Merge branch 'master' into kevin-prototype

2017-01-20 14:40:36 +01:00
parent 6478ce920f c9bdbcf3b5
commit ada54561c7
5 changed files with 357 additions and 98 deletions
--- a/website/public/js/admin.js
+++ b/website/public/js/admin.js
@@ -0,0 +1,44 @@
 window.onload = function() {
    changeFilter();
 };
 function checkAll(allbox) {
    var checkboxes = document.getElementsByClassName('checkbox-list');
    for (var i = 0; i < checkboxes.length; i++) {
        if (checkboxes[i].type == 'checkbox') {
            checkboxes[i].checked = allbox.checked;
        }
    }
 }
 function checkCheckAll(allbox) {
    var checkboxes = document.getElementsByClassName('checkbox-list');
    var checked = true;
    for (var i = 0; i < checkboxes.length; i++) {
        if (checkboxes[i].type == 'checkbox') {
            if (checkboxes[i].checked == false) {
                checked = false;
                break;
            }
        }
    }
    allbox.checked = checked;
 }
 function changeFilter() {
    if (document.getElementById('group').checked) {
        document.getElementById('admin-filter').style.display = 'none';
        document.getElementById('admin-groupfilter').style.display = 'inline-block';
        document.getElementById('admin-batchactions').style.display = 'none';
        document.getElementById('admin-groupbatchactions').style.display = 'inline-block';
    } else {
        document.getElementById('admin-filter').style.display = 'inline-block';
        document.getElementById('admin-groupfilter').style.display = 'none';
        document.getElementById('admin-batchactions').style.display = 'inline-block';
        document.getElementById('admin-groupbatchactions').style.display = 'none';
    }
 }
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -13,7 +13,7 @@
    height: auto;
 }
-.admin-actions {
+.admin-batchactions, .admin-groupbatchactions {
    display: inline-block;
    padding: 8px;
    vertical-align: top;
@@ -22,6 +22,10 @@
    box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);
 }
 .admin-searchform {
    display: inline-block;
 }
 .admin-searchbar {
    display: inline-block;
    margin: 10px;
@@ -44,18 +48,20 @@
    width: 120px;
 }
 .admin-groupfilter {
    display: none;
 }
 .admin-users {
    margin: 10px;
 }
-.admin-userpage {
+.admin-userheading {
-    width: 170px;
+    width: auto;
-    margin-bottom: 20px;
+    float: left;
 }
 .admin-pageui {
    text-align: right;
    float: right;
    width: auto;
    margin-bottom: 20px;
 }
 .usertitle {
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -1,7 +1,7 @@
 <?php
 function selectGroupById($groupID) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        `group_page`.`name`,
        `group_page`.`picture`,
@@ -11,12 +11,16 @@ function selectGroupById($groupID) {
    FROM
        `group_page`
    WHERE
-        `group_page`.`groupID` = $groupID
+        `group_page`.`groupID` = :groupID
    ");
    $q->bindParam(':groupID', $groupID);
    $q->execute();
    return $q;
 }
 function select20GroupsFromN($n) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        `group_page`.`groupID`,
        `group_page`.`name`,
@@ -29,12 +33,16 @@ function select20GroupsFromN($n) {
    ORDER BY
        `group_page`.`name` ASC
    LIMIT
-        $n, 20
+        :n, 20
    ");
    $q->bindParam(':n', $n);
    $q->execute();
    return $q;
 }
 function select20GroupsByStatusFromN($n, $status) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        `group_page`.`groupID`,
        `group_page`.`name`,
@@ -45,12 +53,17 @@ function select20GroupsByStatusFromN($n, $status) {
    FROM
        `group_page`
    WHERE
-    	`group_page`.`status` = $status
+    	`group_page`.`status` = :status
    ORDER BY
        `group_page`.`name` ASC
    LIMIT
-        $n, 20
+        :n, 20
    ");
    $q->bindParam(':status', $status);
    $q->bindParam(':n', $n);
    $q->execute();
    return $q;
 }
 function search20GroupsFromNByStatus($n, $keyword, $status) {
@@ -80,6 +93,55 @@ function search20GroupsFromNByStatus($n, $keyword, $status) {
    return $q;
 }
 function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
    $q = $GLOBALS['db']->prepare("
    SELECT
        `groupID`,
        `name`,
        `status`,
        `description`
    FROM
        `group_page`
    WHERE
        `name` LIKE :keyword AND
        FIND_IN_SET (`status`, :statuses)
    ORDER BY
        `name`
    LIMIT
        :n, :m
    ");
    $keyword = "%$keyword%";
    $q->bindParam(':keyword', $keyword);
    $q->bindParam(':n', $n, PDO::PARAM_INT);
    $q->bindParam(':m', $m, PDO::PARAM_INT);
    $statuses = implode(',', $status);
    $q->bindParam(':statuses', $statuses);
    $q->execute();
    return $q;
 }
 function countSomeGroupsByStatus($keyword, $status) {
    $q = $GLOBALS['db']->prepare("
    SELECT
        COUNT(*)
    FROM
        `group_page`
    WHERE
        `name` LIKE :keyword AND
        FIND_IN_SET (`status`, :statuses)
    ORDER BY
        `name`
    ");
    $keyword = "%$keyword%";
    $q->bindParam(':keyword', $keyword);
    $statuses = implode(',', $status);
    $q->bindParam(':statuses', $statuses);
    $q->execute();
    return $q;
 }
 function changeGroupStatusByID($id, $status) {
