From ac83bb750bbe3359904f8d3b0e90788c0064c304 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Mon, 23 Jan 2017 16:05:22 +0100
Subject: [PATCH 1/5] fix status for enums, fix pages

---
 website/views/adminpanel.php | 64 ++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 32 deletions(-)
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index e53d679..834f54f 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -85,37 +85,37 @@ $listm = $currentpage * $perpage;
                 <div class="admin-filter" id="admin-filter">
                     <h2>Show:</h2>
 
-                    <input type="checkbox" name="status[]" id="normal" value="1"
-                           <?php if (in_array("1", $status)) echo "checked";?>>
+                    <input type="checkbox" name="status[]" id="normal" value="user"
+                           <?php if (in_array("user", $status)) echo "checked";?>>
                     <label for="normal">Normal</label><br>
-                    <input type="checkbox" name="status[]" id="frozen" value="2"
-                           <?php if (in_array("2", $status)) echo "checked";?>>
+                    <input type="checkbox" name="status[]" id="frozen" value="frozen"
+                           <?php if (in_array("frozen", $status)) echo "checked";?>>
                     <label for="frozen">Frozen</label><br>
-                    <input type="checkbox" name="status[]" id="banned" value="3"
-                           <?php if (in_array("3", $status)) echo "checked";?>>
+                    <input type="checkbox" name="status[]" id="banned" value="banned"
+                           <?php if (in_array("banned", $status)) echo "checked";?>>
                     <label for="banned">Banned</label><br>
-                    <input type="checkbox" name="status[]" id="admin" value="5"
-                           <?php if (in_array("5", $status)) echo "checked";?>>
+                    <input type="checkbox" name="status[]" id="admin" value="admin"
+                           <?php if (in_array("admin", $status)) echo "checked";?>>
                     <label for="admin">Admin</label><br>
-                    <input type="checkbox" name="status[]" id="unvalidated" value="0"
-                           <?php if (in_array("0", $status)) echo "checked";?>>
+                    <input type="checkbox" name="status[]" id="unvalidated" value="unconfirmed"
+                           <?php if (in_array("unconfirmed", $status)) echo "checked";?>>
                     <label for="unvalidated">Unvalidated</label><br>
-                    <input type="checkbox" name="status[]" id="owner" value="42"
-                           <?php if (in_array("42", $status)) echo "checked";?>>
+                    <input type="checkbox" name="status[]" id="owner" value="owner"
+                           <?php if (in_array("owner", $status)) echo "checked";?>>
                     <label for="owner">Owner</label>
                 </div>
 
                 <div class="admin-groupfilter" id="admin-groupfilter">
                     <h2>Show:</h2>
 
-                    <input type="checkbox" name="groupstatus[]" id="hidden" value="0"
-                           <?php if (in_array("0", $groupstatus)) echo "checked";?>>
+                    <input type="checkbox" name="groupstatus[]" id="hidden" value="hidden"
+                           <?php if (in_array("hidden", $groupstatus)) echo "checked";?>>
                     <label for="hidden">Hidden</label><br>
-                    <input type="checkbox" name="groupstatus[]" id="public" value="1"
-                           <?php if (in_array("1", $groupstatus)) echo "checked";?>>
+                    <input type="checkbox" name="groupstatus[]" id="public" value="public"
+                           <?php if (in_array("public", $groupstatus)) echo "checked";?>>
                     <label for="public">Public</label><br>
-                    <input type="checkbox" name="groupstatus[]" id="membersonly" value="2"
-                           <?php if (in_array("2", $groupstatus)) echo "checked";?>>
+                    <input type="checkbox" name="groupstatus[]" id="membersonly" value="membersonly"
+                           <?php if (in_array("membersonly", $groupstatus)) echo "checked";?>>
                     <label for="membersonly">Members-only</label><br>
                 </div>
 
@@ -138,11 +138,11 @@ $listm = $currentpage * $perpage;
                           id="admin-batchform"
                           action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
                           method="post">
-                        <input type="radio" name="batchactions" id="freeze" value="2">
+                        <input type="radio" name="batchactions" id="freeze" value="frozen">
                         <label for="freeze">Freeze</label><br>
-                        <input type="radio" name="batchactions" id="ban" value="3">
+                        <input type="radio" name="batchactions" id="ban" value="banned">
                         <label for="ban">Ban</label><br>
-                        <input type="radio" name="batchactions" id="restore" value="1">
+                        <input type="radio" name="batchactions" id="restore" value="user">
                         <label for="restore">Restore</label><br><br>
                         <input type="submit" value="Confirm">
                     </form>
@@ -154,11 +154,11 @@ $listm = $currentpage * $perpage;
                           id="admin-groupbatchform"
                           action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
                           method="post">
-                        <input type="radio" name="groupbatchactions" id="hide" value="0">
+                        <input type="radio" name="groupbatchactions" id="hide" value="hidden">
                         <label for="hide">Hide</label><br>
-                        <input type="radio" name="groupbatchactions" id="public" value="1">
+                        <input type="radio" name="groupbatchactions" id="public" value="public">
                         <label for="public">Public</label><br>
-                        <input type="radio" name="groupbatchactions" id="membersonly" value="2">
+                        <input type="radio" name="groupbatchactions" id="membersonly" value="membersonly">
                         <label for="membersonly">Member</label><br><br>
                         <input type="submit" value="Confirm">
                     </form>
@@ -225,7 +225,7 @@ $listm = $currentpage * $perpage;
                     $listm = $currentpage * $perpage;
 
                     if ($pagetype == 'user') {
-                        $q = searchSomeUsersByStatus($listn, $listm, $search, $status);
+                        $q = searchSomeUsersByStatus($listn, $perpage, $search, $status);
 
                         while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                             $userID = $user['userID'];
@@ -252,9 +252,9 @@ $listm = $currentpage * $perpage;
                             action='$thispage'
                             method='post'>
                             <select class='action' name='actions'>
-                            <option value='2'>Freeze</option>
-                            <option value='3'>Ban</option>
-                            <option value='1'>Restore</option>
+                            <option value='frozen'>Freeze</option>
+                            <option value='banned'>Ban</option>
+                            <option value='user'>Restore</option>
                             </select>
                             <input type='hidden' name='userID' value='$userID'>
                             <input type='submit' value='Confirm'>
@@ -264,7 +264,7 @@ $listm = $currentpage * $perpage;
                             ");
                         }
                     } else {
-                        $q = searchSomeGroupsByStatus($listn, $listm, $search, $groupstatus);
+                        $q = searchSomeGroupsByStatus($listn, $perpage, $search, $groupstatus);
 
