diff --git a/website/public/API/edit_friendship.php b/website/public/API/edit_friendship.php new file mode 100644 index 0000000..52aacf5 --- /dev/null +++ b/website/public/API/edit_friendship.php @@ -0,0 +1,31 @@ +prepare(" + SELECT + `email`, + `role` + FROM + `user` + WHERE + `userID` = :userID + "); + $checkHash->bindParam(":userID", $_GET["u"]); + $checkHash->execute(); + $result = $checkHash->fetch(); + $email = $result["email"]; + $role = $result["role"]; + if ($role == "unconfirmed") { + doActivate($email); + } else { + echo "Ongeldige link."; + } + +} else { + echo "Ongeldige link."; +} + +function doActivate(string $email) { + if (password_verify($email, $_GET["h"])) { + $confirmUser = $GLOBALS["db"]->prepare(" + UPDATE + `user` + SET + `role` = :role + WHERE + `userID` = :userID + "); + $confirmUser->bindValue(":role", "user"); + $confirmUser->bindParam(":userID", $_GET["u"]); + $confirmUser->execute(); + if ($confirmUser->rowCount()) { + echo "Email bevestigd
+ U wordt automatisch doorgestuurd naar de login pagina over 5 seconden. "; + header("refresh:5;url=login.php"); + } + } else { + echo "Ongeldige link."; + } +} \ No newline at end of file diff --git a/website/public/img/avatar-standard.png b/website/public/img/avatar-standard.png new file mode 100644 index 0000000..21ab818 Binary files /dev/null and b/website/public/img/avatar-standard.png differ diff --git a/website/public/img/notbad.jpg b/website/public/img/notbad.jpg deleted file mode 100644 index eeea126..0000000 Binary files a/website/public/img/notbad.jpg and /dev/null differ diff --git a/website/public/js/chat.js b/website/public/js/chat.js index 6c420a1..3c839e4 100644 --- a/website/public/js/chat.js +++ b/website/public/js/chat.js @@ -53,8 +53,8 @@ function switchUser(userID) { $(".destinationID").val(userID); $("#chat-history").html(""); $("#lastID").val(""); - $(".chat-left .friend-item").removeClass("active-friend-chat"); - $(".chat-left #friend-item-" + userID).addClass("active-friend-chat"); + $("#chat-recent-panel .friend-item").removeClass("active-friend-chat"); + $("#chat-left #friend-item-" + userID).addClass("active-friend-chat"); } function sayEmpty() { diff --git a/website/public/js/notifications.js b/website/public/js/notifications.js index 51a8c06..afcaca0 100644 --- a/website/public/js/notifications.js +++ b/website/public/js/notifications.js @@ -1,8 +1,18 @@ -function showNotifications(notifications, id) { - $("#" + id).html(""); +function showFriendNotifications(notifications) { + $("#friendrequestslist").html(""); for (i in notifications) { - $("#" + id).append(" \ -
  • \ + var outgoing = ""; + if (notifications[i].friend_state == "3") { + outgoing = " \ + \ + "; + } + + $("#friendrequestslist").append(" \ +
  • \
    \ \
    \ +
    \ +
    \ + \ + "+ outgoing +" \ + \ + \ +
    \ +
    • \ + "); + } +} + +function showChatNotifications(notifications) { + $("#unreadChatlist").html(""); + for (i in notifications) { + $("#unreadChatlist").append(" \ +
  • \ + \ + \ + \
    • \ "); } @@ -23,14 +68,14 @@ function loadNotifications() { "API/loadFriendRequestNotifications.php" ).done(function(data) { if (data && data != "[]") { - showNotifications(JSON.parse(data), "friendrequestslist"); + showFriendNotifications(JSON.parse(data)); } }); $.post( "API/loadChatNotifications.php" ).done(function(data) { if (data && data != "[]") { - showNotifications(JSON.parse(data), "unreadChatlist"); + showChatNotifications(JSON.parse(data)); } }); diff --git a/website/public/js/registerAndLogin.js b/website/public/js/registerAndLogin.js index 0452d15..ef49e83 100644 --- a/website/public/js/registerAndLogin.js +++ b/website/public/js/registerAndLogin.js @@ -4,5 +4,12 @@ function checkLoggedIn() { } else { window.location.href = "profile.php"; } - document.getElementById("demo").innerHTML = x; } + +function bannedAlert(){ + alert("Your account is banned"); +} + +function emailNotConfirmed(){ + alert("Your account has not been verified yet!\nAnother email has been sent to you") +} \ No newline at end of file diff --git a/website/public/login.php b/website/public/login.php index 0d07413..de4ecab 100644 --- a/website/public/login.php +++ b/website/public/login.php @@ -5,6 +5,7 @@ require_once("../queries/connect.php"); include_once("../queries/login.php"); include_once("../queries/checkInput.php"); + include_once("../queries/emailconfirm.php"); ?