diff --git a/website/public/API/adminChangeUser.php b/website/public/API/adminChangeUser.php index 6ec50c9..49c7f61 100644 --- a/website/public/API/adminChangeUser.php +++ b/website/public/API/adminChangeUser.php @@ -3,23 +3,29 @@ session_start(); require_once ("../../queries/connect.php"); require_once ("../../queries/checkInput.php"); -require_once ("../../queries/user.php"); require_once ("../../queries/group_page.php"); +require_once ("../../queries/user.php"); -$userinfo = getRoleByID($_SESSION['userID']); +if (isset($_SESSION["userID"]) && + (getRoleByID($_SESSION["userID"]) == 'admin' || + getRoleByID($_SESSION["userID"]) == 'owner')) { + $userinfo = getRoleByID($_SESSION['userID']); -if (isset($_POST["actions"]) && isset($_POST["userID"])) { - changeUserStatusByID($_POST["userID"], $_POST["actions"]); -} else if (isset($_POST["actions"]) && isset($_POST["groupID"])) { - changeGroupStatusByID($_POST["groupID"], $_POST["actions"]); -} else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) { - if ($userinfo == 'owner') { - changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]); - } else { - changeMultipleUserStatusByIDAdmin($_POST["checkbox-user"], $_POST["batchactions"]); + if (isset($_POST["actions"]) && isset($_POST["userID"])) { + changeUserStatusByID($_POST["userID"], $_POST["actions"]); + } else if (isset($_POST["actions"]) && isset($_POST["groupID"])) { + changeGroupStatusByID($_POST["groupID"], $_POST["actions"]); + } else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) { + if ($userinfo == 'owner') { + changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]); + } else { + changeMultipleUserStatusByIDAdmin($_POST["checkbox-user"], $_POST["batchactions"]); + } + } else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) { + changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]); + } else if (isset($_POST['bancommentuserID']) && isset($_POST['bancommenttext'])) { + editBanCommentByID($_POST['bancommentuserID'], $_POST['bancommenttext']); } -} else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) { - changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]); -} else if (isset($_POST['bancommentuserID']) && isset($_POST['bancommenttext'])) { - editBanCommentByID($_POST['bancommentuserID'], $_POST['bancommenttext']); -} +} else { + header('HTTP/1.0 403 Forbidden'); +} \ No newline at end of file diff --git a/website/public/API/adminPageNumber.php b/website/public/API/adminPageNumber.php index c829249..b8af270 100644 --- a/website/public/API/adminPageNumber.php +++ b/website/public/API/adminPageNumber.php @@ -7,32 +7,38 @@ require_once ("../../queries/checkInput.php"); require_once ("../../queries/user.php"); require_once ("../../queries/group_page.php"); -$search = ""; -if (isset($_POST["search"])) { - $search = test_input($_POST["search"]); -} +if (isset($_SESSION["userID"]) && + (getRoleByID($_SESSION["userID"]) == 'admin' || + getRoleByID($_SESSION["userID"]) == 'owner')) { + $search = ""; + if (isset($_POST["search"])) { + $search = test_input($_POST["search"]); + } -$pagetype = "user"; -if (isset($_POST['pagetype'])) { - $pagetype = test_input($_POST['pagetype']); -} + $pagetype = "user"; + if (isset($_POST['pagetype'])) { + $pagetype = test_input($_POST['pagetype']); + } -$status = array(); -if (isset($_POST['status'])) { - $status = $_POST["status"]; -} + $status = array(); + if (isset($_POST['status'])) { + $status = $_POST["status"]; + } -$groupstatus = array(); -if (isset($_POST['groupstatus'])) { - $groupstatus = $_POST["groupstatus"]; -} + $groupstatus = array(); + if (isset($_POST['groupstatus'])) { + $groupstatus = $_POST["groupstatus"]; + } -$entries = 20; -$currentpage = 1; -if (isset($_POST['currentpage'])) { - $currentpage = (int) test_input($_POST["currentpage"]); -} + $entries = 20; + $currentpage = 1; + if (isset($_POST['currentpage'])) { + $currentpage = (int) test_input($_POST["currentpage"]); + } -$offset = (int) $currentpage * $entries - $entries; + $offset = (int) $currentpage * $entries - $entries; -include ("../../views/adminpanel-page.php"); + include ("../../views/adminpanel-page.php"); +} else { + header('HTTP/1.0 403 Forbidden'); +} \ No newline at end of file diff --git a/website/public/API/adminSearchUsers.php b/website/public/API/adminSearchUsers.php index 5f7944b..cd1bcaf 100644 --- a/website/public/API/adminSearchUsers.php +++ b/website/public/API/adminSearchUsers.php @@ -7,38 +7,44 @@ require_once ("../../queries/checkInput.php"); require_once ("../../queries/user.php"); require_once ("../../queries/group_page.php"); -$offset = 0; -$entries = 20; -if (isset($_POST["currentpage"])) { - $offset = (int) test_input($_POST["currentpage"]) * $entries - $entries; -} +if (isset($_SESSION["userID"]) && + (getRoleByID($_SESSION["userID"]) == 'admin' || + getRoleByID($_SESSION["userID"]) == 'owner')) { + $offset = 0; + $entries = 20; + if (isset($_POST["currentpage"])) { + $offset = (int)test_input($_POST["currentpage"]) * $entries - $entries; + } -$search = ""; -if (isset($_POST["search"])) { - $search = test_input($_POST["search"]); -} + $search = ""; + if (isset($_POST["search"])) { + $search = test_input($_POST["search"]); + } -$pagetype = "user"; -if (isset($_POST['pagetype'])) { - $pagetype = test_input($_POST['pagetype']); -} + $pagetype = "user"; + if (isset($_POST['pagetype'])) { + $pagetype = test_input($_POST['pagetype']); + } -$status = array(); -if (isset($_POST['status'])) { - $status = $_POST["status"]; -} + $status = array(); + if (isset($_POST['status'])) { + $status = $_POST["status"]; + } -$groupstatus = array(); -if (isset($_POST['groupstatus'])) { - $groupstatus = $_POST["groupstatus"]; -} + $groupstatus = array(); + if (isset($_POST['groupstatus'])) { + $groupstatus = $_POST["groupstatus"]; + } -$userinfo = getRoleByID($_SESSION['userID']); + $userinfo = getRoleByID($_SESSION['userID']); -if ($pagetype == "user") { - include ("../../views/adminpanel-table.php"); -} else if ($pagetype == "group") { - include ("../../views/adminpanel-grouptable.php"); + if ($pagetype == "user") { + include("../../views/adminpanel-table.php"); + } else if ($pagetype == "group") { + include("../../views/adminpanel-grouptable.php"); + } else { + echo "Search failed!"; + } } else { - echo "Search failed!"; -} + header('HTTP/1.0 403 Forbidden'); +} \ No newline at end of file diff --git a/website/public/API/editFriendship.php b/website/public/API/editFriendship.php index 0518733..8c88b2e 100644 --- a/website/public/API/editFriendship.php +++ b/website/public/API/editFriendship.php @@ -3,25 +3,32 @@ session_start(); require_once ("../../queries/friendship.php"); +require_once("../../queries/user.php"); -if(empty($_POST["usr"]) OR empty($_POST["action"]) OR !in_array($_POST["action"], array("request", "accept", "delete"))) { - header('HTTP/1.1 500 Non enough arguments'); -} - -$friendship_status = getFriendshipStatus($_POST["usr"]); - -if($_POST["action"] == "request" AND $friendship_status == 0) { - if (!requestFriendship($_POST["usr"])) { - header('HTTP/1.1 500 Query (request) failed'); +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'frozen' && + getRoleByID($_SESSION["userID"]) != 'banned') { + if (empty($_POST["usr"]) OR empty($_POST["action"]) OR !in_array($_POST["action"], array("request", "accept", "delete"))) { + header('HTTP/1.1 500 Non enough arguments'); } -} else if($_POST["action"] == "delete" AND in_array($friendship_status, array(1, 2, 3))) { - if (!removeFriendship($_POST["usr"])) { - header('HTTP/1.1 500 Query (delete) failed'); - } -} else if ($_POST["action"] == "accept" AND $friendship_status == 3) { - if (!acceptFriendship($_POST["usr"])) { - header('HTTP/1.1 500 Query (accept) failed'); + + $friendship_status = getFriendshipStatus($_POST["usr"]); + + if ($_POST["action"] == "request" AND $friendship_status == 0) { + if (!requestFriendship($_POST["usr"])) { + header('HTTP/1.1 500 Query (request) failed'); + } + } else if ($_POST["action"] == "delete" AND in_array($friendship_status, array(1, 2, 3))) { + if (!removeFriendship($_POST["usr"])) { + header('HTTP/1.1 500 Query (delete) failed'); + } + } else if ($_POST["action"] == "accept" AND $friendship_status == 3) { + if (!acceptFriendship($_POST["usr"])) { + header('HTTP/1.1 500 Query (accept) failed'); + } + } else { + header('HTTP/1.1 500 Not the right friendship status'); } } else { - header('HTTP/1.1 500 Not the right friendship status'); + header('HTTP/1.0 403 Forbidden'); } \ No newline at end of file diff --git a/website/public/API/getFriendshipStatus.php b/website/public/API/getFriendshipStatus.php index 01bd6c4..a3131bc 100644 --- a/website/public/API/getFriendshipStatus.php +++ b/website/public/API/getFriendshipStatus.php @@ -10,15 +10,21 @@ session_start(); require_once ("../../queries/friendship.php"); +require_once("../../queries/user.php"); -if(empty($_POST["usr"])) { - header('HTTP/1.1 500 Non enough arguments'); -} +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { + if (empty($_POST["usr"])) { + header('HTTP/1.1 500 Non enough arguments'); + } -$friendship_status = getFriendshipStatus($_POST["usr"]); + $friendship_status = getFriendshipStatus($_POST["usr"]); -if($friendship_status == -2) { - header('HTTP/1.1 500 Query failed'); -} + if ($friendship_status == -2) { + header('HTTP/1.1 500 Query failed'); + } -echo $friendship_status; \ No newline at end of file + echo $friendship_status; +} else { + header('HTTP/1.0 403 Forbidden'); +} \ No newline at end of file diff --git a/website/public/API/getPosts.php b/website/public/API/getPosts.php index 620a707..da82f14 100644 --- a/website/public/API/getPosts.php +++ b/website/public/API/getPosts.php @@ -6,21 +6,28 @@ if(empty($_POST["usr"]) and empty($_POST["grp"])) { require_once ("../../queries/post.php"); require_once ("../../queries/nicetime.php"); +require_once("../../queries/user.php"); -if(empty($_POST["usr"])) { - $posts = selectAllPosts(0, $_POST["grp"]); +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { + + if (empty($_POST["usr"])) { + $posts = selectAllPosts(0, $_POST["grp"]); + } else { + $posts = selectAllPosts($_POST["usr"], 0); + } + + if (!$posts) { + header('HTTP/1.1 500 Query failed'); + } + + $results = $posts->fetchAll(PDO::FETCH_ASSOC); + + for ($i = 0; $i < sizeof($results); $i++) { + $results[$i]["nicetime"] = nicetime($results[$i]["creationdate"]); + } + + echo json_encode($results); } else { - $posts = selectAllPosts($_POST["usr"], 0); -} - -if(!$posts) { - header('HTTP/1.1 500 Query failed'); -} - -$results = $posts->fetchAll(PDO::FETCH_ASSOC); - -for($i = 0; $i < sizeof($results); $i++) { - $results[$i]["nicetime"] = nicetime($results[$i]["creationdate"]); -} - -echo json_encode($results); \ No newline at end of file + header('HTTP/1.0 403 Forbidden'); +} \ No newline at end of file diff --git a/website/public/API/loadChatNotifications.php b/website/public/API/loadChatNotifications.php index 1415a2e..baceabc 100644 --- a/website/public/API/loadChatNotifications.php +++ b/website/public/API/loadChatNotifications.php @@ -4,5 +4,11 @@ session_start(); require_once ("../../queries/connect.php"); require_once ("../../queries/private_message.php"); +require_once("../../queries/user.php"); -echo selectAllUnreadChat(); \ No newline at end of file +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { + echo selectAllUnreadChat(); +} else { + header('HTTP/1.0 403 Forbidden'); +} \ No newline at end of file diff --git a/website/public/API/loadFriendRequest.php b/website/public/API/loadFriendRequest.php index 02dedb3..91a1cc7 100644 --- a/website/public/API/loadFriendRequest.php +++ b/website/public/API/loadFriendRequest.php @@ -11,5 +11,5 @@ if (isset($_SESSION["userID"]) && getRoleByID($_SESSION["userID"]) != 'banned') { echo selectAllFriendRequests(); } else { - echo "[]"; + header('HTTP/1.0 403 Forbidden'); } diff --git a/website/public/API/loadFriends.php b/website/public/API/loadFriends.php