                         while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
                             $groupID = $group['groupID'];
@@ -291,9 +291,9 @@ $listm = $currentpage * $perpage;
                             action='$thispage'
                             method='post'>
                             <select class='action' name='actions'>
-                            <option value='0'>Hide</option>
-                            <option value='1'>Public</option>
-                            <option value='2'>Members</option>
+                            <option value='hidden'>Hide</option>
+                            <option value='public'>Public</option>
+                            <option value='membersonly'>Members</option>
                             </select>
                             <input type='hidden' name='groupID' value='$groupID'>
                             <input type='submit' value='Confirm'>

From 1a53d01747efff5f90c995f91e2b226ffea7fe23 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Thu, 26 Jan 2017 13:29:56 +0100
Subject: [PATCH 2/5] add authentication

---
 website/public/admin.php     |  8 ++++++++
 website/queries/user.php     | 15 +++++++++++++++
 website/views/adminpanel.php |  1 +
 3 files changed, 24 insertions(+)

diff --git a/website/public/admin.php b/website/public/admin.php
index 5faa096..fcd386a 100644
--- a/website/public/admin.php
+++ b/website/public/admin.php
@@ -12,6 +12,14 @@
  * This view adds the main layout over the screen.
  * Header and menu.
  */
+include_once ("../queries/user.php");
+
+$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+
+if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
+    header("location:profile.php");
+}
+
 include("../views/main.php");
 
 /* Add your view files here. */
diff --git a/website/queries/user.php b/website/queries/user.php
index be06197..104d526 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -370,3 +370,18 @@ function countSomeUsers($search) {
         $q->execute();
         return $q;
 }
+
+function getRoleByID($userID) {
+    $stmt = $GLOBALS['db']->prepare("
+        SELECT
+            `role`
+        FROM
+            `user`
+        WHERE
+            `userID` = :userID
+    ");
+
+    $stmt->bindParam(':userID', $userID);
+    $stmt->execute();
+    return $stmt;
+}
\ No newline at end of file
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index 86fbb36..fd10d15 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -2,6 +2,7 @@
 <?php
 require_once ("../queries/user.php");
 require_once ("../queries/group_page.php");
+
 ?>
 <!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
 <?php

From b12eaced4a1cbe23585cc429e43b244821e15110 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Fri, 27 Jan 2017 16:14:54 +0100
Subject: [PATCH 3/5] improve adminpanel w/ ajax, enum fixes, misc fixes

---
 website/public/API/adminChangeUser.php  |  20 +++
 website/public/API/adminPageNumber.php  |  28 ++++
 website/public/API/adminSearchUsers.php |  44 +++++
 website/public/admin.php                |   7 +-
 website/public/js/admin.js              |  43 ++++-
 website/queries/group_page.php          |   9 +-
 website/views/adminpanel-grouptable.php |  48 ++++++
 website/views/adminpanel-page.php       |  31 ++++
 website/views/adminpanel-table.php      |  47 ++++++
 website/views/adminpanel.php            | 210 ++++--------------------
 10 files changed, 302 insertions(+), 185 deletions(-)
 create mode 100644 website/public/API/adminChangeUser.php
 create mode 100644 website/public/API/adminPageNumber.php
 create mode 100644 website/public/API/adminSearchUsers.php
 create mode 100644 website/views/adminpanel-grouptable.php
 create mode 100644 website/views/adminpanel-page.php
 create mode 100644 website/views/adminpanel-table.php

diff --git a/website/public/API/adminChangeUser.php b/website/public/API/adminChangeUser.php
new file mode 100644
index 0000000..067a7ba
--- /dev/null
+++ b/website/public/API/adminChangeUser.php
@@ -0,0 +1,20 @@
+<?php
+session_start();
+
+require_once ("../../queries/connect.php");
+require_once ("../../queries/checkInput.php");
+require_once ("../../queries/user.php");
+require_once ("../../queries/group_page.php");
+
+if (isset($_POST["actions"]) && isset($_POST["userID"])) {
+    changeUserStatusByID($_POST["userID"], $_POST["actions"]);
+} else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
+    changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
+} else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
+    changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
+} else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
+    changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
+}
+
+//header("location: ../admin.php");
+print_r($_POST);
\ No newline at end of file
diff --git a/website/public/API/adminPageNumber.php b/website/public/API/adminPageNumber.php
new file mode 100644
index 0000000..a6ac554
--- /dev/null
+++ b/website/public/API/adminPageNumber.php
@@ -0,0 +1,28 @@
+<?php
+
+session_start();
+
+require_once ("../../queries/connect.php");
+require_once ("../../queries/checkInput.php");
+require_once ("../../queries/user.php");
+
+$search = "";
+if (isset($_POST["search"])) {
+    $search = test_input($_POST["search"]);
+}
+
+$pagetype = "user";
+if (isset($_POST['pagetype'])) {
+    $pagetype = test_input($_POST['pagetype']);
+}
+
+$status = array();
+if (isset($_POST['status'])) {
+    $status = $_POST["status"];
+}
+
+if ($pagetype == "user") {
+    include ("../../views/adminpanel-page.php");
+} else {
+    echo "Pagenumber failed!";
+}
diff --git a/website/public/API/adminSearchUsers.php b/website/public/API/adminSearchUsers.php
new file mode 100644
index 0000000..c809db7
--- /dev/null
+++ b/website/public/API/adminSearchUsers.php
@@ -0,0 +1,44 @@
+<?php
+
+session_start();
+
+require_once ("../../queries/connect.php");
+require_once ("../../queries/checkInput.php");
+require_once ("../../queries/user.php");
+require_once ("../../queries/group_page.php");
+
+$offset = 0;
+if (isset($_POST["n"])) {
+    $offset = (int) test_input($_POST["n"]);
+}
+$entries = 20;
+if (isset($_POST["m"])) {
+    $entries = (int) test_input($_POST["m"]);
+}
+$search = "";
+if (isset($_POST["search"])) {
+    $search = test_input($_POST["search"]);
+}
+
+$pagetype = "user";
+if (isset($_POST['pagetype'])) {
+    $pagetype = test_input($_POST['pagetype']);
+}
+
+$status = array();
+if (isset($_POST['status'])) {
+    $status = $_POST["status"];
+}
+
+$groupstatus = array();
+if (isset($_POST['groupstatus'])) {
+    $groupstatus = $_POST["groupstatus"];
+}
+
+if ($pagetype == "user") {
+    include ("../../views/adminpanel-table.php");
+} else if ($pagetype == "group") {
+    include ("../../views/adminpanel-grouptable.php");
+} else {
+    echo "Search failed!";
+}
diff --git a/website/public/admin.php b/website/public/admin.php
index fcd386a..2785606 100644
--- a/website/public/admin.php
+++ b/website/public/admin.php
@@ -1,10 +1,14 @@
 <!DOCTYPE html>
 <html>
 <head>
-    <?php include("../views/head.php"); ?>
+    <?php
+    require_once ("../queries/user.php");
+    require_once ("../queries/group_page.php");
+    require_once ("../views/head.php"); ?>
     <style>
         @import url("styles/adminpanel.css");
     </style>
+    <script src="js/admin.js" charset="utf-8"></script>
 </head>
 <body>
 <?php
@@ -14,6 +18,7 @@
  */
 include_once ("../queries/user.php");
 
