MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

API filter per user level

Browse Source
This commit is contained in:
Lars van Hijfte
2017-02-01 11:38:43 +01:00
parent 028c2373c1
commit e414a1633e
18 changed files with 309 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
website/public/API/adminChangeUser.php
View File

@@ -3,23 +3,29 @@ session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
require_once ("../../queries/user.php");
$userinfo = getRoleByID($_SESSION['userID']);
if (isset($_SESSION["userID"]) &&
(getRoleByID($_SESSION["userID"]) == 'admin' ||
getRoleByID($_SESSION["userID"]) == 'owner')) {
$userinfo = getRoleByID($_SESSION['userID']);
if (isset($_POST["actions"]) && isset($_POST["userID"])) {
changeUserStatusByID($_POST["userID"], $_POST["actions"]);
} else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
} else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
if ($userinfo == 'owner') {
changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
} else {
changeMultipleUserStatusByIDAdmin($_POST["checkbox-user"], $_POST["batchactions"]);
if (isset($_POST["actions"]) && isset($_POST["userID"])) {
changeUserStatusByID($_POST["userID"], $_POST["actions"]);
} else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
} else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
if ($userinfo == 'owner') {
changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
} else {
changeMultipleUserStatusByIDAdmin($_POST["checkbox-user"], $_POST["batchactions"]);
}
} else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
} else if (isset($_POST['bancommentuserID']) && isset($_POST['bancommenttext'])) {
editBanCommentByID($_POST['bancommentuserID'], $_POST['bancommenttext']);
}
} else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
} else if (isset($_POST['bancommentuserID']) && isset($_POST['bancommenttext'])) {
editBanCommentByID($_POST['bancommentuserID'], $_POST['bancommenttext']);
}
} else {
header('HTTP/1.0 403 Forbidden');
}

52
website/public/API/adminPageNumber.php
View File

@@ -7,32 +7,38 @@ require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
if (isset($_SESSION["userID"]) &&
(getRoleByID($_SESSION["userID"]) == 'admin' ||
getRoleByID($_SESSION["userID"]) == 'owner')) {
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
$pagetype = "user";
if (isset($_POST['pagetype'])) {
$pagetype = test_input($_POST['pagetype']);
}
$pagetype = "user";
if (isset($_POST['pagetype'])) {
$pagetype = test_input($_POST['pagetype']);
}
$status = array();
if (isset($_POST['status'])) {
$status = $_POST["status"];
}
$status = array();
if (isset($_POST['status'])) {
$status = $_POST["status"];
}
$groupstatus = array();
if (isset($_POST['groupstatus'])) {
$groupstatus = $_POST["groupstatus"];
}
$groupstatus = array();
if (isset($_POST['groupstatus'])) {
$groupstatus = $_POST["groupstatus"];
}
$entries = 20;
$currentpage = 1;
if (isset($_POST['currentpage'])) {
$currentpage = (int) test_input($_POST["currentpage"]);
}
$entries = 20;
$currentpage = 1;
if (isset($_POST['currentpage'])) {
$currentpage = (int) test_input($_POST["currentpage"]);
}
$offset = (int) $currentpage * $entries - $entries;
$offset = (int) $currentpage * $entries - $entries;
include ("../../views/adminpanel-page.php");
include ("../../views/adminpanel-page.php");
} else {
header('HTTP/1.0 403 Forbidden');
}

