MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Redirect to 404 from profile and group

Browse Source
This commit is contained in:
K. Nobel
2017-02-02 15:34:45 +01:00
parent 4a7a91ecd9
commit 8a3cfebf55
4 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
website/public/group.php
View File

@@ -13,9 +13,16 @@
include_once("../queries/group_page.php"); include_once("../queries/group_page.php");
$group = selectGroupByName($_GET["groupname"]); if(!$group = selectGroupByName($_GET["groupname"])) {
header("HTTP/1.0 404 Not Found");
header("Location: error/404.php");
die();
}
$members = selectGroupMembers($group["groupID"]); $members = selectGroupMembers($group["groupID"]);
/* /*
* This view adds the main layout over the screen. * This view adds the main layout over the screen.
* Header, menu, footer. * Header, menu, footer.

7
website/public/profile.php
View File

@@ -25,7 +25,12 @@ if(empty($_GET["username"])) {
$userID = getUserID($_GET["username"]); $userID = getUserID($_GET["username"]);
} }
$user = selectUser($_SESSION["userID"], $userID); if(!$user = selectUser($_SESSION["userID"], $userID)) {
header("HTTP/1.0 404 Not Found");
header("Location: error/404.php");
die();
}
$profile_friends = selectAllFriends($userID); $profile_friends = selectAllFriends($userID);
$profile_groups = selectAllUserGroups($userID); $profile_groups = selectAllUserGroups($userID);
$showProfile = $user["showProfile"] || ($user["status"] == 'confirmed') || $_SESSION["userID"] == $userID; $showProfile = $user["showProfile"] || ($user["status"] == 'confirmed') || $_SESSION["userID"] == $userID;

7
website/queries/group_page.php
View File

@@ -33,7 +33,12 @@ function selectGroupByName($name) {
if (!$stmt->execute()) { if (!$stmt->execute()) {
return False; return False;
} }
return $stmt->fetch(); $row = $stmt->fetch();
if($row["groupID"] == null) {
return False;
}
return $row;
} }
function selectGroupRole(int $groupID) { function selectGroupRole(int $groupID) {

4
website/queries/user.php
View File

@@ -101,7 +101,9 @@ function selectUser($me, $other) {
$stmt->bindParam(':me', $me, PDO::PARAM_INT); $stmt->bindParam(':me', $me, PDO::PARAM_INT);
$stmt->bindParam(':other', $other, PDO::PARAM_INT); $stmt->bindParam(':other', $other, PDO::PARAM_INT);
$stmt->execute(); if(!$stmt->execute() || $stmt->rowCount() == 0) {
return False;
}
return $stmt->fetch(); return $stmt->fetch();
} }