MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of ssh://gitlab-fnwi.uva.nl:1337/11166932/WebDB

Browse Source
This commit is contained in:
K. Nobel
2017-01-24 16:59:14 +01:00
parent 70957015ce 4b6fe1d202
commit b8f662f825
13 changed files with 446 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
website/public/API/loadMessages.php
View File

@@ -9,6 +9,7 @@ require_once("../../queries/friendship.php");
if (isset($_POST["lastID"]) && $_POST["lastID"] != "") {
echo getNewChatMessages(test_input($_POST["lastID"]), test_input($_POST["destination"]));
setLastVisited(test_input($_POST["destination"]));
} else {
echo getOldChatMessages(test_input($_POST["destination"]));
setLastVisited(test_input($_POST["destination"]));

30
website/public/edit_friendship.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
session_start();
require("../queries/friendship.php");
require("../queries/user.php");
if(empty($_POST["userID"]) OR empty($_POST["delete"]) AND empty($_POST["accept"]) AND empty($_POST["request"])) {
echo "Not enough arguments.";
return;
}
$friendship_status = getFriendshipStatus($_POST["userID"]);
echo "\nfriendshipstatus: $friendship_status";
echo "You: " . $_SESSION["userID"];
echo "other user: " . $_POST["userID"];
if(!empty($_POST["request"]) AND $friendship_status == 0) {
echo "request";
requestFriendship($_POST["userID"]);
} else if(!empty($_POST["delete"]) AND in_array($friendship_status, array(1, 2, 3))) {
echo "delete";
removeFriendship($_POST["userID"]);
} else if (!empty($_POST["accept"]) AND $friendship_status == 3) {
echo "accept";
acceptFriendship($_POST["userID"]);
}
$username = getUsername($_POST["userID"]);
header("Location: profile.php?username=$username");

5
website/public/profile.php
View File

@@ -15,11 +15,14 @@ include("../queries/nicetime.php");
if(empty($_GET["username"])) {
$userID = $_SESSION["userID"];
echo "USERNAME NOT GIVEN";
} else {
$userID = getUserID($_GET["username"]);
}
$user = selectUser($userID);
echo "User ID: $userID";
$user = selectUser($_SESSION["userID"], $userID);
$profile_friends = selectAllFriends($userID);
$profile_groups = selectAllUserGroups($userID);
$posts = selectAllUserPosts($userID);

91
website/public/register.php
View File

@@ -10,33 +10,90 @@
<?php
session_start();
if(isset($_SESSION["userID"])){
header("location: profile.php");
header("location: login.php");
}
// define variables and set to empty values
$name = $surname = $bday = $username = $password = $confirmpassword = $location = $housenumber = $email = "";
$genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $locationErr = $housenumberErr = $emailErr = "";
$name = $surname = $bday = $username = $password = $confirmpassword = $location = $housenumber = $email = $captcha = $ip = "";
$genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $locationErr = $housenumberErr = $emailErr = $captchaErr = "";
$correct = true;
// Trying to register an account
if ($_SERVER["REQUEST_METHOD"] == "POST") {
checkInputChoice("name", "lettersAndSpace");
checkInputChoice("surname", "lettersAndSpace");
if (empty($_POST["bday"])) {
$bdayErr = "Geboortedatum is verplicht!";
try {
$name = test_input(($_POST["name"]));
checkInputChoice($name, "lettersAndSpaces");
} catch(lettersAndSpacesException $e){
$correct = false;
} else {
$bday = test_input($_POST["bday"]);
$nameErr = $e->getMessage();
}
checkInputChoice("username", "username");
checkInputChoice("password", "longerEight");
checkInputChoice("confirmpassword", "");
try {
$surname = test_input(($_POST["surname"]));
checkInputChoice($surname, "lettersAndSpaces");
}
catch(lettersAndSpacesException $e){
$correct = false;
$surnameErr = $e->getMessage();
}
try{
$bday = test_input(($_POST["bday"]));
checkInputChoice($bday, "bday");
} catch(bdayException $e){
$correct = false;
$bdayErr = $e->getMessage();
}
try{
$username = test_input(($_POST["username"]));
checkInputChoice($username, "username");
} catch(usernameException $e){
$correct = false;
$usernameErr = $e->getMessage();
}
try{
$password = test_input(($_POST["password"]));
checkInputChoice($password, "longerEight");
matchPassword();
checkInputChoice("location", "lettersAndSpace");
checkInputChoice("email", "email");
registerCheck();
} catch(passwordException $e){
$correct = false;
$passwordErr = $e->getMessage();
} catch(confirmPasswordException $e){
$correct = false;
$confirmPasswordErr = $e->getMessage();
}
try{
$location = test_input(($_POST["location"]));
checkInputChoice($location, "lettersAndSpaces");
} catch(lettersAndSpacesException $e){
$correct = false;
$locationErr = $e->getMessage();
}
try{
$email = test_input(($_POST["email"]));
checkInputChoice($email, "email");
} catch(emailException $e){
$correct = false;
$emailErr = $e->getMessage();
}
try{
$captcha = $_POST['g-recaptcha-response'];
checkCaptcha($captcha);
} catch(captchaException $e){
$correct = false;
$captchaErr = $e->getMessage();
}
try {
getIp();
registerCheck($correct);
} catch(registerException $e){
$genericErr = $e->getMessage();
}
}
/* This view adds register view */
include("../views/register-view.php");