62
website/public/API/adminSearchUsers.php
View File

@@ -7,38 +7,44 @@ require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
$offset = 0;
$entries = 20;
if (isset($_POST["currentpage"])) {
$offset = (int) test_input($_POST["currentpage"]) * $entries - $entries;
}
if (isset($_SESSION["userID"]) &&
(getRoleByID($_SESSION["userID"]) == 'admin' ||
getRoleByID($_SESSION["userID"]) == 'owner')) {
$offset = 0;
$entries = 20;
if (isset($_POST["currentpage"])) {
$offset = (int)test_input($_POST["currentpage"]) * $entries - $entries;
}
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
$pagetype = "user";
if (isset($_POST['pagetype'])) {
$pagetype = test_input($_POST['pagetype']);
}
$pagetype = "user";
if (isset($_POST['pagetype'])) {
$pagetype = test_input($_POST['pagetype']);
}
$status = array();
if (isset($_POST['status'])) {
$status = $_POST["status"];
}
$status = array();
if (isset($_POST['status'])) {
$status = $_POST["status"];
}
$groupstatus = array();
if (isset($_POST['groupstatus'])) {
$groupstatus = $_POST["groupstatus"];
}
$groupstatus = array();
if (isset($_POST['groupstatus'])) {
$groupstatus = $_POST["groupstatus"];
}
$userinfo = getRoleByID($_SESSION['userID']);
$userinfo = getRoleByID($_SESSION['userID']);
if ($pagetype == "user") {
include ("../../views/adminpanel-table.php");
} else if ($pagetype == "group") {
include ("../../views/adminpanel-grouptable.php");
if ($pagetype == "user") {
include("../../views/adminpanel-table.php");
} else if ($pagetype == "group") {
include("../../views/adminpanel-grouptable.php");
} else {
echo "Search failed!";
}
} else {
echo "Search failed!";
}
header('HTTP/1.0 403 Forbidden');
}

41
website/public/API/editFriendship.php
View File

@@ -3,25 +3,32 @@
session_start();
require_once ("../../queries/friendship.php");
require_once("../../queries/user.php");
if(empty($_POST["usr"]) OR empty($_POST["action"]) OR !in_array($_POST["action"], array("request", "accept", "delete"))) {
header('HTTP/1.1 500 Non enough arguments');
}
$friendship_status = getFriendshipStatus($_POST["usr"]);
if($_POST["action"] == "request" AND $friendship_status == 0) {
if (!requestFriendship($_POST["usr"])) {
header('HTTP/1.1 500 Query (request) failed');
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'frozen' &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (empty($_POST["usr"]) OR empty($_POST["action"]) OR !in_array($_POST["action"], array("request", "accept", "delete"))) {
header('HTTP/1.1 500 Non enough arguments');
}
} else if($_POST["action"] == "delete" AND in_array($friendship_status, array(1, 2, 3))) {
if (!removeFriendship($_POST["usr"])) {
header('HTTP/1.1 500 Query (delete) failed');
}
} else if ($_POST["action"] == "accept" AND $friendship_status == 3) {
if (!acceptFriendship($_POST["usr"])) {
header('HTTP/1.1 500 Query (accept) failed');
$friendship_status = getFriendshipStatus($_POST["usr"]);
if ($_POST["action"] == "request" AND $friendship_status == 0) {
if (!requestFriendship($_POST["usr"])) {
header('HTTP/1.1 500 Query (request) failed');
}
} else if ($_POST["action"] == "delete" AND in_array($friendship_status, array(1, 2, 3))) {
if (!removeFriendship($_POST["usr"])) {
header('HTTP/1.1 500 Query (delete) failed');
}
} else if ($_POST["action"] == "accept" AND $friendship_status == 3) {
if (!acceptFriendship($_POST["usr"])) {
header('HTTP/1.1 500 Query (accept) failed');
}
} else {
header('HTTP/1.1 500 Not the right friendship status');
}
} else {
header('HTTP/1.1 500 Not the right friendship status');
header('HTTP/1.0 403 Forbidden');
}

22
website/public/API/getFriendshipStatus.php
View File

@@ -10,15 +10,21 @@
session_start();
require_once ("../../queries/friendship.php");
require_once("../../queries/user.php");
if(empty($_POST["usr"])) {
header('HTTP/1.1 500 Non enough arguments');
}
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (empty($_POST["usr"])) {
header('HTTP/1.1 500 Non enough arguments');
}
$friendship_status = getFriendshipStatus($_POST["usr"]);
$friendship_status = getFriendshipStatus($_POST["usr"]);
if($friendship_status == -2) {
header('HTTP/1.1 500 Query failed');
}
if ($friendship_status == -2) {
header('HTTP/1.1 500 Query failed');
}
echo $friendship_status;
echo $friendship_status;
} else {
header('HTTP/1.0 403 Forbidden');
}