    $q = $GLOBALS["db"]->query("
    UPDATE
@@ -92,3 +154,23 @@ function changeGroupStatusByID($id, $status) {
    return $q;
 }
 function changeMultipleGroupStatusByID($ids, $status) {
    $q = $GLOBALS['db']->prepare("
    UPDATE
        `group_page`
    SET
        `status` = :status
    WHERE
        FIND_IN_SET (`groupID`, :ids)
    ");
    $ids = implode(',', $ids);
    $q->bindParam(':ids', $ids);
    $q->bindParam(':status', $status);
    $q->execute();
    return $q;
 }
 ?>
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -88,7 +88,7 @@ function selectAllUserPosts($userID) {
 }
 function select20UsersFromN($n) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        `userID`,
        `username`,
@@ -100,8 +100,12 @@ function select20UsersFromN($n) {
        `role`,
        `username`
    LIMIT
-        $n, 20
+        :n, 20
    ");
    $q->bindParam(':n', $n);
    $q->execute();
    return $q;
 }
 function search20UsersFromN($n, $keyword) {
@@ -156,19 +160,90 @@ function search20UsersFromNByStatus($n, $keyword, $status) {
    return $q;
 }
-function changeUserStatusByID($id, $status) {
+function searchSomeUsersByStatus($n, $m, $keyword, $status) {
-    $q = $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
-    UPDATE
+    SELECT
        `userID`,
        `username`,
        `role`,
        `bancomment`
    FROM
        `user`
    SET
        `role` = $status
    WHERE
-        `userID` = $id
+        `username` LIKE :keyword AND
        FIND_IN_SET (`role`, :statuses)
    ORDER BY
        `role`,
        `username`
    LIMIT
        :n, :m
    ");
    $keyword = "%$keyword%";
    $q->bindParam(':keyword', $keyword);
    $q->bindParam(':n', $n, PDO::PARAM_INT);
    $q->bindParam(':m', $m, PDO::PARAM_INT);
    $statuses = implode(',', $status);
    $q->bindParam(':statuses', $statuses);
    $q->execute();
    return $q;
 }
 function countSomeUsersByStatus($keyword, $status) {
    $q = $GLOBALS["db"]->prepare("
    SELECT
        COUNT(*)
    FROM
        `user`
    WHERE
        `username` LIKE :keyword AND
        FIND_IN_SET (`role`, :statuses)
    ORDER BY
        `role`,
        `username`
    ");
    $keyword = "%$keyword%";
    $q->bindParam(':keyword', $keyword);
    $statuses = implode(',', $status);
    $q->bindParam(':statuses', $statuses);
    $q->execute();
    return $q;
 }
 function changeUserStatusByID($id, $status) {
    $q = $GLOBALS["db"]->prepare("
    UPDATE
        `user`
    SET
        `role` = :status
    WHERE
        `userID` = :id
    ");
    $q->bindParam(':status', $status);
    $q->bindParam(':id', $id);
    $q->execute();
    return $q;
 }
 function changeMultipleUserStatusByID($ids, $status) {
    $q = $GLOBALS["db"]->prepare("
    UPDATE
        `user`
    SET
        `role` = :status
    WHERE
        FIND_IN_SET (`userID`, :ids)
    ");
    $ids = implode(',', $ids);
    $q->bindParam(':ids', $ids);
    $q->bindParam(':status', $status);
    $q->execute();
    return $q;
 }
 function selectRandomNotFriendUser($userID) {
    $stmt = $GLOBALS["db"]->prepare("
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -3,32 +3,7 @@
 <head>
    <meta charset="utf-8">
    <title>Admin Panel</title>
-    <script type="text/javascript">
+    <script src="../public/js/admin.js" charset="utf-8"></script>
    window.onload = function() {
        changeFilter();
    };
    function checkAll(allbox) {
        var checkboxes = document.getElementsByName('checkbox-user[]');
        for (var i = 0; i < checkboxes.length; i++) {
            if (checkboxes[i].type == 'checkbox') {
                checkboxes[i].checked = allbox.checked;
            }
        }
    }
    function changeFilter() {
        if (document.getElementById('group').checked) {
            document.getElementById('admin-filter').style.display = 'none';
            document.getElementById('admin-groupfilter').style.display = 'inline-block';
        } else {
            document.getElementById('admin-filter').style.display = 'inline-block';
            document.getElementById('admin-groupfilter').style.display = 'none';
        }
    }
    </script>
    <?php
        include_once("../queries/user.php");
        include_once("../queries/group_page.php");
@@ -39,35 +14,54 @@
 <!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
 <?php
 $search = "";
-$listnr = 0; // TODO: add page functionality
+$currentpage = 1;
 $perpage = 20;
 $status = $groupstatus = array();
 $pagetype = "user";
 if (isset($_GET["search"])) {
    $search = test_input($_GET["search"]);
 }
 if (isset($_GET["pagetype"])) {
    $pagetype = test_input($_GET["pagetype"]);
 }
 if (isset($_GET["status"])) {
    $status = $_GET["status"];
 }
 if (isset($_GET["groupstatus"])) {
    $groupstatus = $_GET["groupstatus"];
 }
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    if (!empty($_POST["search"])) {
+    if (isset($_POST["actions"]) && isset($_POST["userID"])) {
        $search = test_input($_POST["search"]);
    }
    if (!empty($_POST["pagetype"])) {
        $pagetype = test_input($_POST["pagetype"]);
    }
    if (!empty($_POST["status"])) {
        $status = $_POST["status"];
    }
    if (!empty($_POST["groupstatus"])) {
        $groupstatus = $_POST["groupstatus"];