index c5c8797..b59b34c 100644 --- a/website/public/API/loadFriends.php +++ b/website/public/API/loadFriends.php @@ -5,16 +5,22 @@ session_start(); require_once ("../../queries/connect.php"); require_once ("../../queries/checkInput.php"); require_once ("../../queries/friendship.php"); +require_once("../../queries/user.php"); -if (isset($_SESSION["userID"])) { - if (isset($_POST["limit"])) { - echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"])); - } else if (isset($_GET["limit"])) { - echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"])); +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { + if (isset($_SESSION["userID"])) { + if (isset($_POST["limit"])) { + echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"])); + } else if (isset($_GET["limit"])) { + echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"])); + } else { + echo selectFriends($_SESSION["userID"]); + } } else { - echo selectFriends($_SESSION["userID"]); + echo "[]"; } } else { - echo "[]"; + header('HTTP/1.0 403 Forbidden'); } diff --git a/website/public/API/loadGroups.php b/website/public/API/loadGroups.php index 546b9d7..3c562b1 100644 --- a/website/public/API/loadGroups.php +++ b/website/public/API/loadGroups.php @@ -6,9 +6,15 @@ require_once ("../../queries/connect.php"); require_once ("../../queries/checkInput.php"); require_once ("../../queries/group_member.php"); -if (isset($_POST["limit"])) { - echo selectLimitedGroupsFromUser($_SESSION["userID"], (int) test_input($_POST["limit"])); -} else { - echo selectAllGroupsFromUser($_SESSION["userID"]); -} +require_once("../../queries/user.php"); +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { + if (isset($_POST["limit"])) { + echo selectLimitedGroupsFromUser($_SESSION["userID"], (int)test_input($_POST["limit"])); + } else { + echo selectAllGroupsFromUser($_SESSION["userID"]); + } +} else { + header('HTTP/1.0 403 Forbidden'); +} diff --git a/website/public/API/loadMessages.php b/website/public/API/loadMessages.php index cc00d8d..d78d058 100644 --- a/website/public/API/loadMessages.php +++ b/website/public/API/loadMessages.php @@ -6,11 +6,17 @@ require_once("../../queries/connect.php"); require_once("../../queries/private_message.php"); require_once("../../queries/checkInput.php"); require_once("../../queries/friendship.php"); +require_once("../../queries/user.php"); -if (isset($_POST["lastID"]) && $_POST["lastID"] != "") { - setLastVisited(test_input($_POST["destination"])); - echo getNewChatMessages(test_input($_POST["lastID"]), test_input($_POST["destination"])); +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { + if (isset($_POST["lastID"]) && $_POST["lastID"] != "") { + setLastVisited(test_input($_POST["destination"])); + echo getNewChatMessages(test_input($_POST["lastID"]), test_input($_POST["destination"])); + } else { + setLastVisited(test_input($_POST["destination"])); + echo getOldChatMessages(test_input($_POST["destination"])); + } } else { - setLastVisited(test_input($_POST["destination"])); - echo getOldChatMessages(test_input($_POST["destination"])); + header('HTTP/1.0 403 Forbidden'); } \ No newline at end of file diff --git a/website/public/API/loadPost.php b/website/public/API/loadPost.php index f73fe42..257a282 100644 --- a/website/public/API/loadPost.php +++ b/website/public/API/loadPost.php @@ -5,8 +5,15 @@ require_once("../../queries/post.php"); require_once("../../queries/checkInput.php"); require_once("../../queries/nicetime.php"); -if(isset($_GET['postID'])) { - include("../../views/post-view.php"); +require_once("../../queries/user.php"); + +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { + if (isset($_GET['postID'])) { + include("../../views/post-view.php"); + } else { + echo "Kan de post niet laden"; + } } else { - echo "Failed to load"; + header('HTTP/1.0 403 Forbidden'); } \ No newline at end of file diff --git a/website/public/API/nietSlecht.php b/website/public/API/nietSlecht.php deleted file mode 100644 index 1692cb3..0000000 --- a/website/public/API/nietSlecht.php +++ /dev/null @@ -1,41 +0,0 @@ -bindParam(":postID", $postID); - $stmt->execute(); - return $stmt->rowCount(); -} - -function getNietSlechtUsersForPost(int $postID) { - $stmt = prepareQuery(" - SELECT - `fname`, - `lname`, - CONCAT(`user`.