From 7bf8a16cf0c306303db1b1ae3179beb71fe3e39c Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 24 Jan 2017 17:06:39 +0100
Subject: [PATCH 01/12] Dingen door elkaar

---
 website/public/{ => API}/edit_friendship.php |  5 ++--
 website/public/js/notifications.js           | 24 ++++++++++++++---
 website/public/styles/menu.css               | 28 ++++++++++++++++++++
 website/queries/private_message.php          |  1 +
 website/views/chat-view.php                  |  7 ++++-
 website/views/loadFriends.php                |  3 +++
 6 files changed, 61 insertions(+), 7 deletions(-)
 rename website/public/{ => API}/edit_friendship.php (91%)
 create mode 100644 website/views/loadFriends.php

diff --git a/website/public/edit_friendship.php b/website/public/API/edit_friendship.php
similarity index 91%
rename from website/public/edit_friendship.php
rename to website/public/API/edit_friendship.php
index d88e264..0a08066 100644
--- a/website/public/edit_friendship.php
+++ b/website/public/API/edit_friendship.php
@@ -1,7 +1,8 @@
 <?php
 session_start();
-require("../queries/friendship.php");
-require("../queries/user.php");
+
+require("../../queries/friendship.php");
+require("../../queries/user.php");
 
 if(empty($_POST["userID"]) OR empty($_POST["delete"]) AND empty($_POST["accept"]) AND empty($_POST["request"])) {
     echo "Not enough arguments.";
diff --git a/website/public/js/notifications.js b/website/public/js/notifications.js
index e3476b2..aacff71 100644
--- a/website/public/js/notifications.js
+++ b/website/public/js/notifications.js
@@ -2,8 +2,8 @@ function showFriendNotifications(notifications) {
     $("#friendrequestslist").html("");
     for (i in notifications) {
         $("#friendrequestslist").append(" \
-            <li class='friend-item $extraItem'> \
-                <form action='profile.php' method='get'> \
+            <li class='friend-item'> \
+                <form action='profile.php' method='post'> \
                     <button type='submit' \
                             name='username' \
                             value='"+ notifications[i].username +"'> \
@@ -13,6 +13,22 @@ function showFriendNotifications(notifications) {
                         </div> \
                     </button> \
                 </form> \
+                <div class='notification-options'>\
+                    <form action='API/edit_friendship.php' method='post'> \
+                        <button type='submit' \
+                                name='accept' \
+                                class='accept-notification' \
+                                value='"+ notifications[i].userID +"'> \
+                            <i class='fa fa-check'></i> \
+                        </button>\
+                        <button\
+                                name='delete' \
+                                class='deny-notification' \
+                                value='"+ notifications[i].userID +"'> \
+                            <i class='fa fa-times'></i> \
+                        </button> \
+                    <form>\
+                </div> \
             </li> \
         ");
     }
@@ -22,10 +38,10 @@ function showChatNotifications(notifications) {
     $("#unreadChatlist").html("");
     for (i in notifications) {
         $("#unreadChatlist").append(" \
-            <li class='friend-item $extraItem'> \
+            <li class='friend-item'> \
                 <form action='chat.php' method='get'> \
                     <button type='submit' \
-                            name='username' \
+                            name='chatID' \
                             value='"+ notifications[i].userID +"'> \
                         <div class='friend'> \
                             <img alt='PF' class='profile-picture' src='"+ notifications[i].profilepicture +"'/> \
diff --git a/website/public/styles/menu.css b/website/public/styles/menu.css
index ce294da..204acd0 100644
--- a/website/public/styles/menu.css
+++ b/website/public/styles/menu.css
@@ -63,4 +63,32 @@
 