+// auth
 $userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
 
 if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
diff --git a/website/public/js/admin.js b/website/public/js/admin.js
index e3dfdd7..140c99a 100644
--- a/website/public/js/admin.js
+++ b/website/public/js/admin.js
@@ -1,6 +1,18 @@
-window.onload = function() {
+$(window).on("load", function () {
     changeFilter();
-};
+    $(".admin-searchinput").keyup(function(){
+        adminSearch();
+    });
+    // all inputs and labels directly under admin filter and groupfilter
+    $("#admin-filter, #admin-groupfilter > input, label").click(function(){
+        adminSearch();
+    });
+    $("#pagetype").change(function(){
+        adminSearch();
+    });
+
+    adminSearch();
+});
 
 function checkAll(allbox) {
     var checkboxes = document.getElementsByClassName('checkbox-list');
@@ -32,13 +44,32 @@ function changeFilter() {
         document.getElementById('admin-filter').style.display = 'none';
         document.getElementById('admin-groupfilter').style.display = 'inline-block';
 
-        document.getElementById('admin-batchactions').style.display = 'none';
-        document.getElementById('admin-groupbatchactions').style.display = 'inline-block';
+        document.getElementById('admin-batchform').style.display = 'none';
+        document.getElementById('admin-groupbatchform').style.display = 'inline-block';
     } else {
         document.getElementById('admin-filter').style.display = 'inline-block';
         document.getElementById('admin-groupfilter').style.display = 'none';
 
-        document.getElementById('admin-batchactions').style.display = 'inline-block';
-        document.getElementById('admin-groupbatchactions').style.display = 'none';
+        document.getElementById('admin-batchform').style.display = 'inline-block';
+        document.getElementById('admin-groupbatchform').style.display = 'none';
     }
 }
+
+function adminSearch() {
+    $.post(
+        "API/adminSearchUsers.php",
+        $("#admin-searchform").serialize()
+    ).done(function (data) {
+        console.log(data);
+        $("#usertable").html(data);
+    })
+}
+
+function updatePageN() {
+    $.post(
+        "API/adminPageNumber.php",
+        $("#admin-searchform").serialize()
+    ).done(function (data) {
+        $("#admin-pageinfo").html(data);
+    })
+}
\ No newline at end of file
diff --git a/website/queries/group_page.php b/website/queries/group_page.php
index f3de045..cdef6ae 100644
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -143,15 +143,18 @@ function countSomeGroupsByStatus($keyword, $status) {
 }
 
 function changeGroupStatusByID($id, $status) {
-    $q = $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
     UPDATE
         `group_page`
     SET
-        `status` = $status
+        `status` = :status
     WHERE
-        `groupID` = $id
+        `groupID` = :id
     ");
 
+    $q->bindParam(':status', $status);
+    $q->bindParam(':id', $id);
+    $q->execute();
     return $q;
 }
 
diff --git a/website/views/adminpanel-grouptable.php b/website/views/adminpanel-grouptable.php
new file mode 100644
index 0000000..4999666
--- /dev/null
+++ b/website/views/adminpanel-grouptable.php
@@ -0,0 +1,48 @@
+<tr>
+    <th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
+    <th class="table-username">Gebruikersnaam</th>
+    <th class="table-status">Status</th>
+    <th class="table-comment">Aantekening</th>
+    <th class="table-action">Actie</th>
+</tr>
+
+<?php
+print_r($_POST);
+
+$q = searchSomeGroupsByStatus($offset, $entries, $search, $groupstatus);
+
+while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
+    $groupID = $group['groupID'];
+    $name = $group['name'];
+    $role = $group['status'];
+    $description = $group['description'];
+    $function = "checkCheckAll(document.getElementById('checkall'))";
+
+    echo("
+        <tr>
+            <td><input type='checkbox'
+                       name='checkbox-group[]'
+                       class='checkbox-list'
+                       value='$groupID'
+                       form='admin-groupbatchform'
+                       onchange='$function'>
+            </td>
+            <td>$name</td>
+            <td>$role</td>
+            <td>$description</td>
+            <td>
+                <form class='admin-groupaction'
+                      action='API/adminChangeUser.php'
+                      method='post'>
+                    <select class='action' name='actions'>
+                        <option value='hidden'>Hidden</option>
+                        <option value='public'>Public</option>
+                        <option value='membersonly'>Members</option>
+                    </select>
+                    <input type='hidden' name='groupID' value='$groupID'>
+                    <input type='submit' value='Confirm'>
+                </form>
+            </td>
+        </tr>
+    ");
+}
\ No newline at end of file
diff --git a/website/views/adminpanel-page.php b/website/views/adminpanel-page.php
new file mode 100644
index 0000000..a17ce50
--- /dev/null
+++ b/website/views/adminpanel-page.php
@@ -0,0 +1,31 @@
+<?php
+if ($pagetype == "user") {
+    $pages = countSomeUsersByStatus($search, $status);
+} else {
+    $pages = countSomeGroupsByStatus($search, $groupstatus);
+}
+$countresults = $pages->fetchColumn();
+$mincount = min($listm, $countresults);
+$minlist = min($listn + 1, $countresults);
+?>
+    Pagina: <form class="admin-pageselector"
+                  action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
+                  method="post">
+    <select class="admin-pageselect"
+            name="pageselect"
+            onchange="this.form.submit()"
+            value="">
+        <?php
+        for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
+            if ($currentpage == $i) {
+                echo "<option value='$i' selected>$i</option>";
+            } else {
+                echo "<option value='$i'>$i</option>";
+            }
+        }
+        ?>
+    </select>
+</form>
+<?php
+echo "$minlist tot $mincount ($countresults totaal)";
+?>
\ No newline at end of file
diff --git a/website/views/adminpanel-table.php b/website/views/adminpanel-table.php
new file mode 100644
index 0000000..a21c9d6
--- /dev/null
+++ b/website/views/adminpanel-table.php
@@ -0,0 +1,47 @@
+<tr>
+    <th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
+    <th class="table-username">Gebruikersnaam</th>
+    <th class="table-status">Status</th>
+    <th class="table-comment">Aantekening</th>
+    <th class="table-action">Actie</th>
+</tr>
+
+<!-- Table construction via php PDO. -->
+<?php
+$q = searchSomeUsersByStatus($offset, $entries, $search, $status);
+while($user = $q->fetch(PDO::FETCH_ASSOC)) {
+    $userID = $user['userID'];
+    $username = $user['username'];
+    $role = $user['role'];
+    $bancomment = $user['bancomment'];
+    $function = "checkCheckAll(document.getElementById('checkall'))";
+
+    echo("
+        <tr>
+            <td>
+                <input type='checkbox'
+                       name='checkbox-user[]'
+                       class='checkbox-list'
+                       value='$userID'
+                       form='admin-batchform'
+                       onchange='$function'>
+            </td>
+            <td>$username</td>
+            <td>$role</td>
+            <td>$bancomment</td>
+            <td>
+                <form class='admin-useraction'
+                      action='API/adminChangeUser.php'
+                      method='post'>
+                    <select class='action' name='actions'>
+                        <option value='frozen'>Bevries</option>
+                        <option value='banned'>Ban</option>
+                        <option value='user'>Activeer</option>
+                    </select>
+                    <input type='hidden' name='userID' value='$userID'>
+                    <input type='submit' value='Confirm'>
+                </form>
+            </td>
+        </tr>
+    ");
+}
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index fd10d15..c48a28d 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -1,15 +1,11 @@
-<script src="js/admin.js" charset="utf-8"></script>
-<?php
-require_once ("../queries/user.php");
-require_once ("../queries/group_page.php");
 
