MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into kevin-prototype

Browse Source
This commit is contained in:
K. Nobel
2017-01-30 13:20:53 +01:00
parent 753c596056 b30ef0d0cf
commit f3df682af5
26 changed files with 451 additions and 308 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
website/public/API/adminChangeUser.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
if (isset($_POST["actions"]) && isset($_POST["userID"])) {
changeUserStatusByID($_POST["userID"], $_POST["actions"]);
} else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
} else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
} else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
}
//header("location: ../admin.php");
print_r($_POST);

28
website/public/API/adminPageNumber.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
$pagetype = "user";
if (isset($_POST['pagetype'])) {
$pagetype = test_input($_POST['pagetype']);
}
$status = array();
if (isset($_POST['status'])) {
$status = $_POST["status"];
}
if ($pagetype == "user") {
include ("../../views/adminpanel-page.php");
} else {
echo "Pagenumber failed!";
}

44
website/public/API/adminSearchUsers.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
$offset = 0;
if (isset($_POST["n"])) {
$offset = (int) test_input($_POST["n"]);
}
$entries = 20;
if (isset($_POST["m"])) {
$entries = (int) test_input($_POST["m"]);
}
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
$pagetype = "user";
if (isset($_POST['pagetype'])) {
$pagetype = test_input($_POST['pagetype']);
}
$status = array();
if (isset($_POST['status'])) {
$status = $_POST["status"];
}
$groupstatus = array();
if (isset($_POST['groupstatus'])) {
$groupstatus = $_POST["groupstatus"];
}
if ($pagetype == "user") {
include ("../../views/adminpanel-table.php");
} else if ($pagetype == "group") {
include ("../../views/adminpanel-grouptable.php");
} else {
echo "Search failed!";
}

4
website/public/API/nietSlecht.php
View File

@@ -5,7 +5,7 @@ require_once ("../queries/connect.php");
require_once ("../queries/checkInput.php"); require_once ("../queries/checkInput.php");
function getNietSlechtCountForPost(int $postID) : int { function getNietSlechtCountForPost(int $postID) : int {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID` `userID`
FROM FROM
@@ -19,7 +19,7 @@ function getNietSlechtCountForPost(int $postID) : int {
} }
function getNietSlechtUsersForPost(int $postID) { function getNietSlechtUsersForPost(int $postID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`fname`, `fname`,
`lname`, `lname`,

15
website/public/admin.php
View File

@@ -1,10 +1,14 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<?php include("../views/head.php"); ?> <?php
require_once ("../queries/user.php");
require_once ("../queries/group_page.php");
require_once ("../views/head.php"); ?>
<style> <style>
@import url("styles/adminpanel.css"); @import url("styles/adminpanel.css");
</style> </style>
<script src="js/admin.js" charset="utf-8"></script>
</head> </head>
<body> <body>
<?php <?php
@@ -12,6 +16,15 @@
* This view adds the main layout over the screen. * This view adds the main layout over the screen.
* Header and menu. * Header and menu.
*/ */
include_once ("../queries/user.php");
// auth
$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
header("location:profile.php");
}
include("../views/main.php"); include("../views/main.php");
/* Add your view files here. */ /* Add your view files here. */

4
website/public/emailconfirm.php
View File

@@ -2,7 +2,7 @@
include_once("../queries/connect.php"); include_once("../queries/connect.php");
include_once("../views/messagepage.php"); include_once("../views/messagepage.php");
if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) { if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
$checkHash = $GLOBALS["db"]->prepare(" $checkHash = prepareQuery("
SELECT SELECT
`email`, `email`,
`role` `role`
@@ -28,7 +28,7 @@ if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
function doActivate(string $email) { function doActivate(string $email) {
if (password_verify($email, $_GET["h"])) { if (password_verify($email, $_GET["h"])) {
$confirmUser = $GLOBALS["db"]->prepare(" $confirmUser = prepareQuery("
UPDATE UPDATE
`user` `user`
SET SET

