MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into kevin-prototype

Browse Source
This commit is contained in:
K. Nobel
2017-01-25 15:08:34 +01:00
parent 9ff256429d c23b8bd8e5
commit 95570c49d4
21 changed files with 253 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
website/public/edit_friendship.php → website/public/API/edit_friendship.php
View File

@@ -1,7 +1,8 @@
<?php
session_start();
require("../queries/friendship.php");
require("../queries/user.php");
require("../../queries/friendship.php");
require("../../queries/user.php");
if(empty($_POST["userID"]) OR empty($_POST["delete"]) AND empty($_POST["accept"]) AND empty($_POST["request"])) {
echo "Not enough arguments.";
@@ -27,4 +28,4 @@ if(!empty($_POST["request"]) AND $friendship_status == 0) {
$username = getUsername($_POST["userID"]);
header("Location: profile.php?username=$username");
header("Location: ../profile.php?username=$username");

49
website/public/emailconfirm.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
include_once("../queries/connect.php");
if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
$checkHash = $GLOBALS["db"]->prepare("
SELECT
`email`,
`role`
FROM
`user`
WHERE
`userID` = :userID
");
$checkHash->bindParam(":userID", $_GET["u"]);
$checkHash->execute();
$result = $checkHash->fetch();
$email = $result["email"];
$role = $result["role"];
if ($role == "unconfirmed") {
doActivate($email);
} else {
echo "Ongeldige link.";
}
} else {
echo "Ongeldige link.";
}
function doActivate(string $email) {
if (password_verify($email, $_GET["h"])) {
$confirmUser = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`role` = :role
WHERE
`userID` = :userID
");
$confirmUser->bindValue(":role", "user");
$confirmUser->bindParam(":userID", $_GET["u"]);
$confirmUser->execute();
if ($confirmUser->rowCount()) {
echo "Email bevestigd <br />
<a href='index.php'>U wordt automatisch doorgestuurd naar de login pagina over 5 seconden.</a> ";
header("refresh:5;url=login.php");
}
} else {
echo "Ongeldige link.";
}
}

28
website/public/js/notifications.js
View File

@@ -1,8 +1,18 @@
function showFriendNotifications(notifications) {
$("#friendrequestslist").html("");
for (i in notifications) {
var outgoing = "";
if (notifications[i].friend_state == "3") {
outgoing = "<button\
name='accept' \
class='accept-notification' \
value='"+ notifications[i].userID +"'> \
<i class='fa fa-check'></i> \
</button>";
}
$("#friendrequestslist").append(" \
<li class='friend-item $extraItem'> \
<li class='friend-item'> \
<form action='profile.php' method='get'> \
<button type='submit' \
name='username' \
@@ -13,6 +23,18 @@ function showFriendNotifications(notifications) {
</div> \
</button> \
</form> \
<div class='notification-options'>\
<form action='API/edit_friendship.php' method='post'> \
<input type='hidden' name='userID' value='"+ notifications[i].userID +"' /> \
"+ outgoing +" \
<button type='submit' \
name='delete' \
class='deny-notification' \
value='"+ notifications[i].userID +"'> \
<i class='fa fa-times'></i> \
</button>\
<form>\
</div> \
</li> \
");
}
@@ -22,10 +44,10 @@ function showChatNotifications(notifications) {
$("#unreadChatlist").html("");
for (i in notifications) {
$("#unreadChatlist").append(" \
<li class='friend-item $extraItem'> \
<li class='friend-item'> \
<form action='chat.php' method='get'> \
<button type='submit' \
name='username' \
name='chatID' \
value='"+ notifications[i].userID +"'> \
<div class='friend'> \
<img alt='PF' class='profile-picture' src='"+ notifications[i].profilepicture +"'/> \

9
website/public/js/registerAndLogin.js
View File

@@ -4,5 +4,12 @@ function checkLoggedIn() {
} else {
window.location.href = "profile.php";
}
document.getElementById("demo").innerHTML = x;
}
function bannedAlert(){
alert("Your account is banned");
}
function emailNotConfirmed(){
alert("Your account has not been verified yet!\nAnother email has been sent to you")
}

