) ? "1" : "0"));
 
     $stmt->bindValue(":userID", $_SESSION["userID"]);
     $stmt->execute();

website/queries/user.php

@@ -205,7 +205,9 @@ function search20UsersFromNByStatus($n, $keyword, $status) {
     return $q;
 }
 
-function searchSomeUsersByStatus($n, $m, $keyword, $status) {
+function searchSomeUsersByStatus($n, $m, $search, $status) {
+//    parentheses not needed in where clause, for clarity as
+//      role search should override status filter.
     $q = prepareQuery("
     SELECT
         `userID`,
@@ -219,8 +221,9 @@ function searchSomeUsersByStatus($n, $m, $keyword, $status) {
     FROM
         `user`
     WHERE
-        `username` LIKE :keyword AND
-        FIND_IN_SET (`role`, :statuses)
+        (`username` LIKE :keyword AND
+        FIND_IN_SET (`role`, :statuses)) OR 
+        `role` = :search
     ORDER BY
         `role`,
         `username`
@@ -228,8 +231,9 @@ function searchSomeUsersByStatus($n, $m, $keyword, $status) {
         :n, :m
     ");
 
-    $keyword = "%$keyword%";
+    $keyword = "%$search%";
     $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':search', $search);
     $q->bindParam(':n', $n, PDO::PARAM_INT);
     $q->bindParam(':m', $m, PDO::PARAM_INT);
     $statuses = implode(',', $status);
@@ -238,22 +242,24 @@ function searchSomeUsersByStatus($n, $m, $keyword, $status) {
     return $q;
 }
 
-function countSomeUsersByStatus($keyword, $status) {
+function countSomeUsersByStatus($search, $status) {
     $q = prepareQuery("
     SELECT
         COUNT(*)
     FROM
         `user`
     WHERE
-        `username` LIKE :keyword AND
-        FIND_IN_SET (`role`, :statuses)
+        (`username` LIKE :keyword AND
+        FIND_IN_SET (`role`, :statuses)) OR 
+        `role` = :search
     ORDER BY
         `role`,
         `username`
     ");
 
-    $keyword = "%$keyword%";
+    $keyword = "%$search%";
     $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':search', $search);
     $statuses = implode(',', $status);
     $q->bindParam(':statuses', $statuses);
     $q->execute();