From f8c9454b85a2e85961e9421555f8c0d7054f3b3c Mon Sep 17 00:00:00 2001 From: Lars van Hijfte Date: Thu, 2 Feb 2017 17:43:32 +0100 Subject: [PATCH 1/5] empty SessionID sends the user to login page If the session is empty, it now sends you to the login page with a safed url so it can revert you back to the right page after login --- website/public/API/deletePost.php | 8 ++++---- website/public/API/postComment.php | 8 ++++---- website/public/API/postPost.php | 7 ++++--- website/public/API/sendMessage.php | 7 ++++--- website/public/js/chat.js | 2 ++ website/public/js/main.js | 5 ++--- website/public/js/masonry.js | 10 +++++++++- website/public/js/post.js | 4 ++++ website/public/styles/post-popup.css | 2 +- website/views/head.php | 4 ++-- website/views/post-view.php | 17 ++++++++--------- 11 files changed, 44 insertions(+), 30 deletions(-) diff --git a/website/public/API/deletePost.php b/website/public/API/deletePost.php index fffadf5..37f89a1 100644 --- a/website/public/API/deletePost.php +++ b/website/public/API/deletePost.php @@ -3,10 +3,10 @@ session_start(); require_once "../../queries/post.php"; require_once "../../queries/user.php"; - -if (isset($_SESSION["userID"]) and - getRoleByID($_SESSION["userID"]) != 'frozen' and - getRoleByID($_SESSION["userID"]) != 'banned') { +if (!isset($_SESSION["userID"])) { + echo "logged out"; +} else if (getRoleByID($_SESSION["userID"]) != 'frozen' and + getRoleByID($_SESSION["userID"]) != 'banned') { if (empty($_POST["postID"]) or empty($_SESSION["userID"])) { header('HTTP/1.1 500 Non enough arguments'); diff --git a/website/public/API/postComment.php b/website/public/API/postComment.php index 3864cc8..c9f8a53 100644 --- a/website/public/API/postComment.php +++ b/website/public/API/postComment.php @@ -7,10 +7,10 @@ require_once("../../queries/connect.php"); require_once("../../queries/checkInput.php"); require_once("../../queries/user.php"); - -if (isset($_SESSION["userID"]) && - getRoleByID($_SESSION["userID"]) != 'frozen' && - getRoleByID($_SESSION["userID"]) != 'banned') { +if (!isset($_SESSION["userID"])) { + echo "logged out"; +} else if (getRoleByID($_SESSION["userID"]) != 'frozen' && + getRoleByID($_SESSION["userID"]) != 'banned') { if ($_POST['button'] == 'reaction') { if (empty($_POST['newcomment-content'])) { echo 0; diff --git a/website/public/API/postPost.php b/website/public/API/postPost.php index 241bda6..2d703d3 100644 --- a/website/public/API/postPost.php +++ b/website/public/API/postPost.php @@ -8,9 +8,10 @@ require_once("../../queries/connect.php"); require_once("../../queries/checkInput.php"); require_once("../../queries/user.php"); -if (isset($_SESSION["userID"]) && - getRoleByID($_SESSION["userID"]) != 'frozen' && - getRoleByID($_SESSION["userID"]) != 'banned') { +if (!isset($_SESSION["userID"])) { + echo "logged out"; +} else if (getRoleByID($_SESSION["userID"]) != 'frozen' && + getRoleByID($_SESSION["userID"]) != 'banned') { if (empty($_SESSION["userID"])) { header('HTTP/1.1 500 Non enough arguments'); diff --git a/website/public/API/sendMessage.php b/website/public/API/sendMessage.php index c6e3231..a2d411b 100644 --- a/website/public/API/sendMessage.php +++ b/website/public/API/sendMessage.php @@ -7,9 +7,10 @@ require_once("../../queries/checkInput.php"); require_once("../../queries/user.php"); // Check if the user is allowed to send a message. -if (isset($_SESSION["userID"]) && - getRoleByID($_SESSION["userID"]) != 'frozen' && - getRoleByID($_SESSION["userID"]) != 'banned') { +if (!isset($_SESSION["userID"])) { + echo "logged out"; +} else if (getRoleByID($_SESSION["userID"]) != 'frozen' && + getRoleByID($_SESSION["userID"]) != 'banned') { if (!empty(test_input($_POST["destination"])) && !empty(test_input($_POST["content"])) ) { diff --git a/website/public/js/chat.js b/website/public/js/chat.js index a3ff430..f431b91 100644 --- a/website/public/js/chat.js +++ b/website/public/js/chat.js @@ -43,6 +43,8 @@ function sendMessage() { ).done(function(response) { if (response == "frozen") { alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denkt dat dit onjuist is."); + } else if (response == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; } // Load messages if the message has been send, so it shows in the chat. loadMessages(); diff --git a/website/public/js/main.js b/website/public/js/main.js index 30cd3ed..2ce58e4 100644 --- a/website/public/js/main.js +++ b/website/public/js/main.js @@ -3,8 +3,7 @@ var months = ["januari", "februari", "maart", "april", "mei", "juni", "juli", "a function fancyText(text) { // Add links, images, gifs and (youtube) video's. - var regex = /(https?:\/\/.[^ <>"]*)/ig; - text = text.replace(regex, function(link) { + text = text.replace(/(https?:\/\/.[^ \n<>"]*)/ig, function(link) { // Add images if (link.match(/(https?:\/\/.[^ ]*\.(?:png|jpg|jpeg|gif))/ig)) { return "" + link + ""; @@ -39,7 +38,7 @@ function fancyText(text) { } // This function gets the value of a cookie when given a key. -// If didn´t find any compatible cookie, it returns false. +// If it didn´t find any compatible cookie, it returns false. function getCookie(key) { cookies = document.cookie.split("; "); for (var i in cookies) { diff --git a/website/public/js/masonry.js b/website/public/js/masonry.js index a628e96..d43577b 100644 --- a/website/public/js/masonry.js +++ b/website/public/js/masonry.js @@ -26,7 +26,7 @@ function requestPost(postID) { function postPost() { title = $("input.newpost[name='title']").val(); content = $("textarea.newpost[name='content']").val(); - + console.log(masonryMode); if (masonryMode == 2) { $.post("API/postPost.php", { title: title, content : content, @@ -36,6 +36,10 @@ function postPost() { $('#alertbox').show(); $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in."); window.scrollTo(0,0); + } else if (data == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; + } else if (data == "frozen") { + alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is."); } else { $('#alertbox').hide(); masonry(masonryMode); @@ -49,6 +53,10 @@ function postPost() { $('#alertbox').show(); $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in."); window.scrollTo(0,0); + } else if (data == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; + } else if (data == "frozen") { + alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is."); } else { $('#alertbox').hide(); masonry(masonryMode); diff --git a/website/public/js/post.js b/website/public/js/post.js index 4009023..4f77d4d 100644 --- a/website/public/js/post.js +++ b/website/public/js/post.js @@ -8,6 +8,8 @@ function postComment(buttonValue) { ).done(function (response) { if (response == "frozen") { alert("Je account is bevroren, dus je kan geen comments plaatsen of \"niet slechten\". Contacteer een admin als je denkt dat dit onjuist is."); + } else if (response == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; } }); @@ -30,6 +32,8 @@ function deletePost(postID) { ).done(function (response) { if (response == "frozen") { alert("Je account is bevroren, dus je kan geen posts verwijderen. Contacteer een admin als je denkt dat dit onjuist is."); + } else if (response == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; } }); closeModal(); diff --git a/website/public/styles/post-popup.css b/website/public/styles/post-popup.css index 24badcb..9493b83 100644 --- a/website/public/styles/post-popup.css +++ b/website/public/styles/post-popup.css @@ -91,7 +91,7 @@ .deleteButton { background-color: firebrick; - + float: right; } .deleteButton i { diff --git a/website/views/head.php b/website/views/head.php index f831f5d..52bcab8 100644 --- a/website/views/head.php +++ b/website/views/head.php @@ -26,8 +26,8 @@ require_once ("../queries/user.php"); session_start(); -if(!isset($_SESSION["userID"])){ - header("location:login.php"); +if(!isset($_SESSION["userID"])) { + header("location:login.php?url=" . "$_SERVER[REQUEST_URI]"); } else { updateLastActivity(); } diff --git a/website/views/post-view.php b/website/views/post-view.php index f8fe902..717e6a8 100644 --- a/website/views/post-view.php +++ b/website/views/post-view.php @@ -5,14 +5,6 @@ $fullname = $post['fname'] . " " . $post['lname'] . " (" . $post['username'] . " ?>

