Merge branch 'master' into kevin-prototype

2017-01-25 15:08:34 +01:00
parent 9ff256429d c23b8bd8e5
commit 95570c49d4
21 changed files with 253 additions and 54 deletions
--- a/website/queries/checkInput.php
+++ b/website/queries/checkInput.php
@@ -38,7 +38,8 @@ function checkName($variable){
    if (empty($variable)) {
        throw new lettersAndSpacesException("Verplicht!");
    } else if (!preg_match("/^[a-zA-Z ]*$/", $variable)) {
-        throw new lettersAndSpacesException("Alleen letters en spaties zijn toegestaan!");
+
+            throw new lettersAndSpacesException("Alleen letters en spaties zijn toegestaan!");
    }
 }

--- a/website/queries/emailconfirm.php
+++ b/website/queries/emailconfirm.php
@@ -0,0 +1,42 @@
+<?php
+
+function sendConfirmEmailUsername(string $username) {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+        `userID`
+    FROM
+        `user`
+    WHERE
+        `username` = :username
+    ");
+    $stmt->bindParam(":username", $username);
+    $stmt->execute();
+    $userID = $stmt->fetch()["username"];
+    sendConfirmEmail($userID);
+}
+
+function sendConfirmEmail(int $userID) {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT 
+        `email`,
+        `fname`
+    FROM 
+        `user`
+    WHERE
+        `userID` = :userID
+    ");
+
+    $stmt->bindParam(":userID", $userID);
+    $stmt->execute();
+    $user = $stmt->fetch();
+
+    $email = $user["email"];
+    $fname = $user["fname"];
+    $hash = password_hash($email, PASSWORD_DEFAULT);
+    $confirmLink = "https://myhyvesbookplus.nl/emailconfirm.php?u=$userID&h=$hash";
+
+    $subject = "Bevestig uw emailadres";
+    $body = "Hallo $fname,\r\n\r\nKlik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n$confirmLink\r\n\r\nGroeten MyHyvesbook+";
+    $header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
+    mail($email, $subject, $body, $header);
+}
--- a/website/queries/friendship.php
+++ b/website/queries/friendship.php
@@ -39,6 +39,21 @@ function selectAllFriendRequests() {
        SELECT
            `userID`,
            `username`,
+            CASE `status` IS NULL
+              WHEN TRUE THEN 0
+              WHEN FALSE THEN
+                CASE `status` = 'confirmed'
+                WHEN TRUE THEN
+                  1
+                WHEN FALSE THEN
+                  CASE `user1ID` = :userID
+                  WHEN TRUE THEN
+                    2
+                  WHEN FALSE THEN
+                    3
+                  END
+                END
+            END AS `friend_state`,
            LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
            IFNULL(
                `profilepicture`,
--- a/website/queries/login.php
+++ b/website/queries/login.php
@@ -4,7 +4,8 @@ function getUser() {
    $stmt = $GLOBALS["db"]->prepare("
    SELECT
      `password`,
-      `userID`
+      `userID`,
+      `role`
    FROM
      `user`
    WHERE
@@ -15,3 +16,46 @@ function getUser() {
    $stmt->execute();
    return $stmt->fetch(PDO::FETCH_ASSOC);
 }
+
+function validateLogin($username, $password){
+    // Empty username or password field
+    if (empty($username) || empty($password)) {
+        throw new loginException("Gebruikersnaam of wachtwoord is niet ingevuld");
+    }
+    else {
+        $psw = test_input($password);
+        $hash = getUser()["password"];
+        $userID = getUser()["userID"];
+        $role = getUser()["role"];
+
+        // If there's an account, go to the profile page
+        if(password_verify($psw, $hash)) {
+            if ($role == "banned"){
+                echo "<script>
+                         window.onload=bannedAlert();
+                    </script>";
+            } else if ($role == "unconfirmed"){
+                sendConfirmEmail(getUser()["userID"]);
+                echo "<script>
+                         window.onload=emailNotConfirmed();
+                    </script>";
+            } else {
+                $_SESSION["userID"] = $userID;
+                header("location: profile.php");
+            }
+        } else {
+            throw new loginException("Inloggevens zijn niet correct");
+        }
+
+    }
+}
+
+class loginException extends Exception
+{
+    public function __construct($message = "", $code = 0, Exception $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+}
+?>
+
--- a/website/queries/private_message.php
+++ b/website/queries/private_message.php
@@ -80,6 +80,7 @@ function selectAllUnreadChat() {
    $stmt = $GLOBALS["db"]->prepare("
    SELECT
      LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
+      `user`.`userID`,
      IFNULL(
        `profilepicture`,
        '../img/notbad.jpg'
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -1,4 +1,6 @@
 <?php
+include_once "../queries/emailconfirm.php";
+
 abstract class AlertMessage extends Exception {
    public function __construct($message = "", $code = 0, Exception $previous = null)
    {
@@ -152,7 +154,7 @@ function emailIsAvailableInDatabase($email) {
        `email`
    FROM
        `user`
-    WHERE 
+    WHERE
      `email` = :email
    ");

@@ -168,16 +170,18 @@ function doChangeEmail($email) {
    UPDATE
        `user`
    SET
-      `email` = :email
+      `email` = :email,
+      `role` = 'unconfirmed'
    WHERE
      `userID` = :userID
    ");
    $stmt->bindParam(":email", $email);
    $stmt->bindParam(":userID", $_SESSION["userID"]);
    $stmt->execute();
-//    return $stmt->rowCount();

    if ($stmt->rowCount()) {
+        sendConfirmEmail($_SESSION["userID"]);
+        session_destroy();
        throw new HappyAlert("Emailadres is veranderd.");
    } else {
        throw new AngryAlert();