64
website/public/styles/index.css
View File

@@ -4,17 +4,16 @@ a.button {
color: black;
cursor: pointer;
height: 50%;
margin: 8px 0;
padding: 14px 20px;
width: 25%;
padding: 8px 20px;
width: 50%;
font-family: Arial;
font-size: 16px;
font-size: 20px;
}
/* Body */
body {
height: 100%;
background-color: #C8CABD;
background-color: #FBC02D;
/*background-image: url(http://play.pokemonshowdown.com/fx/client-bg-shaymin.jpg);
background-size: cover;
background-attachment: fixed;*/
@@ -24,31 +23,14 @@ body {
font-family: Arial, sans-serif;
}
/* The Close Button */
.close {
/* Position it in the top right corner outside of the modal */
color: white;
font-size: 100px;
font-weight: bold;
position: absolute;
right: 25px;
top: 0;
}
/* Close button on hover */
.close:hover,
.close:focus {
color: red;
cursor: pointer;
}
/* inlogform */
form {
/*background-color: #a87a87;*/
border-radius: 12px;
height: 70%;
height: 75%;
margin: auto;
width: 70%;
width: 80%;
overflow-y:auto;
}
@@ -72,24 +54,20 @@ input[type=text], input[type=password], input[type=email], input[type="date"] {
border-color: #C8CABD;
display: inline-block;
height: 60%;
font-size: 16px;
padding: 8px 20px;
margin: 4px 0;
width: 70%;
width: 55%;
}
/*
input[type=text], input[type=password], input[type=email], input[type="date"] {
border: 0px;
border-bottom: 4px solid lightgray;
border-radius: 0px;
}*/
button[type=submit] {
background-color: #C8CABD;
color: black ;
color: black;
cursor: pointer;
font-family: Arial;
font-size: 16px;
width: 50%;
font-size: 22px;
height: 30px;
width: 120px;
}
.error {
@@ -106,12 +84,12 @@ label {
display: inline-block;
position: relative;
background-color: #C8CABD;
height: 30px;
width: 90px;
padding: 3px 3px 3px 0px;
height: 25px;
width: 120px;
padding: 3px 3px 3px 3px;
text-align: center;
border-radius: 0px 10px 10px 0px;
font-size: 24px;
border-radius: 0px 5px 5px 0px;
font-size: 22px;
}
.left-arrow:after {
@@ -121,9 +99,9 @@ label {
right: 100%;
top: 0;
bottom: 0;
border-top: 15px solid transparent;
border-top: 12px solid transparent;
border-right: 20px solid #C8CABD;
border-bottom: 15px solid transparent;
border-bottom: 12px solid transparent;
border-left: 0px solid transparent;
}
@@ -135,7 +113,7 @@ label {
/* padding voor login_containers */
.login_containerlogin {
padding:25px;
padding:16px;
text-align: center;
}
@@ -163,7 +141,7 @@ label {
margin: 34px auto;
overflow-y: auto;
padding: 20px;
width: 50%;
width: 45%;
}
/*.platform {

3
website/public/styles/profile.css
View File

@@ -78,8 +78,9 @@ div.posts .post form textarea.newpost {
font-size: 0.8em;
}
.profile-button {
input.profile-button {
float: right;
height: auto;
padding: 10px;
border-radius: 5px;
background-color: #4CAF50;