 #quick-links i:hover {
     color: #FBC02D;
+}
+
+.notification-options {
+    display: none;
+    width: 100%;
+}
+
+.notification-options form {
+    width: 100%;
+    text-align: center;
+}
+
+.notification-options button {
+    display: inline-block;
+    padding: 5px 20px;
+    width: auto;
+}
+
+.accept-notification:hover {
+    color: #4CAF50;
+}
+
+.deny-notification:hover {
+    color: firebrick;
+}
+
+.friend-item:hover .notification-options {
+    display: inline-block;
 }
\ No newline at end of file
diff --git a/website/queries/private_message.php b/website/queries/private_message.php
index 4fbb55d..d40ee88 100644
--- a/website/queries/private_message.php
+++ b/website/queries/private_message.php
@@ -80,6 +80,7 @@ function selectAllUnreadChat() {
     $stmt = $GLOBALS["db"]->prepare("
     SELECT
       LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
+      `user`.`userID`,
       IFNULL(
         `profilepicture`,
         '../img/notbad.jpg'
diff --git a/website/views/chat-view.php b/website/views/chat-view.php
index 598b3ee..797e457 100644
--- a/website/views/chat-view.php
+++ b/website/views/chat-view.php
@@ -35,7 +35,12 @@
                                 </div>
                             </div>
                         </li>
-                ";
+                    ";
+                }
+
+                $chatID = $_GET["chatID"];
+                if (isset($chatID) && $chatID != "") {
+                    echo "<script>$(document).ready(function(){switchUser('$chatID')});</script>";
                 }
                 ?>
             </ul>
diff --git a/website/views/loadFriends.php b/website/views/loadFriends.php
new file mode 100644
index 0000000..b4cbaca
--- /dev/null
+++ b/website/views/loadFriends.php
@@ -0,0 +1,3 @@
+<?php
+
+echo json_encode(selectAllFriends($_SESSION["userID"])->fetchAll());
\ No newline at end of file

From 12ed710369ce6b0e469eee00a856b19eacd3ee8a Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 24 Jan 2017 17:10:12 +0100
Subject: [PATCH 02/12] Fixed API

---
 website/public/profile.php | 1 -
 website/views/profile.php  | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/website/public/profile.php b/website/public/profile.php
index 4f9d680..be71023 100644
--- a/website/public/profile.php
+++ b/website/public/profile.php
@@ -15,7 +15,6 @@ include("../queries/nicetime.php");
 
 if(empty($_GET["username"])) {
     $userID = $_SESSION["userID"];
-    echo "USERNAME NOT GIVEN";
 } else {
     $userID = getUserID($_GET["username"]);
 }
diff --git a/website/views/profile.php b/website/views/profile.php
index 0b2f4f2..07ccbee 100644
--- a/website/views/profile.php
+++ b/website/views/profile.php
@@ -2,7 +2,7 @@
     <div class="profile-box platform">
         <img class="left profile-picture" src="<?php echo $user["profilepicture"] ?>">
 
-        <form action="edit_friendship.php" method="post">
+        <form action="API/edit_friendship.php" method="post">
             <input type="hidden" name="userID" value="<?= $userID ?>">
         <?php
         if($userID != $_SESSION["userID"] AND $user["friend_status"] == 0) {

From 37d83169c6c5d4ef35e1cfe1c33f392242266795 Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Tue, 24 Jan 2017 17:31:39 +0100
Subject: [PATCH 03/12] In notification bar accept or deny

---
 website/public/API/edit_friendship.php |  2 +-
 website/public/js/notifications.js     | 22 ++++++++++++++--------
 website/queries/friendship.php         | 15 +++++++++++++++
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/website/public/API/edit_friendship.php b/website/public/API/edit_friendship.php
index 0a08066..52aacf5 100644
--- a/website/public/API/edit_friendship.php
+++ b/website/public/API/edit_friendship.php
@@ -28,4 +28,4 @@ if(!empty($_POST["request"]) AND $friendship_status == 0) {
 
 $username = getUsername($_POST["userID"]);
 