    }
    if (!empty($_POST["actions"]) && !empty($_POST["userID"])) {
        changeUserStatusByID($_POST["userID"], $_POST["actions"]);
-    } elseif (!empty($_POST["actions"]) && !empty($_POST["groupID"])) {
+    }
    if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
        changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
    }
    if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
        changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
    }
    if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
        changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
    }
    if (isset($_POST["pageselect"])) {
        $currentpage = $_POST["pageselect"];
    }
 }
 $listn = ($currentpage-1) * $perpage;
 $listm = $currentpage * $perpage;
 function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
@@ -81,13 +75,10 @@ function test_input($data) {
        <div class="admin-title">
            <h1>User Management Panel</h1>
        </div> <br>
        <form class="admin-actionform"
              action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
              method="post">
        <div class="admin-options">
            <form class="admin-searchform"
                  action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
-                  method="post">
+                  method="get">
                <div class="admin-searchbar">
                    <h2>Search</h2>
                    <input type="text"
@@ -147,32 +138,86 @@ function test_input($data) {
                </div>
            </form>
-                <div class="admin-actions">
+                <div class="admin-batchactions" id="admin-batchactions">
                    <h2>Batch Actions: </h2>
-                    <input type="radio" name="actions" id="freeze" value="freeze">
+                    <form class="admin-batchform"
                          id="admin-batchform"
                          action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
                          method="post">
                        <input type="radio" name="batchactions" id="freeze" value="2">
                        <label for="freeze">Freeze</label><br>
-                    <input type="radio" name="actions" id="ban" value="ban">
+                        <input type="radio" name="batchactions" id="ban" value="3">
                        <label for="ban">Ban</label><br>
-                    <input type="radio" name="actions" id="restore" value="restore">
+                        <input type="radio" name="batchactions" id="restore" value="1">
                        <label for="restore">Restore</label><br><br>
                        <input type="submit" value="Confirm">
                    </form>
                </div>
                <div class="admin-groupbatchactions" id="admin-groupbatchactions">
                    <h2>Batch Actions: </h2>
                    <form class="admin-groupbatchform"
                          id="admin-groupbatchform"
                          action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
                          method="post">
                        <input type="radio" name="groupbatchactions" id="hide" value="0">
                        <label for="hide">Hide</label><br>
                        <input type="radio" name="groupbatchactions" id="public" value="1">
                        <label for="public">Public</label><br>
                        <input type="radio" name="groupbatchactions" id="membersonly" value="2">
                        <label for="membersonly">Member</label><br><br>
                        <input type="submit" value="Confirm">
                    </form>
                </div>
            </div>
            <br>
            <div class="admin-users">
-                <h2 class="usertitle">Users:</h2>
+                <div class="admin-usertitle">
-
+                    <div class="admin-userheading">
-                <div class="admin-userpage">
+                        <h2>Users:</h2>
-                    <input type="submit" name="prev" value="prev">
+                    </div>
-                    1 / 1
+                    <div class="admin-pageui">
-                    <input type="submit" name="next" value="next">
+                        <?php
                        if ($pagetype == "user") {
                            $pages = countSomeUsersByStatus($search, $status);
                        } else {
                            $pages = countSomeGroupsByStatus($search, $groupstatus);
                        }
                        $countresults = $pages->fetchColumn();
                        $mincount = min($listm, $countresults);
                        $minlist = min($listn + 1, $countresults);
                        ?>
                        <p class="pagenumber">Current page:</p>
                        <form class="admin-pageselector"
                              action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
                              method="post">
                              <select class="admin-pageselect"
                                      name="pageselect"
