MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into lars

Browse Source
This commit is contained in:
Lars van Hijfte
2017-02-03 10:15:10 +01:00
parent 6d739a4480 820ffb4a62
commit da01729b61
12 changed files with 43 additions and 239 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
website/public/fb-callback.php
View File

@@ -1,71 +0,0 @@
<?php
$fb = new Facebook\Facebook([
'app_id' => $appID, // Replace {app-id} with your app id
'app_secret' => $appSecret,
'default_graph_version' => 'v2.2',
]);
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
if (! isset($accessToken)) {
if ($helper->getError()) {
header('HTTP/1.0 401 Unauthorized');
echo "Error: " . $helper->getError() . "\n";
echo "Error Code: " . $helper->getErrorCode() . "\n";
echo "Error Reason: " . $helper->getErrorReason() . "\n";
echo "Error Description: " . $helper->getErrorDescription() . "\n";
} else {
header('HTTP/1.0 400 Bad Request');
echo 'Bad request';
}
exit;
}
// Logged in
echo '<h3>Access Token</h3>';
var_dump($accessToken->getValue());
// The OAuth 2.0 client handler helps us manage access tokens
$oAuth2Client = $fb->getOAuth2Client();
// Get the access token metadata from /debug_token
$tokenMetadata = $oAuth2Client->debugToken($accessToken);
echo '<h3>Metadata</h3>';
var_dump($tokenMetadata);
// Validation (these will throw FacebookSDKException's when they fail)
$tokenMetadata->validateAppId($appID); // Replace {app-id} with your app id
// If you know the user ID this access token belongs to, you can validate it here
//$tokenMetadata->validateUserId('123');
$tokenMetadata->validateExpiration();
if (! $accessToken->isLongLived()) {
// Exchanges a short-lived access token for a long-lived one
try {
$accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
} catch (Facebook\Exceptions\FacebookSDKException $e) {
echo "<p>Error getting long-lived access token: " . $helper->getMessage() . "</p>\n\n";
exit;
}
echo '<h3>Long-lived</h3>';
var_dump($accessToken->getValue());
}
$_SESSION['fb_access_token'] = (string) $accessToken;
// User is logged in with a long-lived access token.
// You can redirect them to a members-only page.
//header('Location: https://example.com/members.php');

116
website/public/register(stash).php
View File

@@ -1,116 +0,0 @@
<!DOCTYPE html>
<html>
<?php
include("../views/login_head.php");
require_once("../queries/connect.php");
include_once("../queries/register.php");
include_once("../queries/checkInput.php");
include_once("../queries/emailconfirm.php");
?>
<body>
<?php
session_start();
if(isset($_SESSION["userID"])){
header("location: login.php");
}
// define variables and set to empty values
$name = $surname = $bday = $username = $password = $confirmpassword = $location = $housenumber = $email = $confirmEmail = $captcha = $ip = "";
$genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $locationErr = $housenumberErr = $emailErr = $confirmEmailErr = $captchaErr = "";
$correct = true;
$day_date = "dag";
$month_date = "maand";
$year_date = "jaar";
// Trying to register an account
if ($_SERVER["REQUEST_METHOD"] == "POST") {
try {
$name = test_input(($_POST["name"]));
checkInputChoice($name, "lettersAndSpaces");
} catch(lettersAndSpacesException $e){
$correct = false;
$nameErr = $e->getMessage();
}
try {
$surname = test_input(($_POST["surname"]));
checkInputChoice($surname, "lettersAndSpaces");
}
catch(lettersAndSpacesException $e){
$correct = false;
$surnameErr = $e->getMessage();
}
try{
$day_date = test_input(($_POST["day_date"]));
$month_date = test_input(($_POST["month_date"]));
$year_date = test_input(($_POST["year_date"]));
$bday = $year_date . "-" . $month_date . "-" . $day_date;
checkInputChoice($bday, "bday");
} catch(bdayException $e){
$correct = false;
$bdayErr = $e->getMessage();
}
try{
$username = str_replace(' ', '', test_input(($_POST["username"])));
checkInputChoice($username, "username");
} catch(usernameException $e){
$correct = false;
$usernameErr = $e->getMessage();
}
try{
$password = str_replace(' ', '', test_input(($_POST["password"])));
checkInputChoice($password, "longerEight");
matchPassword();
} catch(passwordException $e){
$correct = false;
$passwordErr = $e->getMessage();
} catch(confirmPasswordException $e){
$correct = false;
$confirmPasswordErr = $e->getMessage();
}
try{
$location = test_input(($_POST["location"]));
checkInputChoice($location, "lettersAndSpaces");
} catch(lettersAndSpacesException $e){
$correct = false;
$locationErr = $e->getMessage();
}
try{
$email = test_input(($_POST["email"]));
checkInputChoice($email, "email");
$confirmEmail = test_input(($_POST["confirmEmail"]));
matchEmail();
} catch(emailException $e){
$correct = false;
$emailErr = $e->getMessage();
} catch(confirmEmailException $e){
$correct = false;
$confirmEmailErr = $e->getMessage();
}
try{
$captcha = $_POST['g-recaptcha-response'];
checkCaptcha($captcha);
} catch(captchaException $e){
$correct = false;
$captchaErr = $e->getMessage();
}
try {
getIp();
registerCheck($correct);
sendConfirmEmailUsername($username);
} catch(registerException $e){
$genericErr = $e->getMessage();
}
}
/* This view adds register view */
include("../views/register-view.php");
?>
</body>
</html>