> getMessage(); } } diff --git a/website/public/logout.php b/website/public/logout.php index 6a2ba5d..de4d7c2 100644 --- a/website/public/logout.php +++ b/website/public/logout.php @@ -1,15 +1,4 @@ - - - - - - +session_start(); +session_destroy(); +header("Location: login.php"); \ No newline at end of file diff --git a/website/public/profile.php b/website/public/profile.php index cb58436..d2d3c3f 100644 --- a/website/public/profile.php +++ b/website/public/profile.php @@ -22,7 +22,7 @@ if(empty($_GET["username"])) { $userID = getUserID($_GET["username"]); } -$user = selectUser($userID); +$user = selectUser($_SESSION["userID"], $userID); $profile_friends = selectAllFriends($userID); $profile_groups = selectAllUserGroups($userID); $posts = selectAllUserPosts($userID); diff --git a/website/public/register.php b/website/public/register.php index 8c0f8e4..1ce4817 100644 --- a/website/public/register.php +++ b/website/public/register.php @@ -5,38 +5,97 @@ require_once("../queries/connect.php"); include_once("../queries/register.php"); include_once("../queries/checkInput.php"); + include_once("../queries/emailconfirm.php"); ?> getMessage(); } - checkInputChoice("username", "username"); - checkInputChoice("password", "longerEight"); - checkInputChoice("confirmpassword", ""); - matchPassword(); - checkInputChoice("location", "lettersAndSpace"); - checkInputChoice("email", "email"); - registerCheck(); + try { + $surname = test_input(($_POST["surname"])); + checkInputChoice($surname, "lettersAndSpaces"); + } + catch(lettersAndSpacesException $e){ + $correct = false; + $surnameErr = $e->getMessage(); + } + + try{ + $bday = test_input(($_POST["bday"])); + checkInputChoice($bday, "bday"); + } catch(bdayException $e){ + $correct = false; + $bdayErr = $e->getMessage(); + } + + try{ + $username = str_replace(' ', '', test_input(($_POST["username"]))); + checkInputChoice($username, "username"); + } catch(usernameException $e){ + $correct = false; + $usernameErr = $e->getMessage(); + } + + try{ + $password = str_replace(' ', '', test_input(($_POST["password"]))); + checkInputChoice($password, "longerEight"); + matchPassword(); + } catch(passwordException $e){ + $correct = false; + $passwordErr = $e->getMessage(); + } catch(confirmPasswordException $e){ + $correct = false; + $confirmPasswordErr = $e->getMessage(); + } + + try{ + $location = test_input(($_POST["location"])); + checkInputChoice($location, "lettersAndSpaces"); + } catch(lettersAndSpacesException $e){ + $correct = false; + $locationErr = $e->getMessage(); + } + + try{ + $email = test_input(($_POST["email"])); + checkInputChoice($email, "email"); + } catch(emailException $e){ + $correct = false; + $emailErr = $e->getMessage(); + } + + try{ + $captcha = $_POST['g-recaptcha-response']; + checkCaptcha($captcha); + } catch(captchaException $e){ + $correct = false; + $captchaErr = $e->getMessage(); + } + + try { + getIp(); + registerCheck($correct); + sendConfirmEmailUsername($username); + } catch(registerException $e){ + $genericErr = $e->getMessage(); + } } /* This view adds register view */ include("../views/register-view.php"); diff --git a/website/public/settings.php b/website/public/settings.php index b473f99..e40f042 100644 --- a/website/public/settings.php +++ b/website/public/settings.php @@ -12,23 +12,28 @@ getClass(); + $alertMessage = $w->getMessage(); } } include("../views/main.php"); diff --git a/website/public/styles/chat.css b/website/public/styles/chat.css index 16505f5..6822d21 100644 --- a/website/public/styles/chat.css +++ b/website/public/styles/chat.css @@ -1,34 +1,38 @@ /* Overall chat-screen */ .chat { position: fixed; + top: 80px; left: 256px; - padding: 20px 0; width: calc(100% - 256px); height: calc(100% - 120px); - display: inline-flex; + + padding: 20px 0; + + display: inline-block; } -.chat-left { +#chat-recent-panel { width: 256px; height: calc(100% - 100px); - margin: 0 10px; - overflow-y: auto; -} -.chat-right { - width: calc(100% - 256px - 40px); - height: calc(100% - 80px); - margin-right: 10px; + display: inline-block; + + overflow-y: auto; } /* Chat history. */ -.chat-history { +#chat-history { overflow-y: auto; overflow-x: hidden; - height: 100%; + + width: calc(100% - 256px - 75px); + height: calc(100% - 80px); + padding: 10px; + display: inline-block; + word-wrap: break-word; } @@ -36,7 +40,13 @@ .chat-message { width: 100%; min-height: 40px; - padding-top: 10px; + padding: 10px 0; + clear: both; +} + +.chat-message::after { + content: ''; + display: table; clear: both; } @@ -63,7 +73,7 @@ /* Chat reply field */ .chat-field { - width: 100%; + width: calc(100% - 10px); display: table; } diff --git a/website/public/styles/index.css