                                      onchange="this.form.submit()"
                                      value="">
                                  <?php
                                  for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
                                      if ($currentpage == $i) {
                                          echo "<option value='$i' selected>$i</option>";
                                      } else {
                                          echo "<option value='$i'>$i</option>";
                                      }
                                  }
                                  ?>
                              </select>
                        </form>
                        <p class="entriesshown">
                        <?php
                        echo "Showing results $minlist to $mincount out of $countresults";
                        ?>
                    </div>
                </div> <br>
                <table class="usertable">
                    <tr>
                        <th class="table-checkbox">
-                            <input type="checkbox" name="checkall" onchange="checkAll(this)">
+                            <input type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)">
                        </th>
                        <th class="table-username">User</th>
                        <th class="table-status">Status</th>
@@ -182,21 +227,28 @@ function test_input($data) {
                    <!-- Table construction via php PDO. -->
                    <?php
                    $listn = ($currentpage-1) * $perpage;
                    $listm = $currentpage * $perpage;
                    if ($pagetype == 'user') {
-                        $q = search20UsersFromNByStatus($listnr, $search, $status);
+                        $q = searchSomeUsersByStatus($listn, $listm, $search, $status);
                        while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                            $userID = $user['userID'];
                            $username = $user['username'];
                            $role = $user['role'];
                            $bancomment = $user['bancomment'];
-                            $thispage = htmlspecialchars($_SERVER['PHP_SELF']);
+                            $thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
                            $function = "checkCheckAll(document.getElementById('checkall'))";
                            echo("
                            <tr>
                            <td><input type='checkbox'
                            name='checkbox-user[]'
-                            value='$userID'>
+                            class='checkbox-list'
                            value='$userID'
                            form='admin-batchform'
                            onchange=" . "$function" . ">
                            </td>
                            <td>$username</td>
                            <td>$role</td>
@@ -218,20 +270,24 @@ function test_input($data) {
                            ");
                        }
                    } else {
-                        $q = search20GroupsFromNByStatus($listnr, $search, $groupstatus);
+                        $q = searchSomeGroupsByStatus($listn, $listm, $search, $groupstatus);
                        while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
                            $groupID = $group['groupID'];
                            $name = $group['name'];
                            $role = $group['status'];
                            $description = $group['description'];
-                            $thispage = htmlspecialchars($_SERVER['PHP_SELF']);
+                            $thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
                            $function = "checkCheckAll(document.getElementById('checkall'))";
                            echo("
                            <tr>
                            <td><input type='checkbox'
                            name='checkbox-group[]'
-                            value='$groupID'>
+                            class='checkbox-list'
                            value='$groupID'
                            form='admin-groupbatchform'
                            onchange=" . "$function" . ">
                            </td>
                            <td>$name</td>
                            <td>$role</td>
@@ -243,7 +299,7 @@ function test_input($data) {
                            <select class='action' name='actions'>
                            <option value='0'>Hide</option>
                            <option value='1'>Public</option>
-                            <option value='2'>Members-only</option>
+                            <option value='2'>Members</option>
                            </select>
                            <input type='hidden' name='groupID' value='$groupID'>
                            <input type='submit' value='Confirm'>
@@ -256,10 +312,6 @@ function test_input($data) {
                    ?>
                </table>
            </div>
        </form>
        <pre>
            <?php print_r($_POST); ?>
        </pre>
    </div>
 </div>
 </body>