43
website/public/js/admin.js
View File

@@ -1,6 +1,18 @@
window.onload = function() { $(window).on("load", function () {
changeFilter(); changeFilter();
}; $(".admin-searchinput").keyup(function(){
adminSearch();
});
// all inputs and labels directly under admin filter and groupfilter
$("#admin-filter, #admin-groupfilter > input, label").click(function(){
adminSearch();
});
$("#pagetype").change(function(){
adminSearch();
});
adminSearch();
});
function checkAll(allbox) { function checkAll(allbox) {
var checkboxes = document.getElementsByClassName('checkbox-list'); var checkboxes = document.getElementsByClassName('checkbox-list');
@@ -32,13 +44,32 @@ function changeFilter() {
document.getElementById('admin-filter').style.display = 'none'; document.getElementById('admin-filter').style.display = 'none';
document.getElementById('admin-groupfilter').style.display = 'inline-block'; document.getElementById('admin-groupfilter').style.display = 'inline-block';
document.getElementById('admin-batchactions').style.display = 'none'; document.getElementById('admin-batchform').style.display = 'none';
document.getElementById('admin-groupbatchactions').style.display = 'inline-block'; document.getElementById('admin-groupbatchform').style.display = 'inline-block';
} else { } else {
document.getElementById('admin-filter').style.display = 'inline-block'; document.getElementById('admin-filter').style.display = 'inline-block';
document.getElementById('admin-groupfilter').style.display = 'none'; document.getElementById('admin-groupfilter').style.display = 'none';
document.getElementById('admin-batchactions').style.display = 'inline-block'; document.getElementById('admin-batchform').style.display = 'inline-block';
document.getElementById('admin-groupbatchactions').style.display = 'none'; document.getElementById('admin-groupbatchform').style.display = 'none';
} }
} }
function adminSearch() {
$.post(
"API/adminSearchUsers.php",
$("#admin-searchform").serialize()
).done(function (data) {
console.log(data);
$("#usertable").html(data);
})
}
function updatePageN() {
$.post(
"API/adminPageNumber.php",
$("#admin-searchform").serialize()
).done(function (data) {
$("#admin-pageinfo").html(data);
})
}

4
website/public/resetpassword.php
View File

@@ -28,7 +28,7 @@ if ($_SERVER["REQUEST_METHOD"] == "GET") {
} }
function changePassword() { function changePassword() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
UPDATE UPDATE
`user` `user`
SET SET
@@ -42,7 +42,7 @@ function changePassword() {
} }
function verifyLink(int $userID, string $hash) { function verifyLink(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`password` `password`
FROM FROM

4
website/queries/connect.php
View File

@@ -9,3 +9,7 @@ else {
"$dbconf->mysql_username", "$dbconf->mysql_password") "$dbconf->mysql_username", "$dbconf->mysql_password")
or die('Error connecting to mysql server'); or die('Error connecting to mysql server');
} }
function prepareQuery(string $query) : PDOStatement {
return $GLOBALS["db"]->prepare($query);
}

4
website/queries/emailconfirm.php
View File

@@ -1,7 +1,7 @@
<?php <?php
function sendConfirmEmailUsername(string $username) { function sendConfirmEmailUsername(string $username) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID` `userID`
FROM FROM
@@ -16,7 +16,7 @@ function sendConfirmEmailUsername(string $username) {
} }
function sendConfirmEmail(int $userID) { function sendConfirmEmail(int $userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`email`, `email`,
`fname` `fname`

18
website/queries/friendship.php
View File

@@ -7,7 +7,7 @@ function selectFriends($userID) {
} }
function selectLimitedFriends($userID, $limit) { function selectLimitedFriends($userID, $limit) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,
@@ -41,7 +41,7 @@ function selectLimitedFriends($userID, $limit) {
function selectAllFriends($userID) { function selectAllFriends($userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,
@@ -73,7 +73,7 @@ function selectAllFriends($userID) {
} }
function selectAllFriendRequests() { function selectAllFriendRequests() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,
@@ -115,7 +115,7 @@ function getFriendshipStatus($userID) {
return -1; return -1;
} }
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
CASE `status` IS NULL CASE `status` IS NULL
WHEN TRUE THEN 0 WHEN TRUE THEN 0
@@ -148,7 +148,7 @@ function getFriendshipStatus($userID) {
} }
function requestFriendship($userID) { function requestFriendship($userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
INSERT INTO `friendship` (user1ID, user2ID) INSERT INTO `friendship` (user1ID, user2ID)
VALUES (:user1, :user2) VALUES (:user1, :user2)
"); ");
@@ -159,7 +159,7 @@ function requestFriendship($userID) {
} }
function removeFriendship($userID) { function removeFriendship($userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
DELETE FROM `friendship` DELETE FROM `friendship`
WHERE WHERE
`user1ID` = :user1 AND `user1ID` = :user1 AND
@@ -175,7 +175,7 @@ function removeFriendship($userID) {
} }
function acceptFriendship($userID) { function acceptFriendship($userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
UPDATE `friendship` UPDATE `friendship`
SET `status`='confirmed' SET `status`='confirmed'
WHERE WHERE
@@ -190,7 +190,7 @@ function acceptFriendship($userID) {
} }
function setLastVisited($friend) { function setLastVisited($friend) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
UPDATE UPDATE
`friendship` `friendship`
SET `friendship`.chatLastVisted1=( SET `friendship`.chatLastVisted1=(
@@ -220,7 +220,7 @@ function setLastVisited($friend) {
} }
function searchSomeFriends($n, $m, $search) { function searchSomeFriends($n, $m, $search) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,

