MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into hendrik-testing

Browse Source
This commit is contained in:
Hendrik
2017-01-20 12:14:17 +01:00
parent 3152839dae 3752f3cd33
commit c93579913d
37 changed files with 812 additions and 652 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
website/queries/checkInput.php Normal file
View File

@@ -0,0 +1,105 @@
<?php
/**
* Function for checking inputfields
* @param variable $variable Give name of the inputfield.
* @param string $option Give the name of the option.
* @return sets correct to false and gives value to error message if it doesn't pass the checks.
*/
function checkInputChoice($variable, $option){
if (empty($_POST[$variable])) {
$GLOBALS[$variable . "Err"] = "Verplicht!";
$GLOBALS["correct"] = false;
} else {
$GLOBALS[$variable] = test_input($_POST[$variable]);
switch ($option) {
case "lettersAndSpace":
checkonly($variable);
break;
case "username";
username($variable);
break;
case "longerEight";
longerEight($variable);
break;
case "email";
validateEmail($variable);
break;
default:
break;
}
}
}
/* Checks for only letters and spaces. */
function checkOnly($variable){
if (!preg_match("/^[a-zA-Z ]*$/",$GLOBALS[$variable])) {
$GLOBALS[$variable . "Err"] = "Alleen letters en spaties zijn toegestaan!";
$correct = false;
}
}
/* checks if username exist and if its longer than 6 characters. */
function username($variable){
if (strlen($GLOBALS[$variable]) < 6) {
$GLOBALS[$variable . "Err"] = "Gebruikersnaam moet minstens 6 karakters bevatten";
$correct = false;
} else if (getExistingUsername() == 1) {
$GLOBALS[$variable . "Err"] = "Gebruikersnaam bestaat al";
$correct = false;
}
}
/* checks if an input is longer that 8 characters. */
function longerEight($variable){
if (strlen($GLOBALS[$variable]) < 8) {
$GLOBALS[$variable . "Err"] = "Moet minstens 8 karakters bevatten";
$correct = false;
}
}
/* checks if an input is a valid email. */
function validateEmail($variable){
if (!filter_var($GLOBALS[$variable], FILTER_VALIDATE_EMAIL)) {
$GLOBALS[$variable . "Err"] = "Geldige email invullen!";
$correct = false;
} else if (getExistingEmail() == 1){
$GLOBALS[$variable . "Err"] = "Email bestaat al";
$correct = false;
}
}
/* checks if two passwords matches. */
function matchPassword(){
if ($_POST["password"] != $_POST["confirmpassword"]) {
$GLOBALS["confirmpasswordErr"] = "Wachtwoorden matchen niet";
$GLOBALS["correct"] = false;
}
}
// Checks if everything is filled in correctly
function registerCheck(){
if ($GLOBALS["correct"] == false){
$GLOBALS["genericErr"] = "Bepaalde velden zijn verkeerd of niet ingevuld!";
} else {
registerAccount();
header("location: login.php");
}
}
/* removes weird characters of an input. */
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>

47
website/queries/friendship.php
View File

@@ -1,26 +1,31 @@
<?php
function selectAllFriends($db, $userID) {
return $db->query("
SELECT
`user`.`userID`,
`user`.`username`,
`user`.`profilepicture`,
`user`.`onlinestatus`,
`user`.`role`
FROM
`user`
INNER JOIN
`friendship`
WHERE
`friendship`.`user1ID` = $userID AND
`friendship`.`user2ID` = `user`.`userID` OR
`friendship`.`user2ID` = $userID AND
`friendship`.`user1ID` = `user`.`userID` AND
`user`.`role` != 3
function selectAllFriends($userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`,
IFNULL(
`profilepicture`,
'../img/notbad.jpg'
) AS profilepicture,
`onlinestatus`,
`role`
FROM
`user`
INNER JOIN
`friendship`
WHERE
(`friendship`.`user1ID` = :userID AND
`friendship`.`user2ID` = `user`.`userID` OR
`friendship`.`user2ID` = :userID AND
`friendship`.`user1ID` = `user`.`userID`) AND
`role` != 5 AND
`status` = 1
");
}
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->execute();
?>
return $stmt;
}

8
website/queries/group_member.php
View File

@@ -1,7 +1,7 @@
<?php
function selectAllGroupsFromUser($db, $userID) {
return $db->query("
function selectAllGroupsFromUser($userID) {
return $GLOBALS["db"]->query("
SELECT
`group_page`.`name`,
`group_page`.`picture`
@@ -15,7 +15,3 @@ function selectAllGroupsFromUser($db, $userID) {
`group_page`.`status` != 0
");
}
?>

