From d44ddf2793168c126329e31f9e1c30bb9804343a Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Tue, 24 Jan 2017 14:36:27 +0100
Subject: [PATCH 1/2] Added functionality for add friend buttons.

---
 website/public/edit_friendship.php | 30 ++++++++++++
 website/public/profile.php         |  5 +-
 website/public/styles/profile.css  |  3 +-
 website/queries/friendship.php     | 78 +++++++++++++++++++++++++++++-
 website/queries/user.php           | 52 +++++++++++++++-----
 website/views/profile.php          | 25 +++++++---
 6 files changed, 170 insertions(+), 23 deletions(-)
 create mode 100644 website/public/edit_friendship.php

diff --git a/website/public/edit_friendship.php b/website/public/edit_friendship.php
new file mode 100644
index 0000000..d88e264
--- /dev/null
+++ b/website/public/edit_friendship.php
@@ -0,0 +1,30 @@
+<?php
+session_start();
+require("../queries/friendship.php");
+require("../queries/user.php");
+
+if(empty($_POST["userID"]) OR empty($_POST["delete"]) AND empty($_POST["accept"]) AND empty($_POST["request"])) {
+    echo "Not enough arguments.";
+    return;
+}
+
+$friendship_status = getFriendshipStatus($_POST["userID"]);
+echo "\nfriendshipstatus: $friendship_status";
+echo "You: " . $_SESSION["userID"];
+echo "other user: " . $_POST["userID"];
+
+
+if(!empty($_POST["request"]) AND $friendship_status == 0) {
+    echo "request";
+    requestFriendship($_POST["userID"]);
+} else if(!empty($_POST["delete"]) AND in_array($friendship_status, array(1, 2, 3))) {
+    echo "delete";
+    removeFriendship($_POST["userID"]);
+} else if (!empty($_POST["accept"]) AND $friendship_status == 3) {
+    echo "accept";
+    acceptFriendship($_POST["userID"]);
+}
+
+$username = getUsername($_POST["userID"]);
+
+header("Location: profile.php?username=$username");
\ No newline at end of file
diff --git a/website/public/profile.php b/website/public/profile.php
index e4f1452..439f74a 100644
--- a/website/public/profile.php
+++ b/website/public/profile.php
@@ -15,11 +15,14 @@ include("../queries/nicetime.php");
 
 if(empty($_GET["username"])) {
     $userID = $_SESSION["userID"];
+    echo "USERNAME NOT GIVEN";
 } else {
     $userID = getUserID($_GET["username"]);
 }
 
-$user = selectUser($userID);
+echo "User ID: $userID";
+
+$user = selectUser($_SESSION["userID"], $userID);
 $profile_friends = selectAllFriends($userID);
 $profile_groups = selectAllUserGroups($userID);
 $posts = selectAllUserPosts($userID);
diff --git a/website/public/styles/profile.css b/website/public/styles/profile.css
index f5dd6b1..37b0825 100644
--- a/website/public/styles/profile.css
+++ b/website/public/styles/profile.css
@@ -81,8 +81,9 @@ div.posts .post form textarea.newpost {
     font-size: 0.8em;
 }
 
-.profile-button {
+input.profile-button {
     float: right;
+    height: auto;
     padding: 10px;
     border-radius: 5px;
     background-color: #4CAF50;
diff --git a/website/queries/friendship.php b/website/queries/friendship.php
index 0deba63..7a3d6f2 100644
--- a/website/queries/friendship.php
+++ b/website/queries/friendship.php
@@ -1,5 +1,7 @@
 <?php
 
+require("connect.php");
+
 function selectAllFriends($userID) {
     $stmt = $GLOBALS["db"]->prepare("
         SELECT
@@ -21,8 +23,8 @@ function selectAllFriends($userID) {
             `friendship`.`user2ID` = `user`.`userID` OR 
             `friendship`.`user2ID` = :userID AND
             `friendship`.`user1ID` = `user`.`userID`) AND
-            `role` != 5 AND
-            `status` = 1
+            `role` != 'banned' AND
+            `status` = 'confirmed'
     ");
 
