Merge branch 'master' into 'kevin-prototype'

# Conflicts: # website/queries/friendship.php # website/queries/user.php
2017-01-18 16:22:29 +01:00
parent 3ee5488a88 fddeba821d
commit 99bffc6f47
35 changed files with 1683 additions and 571 deletions
--- a/website/queries/connect.php
+++ b/website/queries/connect.php
@@ -5,9 +5,7 @@ if ($dbconf === FALSE) {
    die("Error parsing XML file");
 }
 else {
-    $db = new PDO("mysql:host=$dbconf->mysql_host;dbname=$dbconf->mysql_database;charset=utf8",
+    $GLOBALS["db"] = new PDO("mysql:host=$dbconf->mysql_host;dbname=$dbconf->mysql_database;charset=utf8",
        "$dbconf->mysql_username", "$dbconf->mysql_password")
    or die('Error connecting to mysql server');
-}
-
-?>
+}
--- a/website/queries/friendship.php
+++ b/website/queries/friendship.php
@@ -27,4 +27,4 @@ function selectAllFriends($db, $userID) {
    $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
    $stmt->execute();
    return $stmt;
-}
+}
--- a/website/queries/group_member.php
+++ b/website/queries/group_member.php
@@ -0,0 +1,21 @@
+<?php
+
+function selectAllGroupsFromUser($db, $userID) {
+    return $db->query("
+    SELECT
+        `group_page`.`name`,
+        `group_page`.`picture`
+    FROM
+        `group_page`
+    INNER JOIN
+        `group_member`
+    WHERE
+        `group_member`.`userID` = $userID AND
+        `group_member`.`groupID` = `group_page`.`groupID` AND
+        `group_page`.`status` != 0
+    ");
+}
+
+
+
+?>
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -0,0 +1,99 @@
+<?php
+
+function selectGroupById($db, $groupID) {
+    return $db->query("
+    SELECT
+        `group_page`.`name`,
+        `group_page`.`picture`,
+        `group_page`.`description`,
+        `group_page`.`status`,
+        `group_page`.`creationdate`
+    FROM
+        `group_page`
+    WHERE
+        `group_page`.`groupID` = $groupID
+    ");
+}
+
+function select20GroupsFromN($db, $n) {
+    return $db->query("
+    SELECT
+        `group_page`.`groupID`,
+        `group_page`.`name`,
+        `group_page`.`picture`,
+        `group_page`.`description`,
+        `group_page`.`status`,
+        `group_page`.`creationdate`
+    FROM
+        `group_page`
+    ORDER BY
+        `group_page`.`name` ASC
+    LIMIT
+        $n, 20
+    ");
+}
+
+function select20GroupsByStatusFromN($db, $n, $status) {
+    return $db->query("
+    SELECT
+        `group_page`.`groupID`,
+        `group_page`.`name`,
+        `group_page`.`picture`,
+        `group_page`.`description`,
+        `group_page`.`status`,
+        `group_page`.`creationdate`
+    FROM
+        `group_page`
+    WHERE
+    	`group_page`.`status` = $status
+    ORDER BY
+        `group_page`.`name` ASC
+    LIMIT
+        $n, 20
+    ");
+}
+
+function search20GroupsFromNByStatus($db, $n, $keyword, $status) {
+    $q = $db->prepare("
+    SELECT
+        `groupID`,
+        `name`,
+        `status`,
+        `description`
+    FROM
+        `group_page`
+    WHERE
+        `name` LIKE :keyword AND
+        FIND_IN_SET (`status`, :statuses)
+    ORDER BY
+        `name`
+    LIMIT
+        :n, 20
+    ");
+
+    $keyword = "%$keyword%";
+    $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':n', $n, PDO::PARAM_INT);
+    $statuses = implode(',', $status);
+    $q->bindParam(':statuses', $statuses);
+    $q->execute();
+    return $q;
+}
+
+function changeGroupStatusByID($db, $id, $status) {
+    $q = $db->query("
+    UPDATE
+        `group_page`
+    SET
+        `status` = $status
+    WHERE
+        `groupID` = $id
+    ");
+
+    return $q;
+}
+
+
+
+
+?>
--- a/website/queries/login.php
+++ b/website/queries/login.php
@@ -0,0 +1,19 @@
+<?php
+
+function hashPassword() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `password`,
+      `userID`
+    FROM
+      `user`
+    WHERE
+      `username` LIKE :username
+    ");
+
+    $stmt->bindParam(":username", $_POST["uname"]);
+    $stmt->execute();
+    return $stmt->fetch(PDO::FETCH_ASSOC);
+}
+
+?>
--- a/website/queries/private_message.php
+++ b/website/queries/private_message.php
@@ -0,0 +1,85 @@
+<?php
+
+include_once("connect.php");
+
+session_start();
+
+function getOldChatMessages($user2ID) {
+    $db = $GLOBALS["db"];
+    $user1ID = $_SESSION["userID"];
+
+    $stmt = $db->prepare("
+    SELECT
+        *
+    FROM
+        `private_message`
+    WHERE
+        `origin` = :user1 AND 
