From e464f5bca2535a1d80df8a535f318cc1c6329c21 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Mon, 30 Jan 2017 16:32:57 +0100
Subject: [PATCH 1/4] cleaned admin.js, add admin/owner check (frontend), fix
 submit ajax

---
 website/public/API/adminChangeUser.php  |  3 --
 website/public/API/adminSearchUsers.php |  2 +
 website/public/admin.php                |  2 +-
 website/public/js/admin.js              | 56 ++++++++++++++++---------
 website/public/styles/adminpanel.css    |  2 +-
 website/views/adminpanel-grouptable.php |  6 +--
 website/views/adminpanel-table.php      | 28 ++++++++-----
 website/views/adminpanel.php            | 27 ++++++++----
 8 files changed, 79 insertions(+), 47 deletions(-)

diff --git a/website/public/API/adminChangeUser.php b/website/public/API/adminChangeUser.php
index 067a7ba..5c9384c 100644
--- a/website/public/API/adminChangeUser.php
+++ b/website/public/API/adminChangeUser.php
@@ -15,6 +15,3 @@ if (isset($_POST["actions"]) && isset($_POST["userID"])) {
 } else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
     changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
 }
-
-//header("location: ../admin.php");
-print_r($_POST);
\ No newline at end of file
diff --git a/website/public/API/adminSearchUsers.php b/website/public/API/adminSearchUsers.php
index c809db7..f1d7fc1 100644
--- a/website/public/API/adminSearchUsers.php
+++ b/website/public/API/adminSearchUsers.php
@@ -35,6 +35,8 @@ if (isset($_POST['groupstatus'])) {
     $groupstatus = $_POST["groupstatus"];
 }
 
+$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+
 if ($pagetype == "user") {
     include ("../../views/adminpanel-table.php");
 } else if ($pagetype == "group") {
diff --git a/website/public/admin.php b/website/public/admin.php
index 2785606..13a025d 100644
--- a/website/public/admin.php
+++ b/website/public/admin.php
@@ -8,7 +8,7 @@
     <style>
         @import url("styles/adminpanel.css");
     </style>
-    <script src="js/admin.js" charset="utf-8"></script>
+<script src="js/admin.js" charset="utf-8"></script>
 </head>
 <body>
 <?php
diff --git a/website/public/js/admin.js b/website/public/js/admin.js
index 140c99a..c43e6ae 100644
--- a/website/public/js/admin.js
+++ b/website/public/js/admin.js
@@ -4,39 +4,45 @@ $(window).on("load", function () {
         adminSearch();
     });
     // all inputs and labels directly under admin filter and groupfilter
-    $("#admin-filter, #admin-groupfilter > input, label").click(function(){
+    $("#admin-filter, #admin-groupfilter > input, label").change(function(){
         adminSearch();
     });
     $("#pagetype").change(function(){
         adminSearch();
     });
 
+    /* Update hidden input to be equal to submit pressed,
+        because serialize doesn't take submit values. */
+    $('#admin-batchform > button').click(function () {
+        $('#batchinput').prop('value', $(this).prop('value'));
+        console.log($('#batchinput').prop('value'));
+    });
+
+    $('#admin-groupbatchform > button').click(function () {
+        $('#groupbatchinput').prop('value', $(this).prop('value'));
+        console.log($('#batchinput').prop('value'));
+    });
+
     adminSearch();
 });
 
-function checkAll(allbox) {
-    var checkboxes = document.getElementsByClassName('checkbox-list');
-
-    for (var i = 0; i < checkboxes.length; i++) {
-        if (checkboxes[i].type == 'checkbox') {
-            checkboxes[i].checked = allbox.checked;
-        }
-    }
+function checkAll() {
+    $('.checkbox-list').each(function () {
+        $(this).prop('checked', $('#checkall').prop('checked'));
+    });
 }
 
-function checkCheckAll(allbox) {
-    var checkboxes = document.getElementsByClassName('checkbox-list');
+function checkCheckAll() {
     var checked = true;
 
