MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into kevin-prototype

Browse Source
This commit is contained in:
K. Nobel
2017-01-26 13:24:16 +01:00
parent 3ebacd6251 423c2fd771
commit cf964ec8d6
45 changed files with 1256 additions and 365 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
website/queries/checkInput.php
View File

@@ -97,6 +97,18 @@ function validateEmail($variable){
}
}
/* checks if an input is a valid email. */
function resetEmail($variable){
if (empty($variable)) {
throw new emailException("Verplicht!");
} else if (!filter_var($variable, FILTER_VALIDATE_EMAIL)) {
throw new emailException("Geldige email invullen");
} else if (getResetEmail() == 0){
throw new emailException("Email bestaat niet!");
}
}
/* checks if two passwords matches. */
function matchPassword(){
if ($_POST["password"] != $_POST["confirmpassword"]) {

59
website/queries/friendship.php
View File

@@ -1,13 +1,51 @@
<?php
require("connect.php");
require_once ("connect.php");
function selectFriends($userID) {
return selectLimitedFriends($userID, 9999);
}
function selectLimitedFriends($userID, $limit) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `fullname`,
IFNULL(
`profilepicture`,
'../img/avatar-standard.png'
) AS profilepicture,
`onlinestatus`,
`role`
FROM
`user`
INNER JOIN
`friendship`
WHERE
(`friendship`.`user1ID` = :userID AND
`friendship`.`user2ID` = `user`.`userID` OR
`friendship`.`user2ID` = :userID AND
`friendship`.`user1ID` = `user`.`userID`) AND
`user`.`role` != 'banned' AND
`friendship`.`status` = 'confirmed'
LIMIT :limitCount
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->bindParam(':limitCount', $limit, PDO::PARAM_INT);
$stmt->execute();
return json_encode($stmt->fetchAll());
}
function selectAllFriends($userID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `fullname`,
IFNULL(
`profilepicture`,
'../img/avatar-standard.png'
@@ -39,22 +77,7 @@ function selectAllFriendRequests() {
SELECT
`userID`,
`username`,
CASE `status` IS NULL
WHEN TRUE THEN 0
WHEN FALSE THEN
CASE `status` = 'confirmed'
WHEN TRUE THEN
1
WHEN FALSE THEN
CASE `user1ID` = :userID
WHEN TRUE THEN
2
WHEN FALSE THEN
3
END
END
END AS `friend_state`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `fullname`,
IFNULL(
`profilepicture`,
'../img/avatar-standard.png'

9
website/queries/group_member.php
View File

@@ -1,6 +1,10 @@
<?php
function selectAllGroupsFromUser($userID) {
selectLimitedGroupsFromUser($userID, 9999);
}
function selectLimitedGroupsFromUser($userID, $limit) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`group_page`.`name`,
@@ -13,10 +17,13 @@ function selectAllGroupsFromUser($userID) {
`group_member`.`userID` = :userID AND
`group_member`.`groupID` = `group_page`.`groupID` AND
`group_page`.`status` != 'hidden'
LIMIT :limitCount
");
$stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
$stmt->bindParam(':limitCount', $limit, PDO::PARAM_INT);
$stmt->execute();
return $stmt;
return json_encode($stmt->fetchAll());
}

97
website/queries/post.php Normal file
View File

@@ -0,0 +1,97 @@
<?php
function selectPostById($postID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`user`.`fname`,
`user`.`lname`,
`user`.`username`,
`post`.`groupID`,
`post`.`title`,
`post`.`content`,
`post`.`creationdate`
FROM
`post`
INNER JOIN
`user`
ON
`post`.`author` = `user`. `userID`
WHERE
`post`.`postID` = :postID
");
$stmt->bindParam(':postID', $postID);
$stmt->execute();
return $stmt;
}
function selectCommentsByPostId($postID) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`comment`.`commentID`,
`comment`.`postID`,
`comment`.`author`,
`comment`.`content`,
`comment`.`creationdate`,
`user`.`fname`,
`user`.`lname`,
`user`.`username`
FROM
`comment`
INNER JOIN
`user`
ON
`comment`.`author` = `user`.`userID`
WHERE
`comment`.`postID` = :postID
");
$stmt->bindParam(':postID', $postID);
$stmt->execute();
return $stmt;
}
function makePost($userID, $groupID, $title, $content) {
$stmt = $GLOBALS["db"]->prepare("
INSERT INTO
`post` (
`author`,
`groupID`,
`title`,
`content`
)
VALUES (
:userID,
:groupID,
:title,
:content
)
");
$stmt->bindParam(':userID', $userID);
$stmt->bindParam(':groupID', $groupID);
$stmt->bindParam(':title', $title);
$stmt->bindParam(':content', $content);
$stmt->execute();
}
function makeComment($postID, $userID, $content) {
$stmt = $_GLOBAL["db"]->prepare("
INSERT INTO
`comment` (
`postID`,
`author`,
`content`
)
VALUES (
:postID,
:userID,
:content
)
");
$stmt->bindParam(':postID', $postID);
$stmt->bindParam(':userID', $userID);
$stmt->bindParam(':content', $content);
$stmt->execute();
}