182
website/queries/checkInput.php
View File

@@ -1,20 +1,18 @@
<?php
/**
* Function for checking inputfields
* @param variable $variable Give name of the inputfield.
* @param string $option Give the name of the option.
* @param String $variable Give name of the inputfield.
* @param String $option Give the name of the option.
* @return sets correct to false and gives value to error message if it doesn't pass the checks.
*/
function checkInputChoice($variable, $option){
if (empty($_POST[$variable])) {
$GLOBALS[$variable . "Err"] = "Verplicht!";
$GLOBALS["correct"] = false;
} else {
$GLOBALS[$variable] = test_input($_POST[$variable]);
switch ($option) {
case "lettersAndSpace":
checkonly($variable);
case "lettersAndSpaces";
checkName($variable);
break;
case "bday";
validateBday($variable);
break;
case "username";
@@ -31,67 +29,110 @@ function checkInputChoice($variable, $option){
default:
break;
}
}
}
/* Checks for only letters and spaces. */
function checkOnly($variable){
if (!preg_match("/^[a-zA-Z ]*$/",$GLOBALS[$variable])) {
$GLOBALS[$variable . "Err"] = "Alleen letters en spaties zijn toegestaan!";
$correct = false;
function checkName($variable){
if (empty($variable)) {
throw new lettersAndSpacesException("Verplicht!");
} else if (!preg_match("/^[a-zA-Z ]*$/", $variable)) {
throw new lettersAndSpacesException("Alleen letters en spaties zijn toegestaan!");
}
}
/* Checks for bday */
function validateBday($variable){
if (empty($variable)) {
throw new bdayException("Verplicht!");
} else {
if (!(validateDate($variable, "Y/m/d"))) {
throw new bdayException("Geen geldige datum");
} else {
$dateNow = date("Y/m/d");
if ($dateNow < $variable) {
throw new bdayException("Geen geldige datum");
}
}
}
}
// Checks for date
function validateDate($date, $format)
{
$d = DateTime::createFromFormat($format, $date);
return $d && $d->format($format) == $date;
}
/* checks if username exist and if its longer than 6 characters. */
function username($variable){
if (strlen($GLOBALS[$variable]) < 6) {
$GLOBALS[$variable . "Err"] = "Gebruikersnaam moet minstens 6 karakters bevatten";
$correct = false;
if (empty($variable)) {
throw new usernameException("Verplicht!");
} else if (strlen($variable) < 6) {
throw new usernameException("Moet minstens 6 karakters bevatten");
} else if (getExistingUsername() == 1) {
$GLOBALS[$variable . "Err"] = "Gebruikersnaam bestaat al";
$correct = false;
throw new usernameException("Gebruikersnaam bestaal al");
}
}
/* checks if an input is longer that 8 characters. */
function longerEight($variable){
if (strlen($GLOBALS[$variable]) < 8) {
$GLOBALS[$variable . "Err"] = "Moet minstens 8 karakters bevatten";
$correct = false;
if (empty($variable)) {
throw new passwordException("Verplicht!");
} else if (strlen($variable) < 8) {
throw new passwordException("Moet minstens 8 karakters bevatten");
}
}
/* checks if an input is a valid email. */
function validateEmail($variable){
if (!filter_var($GLOBALS[$variable], FILTER_VALIDATE_EMAIL)) {
$GLOBALS[$variable . "Err"] = "Geldige email invullen!";
$correct = false;
if (empty($variable)) {
throw new emailException("Verplicht!");
} else if (!filter_var($variable, FILTER_VALIDATE_EMAIL)) {
throw new emailException("Geldige email invullen");
} else if (getExistingEmail() == 1){
$GLOBALS[$variable . "Err"] = "Email bestaat al";
$correct = false;
throw new emailException("Email bestaal al!");
}
}
/* checks if two passwords matches. */
function matchPassword(){
if ($_POST["password"] != $_POST["confirmpassword"]) {
$GLOBALS["confirmpasswordErr"] = "Wachtwoorden matchen niet";
$GLOBALS["correct"] = false;
throw new confirmPasswordException("Wachtwoorden matchen niet!");
}
}
// Checks if everything is filled in correctly
function registerCheck(){
if ($GLOBALS["correct"] == false){
$GLOBALS["genericErr"] = "Bepaalde velden zijn verkeerd of niet ingevuld!";
/* Checks if captcha is correctly filled in */
function checkCaptcha($captcha){
if(!$captcha){
throw new captchaException("Captcha needs to be filled in!");
} else {
$response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Lc72xIUAAAAAPizuF3nUbklCPljVCVzgYespz8o&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));
if($response->success==false) {
throw new captchaException("You are a spammer!");
}
}
}
/* Get ip adres */
function getIp(){
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$GLOBALS["ip"] = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$GLOBALS["ip"] = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$GLOBALS["ip"] = $_SERVER['REMOTE_ADDR'];
}
}
/* Checks if everything is filled in correctly */
function registerCheck($status){
if ($status == false){
throw new registerException("Bepaalde velden zijn verkeerd of niet ingevuld");
} else {
registerAccount();
header("location: login.php");
}
}
@@ -102,4 +143,69 @@ function test_input($data) {
$data = htmlspecialchars($data);
return $data;
}
class lettersAndSpacesException extends Exception
{
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
}
class bdayException extends Exception
{
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
}
class usernameException extends Exception
{
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
}
class passwordException extends Exception
{
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
}
class confirmPasswordException extends Exception
{
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
}
class emailException extends Exception
{
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
}
class captchaException extends Exception
{
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
}
class registerException extends Exception
{
public function __construct($message = "", $code = 0, Exception $previous = null)
{
parent::__construct($message, $code, $previous);
}
}
?>