-    for (var i = 0; i < checkboxes.length; i++) {
-        if (checkboxes[i].type == 'checkbox') {
-            if (checkboxes[i].checked == false) {
-                checked = false;
-                break;
-            }
+    $('.checkbox-list').each(function () {
+        if ($(this).prop('checked') == false) {
+            checked = false;
+            return;
         }
-    }
-    allbox.checked = checked;
+    });
+
+    $('#checkall').prop('checked', checked);
 }
 
 function changeFilter() {
@@ -60,11 +66,21 @@ function adminSearch() {
         "API/adminSearchUsers.php",
         $("#admin-searchform").serialize()
     ).done(function (data) {
-        console.log(data);
+        // console.log(data);
         $("#usertable").html(data);
     })
 }
 
+function adminUpdate(form) {
+    console.log($(form).serialize());
+    $.post(
+        "API/adminChangeUser.php",
+        $(form).serialize()
+    ).done(function () {
+        adminSearch();
+    })
+}
+
 function updatePageN() {
     $.post(
         "API/adminPageNumber.php",
diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index f9410e1..75fa8b1 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -44,7 +44,7 @@
     padding: 3px;
 }
 
-.usertable tr {
+.usertable th, tr {
     text-align: left;
 }
 
diff --git a/website/views/adminpanel-grouptable.php b/website/views/adminpanel-grouptable.php
index 4999666..9d2c8e8 100644
--- a/website/views/adminpanel-grouptable.php
+++ b/website/views/adminpanel-grouptable.php
@@ -16,7 +16,6 @@ while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
     $name = $group['name'];
     $role = $group['status'];
     $description = $group['description'];
-    $function = "checkCheckAll(document.getElementById('checkall'))";
 
     echo("
         <tr>
@@ -25,15 +24,14 @@ while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
                        class='checkbox-list'
                        value='$groupID'
                        form='admin-groupbatchform'
-                       onchange='$function'>
+                       onchange='checkCheckAll();'>
             </td>
             <td>$name</td>
             <td>$role</td>
             <td>$description</td>
             <td>
                 <form class='admin-groupaction'
-                      action='API/adminChangeUser.php'
-                      method='post'>
+                      onsubmit=\"adminUpdate(this);  return false;\">
                     <select class='action' name='actions'>
                         <option value='hidden'>Hidden</option>
                         <option value='public'>Public</option>
diff --git a/website/views/adminpanel-table.php b/website/views/adminpanel-table.php
index a21c9d6..7ac0873 100644
--- a/website/views/adminpanel-table.php
+++ b/website/views/adminpanel-table.php
@@ -1,5 +1,5 @@
 <tr>
-    <th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
+    <th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll()"></th>
     <th class="table-username">Gebruikersnaam</th>
     <th class="table-status">Status</th>
     <th class="table-comment">Aantekening</th>
@@ -14,7 +14,6 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
     $username = $user['username'];
     $role = $user['role'];
     $bancomment = $user['bancomment'];
-    $function = "checkCheckAll(document.getElementById('checkall'))";
 
     echo("
         <tr>
@@ -24,20 +23,29 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                        class='checkbox-list'
                        value='$userID'
                        form='admin-batchform'
-                       onchange='$function'>
+                       onchange='checkCheckAll();'>
             </td>
             <td>$username</td>
             <td>$role</td>
             <td>$bancomment</td>
             <td>
                 <form class='admin-useraction'
-                      action='API/adminChangeUser.php'
-                      method='post'>
-                    <select class='action' name='actions'>
-                        <option value='frozen'>Bevries</option>
-                        <option value='banned'>Ban</option>
-                        <option value='user'>Activeer</option>
-                    </select>
+                      onsubmit=\"adminUpdate(this);  return false;\">
+                    <select class='action' name='actions'>");
+                        if (!($userinfo['role'] == 'admin'
+                              AND ($user['role'] == 'admin'
+                              OR $user['role'] == 'owner'))) {
+                            echo "<option value='frozen'>Bevries</option>
+                                  <option value='banned'>Ban</option>
+                                  <option value='user'>Activeer</option>";
+
+                            if ($userinfo['role'] == 'owner') {
+                                echo "<option value='admin'>Admin</option>
+                                      <option value='owner'>Owner</option>";
+                            }
+                        }
+
+                    echo ("</select>
                     <input type='hidden' name='userID' value='$userID'>
                     <input type='submit' value='Confirm'>
                 </form>
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index c48a28d..d2b83d2 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -7,6 +7,7 @@ $perpage = 20;
 $status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
 $groupstatus = array("hidden", "public", "membersonly");
 $pagetype = "user";
+$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
 
 if (isset($_GET["search"])) {
     $search = test_input($_GET["search"]);
@@ -123,20 +124,30 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
                 <span style="float: right" id="admin-pageinfo">
 