6
website/public/styles/index.css
View File

@@ -198,12 +198,6 @@ ul {
animation-duration: 0.4s
}
/* Add Animation */
@-webkit-keyframes animatetop {
from {top:-300px; opacity:0}
to {top:0; opacity:1}
}
@keyframes animatetop {
from {top:-300px; opacity:0}
to {top:0; opacity:1}

6
website/queries/checkInput.php
View File

@@ -68,7 +68,7 @@ function validateBday($variable){
}
}
// Checks for date
/* Checks for date */
function validateDate($date, $format)
{
$d = DateTime::createFromFormat($format, $date);
@@ -124,7 +124,7 @@ function validateEmail($variable){
throw new emailException("Mag maximaal 50 karakters!");
}
}
//255
/* checks if an input is a valid email. */
function validateFBEmail($variable){
if (empty($variable)) {
@@ -138,6 +138,7 @@ function validateFBEmail($variable){
}
}
/* checks if email is the same */
function matchEmail(){
if (strtolower($_POST["email"]) != strtolower($_POST["confirmEmail"])){
throw new confirmEmailException("Emails matchen niet!");
@@ -153,7 +154,6 @@ function resetEmail($variable){
}
}
/* checks if two passwords matches. */
function matchPassword(){
if ($_POST["password"] != $_POST["confirmpassword"]) {

7
website/queries/login.php
View File

@@ -1,5 +1,6 @@
<?php
//Find matching password with the inputted username/emailadress.
function getUser() {
$stmt = prepareQuery("
SELECT
@@ -34,6 +35,7 @@ function getUserID() {
}
function validateLogin($username, $password, $url){
echo $url;
// Empty username or password field
if (empty($username) || empty($password)) {
throw new loginException("Inloggegevens zijn niet ingevuld");
@@ -44,7 +46,7 @@ function validateLogin($username, $password, $url){
$userID = getUser()["userID"];
$role = getUser()["role"];
// If there's an account, go to the profile page
// If there's an account, check if the account is banned, frozen or unconfirmed.
if(password_verify($psw, $hash)) {
if ($role == "banned"){
echo "<script>
@@ -75,8 +77,9 @@ function validateLogin($username, $password, $url){
$_SESSION["userID"] = $userID;
if(!isset($url) or $url == "") {
header("location: profile.php");
echo "succes";
} else{
header("location: $url");
header("location: ".$url);
}
}