-header("Location: profile.php?username=$username");
\ No newline at end of file
+header("Location: ../profile.php?username=$username");
\ No newline at end of file
diff --git a/website/public/js/notifications.js b/website/public/js/notifications.js
index aacff71..afcaca0 100644
--- a/website/public/js/notifications.js
+++ b/website/public/js/notifications.js
@@ -1,9 +1,19 @@
 function showFriendNotifications(notifications) {
     $("#friendrequestslist").html("");
     for (i in notifications) {
+        var outgoing = "";
+        if (notifications[i].friend_state == "3") {
+            outgoing = "<button\
+                            name='accept' \
+                            class='accept-notification' \
+                            value='"+ notifications[i].userID +"'> \
+                        <i class='fa fa-check'></i> \
+                        </button>";
+        }
+
         $("#friendrequestslist").append(" \
             <li class='friend-item'> \
-                <form action='profile.php' method='post'> \
+                <form action='profile.php' method='get'> \
                     <button type='submit' \
                             name='username' \
                             value='"+ notifications[i].username +"'> \
@@ -15,18 +25,14 @@ function showFriendNotifications(notifications) {
                 </form> \
                 <div class='notification-options'>\
                     <form action='API/edit_friendship.php' method='post'> \
+                        <input type='hidden' name='userID' value='"+ notifications[i].userID +"' /> \
+                        "+ outgoing +" \
                         <button type='submit' \
-                                name='accept' \
-                                class='accept-notification' \
-                                value='"+ notifications[i].userID +"'> \
-                            <i class='fa fa-check'></i> \
-                        </button>\
-                        <button\
                                 name='delete' \
                                 class='deny-notification' \
                                 value='"+ notifications[i].userID +"'> \
                             <i class='fa fa-times'></i> \
-                        </button> \
+                        </button>\
                     <form>\
                 </div> \
             </li> \
diff --git a/website/queries/friendship.php b/website/queries/friendship.php
index d0279c9..cb35640 100644
--- a/website/queries/friendship.php
+++ b/website/queries/friendship.php
@@ -39,6 +39,21 @@ function selectAllFriendRequests() {
         SELECT
             `userID`,
             `username`,
+            CASE `status` IS NULL
+              WHEN TRUE THEN 0
+              WHEN FALSE THEN
+                CASE `status` = 'confirmed'
+                WHEN TRUE THEN
+                  1
+                WHEN FALSE THEN
+                  CASE `user1ID` = :userID
+                  WHEN TRUE THEN
+                    2
+                  WHEN FALSE THEN
+                    3
+                  END
+                END
+            END AS `friend_state`,
             LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
             IFNULL(
                 `profilepicture`,

From f7da87596a513cf8ae421e97e2123aa7a771bc88 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Wed, 25 Jan 2017 09:30:05 +0100
Subject: [PATCH 04/12] Added emailconfirm.php

---
 website/public/emailconfirm.php | 49 +++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 website/public/emailconfirm.php

diff --git a/website/public/emailconfirm.php b/website/public/emailconfirm.php
new file mode 100644
index 0000000..97eb2f6
--- /dev/null
+++ b/website/public/emailconfirm.php
@@ -0,0 +1,49 @@
+<?php
+include_once("../queries/connect.php");
+if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
+   $checkHash = $GLOBALS["db"]->prepare("
+   SELECT
+      `email`,
+      `role`
+   FROM
+      `user`
+   WHERE
+      `userID` = :userID
+   ");
+   $checkHash->bindParam(":userID", $_GET["u"]);
+   $checkHash->execute();
+   $result = $checkHash->fetch();
+   $email = $result["email"];
+   $role = $result["role"];
+   if ($role == "unconfirmed") {
+       doActivate($email);
+   } else {
+       echo "Ongeldige link.";
+   }
+
+} else {
+    echo "Ongeldige link.";
+}
+
+function doActivate(string $email) {
+    if (password_verify($email, $_GET["h"])) {
+        $confirmUser = $GLOBALS["db"]->prepare("
+        UPDATE
+            `user`
+        SET
+            `role` = :role
+        WHERE
+            `userID` = :userID
+        ");
+        $confirmUser->bindValue(":role", "user");
+        $confirmUser->bindParam(":userID", $_GET["u"]);
+        $confirmUser->execute();
+        if ($confirmUser->rowCount()) {
+            echo "Email bevestigd <br />
+            <a href='index.php'>U wordt automatisch doorgestuurd naar de login pagina over 5 seconden.</a> ";
+            header("refresh:5;url=login.php");
+        }
+    } else {
+        echo "Ongeldige link.";
+    }
+}
\ No newline at end of file

From 28f31d749bf4dc5a920939c55d37a0f9f9a2b2f3 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Wed, 25 Jan 2017 11:16:53 +0100
Subject: [PATCH 05/12] Email confirm (:

---
 website/queries/emailconfirm.php | 43 ++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 website/queries/emailconfirm.php