4
website/queries/group_member.php
View File

@@ -5,7 +5,7 @@ function selectAllGroupsFromUser($userID) {
} }
function selectLimitedGroupsFromUser($userID, $limit) { function selectLimitedGroupsFromUser($userID, $limit) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`group_page`.`name`, `group_page`.`name`,
`group_page`.`picture` `group_page`.`picture`
@@ -28,7 +28,7 @@ function selectLimitedGroupsFromUser($userID, $limit) {
} }
function searchSomeOwnGroups($n, $m, $search) { function searchSomeOwnGroups($n, $m, $search) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`group_page`.`name`, `group_page`.`name`,
`group_page`.`picture` `group_page`.`picture`

32
website/queries/group_page.php
View File

@@ -3,7 +3,7 @@
require("connect.php"); require("connect.php");
function selectGroupByName($name) { function selectGroupByName($name) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`group_page`.`groupID`, `group_page`.`groupID`,
`name`, `name`,
@@ -29,7 +29,7 @@ function selectGroupByName($name) {
} }
function selectGroupMembers(int $groupID) { function selectGroupMembers(int $groupID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`username`, `username`,
`fname`, `fname`,
@@ -54,7 +54,7 @@ function selectGroupMembers(int $groupID) {
} }
function selectGroupById($groupID) { function selectGroupById($groupID) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
`group_page`.`name`, `group_page`.`name`,
`group_page`.`picture`, `group_page`.`picture`,
@@ -73,7 +73,7 @@ function selectGroupById($groupID) {
} }
function select20GroupsFromN($n) { function select20GroupsFromN($n) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
`group_page`.`groupID`, `group_page`.`groupID`,
`group_page`.`name`, `group_page`.`name`,
@@ -95,7 +95,7 @@ function select20GroupsFromN($n) {
} }
function select20GroupsByStatusFromN($n, $status) { function select20GroupsByStatusFromN($n, $status) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
`group_page`.`groupID`, `group_page`.`groupID`,
`group_page`.`name`, `group_page`.`name`,
@@ -120,7 +120,7 @@ function select20GroupsByStatusFromN($n, $status) {
} }
function search20GroupsFromNByStatus($n, $keyword, $status) { function search20GroupsFromNByStatus($n, $keyword, $status) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
`groupID`, `groupID`,
`name`, `name`,
@@ -147,7 +147,7 @@ function search20GroupsFromNByStatus($n, $keyword, $status) {
} }
function searchSomeGroupsByStatus($n, $m, $keyword, $status) { function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
$q = $GLOBALS['db']->prepare(" $q = prepareQuery("
SELECT SELECT
`groupID`, `groupID`,
`name`, `name`,
@@ -175,7 +175,7 @@ function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
} }
function countSomeGroupsByStatus($keyword, $status) { function countSomeGroupsByStatus($keyword, $status) {
$q = $GLOBALS['db']->prepare(" $q = prepareQuery("
SELECT SELECT
COUNT(*) COUNT(*)
FROM FROM
@@ -196,20 +196,23 @@ function countSomeGroupsByStatus($keyword, $status) {
} }
function changeGroupStatusByID($id, $status) { function changeGroupStatusByID($id, $status) {
$q = $GLOBALS["db"]->query(" $q = prepareQuery("
UPDATE UPDATE
`group_page` `group_page`
SET SET
`status` = $status `status` = :status
WHERE WHERE
`groupID` = $id `groupID` = :id
"); ");
$q->bindParam(':status', $status);
$q->bindParam(':id', $id);
$q->execute();
return $q; return $q;
} }
function changeMultipleGroupStatusByID($ids, $status) { function changeMultipleGroupStatusByID($ids, $status) {
$q = $GLOBALS['db']->prepare(" $q = prepareQuery("
UPDATE UPDATE
`group_page` `group_page`
SET SET
@@ -226,7 +229,7 @@ function changeMultipleGroupStatusByID($ids, $status) {
} }
function searchSomeGroups($n, $m, $search) { function searchSomeGroups($n, $m, $search) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`name`, `name`,
`picture` `picture`
@@ -249,7 +252,7 @@ function searchSomeGroups($n, $m, $search) {
} }
function countSomeGroups($search) { function countSomeGroups($search) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
COUNT(*) COUNT(*)
FROM FROM
@@ -265,4 +268,3 @@ function countSomeGroups($search) {
$stmt->execute(); $stmt->execute();
return $stmt; return $stmt;
} }
?>