+        `destination` = :user2 OR 
+        `origin` = :user2 AND
+        `destination` = :user1
+    ORDER BY
+        `messageID` ASC
+    ");
+
+    $stmt->bindParam(":user1", $user1ID);
+    $stmt->bindParam(":user2", $user2ID);
+
+    $stmt->execute();
+
+    return json_encode($stmt->fetchAll());
+}
+
+function sendMessage($destination, $content) {
+    $db = $GLOBALS["db"];
+    $stmt = $db->prepare("
+    INSERT INTO
+        `private_message`
+    (
+        `origin`,
+        `destination`,
+        `content`
+    )
+    VALUES
+    (
+        :origin,
+        :destination,
+        :content
+    )
+    ");
+
+    return $stmt->execute(array(
+        "origin" => $_SESSION["userID"],
+        "destination" => $destination,
+        "content" => $content
+    ));
+}
+
+function getNewChatMessages($lastID, $destination) {
+    $db = $GLOBALS["db"];
+    $origin = $_SESSION["userID"];
+
+    $stmt = $db->prepare("
+    SELECT
+        *
+    FROM
+        `private_message`
+    WHERE
+        (
+        `origin` = :user1 AND 
+        `destination` = :user2 OR 
+        `origin` = :user2 AND
+        `destination` = :user1) AND
+        `messageID` > :lastID
+    ORDER BY
+        `messageID` ASC
+    ");
+
+    $stmt->bindParam(':user1', $origin);
+    $stmt->bindParam(':user2', $destination);
+    $stmt->bindParam(':lastID', $lastID);
+
+    $stmt->execute();
+
+    return json_encode($stmt->fetchAll());
+}
--- a/website/queries/register.php
+++ b/website/queries/register.php
@@ -0,0 +1,68 @@
+<?php
+
+function getExistingUsername() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `username`
+    FROM
+      `user`
+    WHERE
+      `username` LIKE :username
+    ");
+
+    $stmt->bindParam(":username", $_POST["username"]);
+    $stmt->execute();
+    return $stmt->rowCount();
+
+}
+
+function getExistingEmail() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `email`
+    FROM
+      `user`
+    WHERE
+      `email` LIKE :email
+    ");
+
+    $stmt->bindParam(":email", $_POST["email"]);
+    $stmt->execute();
+    return $stmt->rowCount();
+
+}
+
+function registerAccount() {
+    $stmt = $GLOBALS["db"]->prepare("
+    INSERT INTO
+      `user`(fname,
+             lname,
+             birthdate,
+             username,
+             password,
+             location,
+             email)
+    VALUES(
+      :fname,
+      :lname,
+      :bday,
+      :username,
+      :password,
+      :location,
+      :email
+    )");
+
+    $hash=password_hash($_POST["password"].(strtolower($_POST["username"])), PASSWORD_DEFAULT);
+
+    $stmt->bindParam(":fname", $_POST["name"]);
+    $stmt->bindParam(":lname", $_POST["surname"]);
+    $stmt->bindParam(":bday", $_POST["bday"]);
+    $stmt->bindParam(":username", $_POST["username"]);
+    $stmt->bindParam(":password", $hash);
+    $stmt->bindParam(":location", $_POST["location"]);
+    $stmt->bindParam(":email", (strtolower($_POST["email"])));
+
+    $stmt->execute();
+    $stmt->rowCount();
+}
+?>
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -0,0 +1,109 @@
+<?php
+
+function getSettings() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `fname`,
+      `lname`,
+      `email`,
+      `location`,
+      `birthdate`,
+      `bio`,
+      `profilepicture`
+    FROM
+      `user`
+    WHERE
+      `userID` = :userID
+      ");
+
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+    return $stmt->fetch();
+}
+
+function getPasswordHash() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `password`,
+      `username`
+    FROM
+      `user`
+    WHERE
+      `userID` = :userID
+    ");
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+    return $stmt->fetch();
+}
+
+function updateSettings() {
+    $stmt = $GLOBALS["db"]->prepare("
+    UPDATE
+      `user`
+    SET
+      `fname` = :fname,
+      `lname` = :lname,
+      `location` = :location,
+      `birthdate` = :bday,
+      `bio` = :bio
+    WHERE
+      `userID` = :userID
+    ");
+
+    $stmt->bindParam(":fname", $_POST["fname"]);
+    $stmt->bindParam(":lname", $_POST["lname"]);
+    $stmt->bindParam(":location", $_POST["location"]);
+    $stmt->bindParam(":bday", $_POST["bday"]);
+    $stmt->bindParam(":bio", $_POST["bio"]);
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+
+    $stmt->execute();
+
+    return array (
+        "type" => "settings-message-happy",
+        "message" => "Instellingen zijn opgeslagen."