diff --git a/website/queries/emailconfirm.php b/website/queries/emailconfirm.php
new file mode 100644
index 0000000..8b0031c
--- /dev/null
+++ b/website/queries/emailconfirm.php
@@ -0,0 +1,43 @@
+<?php
+
+function senConfirmEmailUsername(string $username) {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+        `userID`
+    FROM
+        `user`
+    WHERE
+        `username` = :username
+    ");
+    $stmt->bindParam(":username", $username);
+    $stmt->execute();
+    $userID = $stmt->fetch()["username"];
+    sendConfirmEmail($userID);
+}
+
+function sendConfirmEmail(int $userID) {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT 
+        `email`,
+        `fname`
+    FROM 
+        `user`
+    WHERE
+        `userID` = :userID
+    ");
+    $stmt->bindParam(":userID", $userID);
+    $user = $stmt->fetch();
+
+    $email = $user["email"];
+    $fname = $user["fname"];
+    $hash = password_hash($email, PASSWORD_DEFAULT);
+    $confirmLink = "https://myhyvesbookplus.nl/emailconfirm.php?u=$userID&h=$hash";
+
+    $subject = "Bevestig uw emailadres";
+    $body = "Hallo $fname,\r\n\r\n 
+             Klik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n
+             $confirmLink\r\n\r\n
+             Groeten MyHyvesbook+";
+    $header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
+    mail($email, $subject, $body, $header);
+}
\ No newline at end of file

From 981e34c95082d1bffe8b4a0ca18f5a19239d5829 Mon Sep 17 00:00:00 2001
From: Joey Lai <joeylai96@hotmail.com>
Date: Wed, 25 Jan 2017 11:19:01 +0100
Subject: [PATCH 06/12] redesigned code

---
 website/public/js/registerAndLogin.js |  5 +++-
 website/public/login.php              | 23 +++------------
 website/public/register.php           |  4 +--
 website/public/styles/index.css       |  2 +-
 website/queries/checkInput.php        |  3 +-
 website/queries/login.php             | 40 ++++++++++++++++++++++++++-
 website/views/login_head.php          |  4 +--
 website/views/register-view.php       |  2 +-
 8 files changed, 55 insertions(+), 28 deletions(-)

diff --git a/website/public/js/registerAndLogin.js b/website/public/js/registerAndLogin.js
index 0452d15..4e68a07 100644
--- a/website/public/js/registerAndLogin.js
+++ b/website/public/js/registerAndLogin.js
@@ -4,5 +4,8 @@ function checkLoggedIn() {
     } else {
         window.location.href = "profile.php";
     }
-    document.getElementById("demo").innerHTML = x;
 }
+
+function bannedAlert(){
+    alert("Your account is banned");
+}
\ No newline at end of file
diff --git a/website/public/login.php b/website/public/login.php
index 0d07413..b3a00b0 100644
--- a/website/public/login.php
+++ b/website/public/login.php
@@ -22,26 +22,11 @@
 
     // Trying to login
     if ($_SERVER["REQUEST_METHOD"] == "POST") {
-        // Empty username or password field
-        if (empty($_POST["uname"]) || empty($_POST["psw"])) {
-            $loginErr = "Gebruikersnaam of wachtwoord is niet ingevuld";
-
-        }
-        else {
+        try{
             $uname = strtolower(test_input($_POST["uname"]));
-            $psw = test_input($_POST["psw"]);
-            $hash = getUser()["password"];
-            $userid = getUser()["userID"];
-
-            // If there's an account, go to the profile page
-            if(password_verify($psw, $hash)) {
-               $_SESSION["userID"] = $userid;
-               header("location: profile.php");
-
-            } else {
-               $loginErr = "Inloggegevens zijn niet correct";
-            }
-
+            validateLogin($_POST["uname"], $_POST["psw"]);
+        } catch(loginException $e) {
+            $loginErr = $e->getMessage();
         }
     }
 
diff --git a/website/public/register.php b/website/public/register.php
index 99af6c0..84d6873 100644
--- a/website/public/register.php
+++ b/website/public/register.php
@@ -45,7 +45,7 @@
         }
 
         try{
-            $username = test_input(($_POST["username"]));
+            $username = str_replace(' ', '', test_input(($_POST["username"])));
             checkInputChoice($username, "username");
         } catch(usernameException $e){
             $correct = false;
@@ -53,7 +53,7 @@
         }
 