b/website/public/styles/index.css index a24bdd0..fc9d3d6 100644 --- a/website/public/styles/index.css +++ b/website/public/styles/index.css @@ -1,20 +1,19 @@ a.button { background-color: #C8CABD; - border-radius: 10px; + border-radius: 5px; color: black; cursor: pointer; height: 50%; - margin: 8px 0; - padding: 14px 20px; - width: 25%; + padding: 8px 20px; + width: 50%; font-family: Arial; - font-size: 16px; + font-size: 20px; } /* Body */ body { height: 100%; - background-color: #C8CABD; + background-color: #FBC02D; /*background-image: url(http://play.pokemonshowdown.com/fx/client-bg-shaymin.jpg); background-size: cover; background-attachment: fixed;*/ @@ -24,31 +23,14 @@ body { font-family: Arial, sans-serif; } -/* The Close Button */ -.close { - /* Position it in the top right corner outside of the modal */ - color: white; - font-size: 100px; - font-weight: bold; - position: absolute; - right: 25px; - top: 0; -} - -/* Close button on hover */ -.close:hover, -.close:focus { - color: red; - cursor: pointer; -} /* inlogform */ form { /*background-color: #a87a87;*/ border-radius: 12px; - height: 70%; + height: 75%; margin: auto; - width: 70%; + width: 80%; overflow-y:auto; } @@ -72,24 +54,20 @@ input[type=text], input[type=password], input[type=email], input[type="date"] { border-color: #C8CABD; display: inline-block; height: 60%; + font-size: 16px; padding: 8px 20px; margin: 4px 0; - width: 70%; + width: 55%; } -/* -input[type=text], input[type=password], input[type=email], input[type="date"] { - border: 0px; - border-bottom: 4px solid lightgray; - border-radius: 0px; -}*/ button[type=submit] { background-color: #C8CABD; - color: black ; + color: black; cursor: pointer; font-family: Arial; - font-size: 16px; - width: 50%; + font-size: 22px; + height: 30px; + width: 120px; } .error { @@ -106,12 +84,12 @@ label { display: inline-block; position: relative; background-color: #C8CABD; - height: 30px; - width: 90px; - padding: 3px 3px 3px 0px; + height: 25px; + width: 120px; + padding: 3px 3px 3px 3px; text-align: center; - border-radius: 0px 10px 10px 0px; - font-size: 24px; + border-radius: 0px 5px 5px 0px; + font-size: 22px; } .left-arrow:after { @@ -121,9 +99,9 @@ label { right: 100%; top: 0; bottom: 0; - border-top: 15px solid transparent; + border-top: 12px solid transparent; border-right: 20px solid #C8CABD; - border-bottom: 15px solid transparent; + border-bottom: 12px solid transparent; border-left: 0px solid transparent; } @@ -135,7 +113,7 @@ label { /* padding voor login_containers */ .login_containerlogin { - padding:25px; + padding:16px; text-align: center; } @@ -163,7 +141,7 @@ label { margin: 34px auto; overflow-y: auto; padding: 20px; - width: 50%; + width: 45%; } /*.platform { diff --git a/website/public/styles/main.css b/website/public/styles/main.css index 3e9b51d..8c50b19 100644 --- a/website/public/styles/main.css +++ b/website/public/styles/main.css @@ -242,3 +242,23 @@ div[data-title]:hover:after { line-height: normal; font-family: Arial, sans-serif; } + +.friend { + +} + + +.friend-item, .group-item { + cursor: pointer; + transition-duration: 250ms; +} + +.friend-item:hover, .group-item:hover { + background: #FBC02D; + box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24); +} + +.friend-name { + display: inline-block; + vertical-align: middle; +} diff --git a/website/public/styles/menu.css b/website/public/styles/menu.css index 25e4b91..204acd0 100644 --- a/website/public/styles/menu.css +++ b/website/public/styles/menu.css @@ -34,16 +34,6 @@ cursor: pointer; } -.friend-item, .group-item { - cursor: pointer; - transition-duration: 250ms; -} - -.friend-item:hover, .group-item:hover { - background: #FBC02D; - box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24); -} - .menu button { background: none; color: inherit; @@ -73,4 +63,32 @@ #quick-links i:hover { color: #FBC02D; +} + +.notification-options { + display: none; + width: 100%; +} + +.notification-options form { + width: 100%; + text-align: center; +} + +.notification-options button { + display: inline-block; + padding: 5px 20px; + width: auto; +} + +.accept-notification:hover { + color: #4CAF50; +} + +.deny-notification:hover { + color: firebrick; +} + +.friend-item:hover .notification-options { + display: inline-block; } \ No newline at end of file diff --git a/website/public/styles/profile.css b/website/public/styles/profile.css index 95bc4c4..fbd8775 100644 --- a/website/public/styles/profile.css +++ b/website/public/styles/profile.css @@ -78,8 +78,9 @@ div.posts .post form textarea.newpost { font-size: 0.8em; } -.profile-button { +input.profile-button { float: right; + height: auto; padding: 10px; border-radius: 5px; background-color: #4CAF50; diff --git a/website/queries/checkInput.php b/website/queries/checkInput.php index f711676..5f72f10 100644 --- a/website/queries/checkInput.php +++ b/website/queries/checkInput.php @@ -1,97 +1,139 @@ format($format) == $date; +} + /* checks if username exist and if its longer than 6 characters. */ function username($variable){ - if (strlen($GLOBALS[$variable]) < 6) { - $GLOBALS[$variable . "Err"] = "Gebruikersnaam moet minstens 6 karakters bevatten"; - $correct = false; + if (empty($variable)) { + throw new usernameException("Verplicht!"); + } else if (strlen($variable) < 6) { + throw new usernameException("Moet minstens 6 karakters bevatten"); } else if (getExistingUsername() == 1) { - $GLOBALS[$variable . "Err"] = "Gebruikersnaam bestaat al"; - $correct = false; + throw new usernameException("Gebruikersnaam bestaal al"); } } /* checks if an input is longer that 8 characters. */ function longerEight($variable){ - if (strlen($GLOBALS[$variable]) < 8) { - $GLOBALS[$variable . "Err"] = "Moet minstens 8 karakters bevatten"; - $correct = false; + if (empty($variable)) { + throw new passwordException("Verplicht!"); + } else if (strlen($variable) < 8) { + throw new passwordException("Moet minstens 8 karakters bevatten"); } } /* checks if an input is a valid email. */ function validateEmail($variable){ - if (!filter_var($GLOBALS[$variable], FILTER_VALIDATE_EMAIL)) { - $GLOBALS[$variable . "Err"] = "Geldige email invullen!"; - $correct = false; - + if (empty($variable)) { + throw new emailException("Verplicht!"); + } else if (!filter_var($variable, FILTER_VALIDATE_EMAIL)) { + throw new emailException("Geldige email invullen"); } else if (getExistingEmail() == 1){ - $GLOBALS[$variable . "Err"] = "Email bestaat al"; - $correct = false; - + throw new emailException("Email bestaal al!"); } } /* checks if two passwords matches. */ function matchPassword(){ if ($_POST["password"] != $_POST["confirmpassword"]) { - $GLOBALS["confirmpasswordErr"] = "Wachtwoorden matchen niet"; - $GLOBALS["correct"] = false; - + throw new confirmPasswordException("Wachtwoorden matchen niet!"); } } -// Checks if everything is filled in correctly -function registerCheck(){ - if ($GLOBALS["correct"] == false){ - $GLOBALS["genericErr"] = "Bepaalde velden zijn verkeerd of niet ingevuld!"; +/* Checks if captcha is correctly filled in */ +function checkCaptcha($captcha){ + if(!$captcha){ + throw new captchaException("Captcha needs to be filled in!"); + } else { + $response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Lc72xIUAAAAAPizuF3nUbklCPljVCVzgYespz8o&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR'])); + if($response->success==false) { + throw new captchaException("You are a spammer!"); + } + } +} +/* Get ip adres */ +function getIp(){ + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $GLOBALS["ip"] = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $GLOBALS["ip"] = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $GLOBALS["ip"] = $_SERVER['REMOTE_ADDR']; + } +} + +/* Checks if everything is filled in correctly */ +function registerCheck($status){ + if ($status == false){ + throw new registerException("Bepaalde velden zijn verkeerd of niet ingevuld"); } else { registerAccount(); header("location: login.php"); - } } @@ -102,4 +144,69 @@ function test_input($data) { $data = htmlspecialchars($data); return $data; } + +class lettersAndSpacesException extends Exception +{ + public function __construct($message = "", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); + } +} + + +class bdayException extends Exception +{ + public function __construct($message = "", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); + } +} + +class usernameException extends Exception +{ + public function __construct($message = "", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); + } +} + +class passwordException extends Exception +{ + public function __construct($message = "", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); + } +} + +class confirmPasswordException extends Exception +{ + public function __construct($message = "", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); + } +} + +class emailException extends Exception +{ + public function __construct($message = "", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); + } +} + +class captchaException extends Exception +{ + public function __construct($message = "", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); + } +} + +class registerException extends Exception +{ + public function __construct($message = "", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); + } +} ?