-?>
 <!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
 <?php
 $search = "";
 $currentpage = 1;
 $perpage = 20;
-$status = $groupstatus = array();
+$status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
+$groupstatus = array("hidden", "public", "membersonly");
 $pagetype = "user";
 
 if (isset($_GET["search"])) {
@@ -30,31 +26,11 @@ if (isset($_GET["groupstatus"])) {
 
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    if (isset($_POST["actions"]) && isset($_POST["userID"])) {
-        changeUserStatusByID($_POST["userID"], $_POST["actions"]);
-    }
-
-    if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
-        changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
-    }
-
-    if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
-        changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
-    }
-
-    if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
-        changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
-    }
-
     if (isset($_POST["pageselect"])) {
         $currentpage = $_POST["pageselect"];
     }
-
 }
 
-$listn = ($currentpage-1) * $perpage;
-$listm = $currentpage * $perpage;
-
 ?>
 
 <div class="content">
@@ -62,7 +38,8 @@ $listm = $currentpage * $perpage;
         <h5>Zoek naar gebruikers of groepen:</h5>
         <div class="admin-options">
             <form class="admin-searchform"
-                  action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
+                  id="admin-searchform"
+                  action="javascript:adminSearch();"
                   method="get">
 
                 <div class="admin-searchbar">
@@ -71,10 +48,11 @@ $listm = $currentpage * $perpage;
                                  class="admin-searchinput"
                                  placeholder="Naam"
                                  value="<?php echo $search;?>">
+
                     Op: <select name="pagetype" id="pagetype" onchange="changeFilter()">
                         <option value="user"
                             <?php if (isset($pagetype) && $pagetype=="user") echo "selected";?>>
-                            Gerbuiker
+                            Gebruiker
                         </option>
                         <option value="group"
                             <?php if (isset($pagetype) && $pagetype=="group") echo "selected";?>>
@@ -83,32 +61,27 @@ $listm = $currentpage * $perpage;
                     </select>
                     <button type="submit"><i class="fa fa-search"></i></button>
                 </div>
+
                 <div id="admin-filter">
                     <h5>Type gebruiker:</h5>
-                    <input type="checkbox"
-                           name="status[]"
-                           id="all"
-                           value="all"
-                        <?php if (in_array("all", $status)) echo "checked";?>>
-                    <label for="normal">Allemaal</label><br>
                     <input type="checkbox"
                            name="status[]"
                            id="normal"
                            value="user"
                         <?php if (in_array("user", $status)) echo "checked";?>>
-                    <label for="normal">Normal</label><br>
+                    <label for="normal">Normaal</label><br>
                     <input type="checkbox"
                            name="status[]"
                            id="frozen"
                            value="frozen"
                         <?php if (in_array("frozen", $status)) echo "checked";?>>
-                    <label for="frozen">Frozen</label><br>
+                    <label for="frozen">Gefrozen</label><br>
                     <input type="checkbox"
                            name="status[]"
                            id="banned"
                            value="banned"
                         <?php if (in_array("banned", $status)) echo "checked";?>>
-                    <label for="banned">Banned</label><br>
+                    <label for="banned">Gebant</label><br>
                     <input type="checkbox"
                            name="status[]"
                            id="admin"
@@ -120,7 +93,7 @@ $listm = $currentpage * $perpage;
                            id="unvalidated"
                            value="unconfirmed"
                         <?php if (in_array("unconfirmed", $status)) echo "checked";?>>
-                    <label for="unvalidated">Unvalidated</label><br>
+                    <label for="unvalidated">Ongevalideerd</label><br>
                     <input type="checkbox"
                            name="status[]"
                            id="owner"
@@ -131,160 +104,47 @@ $listm = $currentpage * $perpage;
 
                 <div id="admin-groupfilter">
                     <h5>Type groep:</h5>
-                    <input type="checkbox" name="groupstatus[]" id="all" value="all"
-                        <?php if (in_array("all", $groupstatus)) echo "checked";?>>
-                    <label for="hidden">Allemaal</label><br>
-                    <input type="checkbox" name="groupstatus[]" id="hidden" value="0"
-                        <?php if (in_array("0", $groupstatus)) echo "checked";?>>
-                    <label for="hidden">Hidden</label><br>
-                    <input type="checkbox" name="groupstatus[]" id="public" value="1"
-                        <?php if (in_array("1", $groupstatus)) echo "checked";?>>
-                    <label for="public">Public</label><br>
-                    <input type="checkbox" name="groupstatus[]" id="membersonly" value="2"
-                        <?php if (in_array("2", $groupstatus)) echo "checked";?>>
-                    <label for="membersonly">Members-only</label><br>
+                    <input type="checkbox" name="groupstatus[]" id="hidden" value="hidden"
+                        <?php if (in_array("hidden", $groupstatus)) echo "checked";?>>
+                    <label for="hidden">Verborgen</label><br>
+                    <input type="checkbox" name="groupstatus[]" id="public" value="public"
+                        <?php if (in_array("public", $groupstatus)) echo "checked";?>>
+                    <label for="public">Publiek</label><br>
+                    <input type="checkbox" name="groupstatus[]" id="membersonly" value="membersonly"
+                        <?php if (in_array("membersonly", $groupstatus)) echo "checked";?>>
+                    <label for="membersonly">Alleen Leden</label><br>
                 </div>
             </form>
         </div>
+
         <div class="admin-users">
             <div class="admin-usertitle">
                 <h4>Resultaat:</h4>
-                <span style="float: right">
-                        <?php
-                        if ($pagetype == "user") {
-                            $pages = countSomeUsersByStatus($search, $status);
-                        } else {
-                            $pages = countSomeGroupsByStatus($search, $groupstatus);
-                        }
-                        $countresults = $pages->fetchColumn();
-                        $mincount = min($listm, $countresults);
-                        $minlist = min($listn + 1, $countresults);
-                        ?>
-                    Pagina: <form class="admin-pageselector"
-                                  action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
-                                  method="post">
-                              <select class="admin-pageselect"
-                                      name="pageselect"
-                                      onchange="this.form.submit()"
-                                      value="">
-                                  <?php
-                                  for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
-                                      if ($currentpage == $i) {
-                                          echo "<option value='$i' selected>$i</option>";
-                                      } else {
-                                          echo "<option value='$i'>$i</option>";
-                                      }
-                                  }
-                                  ?>
-                              </select>
-                        </form>
-                    <?php
-                    echo "$minlist tot $mincount ($countresults totaal)";
-                    ?>
-                    </span>
+                <span style="float: right" id="admin-pageinfo">
+
+                </span>
                 <form
                         id="admin-batchform"
-                        action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
+                        action="API/adminChangeUser.php"
                         method="post">
 