     $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
@@ -60,4 +62,76 @@ function selectAllFriendRequests() {
     $stmt->execute();
 
     return json_encode($stmt->fetchAll());
+}
+
+function getFriendshipStatus($userID) {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      CASE `status` IS NULL
+      WHEN TRUE THEN 0
+      WHEN FALSE THEN
+        CASE `status` = 'confirmed'
+        WHEN TRUE THEN
+          1
+        WHEN FALSE THEN
+          CASE `user1ID` = :me AND `user2ID` = :other
+          WHEN TRUE THEN
+            2
+          WHEN FALSE THEN
+            3
+          END
+        END
+      END AS `friend_state`
+    FROM
+      `friendship`
+    WHERE
+      `user1ID` = :other AND `user2ID` = :me OR
+      `user1ID` = :me AND `user2ID` = :other
+    ");
+
+    $stmt->bindParam(':me', $_SESSION["userID"], PDO::PARAM_INT);
+    $stmt->bindParam(':other', $userID, PDO::PARAM_INT);
+    $stmt->execute();
+    return $stmt->fetch()["friend_state"];
+}
+
+function requestFriendship($userID) {
+    $stmt = $GLOBALS["db"]->prepare("
+        INSERT INTO `friendship` (user1ID, user2ID)
+        VALUES (:user1, :user2)
+    ");
+
+    $stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT);
+    $stmt->bindParam(':user2', $userID, PDO::PARAM_INT);
+    $stmt->execute();
+}
+
+function removeFriendship($userID) {
+    $stmt = $GLOBALS["db"]->prepare("
+        DELETE FROM `friendship`
+        WHERE
+          `user1ID` = :user1 AND
+          `user2ID` = :user2 OR
+          `user1ID` = :user2 AND
+          `user2ID` = :user1
+    ");
+
+    $stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT);
+    $stmt->bindParam(':user2', $userID, PDO::PARAM_INT);
+    $stmt->execute();
+}
+
+function acceptFriendship($userID) {
+    $stmt = $GLOBALS["db"]->prepare("
+        UPDATE `friendship`
+        SET `status`='confirmed'
+        WHERE 
+          `user1ID` = :user1 AND
+          `user2ID` = :user2
+        LIMIT 1
+    ");
+
+    $stmt->bindParam(':user1', $userID, PDO::PARAM_INT);
+    $stmt->bindParam(':user2', $_SESSION["userID"], PDO::PARAM_INT);
+    $stmt->execute();
 }
\ No newline at end of file
diff --git a/website/queries/user.php b/website/queries/user.php
index 114d673..04f379e 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -17,27 +17,53 @@ function getUserID($username) {
     return $stmt->fetch()["userID"];
 }
 
-function selectUser($userID) {
+function getUsername($userID) {
     $stmt = $GLOBALS["db"]->prepare("
         SELECT
-            `username`,
-            IFNULL(
-                `profilepicture`,
-                '../img/notbad.jpg'
-            ) AS profilepicture,
-            `bio`,
-            `role`,
-            `onlinestatus`,
-            `loggedin`,
-            `fname`,
-            `lname`
+            `username`
         FROM
             `user`
         WHERE
             `userID` = :userID
     ");
 