`fname`, ' ', `user`.`lname`) as `fullname` - FROM - `user` - INNER JOIN - `niet_slecht` - WHERE - `user`.`userID` = `niet_slecht`.`userID` AND - `niet_slecht`.`postID` = :postID - "); - $stmt->bindParam(":postID", $postID); - $stmt->execute(); - $rows = $stmt->fetchAll(); - foreach ($rows as $row) { - print($row["fullname"]); - } -} \ No newline at end of file diff --git a/website/public/API/postPost.php b/website/public/API/postPost.php index 7a33857..b1c6649 100644 --- a/website/public/API/postPost.php +++ b/website/public/API/postPost.php @@ -6,49 +6,43 @@ require_once("../../queries/post.php"); require_once("../../queries/group_page.php"); require_once("../../queries/connect.php"); require_once("../../queries/checkInput.php"); +require_once("../../queries/user.php"); -if (empty($_POST["title"]) or - empty($_POST["content"]) or - empty($_SESSION["userID"])) { - header('HTTP/1.1 500 Non enough arguments'); -} +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'frozen' && + getRoleByID($_SESSION["userID"]) != 'banned') { -if (empty($_POST["group"])) { - // User Post - makePost( - $_SESSION["userID"], - null, - test_input($_POST["title"]), - test_input($_POST["content"]) - ); -} else { - // Group Post - - // Check if the user is an admin or mod of the group. - if(!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) { - header('HTTP/1.1 500 Non enough rights'); - return; + if (empty($_POST["title"]) or + empty($_POST["content"]) or + empty($_SESSION["userID"]) + ) { + header('HTTP/1.1 500 Non enough arguments'); } - makePost( - $_SESSION["userID"], - $_POST["group"], - test_input($_POST["title"]), - test_input($_POST["content"]) - ); -} + if (empty($_POST["group"])) { + // User Post + makePost( + $_SESSION["userID"], + null, + test_input($_POST["title"]), + test_input($_POST["content"]) + ); + } else { + // Group Post + // Check if the user is an admin or mod of the group. + if (!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) { + header('HTTP/1.1 500 Non enough rights'); + return; + } - - - - -//if (empty($_POST['newpost-title'])) { -//} else { -// makePost($_SESSION['userID'], -// null, -// test_input($_POST['newpost-title']), -// test_input($_POST['newpost-content'])); -//} -// -//header("Location: ../profile.php"); \ No newline at end of file + makePost( + $_SESSION["userID"], + $_POST["group"], + test_input($_POST["title"]), + test_input($_POST["content"]) + ); + } +} else { + echo "frozen"; +} \ No newline at end of file diff --git a/website/public/API/searchGroups.php b/website/public/API/searchGroups.php index 8568b29..625d464 100644 --- a/website/public/API/searchGroups.php +++ b/website/public/API/searchGroups.php @@ -7,22 +7,29 @@ require_once ("../../queries/connect.php"); require_once ("../../queries/checkInput.php"); require_once ("../../queries/group_member.php"); require_once ("../../queries/group_page.php"); +require_once ("../../queries/user.php"); -$n = 0; -if (isset($_POST["n"])) { - $n = (int) test_input($_POST["n"]); -} -$m = 20; -if (isset($_POST["m"])) { - $m = (int) test_input($_POST["m"]); -} -$search = ""; -if (isset($_POST["search"])) { - $search = test_input($_POST["search"]); -} +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { -if (isset($_POST["filter"]) && $_POST["filter"] == "personal") { - echo searchSomeOwnGroups($n, $m, $search); + $n = 0; + if (isset($_POST["n"])) { + $n = (int)test_input($_POST["n"]); + } + $m = 20; + if (isset($_POST["m"])) { + $m = (int)test_input($_POST["m"]); + } + $search = ""; + if (isset($_POST["search"])) { + $search = test_input($_POST["search"]); + } + + if (isset($_POST["filter"]) && $_POST["filter"] == "personal") { + echo