26
website/public/login.php
View File

@@ -5,6 +5,7 @@
require_once("../queries/connect.php");
include_once("../queries/login.php");
include_once("../queries/checkInput.php");
include_once("../queries/emailconfirm.php");
?>
<body>
<?php
@@ -22,26 +23,11 @@
// Trying to login
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Empty username or password field
if (empty($_POST["uname"]) || empty($_POST["psw"])) {
$loginErr = "Gebruikersnaam of wachtwoord is niet ingevuld";
}
else {
$uname = strtolower(test_input($_POST["uname"]));
$psw = test_input($_POST["psw"]);
$hash = getUser()["password"];
$userid = getUser()["userID"];
// If there's an account, go to the profile page
if(password_verify($psw, $hash)) {
$_SESSION["userID"] = $userid;
header("location: profile.php");
} else {
$loginErr = "Inloggegevens zijn niet correct";
}
try{
$uname = ($_POST["uname"]);
validateLogin($_POST["uname"], $_POST["psw"]);
} catch(loginException $e) {
$loginErr = $e->getMessage();
}
}

17
website/public/logout.php
View File

@@ -1,15 +1,4 @@
<!DOCTYPE html>
<html>
<?php
include("../views/login_head.php");
require_once("../queries/connect.php");
include_once("../queries/login.php");
?>
<body>
<?php
session_start();
unset($_SESSION["userID"]);
header("Location: login.php");
?>
</body>
</html>
session_start();
session_destroy();
header("Location: login.php");

1
website/public/profile.php
View File

@@ -15,7 +15,6 @@ include("../queries/nicetime.php");
if(empty($_GET["username"])) {
$userID = $_SESSION["userID"];
echo "USERNAME NOT GIVEN";
} else {
$userID = getUserID($_GET["username"]);
}

6
website/public/register.php
View File

@@ -5,6 +5,7 @@
require_once("../queries/connect.php");
include_once("../queries/register.php");
include_once("../queries/checkInput.php");
include_once("../queries/emailconfirm.php");
?>
<body>
<?php
@@ -45,7 +46,7 @@
}
try{
$username = test_input(($_POST["username"]));
$username = str_replace(' ', '', test_input(($_POST["username"])));
checkInputChoice($username, "username");
} catch(usernameException $e){
$correct = false;
@@ -53,7 +54,7 @@
}
try{
$password = test_input(($_POST["password"]));
$password = str_replace(' ', '', test_input(($_POST["password"])));
checkInputChoice($password, "longerEight");
matchPassword();
} catch(passwordException $e){
@@ -91,6 +92,7 @@
try {
getIp();
registerCheck($correct);
sendConfirmEmailUsername($username);
} catch(registerException $e){
$genericErr = $e->getMessage();
}

2
website/public/styles/index.css
View File

@@ -1,6 +1,6 @@
a.button {
background-color: #C8CABD;
border-radius: 10px;
border-radius: 5px;
color: black;
cursor: pointer;
height: 50%;

28
website/public/styles/menu.css
View File

@@ -64,3 +64,31 @@
#quick-links i:hover {
color: #FBC02D;
}
.notification-options {
display: none;
width: 100%;
}
.notification-options form {
width: 100%;
text-align: center;
}
.notification-options button {
display: inline-block;
padding: 5px 20px;
width: auto;
}
.accept-notification:hover {
color: #4CAF50;
}
.deny-notification:hover {
color: firebrick;
}
.friend-item:hover .notification-options {
display: inline-block;
}

1
website/queries/checkInput.php
View File

@@ -38,6 +38,7 @@ function checkName($variable){
if (empty($variable)) {
throw new lettersAndSpacesException("Verplicht!");
} else if (!preg_match("/^[a-zA-Z ]*$/", $variable)) {
throw new lettersAndSpacesException("Alleen letters en spaties zijn toegestaan!");
}
}

42
website/queries/emailconfirm.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
function sendConfirmEmailUsername(string $username) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`
FROM
`user`
WHERE
`username` = :username
");
$stmt->bindParam(":username", $username);
$stmt->execute();
$userID = $stmt->fetch()["username"];
sendConfirmEmail($userID);
}
function sendConfirmEmail(int $userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`email`,
`fname`
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(":userID", $userID);
$stmt->execute();
$user = $stmt->fetch();
$email = $user["email"];
$fname = $user["fname"];
$hash = password_hash($email, PASSWORD_DEFAULT);
$confirmLink = "https://myhyvesbookplus.nl/emailconfirm.php?u=$userID&h=$hash";
$subject = "Bevestig uw emailadres";
$body = "Hallo $fname,\r\n\r\nKlik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n$confirmLink\r\n\r\nGroeten MyHyvesbook+";
$header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
mail($email, $subject, $body, $header);
}