                     <button type="submit" name="batchactions" id="freeze" value="frozen">Bevries</button>
                     <button type="submit" name="batchactions" id="ban" value="banned">Ban</button>
                     <button type="submit" name="batchactions" id="restore" value="user">Activeer</button>
                 </form>
+                <form
+                        id="admin-groupbatchform"
+                        action="API/adminChangeUser.php"
+                        method="post">
+
+                    <button type="submit" name="batchactions" id="hide" value="hidden">Hide</button>
+                    <button type="submit" name="batchactions" id="ban" value="public">Public</button>
+                    <button type="submit" name="batchactions" id="members" value="membersonly">Members</button>
+                </form>
             </div>
-            <table class="usertable">
-                <tr>
-                    <th><input type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
-                    <th class="table-username">Gebruikersnaam</th>
-                    <th class="table-status">Status</th>
-                    <th class="table-comment">Aantekening</th>
-                    <th class="table-action">Actie</th>
-                </tr>
 
-                <!-- Table construction via php PDO. -->
-                <?php
-                $listn = ($currentpage-1) * $perpage;
-                $listm = $currentpage * $perpage;
+            <table class="usertable" id="usertable">
 
-                if ($pagetype == 'user') {
-                    $q = searchSomeUsersByStatus($listn, $listm, $search, $status);
-                    while($user = $q->fetch(PDO::FETCH_ASSOC)) {
-                        $userID = $user['userID'];
-                        $username = $user['username'];
-                        $role = $user['role'];
-                        $bancomment = $user['bancomment'];
-                        $thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
-                        $function = "checkCheckAll(document.getElementById('checkall'))";
-
-                        echo("
-                            <tr>
-                            <td><input type='checkbox'
-                            name='checkbox-user[]'
-                            class='checkbox-list'
-                            value='$userID'
-                            form='admin-batchform'
-                            onchange=" . "$function" . ">
-                            </td>
-                            <td>$username</td>
-                            <td>$role</td>
-                            <td>$bancomment</td>
-                            <td>
-                            <form class='admin-useraction'
-                            action='$thispage'
-                            method='post'>
-                            <select class='action' name='actions'>
-                            <option value='frozen'>Bevries</option>
-                            <option value='banned'>Ban</option>
-                            <option value='user'>Activeer</option>
-                            </select>
-                            <input type='hidden' name='userID' value='$userID'>
-                            <input type='submit' value='Confirm'>
-                            </form>
-                            </td>
-                            </tr>
-                            ");
-                    }
-                } else {
-                    $q = searchSomeGroupsByStatus($listn, $listm, $search, $groupstatus);
-
-                    while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
-                        $groupID = $group['groupID'];
-                        $name = $group['name'];
-                        $role = $group['status'];
-                        $description = $group['description'];
-                        $thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
-                        $function = "checkCheckAll(document.getElementById('checkall'))";
-
-                        echo("
-                            <tr>
-                            <td><input type='checkbox'
-                            name='checkbox-group[]'
-                            class='checkbox-list'
-                            value='$groupID'
-                            form='admin-groupbatchform'
-                            onchange=" . "$function" . ">
-                            </td>
-                            <td>$name</td>
-                            <td>$role</td>
-                            <td>$description</td>
-                            <td>
-                            <form class='admin-groupaction'
-                            action='$thispage'
-                            method='post'>
-                            <select class='action' name='actions'>
-                            <option value='0'>Hide</option>
-                            <option value='1'>Public</option>
-                            <option value='2'>Members</option>
-                            </select>
-                            <input type='hidden' name='groupID' value='$groupID'>
-                            <input type='submit' value='Confirm'>
-                            </form>
-                            </td>
-                            </tr>
-                            ");
-                    }
-                }
-                ?>
             </table>
         </div>
     </div>

From b24fed57d997bf2377c57ee1e92e7d57d6655886 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Sun, 29 Jan 2017 14:01:25 +0100
Subject: [PATCH 4/5] Changed db connect and database query structure so
 PhpStorm can detect it.

---
 website/public/API/nietSlecht.php   |  4 +--
 website/queries/connect.php         |  4 +++
 website/queries/emailconfirm.php    |  4 +--
 website/queries/friendship.php      | 18 +++++-----
 website/queries/group_member.php    |  4 +--
 website/queries/group_page.php      | 27 +++++++-------
 website/queries/header.php          |  2 +-
 website/queries/login.php           |  3 +-
 website/queries/nicetime.php        | 56 ++++++++++++++---------------
 website/queries/post.php            | 14 ++++----
 website/queries/private_message.php |  8 ++---
 website/queries/register.php        |  8 ++---
 website/queries/requestpassword.php |  4 +--
 website/queries/settings.php        | 16 ++++-----
 website/queries/user.php            | 34 +++++++++---------
 15 files changed, 104 insertions(+), 102 deletions(-)

diff --git a/website/public/API/nietSlecht.php b/website/public/API/nietSlecht.php
index e37c8e0..1692cb3 100644
--- a/website/public/API/nietSlecht.php
+++ b/website/public/API/nietSlecht.php
@@ -5,7 +5,7 @@ require_once ("../queries/connect.php");
 require_once ("../queries/checkInput.php");
 
 function getNietSlechtCountForPost(int $postID) : int {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT 
         `userID`
     FROM 
@@ -19,7 +19,7 @@ function getNietSlechtCountForPost(int $postID) : int {
 }
 