23
website/queries/group_page.php
View File

@@ -1,7 +1,7 @@
<?php
function selectGroupById($db, $groupID) {
return $db->query("
function selectGroupById($groupID) {
return $GLOBALS["db"]->query("
SELECT
`group_page`.`name`,
`group_page`.`picture`,
@@ -15,8 +15,8 @@ function selectGroupById($db, $groupID) {
");
}
function select20GroupsFromN($db, $n) {
return $db->query("
function select20GroupsFromN($n) {
return $GLOBALS["db"]->query("
SELECT
`group_page`.`groupID`,
`group_page`.`name`,
@@ -33,8 +33,8 @@ function select20GroupsFromN($db, $n) {
");
}
function select20GroupsByStatusFromN($db, $n, $status) {
return $db->query("
function select20GroupsByStatusFromN($n, $status) {
return $GLOBALS["db"]->query("
SELECT
`group_page`.`groupID`,
`group_page`.`name`,
@@ -53,8 +53,8 @@ function select20GroupsByStatusFromN($db, $n, $status) {
");
}
function search20GroupsFromNByStatus($db, $n, $keyword, $status) {
$q = $db->prepare("
function search20GroupsFromNByStatus($n, $keyword, $status) {
$q = $GLOBALS["db"]->prepare("
SELECT
`groupID`,
`name`,
@@ -129,8 +129,8 @@ function countSomeGroupsByStatus($db, $keyword, $status) {
return $q;
}
function changeGroupStatusByID($db, $id, $status) {
$q = $db->query("
function changeGroupStatusByID($id, $status) {
$q = $GLOBALS["db"]->query("
UPDATE
`group_page`
SET
@@ -141,6 +141,7 @@ function changeGroupStatusByID($db, $id, $status) {
return $q;
}
<<<<<<< HEAD
function changeMultipleGroupStatusByID($db, $ids, $status) {
@@ -162,3 +163,5 @@ function changeMultipleGroupStatusByID($db, $ids, $status) {
?>
=======
>>>>>>> master

21
website/queries/header.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
function getHeaderInfo() {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`fname`,
`lname`,
IFNULL(
`profilepicture`,
'img/notbad.jpg'
) AS profilepicture
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
return $stmt->fetch();
}

4
website/queries/login.php
View File

@@ -1,6 +1,6 @@
<?php
function hashPassword() {
function getUser() {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`password`,
@@ -15,5 +15,3 @@ function hashPassword() {
$stmt->execute();
return $stmt->fetch(PDO::FETCH_ASSOC);
}
?>

19
website/queries/private_message.php
View File

@@ -1,14 +1,9 @@
<?php
include_once("connect.php");
session_start();
function getOldChatMessages($user2ID) {
$db = $GLOBALS["db"];
$user1ID = $_SESSION["userID"];
$stmt = $db->prepare("
$stmt = $GLOBALS["db"]->prepare("
SELECT
*
FROM
@@ -31,8 +26,7 @@ function getOldChatMessages($user2ID) {
}
function sendMessage($destination, $content) {
$db = $GLOBALS["db"];
$stmt = $db->prepare("
$stmt = $GLOBALS["db"]->prepare("
INSERT INTO
`private_message`
(
@@ -56,10 +50,7 @@ function sendMessage($destination, $content) {
}
function getNewChatMessages($lastID, $destination) {
$db = $GLOBALS["db"];
$origin = $_SESSION["userID"];
$stmt = $db->prepare("
$stmt = $GLOBALS["db"]->prepare("
SELECT
*
FROM
@@ -75,11 +66,11 @@ function getNewChatMessages($lastID, $destination) {
`messageID` ASC
");
$stmt->bindParam(':user1', $origin);
$stmt->bindParam(':user1', $_SESSION["userID"]);
$stmt->bindParam(':user2', $destination);
$stmt->bindParam(':lastID', $lastID);
$stmt->execute();
return json_encode($stmt->fetchAll());
}
}

2
website/queries/register.php
View File

@@ -52,7 +52,7 @@ function registerAccount() {
:email
)");
$hash=password_hash($_POST["password"].(strtolower($_POST["username"])), PASSWORD_DEFAULT);
$hash=password_hash($_POST["password"], PASSWORD_DEFAULT);
$stmt->bindParam(":fname", $_POST["name"]);
$stmt->bindParam(":lname", $_POST["surname"]);