73
website/queries/friendship.php
View File

@@ -1,5 +1,7 @@
<?php
require("connect.php");
function selectAllFriends($userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
@@ -64,6 +66,77 @@ function selectAllFriendRequests() {
return json_encode($stmt->fetchAll());
}
function getFriendshipStatus($userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
CASE `status` IS NULL
WHEN TRUE THEN 0
WHEN FALSE THEN
CASE `status` = 'confirmed'
WHEN TRUE THEN
1
WHEN FALSE THEN
CASE `user1ID` = :me AND `user2ID` = :other
WHEN TRUE THEN
2
WHEN FALSE THEN
3
END
END
END AS `friend_state`
FROM
`friendship`
WHERE
`user1ID` = :other AND `user2ID` = :me OR
`user1ID` = :me AND `user2ID` = :other
");
$stmt->bindParam(':me', $_SESSION["userID"], PDO::PARAM_INT);
$stmt->bindParam(':other', $userID, PDO::PARAM_INT);
$stmt->execute();
return $stmt->fetch()["friend_state"];
}
function requestFriendship($userID) {
$stmt = $GLOBALS["db"]->prepare("
INSERT INTO `friendship` (user1ID, user2ID)
VALUES (:user1, :user2)
");
$stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT);
$stmt->bindParam(':user2', $userID, PDO::PARAM_INT);
$stmt->execute();
}
function removeFriendship($userID) {
$stmt = $GLOBALS["db"]->prepare("
DELETE FROM `friendship`
WHERE
`user1ID` = :user1 AND
`user2ID` = :user2 OR
`user1ID` = :user2 AND
`user2ID` = :user1
");
$stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT);
$stmt->bindParam(':user2', $userID, PDO::PARAM_INT);
$stmt->execute();
}
function acceptFriendship($userID) {
$stmt = $GLOBALS["db"]->prepare("
UPDATE `friendship`
SET `status`='confirmed'
WHERE
`user1ID` = :user1 AND
`user2ID` = :user2
LIMIT 1
");
$stmt->bindParam(':user1', $userID, PDO::PARAM_INT);
$stmt->bindParam(':user2', $_SESSION["userID"], PDO::PARAM_INT);
$stmt->execute();
}
function setLastVisited($friend) {
$stmt = $GLOBALS["db"]->prepare("