39
website/public/API/getPosts.php
View File

@@ -6,21 +6,28 @@ if(empty($_POST["usr"]) and empty($_POST["grp"])) {
require_once ("../../queries/post.php");
require_once ("../../queries/nicetime.php");
require_once("../../queries/user.php");
if(empty($_POST["usr"])) {
$posts = selectAllPosts(0, $_POST["grp"]);
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (empty($_POST["usr"])) {
$posts = selectAllPosts(0, $_POST["grp"]);
} else {
$posts = selectAllPosts($_POST["usr"], 0);
}
if (!$posts) {
header('HTTP/1.1 500 Query failed');
}
$results = $posts->fetchAll(PDO::FETCH_ASSOC);
for ($i = 0; $i < sizeof($results); $i++) {
$results[$i]["nicetime"] = nicetime($results[$i]["creationdate"]);
}
echo json_encode($results);
} else {
$posts = selectAllPosts($_POST["usr"], 0);
}
if(!$posts) {
header('HTTP/1.1 500 Query failed');
}
$results = $posts->fetchAll(PDO::FETCH_ASSOC);
for($i = 0; $i < sizeof($results); $i++) {
$results[$i]["nicetime"] = nicetime($results[$i]["creationdate"]);
}
echo json_encode($results);
header('HTTP/1.0 403 Forbidden');
}

8
website/public/API/loadChatNotifications.php
View File

@@ -4,5 +4,11 @@ session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/private_message.php");
require_once("../../queries/user.php");
echo selectAllUnreadChat();
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
echo selectAllUnreadChat();
} else {
header('HTTP/1.0 403 Forbidden');
}

2
website/public/API/loadFriendRequest.php
View File

@@ -11,5 +11,5 @@ if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
echo selectAllFriendRequests();
} else {
echo "[]";
header('HTTP/1.0 403 Forbidden');
}

20
website/public/API/loadFriends.php
View File

@@ -5,16 +5,22 @@ session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/friendship.php");
require_once("../../queries/user.php");
if (isset($_SESSION["userID"])) {
if (isset($_POST["limit"])) {
echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"]));
} else if (isset($_GET["limit"])) {
echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"]));
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (isset($_SESSION["userID"])) {
if (isset($_POST["limit"])) {
echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"]));
} else if (isset($_GET["limit"])) {
echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"]));
} else {
echo selectFriends($_SESSION["userID"]);
}
} else {
echo selectFriends($_SESSION["userID"]);
echo "[]";
}
} else {
echo "[]";
header('HTTP/1.0 403 Forbidden');
}

16
website/public/API/loadGroups.php
View File

@@ -6,9 +6,15 @@ require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/group_member.php");
if (isset($_POST["limit"])) {
echo selectLimitedGroupsFromUser($_SESSION["userID"], (int) test_input($_POST["limit"]));
} else {
echo selectAllGroupsFromUser($_SESSION["userID"]);
}
require_once("../../queries/user.php");
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (isset($_POST["limit"])) {
echo selectLimitedGroupsFromUser($_SESSION["userID"], (int)test_input($_POST["limit"]));
} else {
echo selectAllGroupsFromUser($_SESSION["userID"]);
}
} else {
header('HTTP/1.0 403 Forbidden');
}

16
website/public/API/loadMessages.php
View File

@@ -6,11 +6,17 @@ require_once("../../queries/connect.php");
require_once("../../queries/private_message.php");
require_once("../../queries/checkInput.php");
require_once("../../queries/friendship.php");
require_once("../../queries/user.php");
if (isset($_POST["lastID"]) && $_POST["lastID"] != "") {
setLastVisited(test_input($_POST["destination"]));
echo getNewChatMessages(test_input($_POST["lastID"]), test_input($_POST["destination"]));
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (isset($_POST["lastID"]) && $_POST["lastID"] != "") {
setLastVisited(test_input($_POST["destination"]));
echo getNewChatMessages(test_input($_POST["lastID"]), test_input($_POST["destination"]));
} else {
setLastVisited(test_input($_POST["destination"]));
echo getOldChatMessages(test_input($_POST["destination"]));
}
} else {
setLastVisited(test_input($_POST["destination"]));
echo getOldChatMessages(test_input($_POST["destination"]));
header('HTTP/1.0 403 Forbidden');
}