122
website/queries/settings.php
View File

@@ -1,5 +1,42 @@
<?php
class settingsMessage {
private $class;
private $message;
/**
* settingsMessage constructor.
* @param string $type Happy or angry
* @param string $message The message to display
*/
public function __construct($type, $message) {
$this->message = $message;
switch ($type) {
case "happy":
$this->class = "settings-message-happy";
break;
case "angry":
$this->class = "settings-message-angry";
break;
default:
$this->class = "settings-message";
break;
}
}
public function getClass() {
return $this->class;
}
public function getMessage() {
return $this->message;
}
}
/**
* Gets the settings form the database.
* @return mixed Setting as an array.
*/
function getSettings() {
$stmt = $GLOBALS["db"]->prepare("
SELECT
@@ -59,40 +96,28 @@ function updateSettings() {
$stmt->execute();
return array (
"type" => "settings-message-happy",
"message" => "Instellingen zijn opgeslagen."
);
return new settingsMessage("happy", "Instellingen zijn opgeslagen.");
}
function updatePassword() {
$user = getPasswordHash();
if (password_verify($_POST["password-old"].strtolower($user["username"]), $user["password"])) {
if (password_verify($_POST["password-old"], $user["password"])) {
if ($_POST["password-new"] == $_POST["password-confirm"] && (strlen($_POST["password-new"]) >= 8)) {
if (changePassword($user)) {
return array ("type" => "settings-message-happy",
"message" => "Wachtwoord gewijzigd.");
if (changePassword()) {
return new settingsMessage("happy", "Wachtwoord gewijzigd.");
} else {
return array (
"type" => "settings-message-angry",
"message" => "Er is iets mis gegaan.");
return new settingsMessage("angry", "Er is iets mis gegaan.");
}
} else {
return array (
"type" => "settings-message-angry",
"message" => "Wachtwoorden komen niet oveeen."
);
return new settingsMessage("angry", "Wachtwoorden komen niet oveen.");
}
} else {
return array(
"type" => "settings-message-angry",
"message" => "Oud wachtwoord niet correct."
);
return new settingsMessage("angry", "Oud wachtwoord niet correct.");
}
}
function changePassword($user) {
$stmt =$GLOBALS["db"]->prepare("
function changePassword() {
$stmt = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
@@ -101,9 +126,62 @@ function changePassword($user) {
`userID` = :userID
");
$hashed_password = password_hash($_POST["password-new"].strtolower($user["username"]), PASSWORD_DEFAULT);
$hashed_password = password_hash($_POST["password-new"], PASSWORD_DEFAULT);
$stmt->bindParam(":new_password", $hashed_password);
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
return $stmt->rowCount();
}
function changeEmail() {
if ($_POST["email"] == $_POST["email-confirm"]) {
$email = strtolower($_POST["email"]);
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
//check if email exists
if (emailIsAvailableInDatabase($email)) {
if (doChangeEmail($email)) {
return new settingsMessage("happy", "Emailadres is veranderd.");
} else {
return new settingsMessage("angry", "Er is iets mis gegaan.");
}
} else {
return new settingsMessage("angry", "Emailadres bestaat al.");
}
} else {
return new settingsMessage("angry", "Geef een geldig emailadres.");
}
} else {
return new settingsMessage("angry", "Emailadressen komen niet overeen.");
}
}
function emailIsAvailableInDatabase($email) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`email`
FROM
`user`
WHERE
`email` = :email
");
$stmt->bindParam(":email", $email);
$stmt->execute();
return !$stmt->rowCount();
}
function doChangeEmail($email) {
$stmt = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`email` = :email
WHERE
`userID` = :userID
");
$stmt->bindParam(":email", $email);
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
return $stmt->rowCount();
}

103
website/queries/user.php
View File

@@ -1,7 +1,93 @@
<?php
require("connect.php");
function select20UsersFromN($db, $n) {
return $db->query("
function getUserID($username) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`
FROM
`user`
WHERE
LOWER(`username`) = LOWER(:username)
");
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->execute();
return $stmt->fetch()["userID"];
}
function selectUser($userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`username`,
IFNULL(
`profilepicture`,
'../img/notbad.jpg'
) AS profilepicture,
`bio`,
`role`,
`onlinestatus`,
`loggedin`,
`fname`,
`lname`
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->execute();
return $stmt->fetch();
}
function selectAllUserGroups($userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`group_page`.`groupID`,
`name`,
`picture`,
`userID`
FROM
`group_page`
INNER JOIN
`group_member`
ON
`group_page`.`groupID` = `group_member`.`groupID`
WHERE
`userID` = :userID AND
`role` = 1
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->execute();
return $stmt;
}
function selectAllUserPosts($userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`postID`,
`author`,
`title`,
`content`,
`creationdate`
FROM
`post`
WHERE
`author` = :userID AND
`groupID` IS NULL
ORDER BY
`creationdate` DESC
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->execute();
return $stmt;
}
function select20UsersFromN($n) {
return $GLOBALS["db"]->query("
SELECT
`userID`,
`username`,
@@ -17,8 +103,8 @@ function select20UsersFromN($db, $n) {
");
}
function search20UsersFromN($db, $n, $keyword) {
$q = $db->prepare("
function search20UsersFromN($n, $keyword) {
$q = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`,
@@ -41,8 +127,8 @@ function search20UsersFromN($db, $n, $keyword) {
return $q;
}
function search20UsersFromNByStatus($db, $n, $keyword, $status) {
$q = $db->prepare("
function search20UsersFromNByStatus($n, $keyword, $status) {
$q = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`,
@@ -120,8 +206,9 @@ function countSomeUsersByStatus($db, $keyword, $status) {
return $q;
}
function changeUserStatusByID($db, $id, $status) {
$q = $db->query("
function changeUserStatusByID($id, $status) {
$q = $GLOBALS["db"]->query("
UPDATE
`user`
SET