2
website/queries/header.php
View File

@@ -1,6 +1,6 @@
<?php <?php
function getHeaderInfo() { function getHeaderInfo() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`fname`, `fname`,
`lname`, `lname`,

3
website/queries/login.php
View File

@@ -1,7 +1,7 @@
<?php <?php
function getUser() { function getUser() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`password`, `password`,
`userID`, `userID`,
@@ -61,5 +61,4 @@ class loginException extends Exception
parent::__construct($message, $code, $previous); parent::__construct($message, $code, $previous);
} }
} }
?>

14
website/queries/post.php
View File

@@ -1,7 +1,7 @@
<?php <?php
function selectPostById($postID) { function selectPostById($postID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`user`.`fname`, `user`.`fname`,
`user`.`lname`, `user`.`lname`,
@@ -26,7 +26,7 @@ function selectPostById($postID) {
} }
function selectCommentsByPostId($postID) { function selectCommentsByPostId($postID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`comment`.`commentID`, `comment`.`commentID`,
`comment`.`postID`, `comment`.`postID`,
@@ -52,7 +52,7 @@ function selectCommentsByPostId($postID) {
} }
function makePost($userID, $groupID, $title, $content) { function makePost($userID, $groupID, $title, $content) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
INSERT INTO INSERT INTO
`post` ( `post` (
`author`, `author`,
@@ -76,7 +76,7 @@ function makePost($userID, $groupID, $title, $content) {
} }
function makeComment($postID, $userID, $content) : int { function makeComment($postID, $userID, $content) : int {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
INSERT INTO INSERT INTO
`comment` ( `comment` (
`postID`, `postID`,
@@ -106,7 +106,7 @@ function makeNietSlecht(int $postID, int $userID) : int {
} }
function checkNietSlecht(int $postID, int $userID) { function checkNietSlecht(int $postID, int $userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
* *
FROM FROM
@@ -122,7 +122,7 @@ function checkNietSlecht(int $postID, int $userID) {
} }
function addNietSlecht(int $postID, int $userID) { function addNietSlecht(int $postID, int $userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
INSERT INTO INSERT INTO
`niet_slecht` (`userID`, `postID`) `niet_slecht` (`userID`, `postID`)
VALUES (:userID, :postID) VALUES (:userID, :postID)
@@ -134,7 +134,7 @@ function addNietSlecht(int $postID, int $userID) {
} }
function deleteNietSlecht(int $postID, int $userID) { function deleteNietSlecht(int $postID, int $userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
DELETE FROM DELETE FROM
`niet_slecht` `niet_slecht`
WHERE WHERE

8
website/queries/private_message.php
View File

@@ -4,7 +4,7 @@ function getOldChatMessages($user2ID) {
require_once ("friendship.php"); require_once ("friendship.php");
$user1ID = $_SESSION["userID"]; $user1ID = $_SESSION["userID"];
if (getFriendshipStatus($user2ID) == 1) { if (getFriendshipStatus($user2ID) == 1) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
* *
FROM FROM
@@ -32,7 +32,7 @@ function getOldChatMessages($user2ID) {
function sendMessage($destination, $content) { function sendMessage($destination, $content) {
require_once("friendship.php"); require_once("friendship.php");
if (getFriendshipStatus($destination) == 1) { if (getFriendshipStatus($destination) == 1) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
INSERT INTO INSERT INTO
`private_message` `private_message`
( (
@@ -61,7 +61,7 @@ function sendMessage($destination, $content) {
function getNewChatMessages($lastID, $destination) { function getNewChatMessages($lastID, $destination) {
require_once("friendship.php"); require_once("friendship.php");
if (getFriendshipStatus($destination) == 1) { if (getFriendshipStatus($destination) == 1) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
* *
FROM FROM
@@ -91,7 +91,7 @@ function getNewChatMessages($lastID, $destination) {
function selectAllUnreadChat() { function selectAllUnreadChat() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) AS `fullname`, LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) AS `fullname`,
`user`.`userID`, `user`.`userID`,