                 </span>
-                <form
-                        id="admin-batchform"
-                        action="API/adminChangeUser.php"
-                        method="post">
+                <form id="admin-batchform"
+                      onsubmit="adminUpdate(this); return false;">
 
+                    <input type="hidden" name="batchactions" id="batchinput">
                     <button type="submit" name="batchactions" id="freeze" value="frozen">Bevries</button>
                     <button type="submit" name="batchactions" id="ban" value="banned">Ban</button>
                     <button type="submit" name="batchactions" id="restore" value="user">Activeer</button>
+                    <?php
+                    if ($userinfo['role'] == 'owner') {
+                        echo "<button type=\"submit\" 
+                                      name=\"batchactions\" 
+                                      id=\"admin\" 
+                                      value=\"admin\">Maak Admin</button>
+                              <button type=\"submit\" 
+                                      name=\"batchactions\" 
+                                      id=\"owner\" 
+                                      value=\"owner\">Maak Owner</button>";
+                    }
+                    ?>
                 </form>
-                <form
-                        id="admin-groupbatchform"
-                        action="API/adminChangeUser.php"
-                        method="post">
+                <form id="admin-groupbatchform"
+                      onsubmit="adminUpdate(this);  return false;">
 
+                    <input type="hidden" name="groupbatchactions" id="groupbatchinput">
                     <button type="submit" name="batchactions" id="hide" value="hidden">Hide</button>
                     <button type="submit" name="batchactions" id="ban" value="public">Public</button>
                     <button type="submit" name="batchactions" id="members" value="membersonly">Members</button>

From eb12b6ba7da8194d479358a904837f919ead8c87 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Tue, 31 Jan 2017 13:11:23 +0100
Subject: [PATCH 2/4] fixed pageselector in admin

---
 website/public/API/adminChangeUser.php  |  8 ++++-
 website/public/API/adminPageNumber.php  | 18 +++++++++---
 website/public/API/adminSearchUsers.php |  8 ++---
 website/public/js/admin.js              | 19 +++++++-----
 website/queries/user.php                | 19 ++++++++++++
 website/views/adminpanel-page.php       | 39 ++++++++++++-------------
 website/views/adminpanel.php            | 15 ++--------
 7 files changed, 77 insertions(+), 49 deletions(-)

diff --git a/website/public/API/adminChangeUser.php b/website/public/API/adminChangeUser.php
index 5c9384c..72acb8c 100644
--- a/website/public/API/adminChangeUser.php
+++ b/website/public/API/adminChangeUser.php
@@ -6,12 +6,18 @@ require_once ("../../queries/checkInput.php");
 require_once ("../../queries/user.php");
 require_once ("../../queries/group_page.php");
 
+$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+
 if (isset($_POST["actions"]) && isset($_POST["userID"])) {
     changeUserStatusByID($_POST["userID"], $_POST["actions"]);
 } else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
     changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
 } else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
-    changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
+    if ($userinfo['role'] == 'owner') {
+        changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
+    } else {
+        changeMultipleUserStatusByIDAdmin($_POST["checkbox-user"], $_POST["batchactions"]);
+    }
 } else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
     changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
 }
diff --git a/website/public/API/adminPageNumber.php b/website/public/API/adminPageNumber.php
index a6ac554..c829249 100644
--- a/website/public/API/adminPageNumber.php
+++ b/website/public/API/adminPageNumber.php
@@ -5,6 +5,7 @@ session_start();
 require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/user.php");
+require_once ("../../queries/group_page.php");
 
 $search = "";
 if (isset($_POST["search"])) {
@@ -21,8 +22,17 @@ if (isset($_POST['status'])) {
     $status = $_POST["status"];
 }
 