13
website/public/API/loadPost.php
View File

@@ -5,8 +5,15 @@ require_once("../../queries/post.php");
require_once("../../queries/checkInput.php");
require_once("../../queries/nicetime.php");
if(isset($_GET['postID'])) {
include("../../views/post-view.php");
require_once("../../queries/user.php");
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (isset($_GET['postID'])) {
include("../../views/post-view.php");
} else {
echo "Kan de post niet laden";
}
} else {
echo "Failed to load";
header('HTTP/1.0 403 Forbidden');
}

41
website/public/API/nietSlecht.php
View File

@@ -1,41 +0,0 @@
<?php
session_start();
require_once ("../queries/connect.php");
require_once ("../queries/checkInput.php");
function getNietSlechtCountForPost(int $postID) : int {
$stmt = prepareQuery("
SELECT
`userID`
FROM
`niet_slecht`
WHERE
`postID` = :postID
");
$stmt->bindParam(":postID", $postID);
$stmt->execute();
return $stmt->rowCount();
}
function getNietSlechtUsersForPost(int $postID) {
$stmt = prepareQuery("
SELECT
`fname`,
`lname`,
CONCAT(`user`.`fname`, ' ', `user`.`lname`) as `fullname`
FROM
`user`
INNER JOIN
`niet_slecht`
WHERE
`user`.`userID` = `niet_slecht`.`userID` AND
`niet_slecht`.`postID` = :postID
");
$stmt->bindParam(":postID", $postID);
$stmt->execute();
$rows = $stmt->fetchAll();
foreach ($rows as $row) {
print($row["fullname"]);
}
}

74
website/public/API/postPost.php
View File

@@ -6,49 +6,43 @@ require_once("../../queries/post.php");
require_once("../../queries/group_page.php");
require_once("../../queries/connect.php");
require_once("../../queries/checkInput.php");
require_once("../../queries/user.php");
if (empty($_POST["title"]) or
empty($_POST["content"]) or
empty($_SESSION["userID"])) {
header('HTTP/1.1 500 Non enough arguments');
}
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'frozen' &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (empty($_POST["group"])) {
// User Post
makePost(
$_SESSION["userID"],
null,
test_input($_POST["title"]),
test_input($_POST["content"])
);
} else {
// Group Post
// Check if the user is an admin or mod of the group.
if(!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) {
header('HTTP/1.1 500 Non enough rights');
return;
if (empty($_POST["title"]) or
empty($_POST["content"]) or
empty($_SESSION["userID"])
) {
header('HTTP/1.1 500 Non enough arguments');
}
makePost(
$_SESSION["userID"],
$_POST["group"],
test_input($_POST["title"]),
test_input($_POST["content"])
);
}
if (empty($_POST["group"])) {
// User Post
makePost(
$_SESSION["userID"],
null,
test_input($_POST["title"]),
test_input($_POST["content"])
);
} else {
// Group Post
// Check if the user is an admin or mod of the group.
if (!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) {
header('HTTP/1.1 500 Non enough rights');
return;
}
//if (empty($_POST['newpost-title'])) {
//} else {
// makePost($_SESSION['userID'],
// null,
// test_input($_POST['newpost-title']),
// test_input($_POST['newpost-content']));
//}
//
//header("Location: ../profile.php");
makePost(
$_SESSION["userID"],
$_POST["group"],
test_input($_POST["title"]),
test_input($_POST["content"])
);
}
} else {
echo "frozen";
}