8
website/queries/register.php
View File

@@ -1,7 +1,7 @@
<?php <?php
function getExistingUsername() { function getExistingUsername() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`username` `username`
FROM FROM
@@ -17,7 +17,7 @@ function getExistingUsername() {
} }
function getExistingEmail() { function getExistingEmail() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`email` `email`
FROM FROM
@@ -33,7 +33,7 @@ function getExistingEmail() {
} }
function getResetEmail() { function getResetEmail() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`email` `email`
FROM FROM
@@ -49,7 +49,7 @@ function getResetEmail() {
} }
function registerAccount() { function registerAccount() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
INSERT INTO INSERT INTO
`user`(fname, `user`(fname,
lname, lname,

4
website/queries/requestpassword.php
View File

@@ -3,7 +3,7 @@ include_once "../queries/connect.php";
function sendPasswordRecovery(string $email) { function sendPasswordRecovery(string $email) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) { if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username` `username`
@@ -39,7 +39,7 @@ function doSendPasswordRecovery(int $userID, string $email, string $username, st
} }
function setHashToDatabase(int $userID, string $hash) { function setHashToDatabase(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
UPDATE UPDATE
`user` `user`
SET SET

16
website/queries/settings.php
View File

@@ -50,7 +50,7 @@ class AngryAlert extends AlertMessage {
* @return mixed Setting as an array. * @return mixed Setting as an array.
*/ */
function getSettings() { function getSettings() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`fname`, `fname`,
`lname`, `lname`,
@@ -77,7 +77,7 @@ function getSettings() {
* @return mixed passwordhash * @return mixed passwordhash
*/ */
function getPasswordHash() { function getPasswordHash() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`password`, `password`,
`username` `username`
@@ -96,7 +96,7 @@ function getPasswordHash() {
* @throws HappyAlert * @throws HappyAlert
*/ */
function updateSettings() { function updateSettings() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
UPDATE UPDATE
`user` `user`
SET SET
@@ -146,7 +146,7 @@ function changePassword() {
* @throws HappyAlert * @throws HappyAlert
*/ */
function doChangePassword() { function doChangePassword() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
UPDATE UPDATE
`user` `user`
SET SET
@@ -184,7 +184,7 @@ function changeEmail() {
} }
function emailIsAvailableInDatabase($email) { function emailIsAvailableInDatabase($email) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`email` `email`
FROM FROM
@@ -201,7 +201,7 @@ function emailIsAvailableInDatabase($email) {
} }
function doChangeEmail($email) { function doChangeEmail($email) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
UPDATE UPDATE
`user` `user`
SET SET
@@ -245,7 +245,7 @@ function updateAvatar() {
} }
function removeOldAvatar() { function removeOldAvatar() {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`profilepicture` `profilepicture`
FROM FROM
@@ -262,7 +262,7 @@ function removeOldAvatar() {
} }
function setAvatarToDatabase(string $url) { function setAvatarToDatabase(string $url) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
UPDATE UPDATE
`user` `user`
SET SET