- -
- gepost door , '> @@ -20,7 +12,14 @@ $fullname = $post['fname'] . " " . $post['lname'] . " (" . $post['username'] . "
- + +
+

From b206d243b905ad614f2542bb582d06fa1369ff58 Mon Sep 17 00:00:00 2001 From: Lars van Hijfte Date: Thu, 2 Feb 2017 18:17:58 +0100 Subject: [PATCH 2/5] Validator fixes Changes chat, profile and settings pages so it is compatible with the validator of w3 --- website/public/styles/main.css | 2 -- website/public/styles/profile.css | 1 - website/views/group.php | 2 +- website/views/header.php | 4 ++-- website/views/profile.php | 26 ++++++++++++-------------- website/views/settings-view.php | 8 ++++---- 6 files changed, 19 insertions(+), 24 deletions(-) diff --git a/website/public/styles/main.css b/website/public/styles/main.css index 650a30f..5bb7b1d 100644 --- a/website/public/styles/main.css +++ b/website/public/styles/main.css @@ -256,8 +256,6 @@ div[data-title]:hover:after { top: 150%; z-index: 200; white-space: nowrap; - -moz-border-radius: 3px; - -webkit-border-radius: 3px; border-radius: 3px; box-shadow: 0 14px 28px rgba(0,0,0,0.25), 0 10px 10px rgba(0,0,0,0.22); background-color: #333; diff --git a/website/public/styles/profile.css b/website/public/styles/profile.css index 27ff7fd..2f857a4 100644 --- a/website/public/styles/profile.css +++ b/website/public/styles/profile.css @@ -71,7 +71,6 @@ .group-picture { border: none; - margin-right: 15px; } diff --git a/website/views/group.php b/website/views/group.php index b27f18c..250fc9f 100644 --- a/website/views/group.php +++ b/website/views/group.php @@ -1,6 +1,6 @@
- ">
+ <?= $group[" class="group-picture main-picture" src="">
diff --git a/website/views/header.php b/website/views/header.php index c1379fc..e13eca6 100644 --- a/website/views/header.php +++ b/website/views/header.php @@ -23,9 +23,9 @@ $userinfo = getHeaderInfo();
Hallo
- +
- "/> + <?= $userinfo[" id="own-profile-picture" class="profile-picture" src=""/>
diff --git a/website/views/profile.php b/website/views/profile.php index 4139099..62157f4 100644 --- a/website/views/profile.php +++ b/website/views/profile.php @@ -4,7 +4,7 @@
- " src="">
+ <?= $user[" class="profile-picture main-picture " src="">
"); + "
"); $buttonContainer.append( - ""); + "
"); - $buttonContainer.children().click(function() { + $buttonContainer.find("button").click(function() { if (isNaN(this.value)) editFriendship(userID, this.value); else if (this.value != "") diff --git a/website/public/js/groupButtons.js b/website/public/js/groupButtons.js index 549277d..caf3ab8 100644 --- a/website/public/js/groupButtons.js +++ b/website/public/js/groupButtons.js @@ -5,23 +5,23 @@ function placeGroupButtons() { if (data == 'none') { $buttonContainer.append( - ""); } else if (data == 'request') { $buttonContainer.append( - ""); } else if (data == 'admin') { $buttonContainer.append( - "" ); } else { $buttonContainer.append( - ""); } diff --git a/website/public/styles/post-popup.css b/website/public/styles/post-popup.css index 9493b83..e82129b 100644 --- a/website/public/styles/post-popup.css +++ b/website/public/styles/post-popup.css @@ -92,16 +92,4 @@ .deleteButton { background-color: firebrick; float: right; -} - -.deleteButton i { - display: inline-block; -} - -.deleteButton:hover span { - display: inline-block; -} - -.deleteButton span { - display: none; } \ No newline at end of file diff --git