 function getNietSlechtUsersForPost(int $postID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
       `fname`,
       `lname`,
diff --git a/website/queries/connect.php b/website/queries/connect.php
index ddb3c9b..3971a74 100644
--- a/website/queries/connect.php
+++ b/website/queries/connect.php
@@ -8,4 +8,8 @@ else {
     $GLOBALS["db"] = new PDO("mysql:host=$dbconf->mysql_host;dbname=$dbconf->mysql_database;charset=utf8",
         "$dbconf->mysql_username", "$dbconf->mysql_password")
     or die('Error connecting to mysql server');
+}
+
+function prepareQuery(string $query) : PDOStatement {
+    return $GLOBALS["db"]->prepare($query);
 }
\ No newline at end of file
diff --git a/website/queries/emailconfirm.php b/website/queries/emailconfirm.php
index 0b3224f..0e6aab1 100644
--- a/website/queries/emailconfirm.php
+++ b/website/queries/emailconfirm.php
@@ -1,7 +1,7 @@
 <?php
 
 function sendConfirmEmailUsername(string $username) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         `userID`
     FROM
@@ -16,7 +16,7 @@ function sendConfirmEmailUsername(string $username) {
 }
 
 function sendConfirmEmail(int $userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT 
         `email`,
         `fname`
diff --git a/website/queries/friendship.php b/website/queries/friendship.php
index a1a23d8..8d71376 100644
--- a/website/queries/friendship.php
+++ b/website/queries/friendship.php
@@ -7,7 +7,7 @@ function selectFriends($userID) {
 }
 
 function selectLimitedFriends($userID, $limit) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
             `userID`,
             `username`,
@@ -41,7 +41,7 @@ function selectLimitedFriends($userID, $limit) {
 
 
 function selectAllFriends($userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
             `userID`,
             `username`,
@@ -73,7 +73,7 @@ function selectAllFriends($userID) {
 }
 
 function selectAllFriendRequests() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
             `userID`,
             `username`,
@@ -115,7 +115,7 @@ function getFriendshipStatus($userID) {
         return -1;
     }
 
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
       CASE `status` IS NULL
       WHEN TRUE THEN 0
@@ -148,7 +148,7 @@ function getFriendshipStatus($userID) {
 }
 
 function requestFriendship($userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         INSERT INTO `friendship` (user1ID, user2ID)
         VALUES (:user1, :user2)
     ");
@@ -159,7 +159,7 @@ function requestFriendship($userID) {
 }
 
 function removeFriendship($userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         DELETE FROM `friendship`
         WHERE
           `user1ID` = :user1 AND
@@ -175,7 +175,7 @@ function removeFriendship($userID) {
 }
 
 function acceptFriendship($userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         UPDATE `friendship`
         SET `status`='confirmed'
         WHERE 
@@ -190,7 +190,7 @@ function acceptFriendship($userID) {
 }
 
 function setLastVisited($friend) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         UPDATE
           `friendship`
         SET `friendship`.chatLastVisted1=(
@@ -220,7 +220,7 @@ function setLastVisited($friend) {
 }
 
 function searchSomeFriends($n, $m, $search) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
             `userID`,
             `username`,
diff --git a/website/queries/group_member.php b/website/queries/group_member.php
index cba339f..cea4dde 100644
--- a/website/queries/group_member.php
+++ b/website/queries/group_member.php
@@ -5,7 +5,7 @@ function selectAllGroupsFromUser($userID) {
 }
 
 function selectLimitedGroupsFromUser($userID, $limit) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         `group_page`.`name`,
         `group_page`.`picture`
@@ -28,7 +28,7 @@ function selectLimitedGroupsFromUser($userID, $limit) {
 }
 
 function searchSomeOwnGroups($n, $m, $search) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         `group_page`.`name`,
         `group_page`.`picture`
diff --git a/website/queries/group_page.php b/website/queries/group_page.php
index 5652e37..8921aa5 100644
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -3,7 +3,7 @@
 require("connect.php");
 
 function selectGroupByName($name) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
           `group_page`.`groupID`,
           `name`,
@@ -29,7 +29,7 @@ function selectGroupByName($name) {
 }
 
 function selectGroupMembers(int $groupID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
           `username`,
           `fname`,
@@ -54,7 +54,7 @@ function selectGroupMembers(int $groupID) {
 }
 
 function selectGroupById($groupID) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         `group_page`.`name`,
         `group_page`.`picture`,
@@ -73,7 +73,7 @@ function selectGroupById($groupID) {
 }
 
 function select20GroupsFromN($n) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         `group_page`.`groupID`,
         `group_page`.`name`,
@@ -95,7 +95,7 @@ function select20GroupsFromN($n) {
 }
 
 function select20GroupsByStatusFromN($n, $status) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         `group_page`.`groupID`,
         `group_page`.`name`,
@@ -120,7 +120,7 @@ function select20GroupsByStatusFromN($n, $status) {
 }
 
 function search20GroupsFromNByStatus($n, $keyword, $status) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         `groupID`,
         `name`,
@@ -147,7 +147,7 @@ function search20GroupsFromNByStatus($n, $keyword, $status) {
 }
 
 function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
-    $q = $GLOBALS['db']->prepare("
+    $q = prepareQuery("
     SELECT
         `groupID`,
         `name`,
@@ -175,7 +175,7 @@ function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
 }
 
 function countSomeGroupsByStatus($keyword, $status) {
-    $q = $GLOBALS['db']->prepare("
+    $q = prepareQuery("
     SELECT
         COUNT(*)
     FROM
@@ -196,7 +196,7 @@ function countSomeGroupsByStatus($keyword, $status) {
 }
 
 function changeGroupStatusByID($id, $status) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     UPDATE
         `group_page`
     SET
@@ -212,7 +212,7 @@ function changeGroupStatusByID($id, $status) {
 }
 
 function changeMultipleGroupStatusByID($ids, $status) {
-    $q = $GLOBALS['db']->prepare("
+    $q = prepareQuery("
     UPDATE
         `group_page`
     SET
@@ -229,7 +229,7 @@ function changeMultipleGroupStatusByID($ids, $status) {
 }
 
 function searchSomeGroups($n, $m, $search) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         `name`,
         `picture`
@@ -252,7 +252,7 @@ function searchSomeGroups($n, $m, $search) {
 }
 
 function countSomeGroups($search) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         COUNT(*)
     FROM
@@ -267,5 +267,4 @@ function countSomeGroups($search) {
     $stmt->bindParam(':keyword', $search);
     $stmt->execute();
     return $stmt;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/website/queries/header.php b/website/queries/header.php
index b0dd42c..7410d17 100644
--- a/website/queries/header.php
+++ b/website/queries/header.php
@@ -1,6 +1,6 @@
 <?php
 function getHeaderInfo() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         `fname`,
         `lname`,
diff --git a/website/queries/login.php b/website/queries/login.php
index 384a3d5..c7e8383 100644
--- a/website/queries/login.php
+++ b/website/queries/login.php
@@ -1,7 +1,7 @@
 <?php
 
 function getUser() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
       `password`,
       `userID`,
@@ -61,5 +61,4 @@ class loginException extends Exception
         parent::__construct($message, $code, $previous);
     }
 }
-?>
 
diff --git a/website/queries/nicetime.php b/website/queries/nicetime.php
index 4db6cbd..e2e509e 100644
--- a/website/queries/nicetime.php
+++ b/website/queries/nicetime.php
@@ -1,39 +1,39 @@
 <?php
 function nicetime($date) {
-if(empty($date)) {
-return "No date provided";
-}
+    if(empty($date)) {
+        return "No date provided";
+    }
 