+        );
+}
+
+function updatePassword() {
+    $user = getPasswordHash();
+    if (password_verify($_POST["password-old"].strtolower($user["username"]), $user["password"])) {
+        if ($_POST["password-new"] == $_POST["password-confirm"] && (strlen($_POST["password-new"]) >= 8)) {
+            if (changePassword($user)) {
+                return array ("type" => "settings-message-happy",
+                    "message" => "Wachtwoord gewijzigd.");
+            } else {
+                return array (
+                "type" => "settings-message-angry",
+                "message" => "Er is iets mis gegaan.");
+            }
+        } else {
+            return array (
+                "type" => "settings-message-angry",
+                "message" => "Wachtwoorden komen niet oveeen."
+            );
+        }
+    } else {
+        return array(
+            "type" => "settings-message-angry",
+            "message" => "Oud wachtwoord niet correct."
+        );
+    }
+}
+
+function changePassword($user) {
+    $stmt =$GLOBALS["db"]->prepare("
+    UPDATE
+      `user`
+    SET
+      `password` = :new_password
+    WHERE
+      `userID` = :userID
+    ");
+
+    $hashed_password = password_hash($_POST["password-new"].strtolower($user["username"]), PASSWORD_DEFAULT);
+    $stmt->bindParam(":new_password", $hashed_password);
+    $stmt->bindParam(":userID", $_SESSION["userID"]);
+    $stmt->execute();
+    return $stmt->rowCount();
+}
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -84,4 +84,89 @@ function selectAllUserPosts($db, $userID) {
    $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
    $stmt->execute();
    return $stmt;
-}
+}
+
+function select20UsersFromN($db, $n) {
+    return $db->query("
+    SELECT
+        `userID`,
+        `username`,
+        `role`,
+        `bancomment`
+    FROM
+        `user`
+    ORDER BY
+        `role`,
+        `username`
+    LIMIT
+        $n, 20
+    ");
+}
+
+function search20UsersFromN($db, $n, $keyword) {
+    $q = $db->prepare("
+    SELECT
+        `userID`,
+        `username`,
+        `role`,
+        `bancomment`
+    FROM
+        `user`
+    WHERE
+        `username` LIKE :keyword
+    ORDER BY
+        `username`
+    LIMIT
+        :n, 20
+    ");
+
+    $keyword = "%$keyword%";
+    $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':n', $n, PDO::PARAM_INT);
+    $q->execute();
+    return $q;
+}
+
+function search20UsersFromNByStatus($db, $n, $keyword, $status) {
+    $q = $db->prepare("
+    SELECT
+        `userID`,
+        `username`,
+        `role`,
+        `bancomment`
+    FROM
+        `user`
+    WHERE
+        `username` LIKE :keyword AND
+        FIND_IN_SET (`role`, :statuses)
+    ORDER BY
+        `role`,
+        `username`
+    LIMIT
+        :n, 20
+    ");
+
+    $keyword = "%$keyword%";
+    $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':n', $n, PDO::PARAM_INT);
+    $statuses = implode(',', $status);
+    $q->bindParam(':statuses', $statuses);
+    $q->execute();
+    return $q;
+}
+
+function changeUserStatusByID($db, $id, $status) {
+    $q = $db->query("
+    UPDATE
+        `user`
+    SET
+        `role` = $status
+    WHERE
+        `userID` = $id
+    ");
+
+    return $q;
+}
+
+
+?>