From c14a2770bd092b41a343a2a99f0606c444c75b3d Mon Sep 17 00:00:00 2001 From: "K. Nobel" Date: Tue, 31 Jan 2017 12:52:50 +0100 Subject: [PATCH] Fixed posting functions for groups. --- website/public/API/postPost.php | 57 +++++++++++++++++++++++++++------ website/queries/group_page.php | 31 +++++++++++++++++- 2 files changed, 77 insertions(+), 11 deletions(-) diff --git a/website/public/API/postPost.php b/website/public/API/postPost.php index b52e96b..40c18e1 100644 --- a/website/public/API/postPost.php +++ b/website/public/API/postPost.php @@ -2,16 +2,53 @@ session_start(); -require("../../queries/post.php"); -require("../../queries/connect.php"); -require("../../queries/checkInput.php"); +require_once("../../queries/post.php"); +require_once("../../queries/group_page.php"); +require_once("../../queries/connect.php"); +require_once("../../queries/checkInput.php"); -if (empty($_POST['newpost-title'])) { -} else { - makePost($_SESSION['userID'], - null, - test_input($_POST['newpost-title']), - test_input($_POST['newpost-content'])); +if (empty($_POST["title"]) or + empty($_POST["content"]) or + empty($_SESSION["userID"])) { + header('HTTP/1.1 500 Non enough arguments'); } -header("Location: ../profile.php"); \ No newline at end of file +if (empty($_POST["group"])) { + // User Post + makePost( + $_SESSION["userID"], + null, + test_input($_POST["title"]), + test_input($_POST["content"]) + ); +} else { + // Group Post + + // Check if the user is an admin or mod of the group. + if(!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) { + header('HTTP/1.1 500 Non enough rights'); + return; + } + + makePost( + $_SESSION["userID"], + $_POST["group"], + test_input($_POST["title"]), + test_input($_POST["content"]) + ); +} + + + + + + +//if (empty($_POST['newpost-title'])) { +//} else { +// makePost($_SESSION['userID'], +// null, +// test_input($_POST['newpost-title']), +// test_input($_POST['newpost-content'])); +//} +// +//header("Location: ../profile.php"); \ No newline at end of file diff --git a/website/queries/group_page.php b/website/queries/group_page.php index b3e454c..83911f8 100644 --- a/website/queries/group_page.php +++ b/website/queries/group_page.php @@ -11,6 +11,12 @@ function selectGroupByName($name) { `description`, `picture`, `status`, + ( + SELECT `role` + FROM `group_member` + WHERE `group_member`.`groupID` = `group_page`.`groupID` AND + `userID` = :userID + ) AS `role`, COUNT(`group_member`.`groupID`) as `members` FROM `group_page` @@ -22,13 +28,36 @@ function selectGroupByName($name) { name LIKE :name "); - $stmt->bindParam(':name', $name); + $stmt->bindParam(':name', $name, PDO::PARAM_STR); + $stmt->bindParam(':userID', $_SESSION["userID"], PDO::PARAM_INT); if (!$stmt->execute()) { return False; } return $stmt->fetch(); } +function selectGroupRole(int $groupID) { + $stmt = prepareQuery(" + SELECT + `role` + FROM + `group_member` + WHERE + `groupID` = :groupID AND + `userID` = :userID + "); + + $stmt->bindParam(':groupID', $groupID, PDO::PARAM_INT); + $stmt->bindParam(':userID', $_SESSION["userID"], PDO::PARAM_INT); + if(!$stmt->execute()) { + return False; + } + if($stmt->rowCount() == 0) { + return "none"; + } + return $stmt->fetch()["role"]; +} + function selectGroupMembers(int $groupID) { $stmt = prepareQuery(" SELECT