Merge branch 'kevin-prototype' into 'master'
Redirect to 404 from profile and group See merge request !190
This commit was merged in pull request #194.
This commit is contained in:
Lars van Hijfte
@@ -13,9 +13,16 @@
|
|||||||
|
|
||||||
include_once("../queries/group_page.php");
|
include_once("../queries/group_page.php");
|
||||||
|
|
||||||
$group = selectGroupByName($_GET["groupname"]);
|
if(!$group = selectGroupByName($_GET["groupname"])) {
|
||||||
|
header("HTTP/1.0 404 Not Found");
|
||||||
|
header("Location: error/404.php");
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
$members = selectGroupMembers($group["groupID"]);
|
$members = selectGroupMembers($group["groupID"]);
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This view adds the main layout over the screen.
|
* This view adds the main layout over the screen.
|
||||||
* Header, menu, footer.
|
* Header, menu, footer.
|
||||||
|
|||||||
@@ -21,19 +21,19 @@ include_once("../queries/calcAge.php");
|
|||||||
|
|
||||||
if(empty($_GET["username"])) {
|
if(empty($_GET["username"])) {
|
||||||
$userID = $_SESSION["userID"];
|
$userID = $_SESSION["userID"];
|
||||||
$showProfile = True;
|
|
||||||
} else {
|
} else {
|
||||||
$userID = getUserID($_GET["username"]);
|
$userID = getUserID($_GET["username"]);
|
||||||
$showProfile = False;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = selectUser($_SESSION["userID"], $userID);
|
if(!$user = selectUser($_SESSION["userID"], $userID)) {
|
||||||
|
header("HTTP/1.0 404 Not Found");
|
||||||
|
header("Location: error/404.php");
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
$profile_friends = selectAllFriends($userID);
|
$profile_friends = selectAllFriends($userID);
|
||||||
$profile_groups = selectAllUserGroups($userID);
|
$profile_groups = selectAllUserGroups($userID);
|
||||||
$showProfile = $showProfile || $user["showProfile"] || ($user["status"] == 'confirmed');
|
$showProfile = $user["showProfile"] || ($user["status"] == 'confirmed') || $_SESSION["userID"] == $userID;
|
||||||
echo " friendship status: " . $user["status"];
|
|
||||||
echo " showprofile: $showProfile";
|
|
||||||
echo " userID: " . $user["userID"];
|
|
||||||
|
|
||||||
|
|
||||||
if ($userID == $_SESSION["userID"]) {
|
if ($userID == $_SESSION["userID"]) {
|
||||||
|
|||||||
@@ -33,7 +33,12 @@ function selectGroupByName($name) {
|
|||||||
if (!$stmt->execute()) {
|
if (!$stmt->execute()) {
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
return $stmt->fetch();
|
$row = $stmt->fetch();
|
||||||
|
if($row["groupID"] == null) {
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $row;
|
||||||
}
|
}
|
||||||
|
|
||||||
function selectGroupRole(int $groupID) {
|
function selectGroupRole(int $groupID) {
|
||||||
|
|||||||
@@ -101,7 +101,9 @@ function selectUser($me, $other) {
|
|||||||
|
|
||||||
$stmt->bindParam(':me', $me, PDO::PARAM_INT);
|
$stmt->bindParam(':me', $me, PDO::PARAM_INT);
|
||||||
$stmt->bindParam(':other', $other, PDO::PARAM_INT);
|
$stmt->bindParam(':other', $other, PDO::PARAM_INT);
|
||||||
$stmt->execute();
|
if(!$stmt->execute() || $stmt->rowCount() == 0) {
|
||||||
|
return False;
|
||||||
|
}
|
||||||
return $stmt->fetch();
|
return $stmt->fetch();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -120,7 +122,7 @@ function selectAllUserGroups($userID) {
|
|||||||
`group_page`.`groupID` = `group_member`.`groupID`
|
`group_page`.`groupID` = `group_member`.`groupID`
|
||||||
WHERE
|
WHERE
|
||||||
`userID` = :userID AND
|
`userID` = :userID AND
|
||||||
`role` = 'member'
|
`role` IN ('member', 'mod', 'admin')
|
||||||
");
|
");
|
||||||
|
|
||||||
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
|
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
|
||||||
|
|||||||
Reference in New Issue
Block a user