-if ($pagetype == "user") {
-    include ("../../views/adminpanel-page.php");
-} else {
-    echo "Pagenumber failed!";
+$groupstatus = array();
+if (isset($_POST['groupstatus'])) {
+    $groupstatus = $_POST["groupstatus"];
 }
+
+$entries = 20;
+$currentpage = 1;
+if (isset($_POST['currentpage'])) {
+    $currentpage = (int) test_input($_POST["currentpage"]);
+}
+
+$offset = (int) $currentpage * $entries - $entries;
+
+include ("../../views/adminpanel-page.php");
diff --git a/website/public/API/adminSearchUsers.php b/website/public/API/adminSearchUsers.php
index f1d7fc1..58b170a 100644
--- a/website/public/API/adminSearchUsers.php
+++ b/website/public/API/adminSearchUsers.php
@@ -8,13 +8,11 @@ require_once ("../../queries/user.php");
 require_once ("../../queries/group_page.php");
 
 $offset = 0;
-if (isset($_POST["n"])) {
-    $offset = (int) test_input($_POST["n"]);
-}
 $entries = 20;
-if (isset($_POST["m"])) {
-    $entries = (int) test_input($_POST["m"]);
+if (isset($_POST["currentpage"])) {
+    $offset = (int) test_input($_POST["currentpage"]) * $entries - $entries;
 }
+
 $search = "";
 if (isset($_POST["search"])) {
     $search = test_input($_POST["search"]);
diff --git a/website/public/js/admin.js b/website/public/js/admin.js
index c43e6ae..7e2efad 100644
--- a/website/public/js/admin.js
+++ b/website/public/js/admin.js
@@ -1,14 +1,16 @@
 $(window).on("load", function () {
     changeFilter();
+    searchFromOne();
+
     $(".admin-searchinput").keyup(function(){
-        adminSearch();
+        searchFromOne();
     });
     // all inputs and labels directly under admin filter and groupfilter
     $("#admin-filter, #admin-groupfilter > input, label").change(function(){
-        adminSearch();
+        searchFromOne();
     });
     $("#pagetype").change(function(){
-        adminSearch();
+        searchFromOne();
     });
 
     /* Update hidden input to be equal to submit pressed,
@@ -22,8 +24,6 @@ $(window).on("load", function () {
         $('#groupbatchinput').prop('value', $(this).prop('value'));
         console.log($('#batchinput').prop('value'));
     });
-
-    adminSearch();
 });
 
 function checkAll() {
@@ -61,18 +61,23 @@ function changeFilter() {
     }
 }
 
+function searchFromOne() {
+    $('#currentpage').prop('value', 1);
+    adminSearch();
+}
+
 function adminSearch() {
+    console.log($("#admin-searchform").serialize());
     $.post(
         "API/adminSearchUsers.php",
         $("#admin-searchform").serialize()
     ).done(function (data) {
-        // console.log(data);
         $("#usertable").html(data);
+        updatePageN();
     })
 }
 
 function adminUpdate(form) {
-    console.log($(form).serialize());
     $.post(
         "API/adminChangeUser.php",
         $(form).serialize()
diff --git a/website/queries/user.php b/website/queries/user.php
index 0900d9f..bf20e7d 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -307,6 +307,25 @@ function changeMultipleUserStatusByID($ids, $status) {
     return $q;
 }
 