> diff --git a/website/queries/emailconfirm.php b/website/queries/emailconfirm.php new file mode 100644 index 0000000..0b3224f --- /dev/null +++ b/website/queries/emailconfirm.php @@ -0,0 +1,42 @@ +prepare(" + SELECT + `userID` + FROM + `user` + WHERE + `username` = :username + "); + $stmt->bindParam(":username", $username); + $stmt->execute(); + $userID = $stmt->fetch()["username"]; + sendConfirmEmail($userID); +} + +function sendConfirmEmail(int $userID) { + $stmt = $GLOBALS["db"]->prepare(" + SELECT + `email`, + `fname` + FROM + `user` + WHERE + `userID` = :userID + "); + + $stmt->bindParam(":userID", $userID); + $stmt->execute(); + $user = $stmt->fetch(); + + $email = $user["email"]; + $fname = $user["fname"]; + $hash = password_hash($email, PASSWORD_DEFAULT); + $confirmLink = "https://myhyvesbookplus.nl/emailconfirm.php?u=$userID&h=$hash"; + + $subject = "Bevestig uw emailadres"; + $body = "Hallo $fname,\r\n\r\nKlik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n$confirmLink\r\n\r\nGroeten MyHyvesbook+"; + $header = "From: MyHyvesbook+ "; + mail($email, $subject, $body, $header); +} \ No newline at end of file diff --git a/website/queries/friendship.php b/website/queries/friendship.php index 9a3a37c..cb35640 100644 --- a/website/queries/friendship.php +++ b/website/queries/friendship.php @@ -1,13 +1,16 @@ prepare(" SELECT `userID`, `username`, + LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`, IFNULL( `profilepicture`, - '../img/notbad.jpg' + '../img/avatar-standard.png' ) AS profilepicture, `onlinestatus`, `role` @@ -36,9 +39,25 @@ function selectAllFriendRequests() { SELECT `userID`, `username`, + CASE `status` IS NULL + WHEN TRUE THEN 0 + WHEN FALSE THEN + CASE `status` = 'confirmed' + WHEN TRUE THEN + 1 + WHEN FALSE THEN + CASE `user1ID` = :userID + WHEN TRUE THEN + 2 + WHEN FALSE THEN + 3 + END + END + END AS `friend_state`, + LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`, IFNULL( `profilepicture`, - '../img/notbad.jpg' + '../img/avatar-standard.png' ) AS profilepicture, `onlinestatus`, `role` @@ -60,4 +79,106 @@ function selectAllFriendRequests() { $stmt->execute(); return json_encode($stmt->fetchAll()); +} + +function getFriendshipStatus($userID) { + $stmt = $GLOBALS["db"]->prepare(" + SELECT + CASE `status` IS NULL + WHEN TRUE THEN 0 + WHEN FALSE THEN + CASE `status` = 'confirmed' + WHEN TRUE THEN + 1 + WHEN FALSE THEN + CASE `user1ID` = :me AND `user2ID` = :other + WHEN TRUE THEN + 2 + WHEN FALSE THEN + 3 + END + END + END AS `friend_state` + FROM + `friendship` + WHERE + `user1ID` = :other AND `user2ID` = :me OR + `user1ID` = :me AND `user2ID` = :other + "); + + $stmt->bindParam(':me', $_SESSION["userID"], PDO::PARAM_INT); + $stmt->bindParam(':other', $userID, PDO::PARAM_INT); + $stmt->execute(); + return $stmt->fetch()["friend_state"]; +} + +function requestFriendship($userID) { + $stmt = $GLOBALS["db"]->prepare(" + INSERT INTO `friendship` (user1ID, user2ID) + VALUES (:user1, :user2) + "); + + $stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT); + $stmt->bindParam(':user2', $userID, PDO::PARAM_INT); + $stmt->execute(); +} + +function removeFriendship($userID) { + $stmt = $GLOBALS["db"]->prepare(" + DELETE FROM `friendship` + WHERE + `user1ID` = :user1 AND + `user2ID` = :user2 OR + `user1ID` = :user2 AND + `user2ID` = :user1 + "); + + $stmt->bindParam(':user1', $_SESSION["userID"], PDO::PARAM_INT); + $stmt->bindParam(':user2', $userID, PDO::PARAM_INT); + $stmt->execute(); +} + +function acceptFriendship($userID) { + $stmt = $GLOBALS["db"]->prepare(" + UPDATE `friendship` + SET `status`='confirmed' + WHERE + `user1ID` = :user1 AND + `user2ID` = :user2 + LIMIT 1 + "); + + $stmt->bindParam(':user1', $userID, PDO::PARAM_INT); + $stmt->bindParam(':user2', $_SESSION["userID"], PDO::PARAM_INT); + $stmt->execute(); +} + +function setLastVisited($friend) { + $stmt = $GLOBALS["db"]->prepare(" + UPDATE + `friendship` + SET `friendship`.chatLastVisted1=( + CASE `user1ID` = :sessionUser + WHEN TRUE THEN NOW() + WHEN FALSE THEN `chatLastVisted1` + END + ), + `friendship`.