         try{
-            $password = test_input(($_POST["password"]));
+            $password = str_replace(' ', '', test_input(($_POST["password"])));
             checkInputChoice($password, "longerEight");
             matchPassword();
         } catch(passwordException $e){
diff --git a/website/public/styles/index.css b/website/public/styles/index.css
index 8482cea..fc9d3d6 100644
--- a/website/public/styles/index.css
+++ b/website/public/styles/index.css
@@ -1,6 +1,6 @@
 a.button {
     background-color: #C8CABD;
-    border-radius: 10px;
+    border-radius: 5px;
     color: black;
     cursor: pointer;
     height: 50%;
diff --git a/website/queries/checkInput.php b/website/queries/checkInput.php
index cc32626..5f72f10 100644
--- a/website/queries/checkInput.php
+++ b/website/queries/checkInput.php
@@ -38,7 +38,8 @@ function checkName($variable){
     if (empty($variable)) {
         throw new lettersAndSpacesException("Verplicht!");
     } else if (!preg_match("/^[a-zA-Z ]*$/", $variable)) {
-        throw new lettersAndSpacesException("Alleen letters en spaties zijn toegestaan!");
+
+            throw new lettersAndSpacesException("Alleen letters en spaties zijn toegestaan!");
     }
 }
 
diff --git a/website/queries/login.php b/website/queries/login.php
index 180b431..8605e67 100644
--- a/website/queries/login.php
+++ b/website/queries/login.php
@@ -4,7 +4,8 @@ function getUser() {
     $stmt = $GLOBALS["db"]->prepare("
     SELECT
       `password`,
-      `userID`
+      `userID`,
+      `role`
     FROM
       `user`
     WHERE
@@ -15,3 +16,40 @@ function getUser() {
     $stmt->execute();
     return $stmt->fetch(PDO::FETCH_ASSOC);
 }
+
+function validateLogin($username, $password){
+    // Empty username or password field
+    if (empty($username) || empty($password)) {
+        throw new loginException("Gebruikersnaam of wachtwoord is niet ingevuld");
+    }
+    else {
+        $psw = test_input($password);
+        $hash = getUser()["password"];
+        $userID = getUser()["userID"];
+        $role = getUser()["role"];
+
+        // If there's an account, go to the profile page
+        if(password_verify($psw, $hash)) {
+            if ($role == "banned"){
+                echo "<script>
+                         window.onload=bannedAlert();
+                    </script>";
+            } else {
+                $_SESSION["userID"] = $userID;
+                header("location: profile.php");
+            }
+        } else {
+            throw new loginException("Inloggevens zijn niet correct");
+        }
+
+    }
+}
+
+class loginException extends Exception
+{
+    public function __construct($message = "", $code = 0, Exception $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+}
+?>
\ No newline at end of file
diff --git a/website/views/login_head.php b/website/views/login_head.php
index e983fab..e831cd2 100644
--- a/website/views/login_head.php
+++ b/website/views/login_head.php
@@ -7,7 +7,7 @@
     <link rel="stylesheet"
           type="text/css"
           href="styles/index.css">
-    <script src="/js/jqeury.js"></script>
-    <script src="/js/registerAndLogin.js"></script>
+    <script src="js/jqeury.js"></script>
+    <script src="js/registerAndLogin.js"></script>
     <script src='https://www.google.com/recaptcha/api.js'></script>
 </head>
diff --git a/website/views/register-view.php b/website/views/register-view.php
index 4c660c9..f970a6f 100644
--- a/website/views/register-view.php
+++ b/website/views/register-view.php
@@ -96,7 +96,7 @@
 
         <!-- Register location -->
         <div class="login_containerregister">
-            <label><b>Woonplaats</b></label>
+            <label><b>Locatie</b></label>
             <input type="text"
                    placeholder="Voer uw woonplaats in"
                    name="location"

From d2c7f0787b56c48b891284dc07fb5f2a2bfc56ba Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Wed, 25 Jan 2017 11:19:41 +0100
Subject: [PATCH 07/12] Spelling mistake

---
 website/queries/emailconfirm.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/queries/emailconfirm.php b/website/queries/emailconfirm.php
index 8b0031c..583a47b 100644
--- a/website/queries/emailconfirm.php
+++ b/website/queries/emailconfirm.php
@@ -1,6 +1,6 @@
 <?php
 
-function senConfirmEmailUsername(string $username) {
+function sendConfirmEmailUsername(string $username) {
     $stmt = $GLOBALS["db"]->prepare("
     SELECT
         `userID`

From 827be406469a4139ccd42a556bab655a170b84d6 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Wed, 25 Jan 2017 12:02:31 +0100
Subject: [PATCH 08/12] Email confirm on settings page and emailconfirm fix (:

---
 website/queries/emailconfirm.php |  7 +++----
 website/queries/settings.php     | 10 +++++++---
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/website/queries/emailconfirm.php b/website/queries/emailconfirm.php
index 583a47b..0b3224f 100644
--- a/website/queries/emailconfirm.php
+++ b/website/queries/emailconfirm.php
@@ -25,7 +25,9 @@ function sendConfirmEmail(int $userID) {
     WHERE
         `userID` = :userID
     ");
+
     $stmt->bindParam(":userID", $userID);
+    $stmt->execute();
     $user = $stmt->fetch();
 
     $email = $user["email"];
@@ -34,10 +36,7 @@ function sendConfirmEmail(int $userID) {
     $confirmLink = "https://myhyvesbookplus.nl/emailconfirm.php?u=$userID&h=$hash";
 
     $subject = "Bevestig uw emailadres";
-    $body = "Hallo $fname,\r\n\r\n 
-             Klik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n
-             $confirmLink\r\n\r\n
-             Groeten MyHyvesbook+";
+    $body = "Hallo $fname,\r\n\r\nKlik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n$confirmLink\r\n\r\nGroeten MyHyvesbook+";
     $header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
     mail($email, $subject, $body, $header);
 }
\ No newline at end of file
diff --git a/website/queries/settings.php b/website/queries/settings.php
index d3985c7..0bf8791 100644
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -1,4 +1,6 @@
 <?php
+include_once "../queries/emailconfirm.php";
+
 abstract class AlertMessage extends Exception {
     public function __construct($message = "", $code = 0, Exception $previous = null)
     {
@@ -152,7 +154,7 @@ function emailIsAvailableInDatabase($email) {
         `email`
     FROM
         `user`
-    WHERE 
+    WHERE
       `email` = :email
     ");
 
@@ -168,16 +170,18 @@ function doChangeEmail($email) {
     UPDATE
         `user`
     SET
-      `email` = :email
+      `email` = :email,
+      `role` = 'unconfirmed'
     WHERE
       `userID` = :userID
     ");
     $stmt->bindParam(":email", $email);
     $stmt->bindParam(":userID", $_SESSION["userID"]);
     $stmt->execute();
-//    return $stmt->rowCount();
 
     if ($stmt->rowCount()) {
+        sendConfirmEmail($_SESSION["userID"]);
+        session_destroy();
         throw new HappyAlert("Emailadres is veranderd.");
     } else {
         throw new AngryAlert();

From 185874d23f216ee8e1d0dd485fbfec488715e861 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Wed, 25 Jan 2017 12:06:13 +0100
Subject: [PATCH 09/12] Cleanup at logout.php

---
 website/public/logout.php | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/website/public/logout.php b/website/public/logout.php
index 6a2ba5d..de4d7c2 100644
--- a/website/public/logout.php
+++ b/website/public/logout.php
@@ -1,15 +1,4 @@
-<!DOCTYPE html>
-<html>
 <?php
-    include("../views/login_head.php");
-    require_once("../queries/connect.php");
-    include_once("../queries/login.php");
-?>
-<body>
-<?php
-    session_start();
-    unset($_SESSION["userID"]);
-    header("Location: login.php");
-?>
-</body>
-</html>
+session_start();
+session_destroy();
+header("Location: login.php");
\ No newline at end of file

From aa48092d2786b0ffc56aaa17a444c83b4723fe6e Mon Sep 17 00:00:00 2001
From: Joey Lai <joeylai96@hotmail.com>
Date: Wed, 25 Jan 2017 12:48:30 +0100
Subject: [PATCH 10/12] Added confirmation login email

---
 website/public/js/registerAndLogin.js | 7 +++++++
 website/public/login.php              | 3 ++-
 website/public/register.php           | 2 ++
 website/queries/login.php             | 4 ++++
 4 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/website/public/js/registerAndLogin.js b/website/public/js/registerAndLogin.js
index 4e68a07..92d2281 100644
--- a/website/public/js/registerAndLogin.js
+++ b/website/public/js/registerAndLogin.js
@@ -8,4 +8,11 @@ function checkLoggedIn() {
 