+function changeMultipleUserStatusByIDAdmin($ids, $status) {
+    $q = prepareQuery("
+    UPDATE
+        `user`
+    SET
+        `role` = :status
+    WHERE
+        FIND_IN_SET (`userID`, :ids)
+        AND NOT `role` = 'admin'
+        AND NOT `role` = 'owner'
+    ");
+
+    $ids = implode(',', $ids);
+    $q->bindParam(':ids', $ids);
+    $q->bindParam(':status', $status);
+    $q->execute();
+    return $q;
+}
+
 function selectRandomNotFriendUser($userID) {
     $stmt = prepareQuery("
     SELECT
diff --git a/website/views/adminpanel-page.php b/website/views/adminpanel-page.php
index a17ce50..cfd73bc 100644
--- a/website/views/adminpanel-page.php
+++ b/website/views/adminpanel-page.php
@@ -5,27 +5,26 @@ if ($pagetype == "user") {
     $pages = countSomeGroupsByStatus($search, $groupstatus);
 }
 $countresults = $pages->fetchColumn();
-$mincount = min($listm, $countresults);
-$minlist = min($listn + 1, $countresults);
+
 ?>
-    Pagina: <form class="admin-pageselector"
-                  action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
-                  method="post">
-    <select class="admin-pageselect"
-            name="pageselect"
-            onchange="this.form.submit()"
-            value="">
-        <?php
-        for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
-            if ($currentpage == $i) {
-                echo "<option value='$i' selected>$i</option>";
-            } else {
-                echo "<option value='$i'>$i</option>";
-            }
+Pagina:
+<select class="admin-pageselect"
+        name="currentpage"
+        id="currentpage"
+        form="admin-searchform"
+        onchange="adminSearch();">
+    <?php
+    for ($i=1; $i <= ceil($countresults / $entries); $i++) {
+        if ($currentpage == $i) {
+            echo "<option value='$i' selected>$i</option>";
+        } else {
+            echo "<option value='$i'>$i</option>";
         }
-        ?>
-    </select>
-</form>
+    }
+    ?>
+</select>
 <?php
-echo "$minlist tot $mincount ($countresults totaal)";
+$n = min($offset + 1, $countresults);
+$m = min($offset + $entries, $countresults);
+echo " $n tot $m ($countresults totaal)";
 ?>
\ No newline at end of file
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index d2b83d2..f1d27a1 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -2,8 +2,6 @@
 <!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
 <?php
 $search = "";
-$currentpage = 1;
-$perpage = 20;
 $status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
 $groupstatus = array("hidden", "public", "membersonly");
 $pagetype = "user";
@@ -25,13 +23,6 @@ if (isset($_GET["groupstatus"])) {
     $groupstatus = $_GET["groupstatus"];
 }
 
-
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    if (isset($_POST["pageselect"])) {
-        $currentpage = $_POST["pageselect"];
-    }
-}
-
 ?>
 
 <div class="content">
@@ -40,7 +31,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         <div class="admin-options">
             <form class="admin-searchform"
                   id="admin-searchform"
-                  action="javascript:adminSearch();"
+                  action="javascript:searchFromOne();"
                   method="get">
 
                 <div class="admin-searchbar">
@@ -121,9 +112,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         <div class="admin-users">
             <div class="admin-usertitle">
                 <h4>Resultaat:</h4>
-                <span style="float: right" id="admin-pageinfo">
+                <div style="float: right" id="admin-pageinfo">
 
-                </span>
+                </div>
                 <form id="admin-batchform"
                       onsubmit="adminUpdate(this); return false;">
 

From b16dc1d4b70b1f0a8596885ae41e94682bb87889 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Tue, 31 Jan 2017 16:15:48 +0100
Subject: [PATCH 3/4] add bancomment change