63
website/queries/user.php
View File

@@ -17,27 +17,64 @@ function getUserID($username) {
return $stmt->fetch()["userID"];
}
function selectUser($userID) {
function getUsername($userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`username`,
IFNULL(
`profilepicture`,
'../img/avatar-standard.png'
) AS profilepicture,
`bio`,
`role`,
`onlinestatus`,
`loggedin`,
`fname`,
`lname`
`username`
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->bindParam(':userID', $userID, PDO::PARAM_STR);
$stmt->execute();
return $stmt->fetch()["username"];
}
function selectUser($me, $other) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`username`,
`birthdate`,
`location`,
IFNULL(
`profilepicture`,
'../img/avatar-standard.png'
) AS profilepicture,
`bio`,
`user`.`creationdate`,
`onlinestatus`,
`fname`,
`lname`,
CASE `status` IS NULL
WHEN TRUE THEN 0
WHEN FALSE THEN
CASE `status` = 'confirmed'
WHEN TRUE THEN
1
WHEN FALSE THEN
CASE `user1ID` = `userID` AND `user2ID` = :me
WHEN TRUE THEN
2
WHEN FALSE THEN
3
END
END
END AS `friend_status`
FROM
`user`
LEFT JOIN
`friendship`
ON
`user1ID` = `userID` AND `user2ID` = :me OR
`user1ID` = :me AND `user2ID` = `userID`
WHERE
`user`.`userID` = :other
");
$stmt->bindParam(':me', $me, PDO::PARAM_INT);
$stmt->bindParam(':other', $other, PDO::PARAM_INT);
$stmt->execute();
return $stmt->fetch();
}

1
website/views/chat-view.php
View File

@@ -16,6 +16,7 @@
// Set default values of a friend.
$username = $friend["username"];
$name = $friend["name"];
$userID = $friend["userID"];
$pf = "img/avatar-standard.png";

1
website/views/login_head.php
View File

@@ -9,4 +9,5 @@
href="styles/index.css">
<script src="/js/jqeury.js"></script>
<script src="/js/registerAndLogin.js"></script>
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>

23
website/views/profile.php
View File

@@ -1,11 +1,24 @@
<div class="content">
<div class="profile-box platform">
<img class="left profile-picture" src="<?php echo $user["profilepicture"] ?>">
<div class="profile-button">
<p><img src="/img/add-friend.png"> Als vriend toevoegen</p>
</div>
<h1 class="profile-username"><?=$user["username"]?></h1>
<h5 class="profile-username"><?= $user["fname"]?> <?=$user["lname"]?></h5>
<form action="edit_friendship.php" method="post">
<input type="hidden" name="userID" value="<?= $userID ?>">
<?php
if($userID != $_SESSION["userID"] AND $user["friend_status"] == 0) {
echo "<input class='profile-button' type='submit' name='request' value='Stuur vriendschapsverzoek!'>";
} else if($user["friend_status"] == 1) {
echo "<input class='profile-button' type='submit' name='delete' value='Verwijder vriend!'>";
} else if($user["friend_status"] == 2) {
echo "<input class='profile-button' type='submit' name='accept' value='Accepteer vriendschapsverzoek!'>";
echo "<input class='profile-button' type='submit' name='delete' value='Weiger vriendschapsverzoek!'>";
} else if($user["friend_status"] == 3) {
echo "<input class='profile-button' type='submit' name='delete' value='Trek vriendschapsverzoek in!'>";
}
?>
</form>
<h1 class="profile-username"><?= $user["fname"]?> <?=$user["lname"]?></h1>
<h5 class="profile-username"><?=$user["username"]?></h5>
<p><?=$user["bio"]?></p>
</div>

20
website/views/register-view.php
View File

@@ -41,11 +41,12 @@
<!-- Register birthday -->
<div class="login_containerregister">
<label><b>Geboortedatum</b></label>
<input type="date"
<input type="text"
name="bday"
value="<?php echo $bday ?>"
id="bday"
placeholder="01/01/1900"
placeholder="1996/01/01"
data-fv-date-max=""
>
*<span class="error"> <?php echo $bdayErr;?></span>
</div>
@@ -117,18 +118,23 @@
*<span class="error"> <?php echo $emailErr;?></span>
</div>
<!-- Button for registering -->
<div class="login_containerregister">
<div class="g-recaptcha" data-sitekey="6Lc72xIUAAAAADumlWetgENm7NGd9Npyo0c_tYYQ"></div>
<span class="error"> <?php echo $captchaErr;?></span>
</div>
<!-- Button for registering -->
<div class="login_containerlogin">
<!-- Button for going back to login screen -->
<a href="https://myhyvesbookplus.nl/login.php" class="left-arrow">Login</a>
<button type="submit"
value="Registreer uw account"
name="Submit"
id="frm1_submit">
Registreer
</button>
</div>
</form>
<div class="login_containerlogin">
<!-- Button for going back to login screen -->
<a href="https://myhyvesbookplus.nl/login.php" class="left-arrow">Login</a>
</div>
</div>