searchSomeOwnGroups($n, $m, $search); + } else { + echo searchSomeGroups($n, $m, $search); + } } else { - echo searchSomeGroups($n, $m, $search); -} + header('HTTP/1.0 403 Forbidden'); +} \ No newline at end of file diff --git a/website/public/API/searchPageNumber.php b/website/public/API/searchPageNumber.php index 4a76516..df5483a 100644 --- a/website/public/API/searchPageNumber.php +++ b/website/public/API/searchPageNumber.php @@ -7,35 +7,41 @@ require_once ("../../queries/checkInput.php"); require_once ("../../queries/user.php"); require_once ("../../queries/group_page.php"); -$user_perpage = $group_perpage = 20; +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { -$user_currentpage = $group_currentpage = 1; -if (isset($_POST['user-pageselect'])) { - $user_currentpage = test_input($_POST['user-pageselect']); -} -if (isset($_POST['group-pageselect'])) { - $group_currentpage = test_input($_POST['group-pageselect']); -} + $user_perpage = $group_perpage = 20; -$user_n = $user_currentpage * $user_perpage - $user_perpage; -$group_n = $group_currentpage * $group_perpage - $group_perpage; + $user_currentpage = $group_currentpage = 1; + if (isset($_POST['user-pageselect'])) { + $user_currentpage = test_input($_POST['user-pageselect']); + } + if (isset($_POST['group-pageselect'])) { + $group_currentpage = test_input($_POST['group-pageselect']); + } -$search = ""; -if (isset($_POST['search'])) { - $search = test_input($_POST['search']); -} + $user_n = $user_currentpage * $user_perpage - $user_perpage; + $group_n = $group_currentpage * $group_perpage - $group_perpage; -$user_count = countSomeUsers($search)->fetchColumn(); -$group_count = countSomeGroups($search)->fetchColumn(); + $search = ""; + if (isset($_POST['search'])) { + $search = test_input($_POST['search']); + } -$filter = "all"; -if (isset($_POST['filter'])) { - $filter = test_input($_POST['filter']); -} + $user_count = countSomeUsers($search)->fetchColumn(); + $group_count = countSomeGroups($search)->fetchColumn(); -$option = "user"; -if (isset($_POST['option'])) { - $option = test_input($_POST['option']); -} + $filter = "all"; + if (isset($_POST['filter'])) { + $filter = test_input($_POST['filter']); + } -include ("../../views/searchPageNumber.php"); + $option = "user"; + if (isset($_POST['option'])) { + $option = test_input($_POST['option']); + } + + include("../../views/searchPageNumber.php"); +} else { + header('HTTP/1.0 403 Forbidden'); +} \ No newline at end of file diff --git a/website/public/API/searchUsers.php b/website/public/API/searchUsers.php index f431f88..8f36d7d 100644 --- a/website/public/API/searchUsers.php +++ b/website/public/API/searchUsers.php @@ -7,23 +7,29 @@ require_once ("../../queries/checkInput.php"); require_once ("../../queries/friendship.php"); require_once ("../../queries/user.php"); -$n = 0; -$m = 20; +if (isset($_SESSION["userID"]) && + getRoleByID($_SESSION["userID"]) != 'banned') { -$page = 1; -if (isset($_POST["user-pageselect"])) { - $page = (int) test_input($_POST['user-pageselect']); -} + $n = 0; + $m = 20; -$n = ($page - 1) * $m; + $page = 1; + if (isset($_POST["user-pageselect"])) { + $page = (int)test_input($_POST['user-pageselect']); + } -$search = ""; -if (isset($_POST["search"])) { - $search = test_input($_POST["search"]); -} + $n = ($page - 1) * $m; -if (isset($_POST["filter"]) && $_POST["filter"] == "personal") { - echo searchSomeFriends($n, $m, $search); + $search = ""; + if (isset($_POST["search"])) { + $search = test_input($_POST["search"]); + } + + if (isset($_POST["filter"]) && $_POST["filter"] == "personal") { + echo searchSomeFriends($n, $m, $search); + } else { + echo searchSomeUsers($n, $m, $search); + } } else { - echo searchSomeUsers($n, $m, $search); -} + header('HTTP/1.0 403 Forbidden'); +} \ No newline at end of file diff --git a/website/queries/group_member.php b/website/queries/group_member.php index cea4dde..b8f031a 100644 --- a/website/queries/group_member.php +++ b/website/queries/group_member.php @@ -1,7 +1,7 @@