39
website/public/API/searchGroups.php
View File

@@ -7,22 +7,29 @@ require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/group_member.php");
require_once ("../../queries/group_page.php");
require_once ("../../queries/user.php");
$n = 0;
if (isset($_POST["n"])) {
$n = (int) test_input($_POST["n"]);
}
$m = 20;
if (isset($_POST["m"])) {
$m = (int) test_input($_POST["m"]);
}
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
if (isset($_POST["filter"]) && $_POST["filter"] == "personal") {
echo searchSomeOwnGroups($n, $m, $search);
$n = 0;
if (isset($_POST["n"])) {
$n = (int)test_input($_POST["n"]);
}
$m = 20;
if (isset($_POST["m"])) {
$m = (int)test_input($_POST["m"]);
}
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
if (isset($_POST["filter"]) && $_POST["filter"] == "personal") {
echo searchSomeOwnGroups($n, $m, $search);
} else {
echo searchSomeGroups($n, $m, $search);
}
} else {
echo searchSomeGroups($n, $m, $search);
}
header('HTTP/1.0 403 Forbidden');
}

56
website/public/API/searchPageNumber.php
View File

@@ -7,35 +7,41 @@ require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
$user_perpage = $group_perpage = 20;
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
$user_currentpage = $group_currentpage = 1;
if (isset($_POST['user-pageselect'])) {
$user_currentpage = test_input($_POST['user-pageselect']);
}
if (isset($_POST['group-pageselect'])) {
$group_currentpage = test_input($_POST['group-pageselect']);
}
$user_perpage = $group_perpage = 20;
$user_n = $user_currentpage * $user_perpage - $user_perpage;
$group_n = $group_currentpage * $group_perpage - $group_perpage;
$user_currentpage = $group_currentpage = 1;
if (isset($_POST['user-pageselect'])) {
$user_currentpage = test_input($_POST['user-pageselect']);
}
if (isset($_POST['group-pageselect'])) {
$group_currentpage = test_input($_POST['group-pageselect']);
}
$search = "";
if (isset($_POST['search'])) {
$search = test_input($_POST['search']);
}
$user_n = $user_currentpage * $user_perpage - $user_perpage;
$group_n = $group_currentpage * $group_perpage - $group_perpage;
$user_count = countSomeUsers($search)->fetchColumn();
$group_count = countSomeGroups($search)->fetchColumn();
$search = "";
if (isset($_POST['search'])) {
$search = test_input($_POST['search']);
}
$filter = "all";
if (isset($_POST['filter'])) {
$filter = test_input($_POST['filter']);
}
$user_count = countSomeUsers($search)->fetchColumn();
$group_count = countSomeGroups($search)->fetchColumn();
$option = "user";
if (isset($_POST['option'])) {
$option = test_input($_POST['option']);
}
$filter = "all";
if (isset($_POST['filter'])) {
$filter = test_input($_POST['filter']);
}
include ("../../views/searchPageNumber.php");
$option = "user";
if (isset($_POST['option'])) {
$option = test_input($_POST['option']);
}
include("../../views/searchPageNumber.php");
} else {
header('HTTP/1.0 403 Forbidden');
}

36
website/public/API/searchUsers.php
View File

@@ -7,23 +7,29 @@ require_once ("../../queries/checkInput.php");
require_once ("../../queries/friendship.php");
require_once ("../../queries/user.php");
$n = 0;
$m = 20;
if (isset($_SESSION["userID"]) &&
getRoleByID($_SESSION["userID"]) != 'banned') {
$page = 1;
if (isset($_POST["user-pageselect"])) {
$page = (int) test_input($_POST['user-pageselect']);
}
$n = 0;
$m = 20;
$n = ($page - 1) * $m;
$page = 1;
if (isset($_POST["user-pageselect"])) {
$page = (int)test_input($_POST['user-pageselect']);
}
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
$n = ($page - 1) * $m;
if (isset($_POST["filter"]) && $_POST["filter"] == "personal") {
echo searchSomeFriends($n, $m, $search);
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
if (isset($_POST["filter"]) && $_POST["filter"] == "personal") {
echo searchSomeFriends($n, $m, $search);
} else {
echo searchSomeUsers($n, $m, $search);
}
} else {
echo searchSomeUsers($n, $m, $search);
}
header('HTTP/1.0 403 Forbidden');
}

2
website/queries/group_member.php
View File

@@ -1,7 +1,7 @@
<?php
function selectAllGroupsFromUser($userID) {
selectLimitedGroupsFromUser($userID, 9999);
return selectLimitedGroupsFromUser($userID, 9999);
}
function selectLimitedGroupsFromUser($userID, $limit) {