 function bannedAlert(){
     alert("Your account is banned");
+}
+
+function emailNotConfirmed(userID){
+    if (confirm("Your email is not confirmed.\nPress ok to send another confirmation.") == true) {
+        sendConfirmEmail(userID);
+    } 
+
 }
\ No newline at end of file
diff --git a/website/public/login.php b/website/public/login.php
index b3a00b0..de4ecab 100644
--- a/website/public/login.php
+++ b/website/public/login.php
@@ -5,6 +5,7 @@
     require_once("../queries/connect.php");
     include_once("../queries/login.php");
     include_once("../queries/checkInput.php");
+    include_once("../queries/emailconfirm.php");
 ?>
 <body>
 <?php
@@ -23,7 +24,7 @@
     // Trying to login
     if ($_SERVER["REQUEST_METHOD"] == "POST") {
         try{
-            $uname = strtolower(test_input($_POST["uname"]));
+            $uname = ($_POST["uname"]);
             validateLogin($_POST["uname"], $_POST["psw"]);
         } catch(loginException $e) {
             $loginErr = $e->getMessage();
diff --git a/website/public/register.php b/website/public/register.php
index 84d6873..1ce4817 100644
--- a/website/public/register.php
+++ b/website/public/register.php
@@ -5,6 +5,7 @@
     require_once("../queries/connect.php");
     include_once("../queries/register.php");
     include_once("../queries/checkInput.php");
+    include_once("../queries/emailconfirm.php");
 ?>
 <body>
 <?php
@@ -91,6 +92,7 @@
         try {
             getIp();
             registerCheck($correct);
+            sendConfirmEmailUsername($username);
         } catch(registerException $e){
             $genericErr = $e->getMessage();
         }
diff --git a/website/queries/login.php b/website/queries/login.php
index 8605e67..2955942 100644
--- a/website/queries/login.php
+++ b/website/queries/login.php
@@ -34,6 +34,10 @@ function validateLogin($username, $password){
                 echo "<script>
                          window.onload=bannedAlert();
                     </script>";
+            } else if ($role == "unconfirmed"){
+                echo "<script>
+                         window.onload=emailNotConfirmed('userID');
+                    </script>";
             } else {
                 $_SESSION["userID"] = $userID;
                 header("location: profile.php");

From 30d1ef40f4ed4c2c91510d76044a74e89930875e Mon Sep 17 00:00:00 2001
From: Joey Lai <joeylai96@hotmail.com>
Date: Wed, 25 Jan 2017 12:55:29 +0100
Subject: [PATCH 11/12] fixed js for login

---
 website/public/js/registerAndLogin.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/public/js/registerAndLogin.js b/website/public/js/registerAndLogin.js
index 92d2281..87351bf 100644
--- a/website/public/js/registerAndLogin.js
+++ b/website/public/js/registerAndLogin.js
@@ -13,6 +13,6 @@ function bannedAlert(){
 function emailNotConfirmed(userID){
     if (confirm("Your email is not confirmed.\nPress ok to send another confirmation.") == true) {
         sendConfirmEmail(userID);
-    } 
+    }
 
 }
\ No newline at end of file

From e840def73387ee904cee0f30a27646bff10e2840 Mon Sep 17 00:00:00 2001
From: Joey Lai <joeylai96@hotmail.com>
Date: Wed, 25 Jan 2017 13:43:08 +0100
Subject: [PATCH 12/12] FIxed confirmation login

---
 website/public/js/registerAndLogin.js | 7 ++-----
 website/queries/login.php             | 6 ++++--
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/website/public/js/registerAndLogin.js b/website/public/js/registerAndLogin.js
index 87351bf..ef49e83 100644
--- a/website/public/js/registerAndLogin.js
+++ b/website/public/js/registerAndLogin.js
@@ -10,9 +10,6 @@ function bannedAlert(){
     alert("Your account is banned");
 }
 
-function emailNotConfirmed(userID){
-    if (confirm("Your email is not confirmed.\nPress ok to send another confirmation.") == true) {
-        sendConfirmEmail(userID);
-    }
-
+function emailNotConfirmed(){
+    alert("Your account has not been verified yet!\nAnother email has been sent to you")
 }
\ No newline at end of file
diff --git a/website/queries/login.php b/website/queries/login.php
index 2955942..2af255a 100644
--- a/website/queries/login.php
+++ b/website/queries/login.php
@@ -35,8 +35,9 @@ function validateLogin($username, $password){
                          window.onload=bannedAlert();
                     </script>";
             } else if ($role == "unconfirmed"){
+                sendConfirmEmail(getUser()["userID"]);
                 echo "<script>
-                         window.onload=emailNotConfirmed('userID');
+                         window.onload=emailNotConfirmed();
                     </script>";
             } else {
                 $_SESSION["userID"] = $userID;
@@ -56,4 +57,5 @@ class loginException extends Exception
         parent::__construct($message, $code, $previous);
     }
 }
-?>
\ No newline at end of file
+?>
+