-$single_periods = array("seconde", "minuut", "uur", "dag", "week", "maand", "jaar", "decennium");
-$multiple_periods = array("seconden", "minuten", "uur", "dagen", "weken", "maanden", "jaar", "decennia");
-$lengths = array("60", "60", "24", "7", "4.35", "12", "10", "0");
+    $single_periods = array("seconde", "minuut", "uur", "dag", "week", "maand", "jaar", "decennium");
+    $multiple_periods = array("seconden", "minuten", "uur", "dagen", "weken", "maanden", "jaar", "decennia");
+    $lengths = array("60", "60", "24", "7", "4.35", "12", "10", "0");
 
-$now = time();
-$unix_date = strtotime($date);
+    $now = time();
+    $unix_date = strtotime($date);
 
-if(empty($unix_date)) {
-return "Bad date";
-}
+    if(empty($unix_date)) {
+        return "Bad date";
+    }
 
-if($now > $unix_date) {
-$difference = $now - $unix_date;
-$tense = "geleden";
-} else {
-$difference = $unix_date - $now;
-$tense = "vanaf nu";
-}
+    if($now > $unix_date) {
+        $difference = $now - $unix_date;
+        $tense = "geleden";
+    } else {
+        $difference = $unix_date - $now;
+        $tense = "vanaf nu";
+    }
 
-for($i = 0; $difference >= $lengths[$i] && $i < count($lengths) - 1; $i++) {
-$difference /= $lengths[$i];
-}
+    for($i = 0; $difference >= $lengths[$i] && $i < count($lengths) - 1; $i++) {
+        $difference /= $lengths[$i];
+    }
 
-$difference = round($difference);
+    $difference = round($difference);
 
-if($difference != 1) {
-$period = $multiple_periods[$i];
-} else {
-$period = $single_periods[$i];
-}
+    if($difference != 1) {
+        $period = $multiple_periods[$i];
+    } else {
+        $period = $single_periods[$i];
+    }
 
-return "$difference $period $tense";
+    return "$difference $period $tense";
 }
\ No newline at end of file
diff --git a/website/queries/post.php b/website/queries/post.php
index df1e227..1c09385 100644
--- a/website/queries/post.php
+++ b/website/queries/post.php
@@ -1,7 +1,7 @@
 <?php
 
 function selectPostById($postID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
             `user`.`fname`,
             `user`.`lname`,
@@ -26,7 +26,7 @@ function selectPostById($postID) {
 }
 
 function selectCommentsByPostId($postID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
             `comment`.`commentID`,
             `comment`.`postID`,
@@ -52,7 +52,7 @@ function selectCommentsByPostId($postID) {
 }
 
 function makePost($userID, $groupID, $title, $content) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         INSERT INTO
             `post` (
                 `author`,
@@ -76,7 +76,7 @@ function makePost($userID, $groupID, $title, $content) {
 }
 
 function makeComment($postID, $userID, $content) : int {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         INSERT INTO
             `comment` (
                 `postID`, 
@@ -106,7 +106,7 @@ function makeNietSlecht(int $postID, int $userID) : int {
 }
 
 function checkNietSlecht(int $postID, int $userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         *
     FROM
@@ -122,7 +122,7 @@ function checkNietSlecht(int $postID, int $userID) {
 }
 
 function addNietSlecht(int $postID, int $userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     INSERT INTO
         `niet_slecht` (`userID`, `postID`)
         VALUES (:userID, :postID)
@@ -134,7 +134,7 @@ function addNietSlecht(int $postID, int $userID) {
 }
 
 function deleteNietSlecht(int $postID, int $userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     DELETE FROM
         `niet_slecht`
     WHERE
diff --git a/website/queries/private_message.php b/website/queries/private_message.php
index 4d48d3a..6f3abb5 100644
--- a/website/queries/private_message.php
+++ b/website/queries/private_message.php
@@ -4,7 +4,7 @@ function getOldChatMessages($user2ID) {
     require_once ("friendship.php");
     $user1ID = $_SESSION["userID"];
     if (getFriendshipStatus($user2ID) == 1) {
-        $stmt = $GLOBALS["db"]->prepare("
+        $stmt = prepareQuery("
         SELECT
             *
         FROM
@@ -32,7 +32,7 @@ function getOldChatMessages($user2ID) {
 function sendMessage($destination, $content) {
     require_once("friendship.php");
     if (getFriendshipStatus($destination) == 1) {
-        $stmt = $GLOBALS["db"]->prepare("
+        $stmt = prepareQuery("
         INSERT INTO
             `private_message`
         (
@@ -61,7 +61,7 @@ function sendMessage($destination, $content) {
 function getNewChatMessages($lastID, $destination) {
     require_once("friendship.php");
     if (getFriendshipStatus($destination) == 1) {
-        $stmt = $GLOBALS["db"]->prepare("
+        $stmt = prepareQuery("
         SELECT
             *
         FROM
@@ -91,7 +91,7 @@ function getNewChatMessages($lastID, $destination) {
 
 
 function selectAllUnreadChat() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
       LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) AS `fullname`,
       `user`.`userID`,
diff --git a/website/queries/register.php b/website/queries/register.php
index bc44acf..1aed0ef 100644
--- a/website/queries/register.php
+++ b/website/queries/register.php
@@ -1,7 +1,7 @@
 <?php
 
 function getExistingUsername() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
       `username`
     FROM
@@ -17,7 +17,7 @@ function getExistingUsername() {
 }
 
 function getExistingEmail() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
       `email`
     FROM
@@ -33,7 +33,7 @@ function getExistingEmail() {
 }
 
 function getResetEmail() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
       `email`
     FROM
@@ -49,7 +49,7 @@ function getResetEmail() {
 }
 
 function registerAccount() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     INSERT INTO
       `user`(fname,
              lname,
diff --git a/website/queries/requestpassword.php b/website/queries/requestpassword.php
index bae825a..a54bd7d 100644
--- a/website/queries/requestpassword.php
+++ b/website/queries/requestpassword.php
@@ -3,7 +3,7 @@ include_once "../queries/connect.php";
 