-    $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
+    $stmt->bindParam(':userID', $userID, PDO::PARAM_STR);
+    $stmt->execute();
+    return $stmt->fetch()["username"];
+}
+
+function selectUser($me, $other) {
+    $stmt = $GLOBALS["db"]->prepare("
+        SELECT
+          `username`, `birthdate`, `location`, `profilepicture`, `bio`, `user`.`creationdate`, `onlinestatus`, `fname`, `lname`,
+          CASE `status` IS NULL
+            WHEN TRUE THEN 0
+            WHEN FALSE THEN
+              CASE `status` = 'confirmed'
+              WHEN TRUE THEN
+                1
+              WHEN FALSE THEN
+                CASE `user1ID` = `userID` AND `user2ID` = :me
+                  WHEN TRUE THEN
+                    2
+                  WHEN FALSE THEN
+                    3
+                  END
+              END
+          END AS `friend_status`
+        FROM
+          `user`
+        LEFT JOIN
+          `friendship`
+        ON
+          `user1ID` = `userID` AND `user2ID` = :me OR
+          `user1ID` = :me AND `user2ID` = `userID`
+        WHERE
+          `user`.`userID` = :other
+    ");
+
+    $stmt->bindParam(':me', $me, PDO::PARAM_INT);
+    $stmt->bindParam(':other', $other, PDO::PARAM_INT);
     $stmt->execute();
     return $stmt->fetch();
 }
diff --git a/website/views/profile.php b/website/views/profile.php
index 19bd908..83dbca7 100644
--- a/website/views/profile.php
+++ b/website/views/profile.php
@@ -1,11 +1,24 @@
 <div class="content">
     <div class="profile-box platform">
         <img class="left profile-picture" src="<?php echo $user["profilepicture"] ?>">
-        <div class="profile-button">
-            <p><img src="/img/add-friend.png"> Als vriend toevoegen</p>
-        </div>
-        <h1 class="profile-username"><?=$user["username"]?></h1>
-        <h5 class="profile-username"><?= $user["fname"]?> <?=$user["lname"]?></h5>
+
+        <form action="edit_friendship.php" method="post">
+            <input type="hidden" name="userID" value="<?= $userID ?>">
+        <?php
+        if($userID != $_SESSION["userID"] AND $user["friend_status"] == 0) {
+            echo "<input class='profile-button' type='submit' name='request' value='Stuur vriendschapsverzoek!'>";
+        } else if($user["friend_status"] == 1) {
+            echo "<input class='profile-button' type='submit' name='delete' value='Verwijder vriend!'>";
+        } else if($user["friend_status"] == 2) {
+            echo "<input class='profile-button' type='submit' name='accept' value='Accepteer vriendschapsverzoek!'>";
+            echo "<input class='profile-button' type='submit' name='delete' value='Weiger vriendschapsverzoek!'>";
+        } else if($user["friend_status"] == 3) {
+            echo "<input class='profile-button' type='submit' name='delete' value='Trek vriendschapsverzoek in!'>";
+        }
+        ?>
+        </form>
+        <h1 class="profile-username"><?= $user["fname"]?> <?=$user["lname"]?></h1>
+        <h5 class="profile-username"><?=$user["username"]?></h5>
         <p><?=$user["bio"]?></p>
     </div>
 
@@ -14,7 +27,7 @@
         <p>
             <?php
                 while($friend = $profile_friends->fetch()) {
-                    echo "<a href='/profile/${friend["username"]}/' data-title='${friend["username"]}'><img class='profile-picture' src='${friend["profilepicture"]}' alt='${friend["username"]}'s profielfoto></a>";
+                    echo "<a href='profile.php?username=${friend["username"]}/' data-title='${friend["username"]}'><img class='profile-picture' src='${friend["profilepicture"]}' alt='${friend["username"]}'s profielfoto></a>";
                 }
 
 

From 4967ab6ea07ed2d20d4bd4909f946ae90ccb9936 Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Tue, 24 Jan 2017 15:01:55 +0100
Subject: [PATCH 2/2] Made some small changes for Lars.

---
 website/queries/user.php  | 13 ++++++++++++-
 website/views/profile.php |  2 +-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/website/queries/user.php b/website/queries/user.php
index 15b7fb1..ed431f6 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -35,7 +35,18 @@ function getUsername($userID) {
 function selectUser($me, $other) {
     $stmt = $GLOBALS["db"]->prepare("
         SELECT
-          `username`, `birthdate`, `location`, `profilepicture`, `bio`, `user`.`creationdate`, `onlinestatus`, `fname`, `lname`,
+          `username`,
+          `birthdate`,
+          `location`,
+          IFNULL(
+                `profilepicture`,
+                '../img/avatar-standard.png'
+            ) AS profilepicture,
+          `bio`,
+          `user`.`creationdate`,
+          `onlinestatus`,
+          `fname`,
+          `lname`,
           CASE `status` IS NULL
             WHEN TRUE THEN 0
             WHEN FALSE THEN
diff --git a/website/views/profile.php b/website/views/profile.php
index 83dbca7..2bc0341 100644
--- a/website/views/profile.php
+++ b/website/views/profile.php
@@ -27,7 +27,7 @@
         <p>
             <?php
                 while($friend = $profile_friends->fetch()) {
-                    echo "<a href='profile.php?username=${friend["username"]}/' data-title='${friend["username"]}'><img class='profile-picture' src='${friend["profilepicture"]}' alt='${friend["username"]}'s profielfoto></a>";
+                    echo "<a href='profile.php?username=${friend["username"]}' data-title='${friend["username"]}'><img class='profile-picture' src='${friend["profilepicture"]}' alt='${friend["username"]}'s profielfoto></a>";
                 }