8
website/views/facebookRegisterModal.php
View File

@@ -1,7 +1,6 @@
<!-- The Modal -->
<div id="fbModal" class="modal">
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
return= $correct
method="post"
name="fbModal">
@@ -66,17 +65,16 @@
</div>
<?php } ?>
</div>
*<span class="error"> <?php echo $fbEmailErr;?></span>
<span class="error"> <?php echo $fbEmailErr;?></span>
<div class="modal-footer">
<button type="submit"
value="fbRegister"
name="submit"
id="frm1_submit">
name="submit">
Registreer account
</button>
</div>
</div>
<!-- Facebook information-->
<input type="hidden"
name="fbName"
value="<?php echo $fbName ?>">

0
website/public/fbRegister.php → website/views/fbRegister.php
View File

4
website/views/forgotPasswordModal.php
View File

@@ -4,7 +4,6 @@
<!-- The Modal -->
<div id="myModal" class="modal">
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
return= $correct
method="post"
name="forgotPassword">
@@ -26,8 +25,7 @@
<div class="login_containerfault"><span><?php echo $resetErr; ?></span></div>
<button type="submit"
value="reset"
name="submit"
id="frm1_submit">
name="submit">
Reset password
</button>
</div>

32
website/views/homeLoginRegister.php
View File

@@ -11,16 +11,16 @@ if(isset($_SESSION["userID"])){
// Facebook variables
$appID = "353857824997532";
$appSecret = "db47e91ffbfd355fdd11b4b65eade851";
$fbUsername = $fbPassword = $fbConfirmpassword = "";
$fbUsername = $fbPassword = $fbConfirmpassword = $fbName = $fbSurname = $fbBday = $fbEmail = $fbUserID = "";
$fbUsernameErr = $fbPasswordErr = $fbConfirmpasswordErr = $fbEmailErr = $fbBdayErr = "";
$fbCorrect = true;
$fbName = $fbSurname = $fbBday = $fbEmail = $fbUserID = "";
// Register variables
$name = $surname = $bday = $username = $password = $confirmpassword = $location = $housenumber = $email = $confirmEmail = $captcha = $ip = "";
$genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $locationErr = $housenumberErr = $emailErr = $confirmEmailErr = $captchaErr = "";
$correct = true;
// Bday dates
$day_date = $month_date = $year_date = "";
$fbDay_date = $fbMonth_date = $fbYear_date = "";
@@ -28,22 +28,14 @@ $fbDay_date = $fbMonth_date = $fbYear_date = "";
$user = $psw = $remember ="";
$loginErr = $resetErr = $fbRegisterErr ="";
//if ($_SERVER["REQUEST_METHOD"] == "GET") {
// try {
// $user = ($_POST["user"]);
// validateLogin($_POST["user"], $_POST["psw"], "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
// } catch(loginException $e) {
// $loginErr = $e->getMessage();
// }
//}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$url = $_POST["url"];
// Checks for which button is pressed
switch ($_POST["submit"]) {
case "login":
try {
$user = ($_POST["user"]);
validateLogin($_POST["user"], $_POST["psw"], $_POST["url"]);
validateLogin($_POST["user"], $_POST["psw"], $url);
} catch(loginException $e) {
$loginErr = $e->getMessage();
}
@@ -62,18 +54,22 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
}
break;
case "register":
include("register.php");
include("../views/register.php");
break;
case "fbRegister":
include("fbRegister.php");
include("../views/fbRegister.php");
break;
}
}
// Get facebook information with facebook PHP SDK.
$fb = new Facebook\Facebook([
'app_id' => $appID,
'app_secret' => $appSecret,
'default_graph_version' => 'v2.2',
]);
// Redirect back to login.php after logging/canceling with facebook.
$redirect = "https://myhyvesbookplus.nl/login.php";
$helper = $fb->getRedirectLoginHelper();
@@ -88,6 +84,7 @@ try {
exit;
}
// If theres no facebook account logged in, ask for permission.
if(!isset($acces_token)){
$permission=["email", "user_birthday"];
$loginurl=$helper->getLoginUrl($redirect,$permission);
@@ -96,13 +93,14 @@ if(!isset($acces_token)){
$response = $fb->get('/me?fields=email,name,birthday');
$usernode = $response->getGraphUser();
// Get facebook information
$nameSplit = explode(" ", $usernode->getName());
$fbName = $nameSplit[0];
$fbSurname = $nameSplit[1];
$fbUserID = $usernode->getID();
$fbEmail = $usernode->getProperty("email");
// $image = 'https://graph.facebook.com/' . $usernode->getId() . '/picture?width=200';
// If there is an account, check if the account is banned or frozen.
if (fbLogin($fbUserID) == 1) {
$fbID = getfbUserID($fbUserID)["userID"];
$fbRole = getfbUserID($fbUserID)["role"];
@@ -110,16 +108,20 @@ if(!isset($acces_token)){
echo "<script>
window.onload=bannedAlert();
</script>";
} else if($fbRole == "frozen"){
$_SESSION["userID"] = $fbID;
echo "<script>
window.onload=frozenAlert();
window.location.href= 'profile.php';
</script>";
} else {
$_SESSION["userID"] = $fbID;
header("location: profile.php");
}
// Registration with faceobook if theres no account.
} else {
echo "<script>
window.onload = function() {

