From 4a7a91ecd964f1cb0827765078314d04ac6534dc Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Thu, 2 Feb 2017 14:20:17 +0100
Subject: [PATCH 1/3] Fixed bug (not showing profile when on own profile)

---
 website/public/profile.php | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/website/public/profile.php b/website/public/profile.php
index d9a317c..aa4cf7c 100644
--- a/website/public/profile.php
+++ b/website/public/profile.php
@@ -21,19 +21,14 @@ include_once("../queries/calcAge.php");
 
 if(empty($_GET["username"])) {
     $userID = $_SESSION["userID"];
-    $showProfile = True;
 } else {
     $userID = getUserID($_GET["username"]);
-    $showProfile = False;
 }
 
 $user = selectUser($_SESSION["userID"], $userID);
 $profile_friends = selectAllFriends($userID);
 $profile_groups = selectAllUserGroups($userID);
-$showProfile = $showProfile || $user["showProfile"] || ($user["status"] == 'confirmed');
-echo " friendship status: " . $user["status"];
-echo " showprofile: $showProfile";
-echo " userID: " . $user["userID"];
+$showProfile = $user["showProfile"] || ($user["status"] == 'confirmed') || $_SESSION["userID"] == $userID;
 
 
 if ($userID == $_SESSION["userID"]) {

From 8a3cfebf55bbc8380034c25741f52682beb2b9aa Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Thu, 2 Feb 2017 15:34:45 +0100
Subject: [PATCH 2/3] Redirect to 404 from profile and group

---
 website/public/group.php       | 9 ++++++++-
 website/public/profile.php     | 7 ++++++-
 website/queries/group_page.php | 7 ++++++-
 website/queries/user.php       | 4 +++-
 4 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/website/public/group.php b/website/public/group.php
index bb393e3..84726fa 100644
--- a/website/public/group.php
+++ b/website/public/group.php
@@ -13,9 +13,16 @@
 
 include_once("../queries/group_page.php");
 
-$group = selectGroupByName($_GET["groupname"]);
+if(!$group = selectGroupByName($_GET["groupname"])) {
+    header("HTTP/1.0 404 Not Found");
+    header("Location: error/404.php");
+    die();
+}
+
+
 $members = selectGroupMembers($group["groupID"]);
 
+
 /*
  * This view adds the main layout over the screen.
  * Header, menu, footer.
diff --git a/website/public/profile.php b/website/public/profile.php
index aa4cf7c..126c87f 100644
--- a/website/public/profile.php
+++ b/website/public/profile.php
@@ -25,7 +25,12 @@ if(empty($_GET["username"])) {
     $userID = getUserID($_GET["username"]);
 }
 
-$user = selectUser($_SESSION["userID"], $userID);
+if(!$user = selectUser($_SESSION["userID"], $userID)) {
+    header("HTTP/1.0 404 Not Found");
+    header("Location: error/404.php");
+    die();
+}
+
 $profile_friends = selectAllFriends($userID);
 $profile_groups = selectAllUserGroups($userID);
 $showProfile = $user["showProfile"] || ($user["status"] == 'confirmed') || $_SESSION["userID"] == $userID;
diff --git a/website/queries/group_page.php b/website/queries/group_page.php
index f2f028f..a6676c4 100644
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -33,7 +33,12 @@ function selectGroupByName($name) {
     if (!$stmt->execute()) {
         return False;
     }
-    return $stmt->fetch();
+    $row = $stmt->fetch();
+    if($row["groupID"] == null) {
+        return False;
+    }
+
+    return $row;
 }
 
 function selectGroupRole(int $groupID) {
diff --git a/website/queries/user.php b/website/queries/user.php
index 972937d..836c956 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -101,7 +101,9 @@ function selectUser($me, $other) {
 
     $stmt->bindParam(':me', $me, PDO::PARAM_INT);
     $stmt->bindParam(':other', $other, PDO::PARAM_INT);
-    $stmt->execute();
+    if(!$stmt->execute() || $stmt->rowCount() == 0) {
+        return False;
+    }
     return $stmt->fetch();
 }
 

From 1c53eab2fa77c02aaeb7340a38b053d38c0cf335 Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Thu, 2 Feb 2017 15:50:12 +0100
Subject: [PATCH 3/3] Fixed user group list on profile page.

---
 website/queries/user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/queries/user.php b/website/queries/user.php
index 06487be..422edc4 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -122,7 +122,7 @@ function selectAllUserGroups($userID) {
             `group_page`.`groupID` = `group_member`.`groupID`
         WHERE
             `userID` = :userID AND
-            `role` = 'member'
+            `role` IN ('member', 'mod', 'admin')
     ");
 
     $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);