15
website/queries/private_message.php
View File

@@ -79,11 +79,11 @@ function getNewChatMessages($lastID, $destination) {
function selectAllUnreadChat() {
$stmt = $GLOBALS["db"]->prepare("
SELECT
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`,
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `fullname`,
`user`.`userID`,
IFNULL(
`profilepicture`,
'../img/notbad.jpg'
`profilepicture`,
'../img/notbad.jpg'
) AS profilepicture,
LEFT(`private_message`.`content`, 15) as `content`
FROM
@@ -93,15 +93,18 @@ function selectAllUnreadChat() {
WHERE
(`friendship`.user2ID = `private_message`.`origin` AND
`friendship`.user1ID = `private_message`.`destination` AND
`friendship`.chatLastVisted1 < `private_message`.`creationdate` OR
(`friendship`.chatLastVisted1 < `private_message`.`creationdate` OR
`friendship`.chatLastVisted1 IS NULL) OR
`friendship`.user1ID = `private_message`.`origin` AND
`friendship`.user2ID = `private_message`.`destination` AND
`friendship`.chatLastVisted2 < `private_message`.`creationdate`) AND
`friendship`.user2ID = `private_message`.`destination` AND
(`friendship`.chatLastVisted2 < `private_message`.`creationdate` OR
`friendship`.chatLastVisted2 IS NULL)) AND
`private_message`.`origin` = `user`.`userID` AND
`private_message`.`destination` = :userID AND
`user`.`role` != 'banned'
GROUP BY `user`.`userID`
");
$stmt->bindParam(':userID', $_SESSION["userID"]);

16
website/queries/register.php
View File

@@ -32,6 +32,22 @@ function getExistingEmail() {
}
function getResetEmail() {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`email`
FROM
`user`
WHERE
`email` LIKE :email
");
$stmt->bindParam(":email", $_POST["forgotEmail"]);
$stmt->execute();
return $stmt->rowCount();
}
function registerAccount() {
$stmt = $GLOBALS["db"]->prepare("
INSERT INTO

54
website/queries/requestpassword.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
include_once "../queries/connect.php";
function sendPasswordRecovery(string $email) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`
FROM
`user`
WHERE
`email` = :email
");
$stmt->bindParam(":email", $email);
$stmt->execute();
if (!$stmt->rowCount()) {
return;
}
$result = $stmt->fetch();
$userID = $result["userID"];
$username = $result["username"];
$hash = md5(random_int(0, 1000000));
$hashedHash = password_hash($hash, PASSWORD_DEFAULT);
setHashToDatabase($userID, $hash);
doSendPasswordRecovery($userID, $email, $username, $hashedHash);
} else {
// TODO: Be angry!
}
}
function doSendPasswordRecovery(int $userID, string $email, string $username, string $hash) {
$resetLink = "https://myhyvesbookplus.nl/resetpassword.php?u=$userID&h=$hash";
$subject = "Reset uw wachtwoord";
$body = "Hallo $username,\r\n\r\nKlik op de onderstaande link om uw wachtwoord te resetten.\r\n\r\n$resetLink\r\n\r\nGroeten MyHyvesbook+";
$header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
mail($email, $subject, $body, $header);
}
function setHashToDatabase(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`password` = :hash
WHERE
`userID` = :userID
");
$stmt->bindParam(":hash", $hash);
$stmt->bindParam(":userID", $userID);
$stmt->execute();
return $stmt->rowCount();
}

5
website/queries/user.php
View File

@@ -323,7 +323,10 @@ function searchSomeUsers($n, $m, $search)
$stmt = $GLOBALS["db"]->prepare("
SELECT
`username`,
`profilepicture`,
IFNULL(
`profilepicture`,
'../img/notbad.jpg'
) AS profilepicture,
`fname`,
`lname`
FROM