`chatLastVisted2`=( + CASE `user2ID` = :sessionUser + WHEN TRUE THEN NOW() + WHEN FALSE THEN `chatLastVisted2` + END + ) + WHERE + `user1ID` = :sessionUser AND + `user2ID` = :friend OR + `user2ID` = :sessionUser AND + `user1ID` = :friend; + "); + + $stmt->bindParam(':sessionUser', $_SESSION["userID"], PDO::PARAM_INT); + $stmt->bindParam(':friend', $friend, PDO::PARAM_INT); + $stmt->execute(); + + return $stmt; } \ No newline at end of file diff --git a/website/queries/header.php b/website/queries/header.php index e6bc8ac..b0dd42c 100644 --- a/website/queries/header.php +++ b/website/queries/header.php @@ -6,7 +6,7 @@ function getHeaderInfo() { `lname`, IFNULL( `profilepicture`, - 'img/notbad.jpg' + 'img/avatar-standard.png' ) AS profilepicture FROM `user` diff --git a/website/queries/login.php b/website/queries/login.php index 180b431..2af255a 100644 --- a/website/queries/login.php +++ b/website/queries/login.php @@ -4,7 +4,8 @@ function getUser() { $stmt = $GLOBALS["db"]->prepare(" SELECT `password`, - `userID` + `userID`, + `role` FROM `user` WHERE @@ -15,3 +16,46 @@ function getUser() { $stmt->execute(); return $stmt->fetch(PDO::FETCH_ASSOC); } + +function validateLogin($username, $password){ + // Empty username or password field + if (empty($username) || empty($password)) { + throw new loginException("Gebruikersnaam of wachtwoord is niet ingevuld"); + } + else { + $psw = test_input($password); + $hash = getUser()["password"]; + $userID = getUser()["userID"]; + $role = getUser()["role"]; + + // If there's an account, go to the profile page + if(password_verify($psw, $hash)) { + if ($role == "banned"){ + echo ""; + } else if ($role == "unconfirmed"){ + sendConfirmEmail(getUser()["userID"]); + echo ""; + } else { + $_SESSION["userID"] = $userID; + header("location: profile.php"); + } + } else { + throw new loginException("Inloggevens zijn niet correct"); + } + + } +} + +class loginException extends Exception +{ + public function __construct($message = "", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); + } +} +?> + diff --git a/website/queries/private_message.php b/website/queries/private_message.php index 46c21a3..d40ee88 100644 --- a/website/queries/private_message.php +++ b/website/queries/private_message.php @@ -74,3 +74,39 @@ function getNewChatMessages($lastID, $destination) { return json_encode($stmt->fetchAll()); } + + +function selectAllUnreadChat() { + $stmt = $GLOBALS["db"]->prepare(" + SELECT + LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) as `name`, + `user`.`userID`, + IFNULL( + `profilepicture`, + '../img/notbad.jpg' + ) AS profilepicture, + LEFT(`private_message`.`content`, 15) as `content` + FROM + `private_message`, + `friendship`, + `user` + WHERE + (`friendship`.user2ID = `private_message`.`origin` AND + `friendship`.user1ID = `private_message`.`destination` AND + `friendship`.chatLastVisted1 < `private_message`.`creationdate` OR + `friendship`.user1ID = `private_message`.`origin` AND + `friendship`.user2ID = `private_message`.`destination` AND + `friendship`.chatLastVisted2 < `private_message`.`creationdate`) AND + `private_message`.`origin` = `user`.`userID` AND + `private_message`.`destination` = :userID AND + `user`.`role` != 'banned' + + GROUP BY `user`.`userID` + "); + + $stmt->bindParam(':userID', $_SESSION["userID"]); + + $stmt->execute(); + + return json_encode($stmt->fetchAll()); +} \ No newline at end of file diff --git a/website/queries/settings.php b/website/queries/settings.php index 1a5dacf..0bf8791 100644 --- a/website/queries/settings.php +++ b/website/queries/settings.php @@ -1,35 +1,35 @@ message = $message; - switch ($type) { - case "happy": - $this->class = "settings-message-happy"; - break; - case "angry": - $this->class = "settings-message-angry"; - break; - default: - $this->class = "settings-message"; - break; - } + abstract public function getClass(); +} + +class HappyAlert extends AlertMessage { + + public function __construct($message = "Gelukt!", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); } public function getClass() { - return $this->class; + return "settings-message-happy"; + } +} + +class AngryAlert extends AlertMessage { + public function __construct($message = "Er is iets fout gegaan.", $code = 0, Exception $previous = null) + { + parent::__construct($message, $code, $previous); } - public function getMessage() { - return $this->message; + public function getClass() { + return "settings-message-angry"; } } @@ -94,24 +94,19 @@ function updateSettings() { $stmt->bindValue(":bio", test_input($_POST["bio"])); $stmt->bindValue(":userID", $_SESSION["userID"]); $stmt->execute(); - - return new settingsMessage("happy", "Instellingen zijn opgeslagen."); + throw new HappyAlert("Instellingen zijn opgeslagen."); } function changePassword() { $user = getPasswordHash(); if (password_verify($_POST["password-old"], $user["password"])) { if ($_POST["password-new"] == $_POST["password-confirm"] && (strlen($_POST["password-new"]) >= 8)) { - if (doChangePassword()) { - return new settingsMessage("happy", "Wachtwoord gewijzigd."); - } else { - return new settingsMessage("angry", "Er is iets mis gegaan."); - } + doChangePassword(); } else { - return new settingsMessage("angry", "Wachtwoorden komen niet oveen."); + throw new AngryAlert("Wachtwoorden komen niet overeen."); } } else { - return new settingsMessage("angry", "Oud wachtwoord niet correct."); + throw new AngryAlert("Oud wachtwoord niet correct."); } } @@ -129,7 +124,12 @@ function doChangePassword() { $stmt->bindParam(":new_password", $hashed_password); $stmt->bindParam(":userID", $_SESSION["userID"]); $stmt->execute(); - return $stmt->rowCount(); + + if ($stmt->rowCount()) { + throw new HappyAlert("Wachtwoord gewijzigd."); + } else { + throw new AngryAlert(); + } } function changeEmail() { @@ -138,20 +138,13 @@ function changeEmail() { $email = strtolower($_POST["email"]); if (filter_var($email, FILTER_VALIDATE_EMAIL)) { //check if email exists - if (emailIsAvailableInDatabase($email)) { - if (doChangeEmail($email)) { - return new settingsMessage("happy", "Emailadres is veranderd."); - } else { - return new settingsMessage("angry", "Er is iets mis gegaan."); - } - } else { - return new settingsMessage("angry", "Emailadres bestaat al."); - } + emailIsAvailableInDatabase($email); + doChangeEmail($email); } else { - return new settingsMessage("angry", "Geef een geldig emailadres."); + throw new AngryAlert("Geef een geldig emailadres"); } } else { - return new settingsMessage("angry", "Emailadressen komen niet overeen."); + throw new AngryAlert("Emailadressen komen niet overeen."); } } @@ -161,13 +154,15 @@ function emailIsAvailableInDatabase($email) { `email` FROM `user` - WHERE + WHERE `email` = :email "); $stmt->bindParam(":email", $email); $stmt->execute(); - return !$stmt->rowCount(); + if ($stmt->rowCount()) { + throw new AngryAlert("Emailadres wordt al gebruikt."); + } } function doChangeEmail($email) { @@ -175,25 +170,46 @@ function doChangeEmail($email) { UPDATE `user` SET - `email` = :email + `email` = :email, + `role` = 'unconfirmed' WHERE `userID` = :userID "); $stmt->bindParam(":email", $email); $stmt->bindParam(":userID", $_SESSION["userID"]); $stmt->execute(); - return $stmt->rowCount(); + + if ($stmt->rowCount()) { + sendConfirmEmail($_SESSION["userID"]); + session_destroy(); + throw new HappyAlert("Emailadres is veranderd."); + } else { + throw new AngryAlert(); + } } -function updateProfilePicture() { +function updateAvatar() { $profilePictureDir = "/var/www/html/public/"; - $relativePath = "uploads/profilepictures/" . $_SESSION["userID"] . "_" . basename($_FILES["pp"]["name"]); - removeOldProfilePicture(); - move_uploaded_file($_FILES['pp']['tmp_name'], $profilePictureDir . $relativePath); - setProfilePictureToDatabase("../" . $relativePath); + $tmpImg = $_FILES["pp"]["tmp_name"]; + + checkAvatarSize($tmpImg); + removeOldAvatar(); + if (getimagesize($tmpImg)["mime"] == "image/gif") { + if ($_FILES["pp"]["size"] > 4000000) { + throw new AngryAlert("Bestand is te groot, maximaal 4MB toegestaan."); + } + $relativePath = "uploads/profilepictures/" . $_SESSION["userID"] . "_avatar.gif"; + move_uploaded_file($tmpImg, $profilePictureDir . $relativePath); + } else { + $relativePath = "uploads/profilepictures/" . $_SESSION["userID"] . "_avatar.png"; + $scaledImg = scaleAvatar($tmpImg); + imagepng($scaledImg, $profilePictureDir . $relativePath); + } + setAvatarToDatabase("../" . $relativePath); + throw new HappyAlert("Profielfoto veranderd."); } -function removeOldProfilePicture() { +function removeOldAvatar() { $stmt = $GLOBALS["db"]->prepare(" SELECT `profilepicture` @@ -205,20 +221,39 @@ function removeOldProfilePicture() { $stmt->bindParam(":userID", $_SESSION["userID"]); $stmt->execute(); $old_avatar = $stmt->fetch()["profilepicture"]; - unlink("/var/www/html/public/uploads/" . $old_avatar); + if ($old_avatar != NULL) { + unlink("/var/www/html/public/uploads/" . $old_avatar); + } } -function setProfilePictureToDatabase($url) { +function setAvatarToDatabase(string $url) { $stmt = $GLOBALS["db"]->prepare(" UPDATE `user` SET - `profilepicture` = :profilePicture + `profilepicture` = :avatar WHERE `userID` = :userID "); - $stmt->bindParam(":profilePicture", $url); + $stmt->bindParam(":avatar", $url); $stmt->bindParam(":userID", $_SESSION["userID"]); $stmt->execute(); +} + +function