---
 website/public/API/adminChangeUser.php |  2 ++
 website/public/js/admin.js             | 14 ++++++++++++++
 website/public/styles/adminpanel.css   |  8 ++++++++
 website/queries/user.php               | 15 +++++++++++++++
 website/views/adminpanel-table.php     | 20 +++++++++++++++++++-
 5 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/website/public/API/adminChangeUser.php b/website/public/API/adminChangeUser.php
index 72acb8c..359497a 100644
--- a/website/public/API/adminChangeUser.php
+++ b/website/public/API/adminChangeUser.php
@@ -20,4 +20,6 @@ if (isset($_POST["actions"]) && isset($_POST["userID"])) {
     }
 } else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
     changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
+} else if (isset($_POST['bancommentuserID']) && isset($_POST['bancommenttext'])) {
+    editBanCommentByID($_POST['bancommentuserID'], $_POST['bancommenttext']);
 }
diff --git a/website/public/js/admin.js b/website/public/js/admin.js
index 7e2efad..2b78e0b 100644
--- a/website/public/js/admin.js
+++ b/website/public/js/admin.js
@@ -93,4 +93,18 @@ function updatePageN() {
     ).done(function (data) {
         $("#admin-pageinfo").html(data);
     })
+}
+
+function toggleBancomment(button) {
+    $(button).siblings("div").toggle();
+    $(button).toggle();
+}
+
+function editComment(form) {
+    $.post(
+        "API/adminChangeUser.php",
+        $(form).serialize()
+    ).done(function (data) {
+        adminSearch();
+    });
 }
\ No newline at end of file
diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index 75fa8b1..7f117c6 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -51,3 +51,11 @@
 .usertable tr:hover {
     background-color: #f5f5f5;
 }
+
+.bancommentedit {
+    display: none;
+}
+
+.bancommentform input[type="text"] {
+    width: 100%;
+}
\ No newline at end of file
diff --git a/website/queries/user.php b/website/queries/user.php
index bf20e7d..39f1c4e 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -424,4 +424,19 @@ function getRoleByID($userID) {
     $stmt->bindParam(':userID', $userID);
     $stmt->execute();
     return $stmt;
+}
+
+function editBanCommentByID($userID, $comment) {
+    $stmt = prepareQuery("
+        UPDATE
+            `user`
+        SET
+            `bancomment` = :comment
+        WHERE
+            `userID` = :userID
+    ");
+
+    $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
+    $stmt->bindParam(':comment', $comment);
+    $stmt->execute();
 }
\ No newline at end of file
diff --git a/website/views/adminpanel-table.php b/website/views/adminpanel-table.php
index 7ac0873..9e6b9bc 100644
--- a/website/views/adminpanel-table.php
+++ b/website/views/adminpanel-table.php
@@ -27,7 +27,25 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
             </td>
             <td>$username</td>
             <td>$role</td>
-            <td>$bancomment</td>
+            <td>
+                <div class='bancomment'>$bancomment</div>
+                <div class='bancommentedit'>
+                    <form class='bancommentform'
+                          id='bancommentform'
+                          onsubmit='editComment(this); 
+                                    return false;'>
+                          <input type='text'
+                                 name='bancommenttext'
+                                 placeholder='Schrijf een aantekening'
+                                 value='$bancomment'>
+                          <input type='hidden'
+                                 name='bancommentuserID'
+                                 value='$userID'>
+                          <button type='submit'>Update</button>
+                    </form>
+                </div>
+                <button type='button' onclick='toggleBancomment(this)'>Verander</button>
+            </td>
             <td>
                 <form class='admin-useraction'
                       onsubmit=\"adminUpdate(this);  return false;\">

From 52a4822477432218965aff2bf0b9b15018f4112e Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Tue, 31 Jan 2017 16:20:02 +0100
Subject: [PATCH 4/4] post-merge fix

---
 website/public/API/adminSearchUsers.php | 2 +-
 website/views/adminpanel-table.php      | 2 +-
 website/views/adminpanel.php            | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/public/API/adminSearchUsers.php b/website/public/API/adminSearchUsers.php
index 58b170a..5f7944b 100644
--- a/website/public/API/adminSearchUsers.php
+++ b/website/public/API/adminSearchUsers.php
@@ -33,7 +33,7 @@ if (isset($_POST['groupstatus'])) {
     $groupstatus = $_POST["groupstatus"];
 }
 
-$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+$userinfo = getRoleByID($_SESSION['userID']);
 
 if ($pagetype == "user") {
     include ("../../views/adminpanel-table.php");
diff --git a/website/views/adminpanel-table.php b/website/views/adminpanel-table.php
index 9e6b9bc..3ae5da4 100644
--- a/website/views/adminpanel-table.php
+++ b/website/views/adminpanel-table.php
@@ -50,7 +50,7 @@ while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                 <form class='admin-useraction'
                       onsubmit=\"adminUpdate(this);  return false;\">
                     <select class='action' name='actions'>");
-                        if (!($userinfo['role'] == 'admin'
+                        if (!($userinfo == 'admin'
                               AND ($user['role'] == 'admin'
                               OR $user['role'] == 'owner'))) {
                             echo "<option value='frozen'>Bevries</option>
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index f1d27a1..a4da648 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -5,7 +5,7 @@ $search = "";
 $status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
 $groupstatus = array("hidden", "public", "membersonly");
 $pagetype = "user";
-$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+$userinfo = getRoleByID($_SESSION['userID']);
 
 if (isset($_GET["search"])) {
     $search = test_input($_GET["search"]);
@@ -123,7 +123,7 @@ if (isset($_GET["groupstatus"])) {
                     <button type="submit" name="batchactions" id="ban" value="banned">Ban</button>
                     <button type="submit" name="batchactions" id="restore" value="user">Activeer</button>
                     <?php
-                    if ($userinfo['role'] == 'owner') {
+                    if ($userinfo == 'owner') {
                         echo "<button type=\"submit\" 
                                       name=\"batchactions\" 
                                       id=\"admin\"