a/website/public/styles/profile.css b/website/public/styles/profile.css index 18e105e..8a93d12 100644 --- a/website/public/styles/profile.css +++ b/website/public/styles/profile.css @@ -27,16 +27,21 @@ display: inline-block; } +.friend-button-container div, .status-buttons-container div { + width: 200px; + display: inline-block; +} + .friend-button-container button, .status-buttons-container button, .group-button-container button { display: block; + float: right; margin: 7px 0; font-size: 18px; } - -.friend-button-container button, .status-buttons-container button, .group-button-fixed { - width: 200px; +.status-buttons-container button { + float: left; } .group-button-container button { @@ -76,19 +81,19 @@ border: none; } -.group-button-fancy span { +.fancy-button span { display: none; } -.group-button-fancy:hover { +.fancy-button:hover { text-align: right; } -.group-button-fancy i { +.fancy-button i { display: inline-block; } -.group-button-fancy:hover span { +.fancy-button:hover span { display: inline-block; margin-right: 5px; } diff --git a/website/views/post-view.php b/website/views/post-view.php index 717e6a8..fadc791 100644 --- a/website/views/post-view.php +++ b/website/views/post-view.php @@ -13,11 +13,11 @@ $fullname = $post['fname'] . " " . $post['lname'] . " (" . $post['username'] . "
-
diff --git a/website/views/profile.php b/website/views/profile.php index 62157f4..0cb5cc2 100644 --- a/website/views/profile.php +++ b/website/views/profile.php @@ -7,10 +7,16 @@ <?= $user[" class="profile-picture main-picture " src="">
- - +
+ +
+
+ +

:)

From 6d739a4480019709d6abe9addea37ade0ebbc34d Mon Sep 17 00:00:00 2001 From: Lars van Hijfte Date: Fri, 3 Feb 2017 00:24:38 +0100 Subject: [PATCH 4/5] Chat is now only loading the last 100 messages --- website/queries/private_message.php | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/website/queries/private_message.php b/website/queries/private_message.php index 3b88563..f2df887 100644 --- a/website/queries/private_message.php +++ b/website/queries/private_message.php @@ -6,18 +6,23 @@ function getOldChatMessages($user2ID) { if (getFriendshipStatus($user2ID) == 1) { $stmt = prepareQuery(" SELECT - * + * FROM - `private_message` - WHERE - `origin` = :user1 AND - `destination` = :user2 OR - `origin` = :user2 AND - `destination` = :user1 + (SELECT + * + FROM + `private_message` + WHERE + `origin` = :user1 AND + `destination` = :user2 OR + `origin` = :user2 AND + `destination` = :user1 + ORDER BY + `messageID` DESC + LIMIT + 100) sub ORDER BY - `creationdate` ASC - LIMIT - 100 + `messageID` ASC "); $stmt->bindParam(":user1", $user1ID); @@ -76,7 +81,7 @@ function getNewChatMessages($lastID, $destination) { `destination` = :user1) AND `messageID` > :lastID ORDER BY - `creationdate` ASC + `messageID` ASC "); $stmt->bindParam(':user1', $_SESSION["userID"]); From 02349dbe2846597ee77772bfef19eeb454455419 Mon Sep 17 00:00:00 2001 From: Lars van Hijfte Date: Fri, 3 Feb 2017 10:30:44 +0100 Subject: [PATCH 5/5] Changed description --- website/public/js/friendButtons.js | 4 ++-- website/views/head.php | 2 +- website/views/login_head.php | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/website/public/js/friendButtons.js b/website/public/js/friendButtons.js index 303ccf9..87222e9 100644 --- a/website/public/js/friendButtons.js +++ b/website/public/js/friendButtons.js @@ -53,12 +53,12 @@ function placeFriendButtons() { $buttonContainer.append( "
"); $buttonContainer.append( "
"); diff --git a/website/views/head.php b/website/views/head.php index 52bcab8..3ec8a79 100644 --- a/website/views/head.php +++ b/website/views/head.php @@ -1,5 +1,5 @@ - + MyHyvesbook+ diff --git a/website/views/login_head.php b/website/views/login_head.php index b4b2724..9e580df 100644 --- a/website/views/login_head.php +++ b/website/views/login_head.php @@ -1,6 +1,6 @@ - + MyHyvesbook+