 function sendPasswordRecovery(string $email) {
     if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
-        $stmt = $GLOBALS["db"]->prepare("
+        $stmt = prepareQuery("
         SELECT 
             `userID`,
             `username`
@@ -39,7 +39,7 @@ function doSendPasswordRecovery(int $userID, string $email, string $username, st
 }
 
 function setHashToDatabase(int $userID, string $hash) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     UPDATE
         `user`
     SET
diff --git a/website/queries/settings.php b/website/queries/settings.php
index 05e7fbf..f4c5403 100644
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -50,7 +50,7 @@ class AngryAlert extends AlertMessage {
  * @return mixed Setting as an array.
  */
 function getSettings() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
       `fname`,
       `lname`,
@@ -77,7 +77,7 @@ function getSettings() {
  * @return mixed passwordhash
  */
 function getPasswordHash() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
       `password`,
       `username`
@@ -96,7 +96,7 @@ function getPasswordHash() {
  * @throws HappyAlert
  */
 function updateSettings() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     UPDATE
       `user`
     SET
@@ -146,7 +146,7 @@ function changePassword() {
  * @throws HappyAlert
  */
 function doChangePassword() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     UPDATE
       `user`
     SET
@@ -184,7 +184,7 @@ function changeEmail() {
 }
 
 function emailIsAvailableInDatabase($email) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         `email`
     FROM
@@ -201,7 +201,7 @@ function emailIsAvailableInDatabase($email) {
 }
 
 function doChangeEmail($email) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     UPDATE
         `user`
     SET
@@ -245,7 +245,7 @@ function updateAvatar() {
 }
 
 function removeOldAvatar() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         `profilepicture`
      FROM 
@@ -262,7 +262,7 @@ function removeOldAvatar() {
 }
 
 function setAvatarToDatabase(string $url) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     UPDATE
         `user`
     SET
diff --git a/website/queries/user.php b/website/queries/user.php
index 1d075ef..ec211c0 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -1,9 +1,9 @@
 <?php
 
-require("connect.php");
+require_once ("connect.php");
 
 function getUserID($username) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
             `userID`
         FROM
@@ -18,7 +18,7 @@ function getUserID($username) {
 }
 
 function getUsername($userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
             `username`
         FROM
@@ -33,7 +33,7 @@ function getUsername($userID) {
 }
 
 function selectUser($me, $other) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
           `userID`,
           `username`,
@@ -81,7 +81,7 @@ function selectUser($me, $other) {
 }
 
 function selectAllUserGroups($userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
             `group_page`.`groupID`,
             `name`,
@@ -104,7 +104,7 @@ function selectAllUserGroups($userID) {
 }
 
 function selectAllUserPosts($userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
           `post`.`postID`,
           `post`.`author`,
@@ -146,7 +146,7 @@ function selectAllUserPosts($userID) {
 }
 
 function select20UsersFromN($n) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         `userID`,
         `username`,
@@ -167,7 +167,7 @@ function select20UsersFromN($n) {
 }
 
 function search20UsersFromN($n, $keyword) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         `userID`,
         `username`,
@@ -191,7 +191,7 @@ function search20UsersFromN($n, $keyword) {
 }
 
 function search20UsersFromNByStatus($n, $keyword, $status) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         `userID`,
         `username`,
@@ -219,7 +219,7 @@ function search20UsersFromNByStatus($n, $keyword, $status) {
 }
 
 function searchSomeUsersByStatus($n, $m, $keyword, $status) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         `userID`,
         `username`,
@@ -248,7 +248,7 @@ function searchSomeUsersByStatus($n, $m, $keyword, $status) {
 }
 
 function countSomeUsersByStatus($keyword, $status) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         COUNT(*)
     FROM
@@ -271,7 +271,7 @@ function countSomeUsersByStatus($keyword, $status) {
 
 
 function changeUserStatusByID($id, $status) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     UPDATE
         `user`
     SET
@@ -287,7 +287,7 @@ function changeUserStatusByID($id, $status) {
 }
 
 function changeMultipleUserStatusByID($ids, $status) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     UPDATE
         `user`
     SET
@@ -304,7 +304,7 @@ function changeMultipleUserStatusByID($ids, $status) {
 }
 
 function selectRandomNotFriendUser($userID) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         `user`.`username`
     FROM
@@ -332,7 +332,7 @@ function selectRandomNotFriendUser($userID) {
 }
 
 function searchSomeUsers($n, $m, $search) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
     SELECT
         `userID`,
         `username`,
@@ -367,7 +367,7 @@ function searchSomeUsers($n, $m, $search) {
 }
 
 function countSomeUsers($search) {
-    $q = $GLOBALS["db"]->prepare("
+    $q = prepareQuery("
     SELECT
         COUNT(*)
     FROM
@@ -389,7 +389,7 @@ function countSomeUsers($search) {
 }
 
 function getRoleByID($userID) {
-    $stmt = $GLOBALS['db']->prepare("
+    $stmt = prepareQuery("
         SELECT
             `role`
         FROM

From c1a7ccc076112220f9a8285567f97d7b7f91bd27 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Sun, 29 Jan 2017 14:08:45 +0100
Subject: [PATCH 5/5] Found some extra statemensts

---
 website/public/emailconfirm.php  | 4 ++--
 website/public/resetpassword.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/public/emailconfirm.php b/website/public/emailconfirm.php
index 2812eaa..d0cc5a3 100644
--- a/website/public/emailconfirm.php
+++ b/website/public/emailconfirm.php
@@ -2,7 +2,7 @@
 include_once("../queries/connect.php");
 include_once("../views/messagepage.php");
 if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
-   $checkHash = $GLOBALS["db"]->prepare("
+   $checkHash = prepareQuery("
    SELECT
       `email`,
       `role`
@@ -28,7 +28,7 @@ if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
 
 function doActivate(string $email) {
     if (password_verify($email, $_GET["h"])) {
-        $confirmUser = $GLOBALS["db"]->prepare("
+        $confirmUser = prepareQuery("
         UPDATE
             `user`
         SET
diff --git a/website/public/resetpassword.php b/website/public/resetpassword.php
index 3ca2698..795e6e3 100644
--- a/website/public/resetpassword.php
+++ b/website/public/resetpassword.php
@@ -28,7 +28,7 @@ if ($_SERVER["REQUEST_METHOD"] == "GET") {
 }
 
 function changePassword() {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         UPDATE
             `user`
         SET
@@ -42,7 +42,7 @@ function changePassword() {
 }
 
 function verifyLink(int $userID, string $hash) {
-    $stmt = $GLOBALS["db"]->prepare("
+    $stmt = prepareQuery("
         SELECT
             `password`
         FROM 

	Gebruikersnaam	Status	Aantekening	Actie
-	$username	$role	$bancomment	- - - - - -
-	$name	$role	$description	- - - - - -