Fixed posting functions for groups.

website/public/API/postPost.php

@@ -2,16 +2,53 @@
 
 session_start();
 
-require("../../queries/post.php");
-require("../../queries/connect.php");
-require("../../queries/checkInput.php");
+require_once("../../queries/post.php");
+require_once("../../queries/group_page.php");
+require_once("../../queries/connect.php");
+require_once("../../queries/checkInput.php");
 
-if (empty($_POST['newpost-title'])) {
-} else {
-    makePost($_SESSION['userID'],
-             null,
-             test_input($_POST['newpost-title']),
-             test_input($_POST['newpost-content']));
+if (empty($_POST["title"]) or
+    empty($_POST["content"]) or
+    empty($_SESSION["userID"])) {
+    header('HTTP/1.1 500 Non enough arguments');
 }
 
-header("Location: ../profile.php");
+if (empty($_POST["group"])) {
+    // User Post
+    makePost(
+        $_SESSION["userID"],
+        null,
+        test_input($_POST["title"]),
+        test_input($_POST["content"])
+        );
+} else {
+    // Group Post
+
+    // Check if the user is an admin or mod of the group.
+    if(!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) {
+        header('HTTP/1.1 500 Non enough rights');
+        return;
+    }
+    
+    makePost(
+        $_SESSION["userID"],
+        $_POST["group"],
+        test_input($_POST["title"]),
+        test_input($_POST["content"])
+    );
+}
+
+
+
+
+
+
+//if (empty($_POST['newpost-title'])) {
+//} else {
+//    makePost($_SESSION['userID'],
+//             null,
+//             test_input($_POST['newpost-title']),
+//             test_input($_POST['newpost-content']));
+//}
+//
+//header("Location: ../profile.php");

website/queries/group_page.php

@@ -11,6 +11,12 @@ function selectGroupByName($name) {
           `description`,
           `picture`,
           `status`,
+          (
+            SELECT `role`
+            FROM `group_member`
+            WHERE `group_member`.`groupID` = `group_page`.`groupID` AND 
+                  `userID` = :userID
+          ) AS `role`,
           COUNT(`group_member`.`groupID`) as `members`
         FROM
           `group_page`
@@ -22,13 +28,36 @@ function selectGroupByName($name) {
           name LIKE :name
     ");
 
-    $stmt->bindParam(':name', $name);
+    $stmt->bindParam(':name', $name, PDO::PARAM_STR);
+    $stmt->bindParam(':userID', $_SESSION["userID"], PDO::PARAM_INT);
     if (!$stmt->execute()) {
         return False;
     }
     return $stmt->fetch();
 }
 
+function selectGroupRole(int $groupID) {
+    $stmt = prepareQuery("
+        SELECT
+          `role`
+        FROM
+          `group_member`
+        WHERE
+          `groupID` = :groupID AND
+          `userID` = :userID
+    ");
+
+    $stmt->bindParam(':groupID', $groupID, PDO::PARAM_INT);
+    $stmt->bindParam(':userID', $_SESSION["userID"], PDO::PARAM_INT);
+    if(!$stmt->execute()) {
+        return False;
+    }
+    if($stmt->rowCount() == 0) {
+        return "none";
+    }
+    return $stmt->fetch()["role"];
+}
+
 function selectGroupMembers(int $groupID) {
     $stmt = prepareQuery("
         SELECT