15
website/queries/friendship.php
View File

@@ -39,6 +39,21 @@ function selectAllFriendRequests() {
SELECT
`userID`,
`username`,
CASE `status` IS NULL
WHEN TRUE THEN 0
WHEN FALSE THEN
CASE `status` = 'confirmed'
WHEN TRUE THEN
1
WHEN FALSE THEN
CASE `user1ID` = :userID
WHEN TRUE THEN
2
WHEN FALSE THEN
3
END
END
END AS `friend_state`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
IFNULL(
`profilepicture`,

46
website/queries/login.php
View File

@@ -4,7 +4,8 @@ function getUser() {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`password`,
`userID`
`userID`,
`role`
FROM
`user`
WHERE
@@ -15,3 +16,46 @@ function getUser() {
$stmt->execute();
return $stmt->fetch(PDO::FETCH_ASSOC);
}
function validateLogin($username, $password){
// Empty username or password field
if (empty($username) || empty($password)) {
throw new loginException("Gebruikersnaam of wachtwoord is niet ingevuld");
}
else {
$psw = test_input($password);
$hash = getUser()["password"];
$userID = getUser()["userID"];
$role = getUser()["role"];
// If there's an account, go to the profile page
if(password_verify($psw, $hash)) {
if ($role == "banned"){
echo "<script>
window.onload=bannedAlert();
</script>";
} else if ($role == "unconfirmed"){
sendConfirmEmail(getUser()["userID"]);
echo "<script>
window.onload=emailNotConfirmed();
</script>";
} else {
$_SESSION["userID"] = $userID;
header("location: profile.php");
}
} else {
throw new loginException("Inloggevens zijn niet correct");
}
}
}
class loginException extends Exception
{
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
}
?>

1
website/queries/private_message.php
View File

@@ -80,6 +80,7 @@ function selectAllUnreadChat() {
$stmt = $GLOBALS["db"]->prepare("
SELECT
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
`user`.`userID`,
IFNULL(
`profilepicture`,
'../img/notbad.jpg'

8
website/queries/settings.php
View File

@@ -1,4 +1,6 @@
<?php
include_once "../queries/emailconfirm.php";
abstract class AlertMessage extends Exception {
public function __construct($message = "", $code = 0, Exception $previous = null)
{
@@ -168,16 +170,18 @@ function doChangeEmail($email) {
UPDATE
`user`
SET
`email` = :email
`email` = :email,
`role` = 'unconfirmed'
WHERE
`userID` = :userID
");
$stmt->bindParam(":email", $email);
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
// return $stmt->rowCount();
if ($stmt->rowCount()) {
sendConfirmEmail($_SESSION["userID"]);
session_destroy();
throw new HappyAlert("Emailadres is veranderd.");
} else {
throw new AngryAlert();

5
website/views/chat-view.php
View File

@@ -37,6 +37,11 @@
</li>
";
}
$chatID = $_GET["chatID"];
if (isset($chatID) && $chatID != "") {
echo "<script>$(document).ready(function(){switchUser('$chatID')});</script>";
}
?>
</ul>
</nav>

3
website/views/loadFriends.php Normal file
View File

@@ -0,0 +1,3 @@
<?php
echo json_encode(selectAllFriends($_SESSION["userID"])->fetchAll());

4
website/views/login_head.php
View File

@@ -7,7 +7,7 @@
<link rel="stylesheet"
type="text/css"
href="styles/index.css">
<script src="/js/jqeury.js"></script>
<script src="/js/registerAndLogin.js"></script>
<script src="js/jqeury.js"></script>
<script src="js/registerAndLogin.js"></script>
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>

1
website/views/profile.php
View File

@@ -5,6 +5,7 @@
<div class="friend-button-container">
</div>
<h1 class="profile-username"><?= $user["fname"]?> <?=$user["lname"]?></h1>
<h5 class="profile-username"><?=$user["username"]?></h5>
<p><?=$user["bio"]?></p>

2
website/views/register-view.php
View File

@@ -96,7 +96,7 @@
<!-- Register location -->
<div class="login_containerregister">
<label><b>Woonplaats</b></label>
<label><b>Locatie</b></label>
<input type="text"
placeholder="Voer uw woonplaats in"
name="location"