13
website/views/login-view.php
View File

@@ -13,12 +13,16 @@
<h1>Welkom bij MyHyvesbook+</h1>
<!-- Login content -->
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
return=$correct
method="post"
name="login">
<!-- Url parameter -->
<input type="hidden"
name="url"
value="<?= $_GET["url"] ?>"/>
value="<?php
if(isset($_GET["url"])) {
echo $_GET["url"];
} ?>"/>
<!-- Login name -->
<div class="login_containerlogin">
@@ -50,8 +54,7 @@
<div class="login_containerlogin">
<button type="submit"
value="login"
name="submit"
id="frm1_submit">
name="submit">
Inloggen
</button>
</div>
@@ -72,5 +75,7 @@
<?php
if(!isset($acces_token)) {
echo '<div class="login_containerlogin"><a class="fbButton" href="' . $loginurl . '"><i class="fa fa-facebook-square"></i> login met Facebook!</a></div>';
} else {
echo '<div class="login_containerlogin"><a class="fbButton" href="' . "https://myhyvesbookplus.nl/login.php" . '"><i class="fa fa-facebook-square"></i> loguit Facebook sessie</a></div>';
}
?>

0
website/public/register.php → website/views/register.php
View File

13
website/views/registerModal.php
View File

@@ -4,7 +4,6 @@
<!-- The Modal -->
<div id="registerModal" class="modal">
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
return= $correct
method="post"
name="forgotPassword">
@@ -15,14 +14,11 @@
<h3>Registreer uw account</h3>
</div>
<div class="modal-body">
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
return= $correct
method="post">
<div class="login_containerregister"><label>U krijgt een bevestigingsemail na het registreren</label></div>
<!-- Error message -->
<div class="login_containerfault"><?php echo $genericErr;?></span></div>
<div class="login_containerfault"><span><?php echo $genericErr;?></span></div>
<!-- Register name -->
<div class="login_containerregister">
@@ -82,7 +78,6 @@
placeholder="Voer uw wachtwoord in"
name="password"
value="<?php echo $password ?>"
id="password"
required>
*<span class="error"> <?php echo $passwordErr;?></span>
<ul>
@@ -96,7 +91,6 @@
placeholder="Herhaal wachtwoord"
name="confirmpassword"
value="<?php echo $confirmpassword ?>"
id="confirmpassword"
title="Herhaal wachtwoord"
required>
*<span class="error"> <?php echo $confirmpasswordErr;?></span>
@@ -120,7 +114,6 @@
placeholder="Voer uw email in"
name="email"
value="<?php echo $email ?>"
id="email"
title="Voer een geldige email in"
required>
*<span class="error"> <?php echo $emailErr;?></span>
@@ -133,7 +126,6 @@
placeholder="Herhaal uw email"
name="confirmEmail"
value="<?php echo $confirmEmail ?>"
id="email"
title="Herhaal uw email"
required>
*<span class="error"> <?php echo $confirmEmailErr;?></span>
@@ -152,8 +144,7 @@
<!-- Register button -->
<button type="submit"
value="register"
name="submit"
id="frm1_submit">
name="submit">
Registreer
</button>
</div>