checkAvatarSize(string $img) { + $minResolution = 200; + $imgSize = getimagesize($img); + if ($imgSize[0] < $minResolution or $imgSize[1] < $minResolution) { + throw new AngryAlert("Afbeelding te klein, minimaal 200x200 pixels."); + } +} + +function scaleAvatar(string $imgLink, int $newWidth = 600) { + $img = imagecreatefromstring(file_get_contents($imgLink)); + if ($img) { + return imagescale($img, $newWidth); + } else { + throw new AngryAlert("Afbeelding wordt niet ondersteund."); + } } \ No newline at end of file diff --git a/website/queries/user.php b/website/queries/user.php index 649d976..7998d42 100644 --- a/website/queries/user.php +++ b/website/queries/user.php @@ -17,27 +17,64 @@ function getUserID($username) { return $stmt->fetch()["userID"]; } -function selectUser($userID) { +function getUsername($userID) { $stmt = $GLOBALS["db"]->prepare(" SELECT - `username`, - IFNULL( - `profilepicture`, - '../img/notbad.jpg' - ) AS profilepicture, - `bio`, - `role`, - `onlinestatus`, - `loggedin`, - `fname`, - `lname` + `username` FROM `user` WHERE `userID` = :userID "); - $stmt->bindParam(':userID', $userID, PDO::PARAM_INT); + $stmt->bindParam(':userID', $userID, PDO::PARAM_STR); + $stmt->execute(); + return $stmt->fetch()["username"]; +} + +function selectUser($me, $other) { + $stmt = $GLOBALS["db"]->prepare(" + SELECT + `username`, + `birthdate`, + `location`, + IFNULL( + `profilepicture`, + '../img/avatar-standard.png' + ) AS profilepicture, + `bio`, + `user`.`creationdate`, + `onlinestatus`, + `fname`, + `lname`, + CASE `status` IS NULL + WHEN TRUE THEN 0 + WHEN FALSE THEN + CASE `status` = 'confirmed' + WHEN TRUE THEN + 1 + WHEN FALSE THEN + CASE `user1ID` = `userID` AND `user2ID` = :me + WHEN TRUE THEN + 2 + WHEN FALSE THEN + 3 + END + END + END AS `friend_status` + FROM + `user` + LEFT JOIN + `friendship` + ON + `user1ID` = `userID` AND `user2ID` = :me OR + `user1ID` = :me AND `user2ID` = `userID` + WHERE + `user`.`userID` = :other + "); + + $stmt->bindParam(':me', $me, PDO::PARAM_INT); + $stmt->bindParam(':other', $other, PDO::PARAM_INT); $stmt->execute(); return $stmt->fetch(); } @@ -68,18 +105,24 @@ function selectAllUserGroups($userID) { function selectAllUserPosts($userID) { $stmt = $GLOBALS["db"]->prepare(" SELECT - `postID`, - `author`, - `title`, - `content`, - `creationdate` + `postID`, + `author`, + `title`, + CASE LENGTH(`content`) >= 150 + WHEN TRUE THEN + CONCAT(LEFT(`content`, 150), '...') + WHEN FALSE THEN + `content` + END + AS `content`, + `creationdate` FROM - `post` + `post` WHERE - `author` = :userID AND - `groupID` IS NULL + `author` = :userID AND + `groupID` IS NULL ORDER BY - `creationdate` DESC + `creationdate` DESC "); $stmt->bindParam(':userID', $userID, PDO::PARAM_INT); diff --git a/website/views/chat-view.php b/website/views/chat-view.php index 549a5ff..797e457 100644 --- a/website/views/chat-view.php +++ b/website/views/chat-view.php @@ -1,6 +1,6 @@
    - + \ No newline at end of file diff --git a/website/views/notification-center.php b/website/views/notification-center.php index d5d6a1a..037b4ae 100644 --- a/website/views/notification-center.php +++ b/website/views/notification-center.php @@ -5,12 +5,20 @@ -
    +

    Vriendchapsverzoeken

    +
    +
    +

    + Nieuwe berichten +

    +
    \ No newline at end of file diff --git a/website/views/profile.php b/website/views/profile.php index 49238f6..19b9eae 100644 --- a/website/views/profile.php +++ b/website/views/profile.php @@ -1,11 +1,24 @@
    "> -
    -

    Als vriend toevoegen

    -
    -

    -
    + +
    + + "; + } else if($user["friend_status"] == 1) { + echo ""; + } else if($user["friend_status"] == 2) { + echo ""; + echo ""; + } else if($user["friend_status"] == 3) { + echo ""; + } + ?> +
    +

    +

    @@ -14,7 +27,7 @@

    fetch()) { - echo "${friend["username"]}"; + echo "${friend["username"]}"; } @@ -47,7 +60,7 @@

    - +
    diff --git a/website/views/register-view.php b/website/views/register-view.php index 7d1843b..f970a6f 100644 --- a/website/views/register-view.php +++ b/website/views/register-view.php @@ -41,11 +41,12 @@ @@ -95,7 +96,7 @@ - + + + + +
    -
    diff --git a/website/views/settings-view.php b/website/views/settings-view.php index 1fa5278..66513fc 100644 --- a/website/views/settings-view.php +++ b/website/views/settings-view.php @@ -6,9 +6,9 @@ $settings = getSettings();
    getClass()."'>". - $result->getMessage(). - "
    "; + echo "
    + $alertMessage +
    "; } ?>
    @@ -81,7 +81,8 @@ $settings = getSettings();