47
website/queries/user.php
View File

@@ -1,9 +1,9 @@
<?php <?php
require("connect.php"); require_once ("connect.php");
function getUserID($username) { function getUserID($username) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID` `userID`
FROM FROM
@@ -18,7 +18,7 @@ function getUserID($username) {
} }
function getUsername($userID) { function getUsername($userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`username` `username`
FROM FROM
@@ -33,7 +33,7 @@ function getUsername($userID) {
} }
function selectUser($me, $other) { function selectUser($me, $other) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,
@@ -81,7 +81,7 @@ function selectUser($me, $other) {
} }
function selectAllUserGroups($userID) { function selectAllUserGroups($userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`group_page`.`groupID`, `group_page`.`groupID`,
`name`, `name`,
@@ -104,7 +104,7 @@ function selectAllUserGroups($userID) {
} }
function selectAllUserPosts($userID) { function selectAllUserPosts($userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`post`.`postID`, `post`.`postID`,
`post`.`author`, `post`.`author`,
@@ -146,7 +146,7 @@ function selectAllUserPosts($userID) {
} }
function select20UsersFromN($n) { function select20UsersFromN($n) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,
@@ -167,7 +167,7 @@ function select20UsersFromN($n) {
} }
function search20UsersFromN($n, $keyword) { function search20UsersFromN($n, $keyword) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,
@@ -191,7 +191,7 @@ function search20UsersFromN($n, $keyword) {
} }
function search20UsersFromNByStatus($n, $keyword, $status) { function search20UsersFromNByStatus($n, $keyword, $status) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,
@@ -219,7 +219,7 @@ function search20UsersFromNByStatus($n, $keyword, $status) {
} }
function searchSomeUsersByStatus($n, $m, $keyword, $status) { function searchSomeUsersByStatus($n, $m, $keyword, $status) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,
@@ -248,7 +248,7 @@ function searchSomeUsersByStatus($n, $m, $keyword, $status) {
} }
function countSomeUsersByStatus($keyword, $status) { function countSomeUsersByStatus($keyword, $status) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
COUNT(*) COUNT(*)
FROM FROM
@@ -271,7 +271,7 @@ function countSomeUsersByStatus($keyword, $status) {
function changeUserStatusByID($id, $status) { function changeUserStatusByID($id, $status) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
UPDATE UPDATE
`user` `user`
SET SET
@@ -287,7 +287,7 @@ function changeUserStatusByID($id, $status) {
} }
function changeMultipleUserStatusByID($ids, $status) { function changeMultipleUserStatusByID($ids, $status) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
UPDATE UPDATE
`user` `user`
SET SET
@@ -304,7 +304,7 @@ function changeMultipleUserStatusByID($ids, $status) {
} }
function selectRandomNotFriendUser($userID) { function selectRandomNotFriendUser($userID) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`user`.`username` `user`.`username`
FROM FROM
@@ -332,7 +332,7 @@ function selectRandomNotFriendUser($userID) {
} }
function searchSomeUsers($n, $m, $search) { function searchSomeUsers($n, $m, $search) {
$stmt = $GLOBALS["db"]->prepare(" $stmt = prepareQuery("
SELECT SELECT
`userID`, `userID`,
`username`, `username`,
@@ -367,7 +367,7 @@ function searchSomeUsers($n, $m, $search) {
} }
function countSomeUsers($search) { function countSomeUsers($search) {
$q = $GLOBALS["db"]->prepare(" $q = prepareQuery("
SELECT SELECT
COUNT(*) COUNT(*)
FROM FROM
@@ -387,3 +387,18 @@ function countSomeUsers($search) {
$q->execute(); $q->execute();
return $q; return $q;
} }
function getRoleByID($userID) {
$stmt = prepareQuery("
SELECT
`role`
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(':userID', $userID);
$stmt->execute();
return $stmt;
}

48
website/views/adminpanel-grouptable.php Normal file
View File

@@ -0,0 +1,48 @@
<tr>
<th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
<th class="table-username">Gebruikersnaam</th>
<th class="table-status">Status</th>
<th class="table-comment">Aantekening</th>
<th class="table-action">Actie</th>
</tr>
<?php
print_r($_POST);
$q = searchSomeGroupsByStatus($offset, $entries, $search, $groupstatus);
while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
$groupID = $group['groupID'];
$name = $group['name'];
$role = $group['status'];
$description = $group['description'];
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td><input type='checkbox'
name='checkbox-group[]'
class='checkbox-list'
value='$groupID'
form='admin-groupbatchform'
onchange='$function'>
</td>
<td>$name</td>
<td>$role</td>
<td>$description</td>
<td>
<form class='admin-groupaction'
action='API/adminChangeUser.php'
method='post'>
<select class='action' name='actions'>
<option value='hidden'>Hidden</option>
<option value='public'>Public</option>
<option value='membersonly'>Members</option>
</select>
<input type='hidden' name='groupID' value='$groupID'>
<input type='submit' value='Confirm'>
</form>
</td>
</tr>
");
}

31
website/views/adminpanel-page.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
if ($pagetype == "user") {
$pages = countSomeUsersByStatus($search, $status);
} else {
$pages = countSomeGroupsByStatus($search, $groupstatus);
}
$countresults = $pages->fetchColumn();
$mincount = min($listm, $countresults);
$minlist = min($listn + 1, $countresults);
?>
Pagina: <form class="admin-pageselector"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
method="post">
<select class="admin-pageselect"
name="pageselect"
onchange="this.form.submit()"
value="">
<?php
for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
if ($currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
}
?>
</select>
</form>
<?php
echo "$minlist tot $mincount ($countresults totaal)";
?>

47
website/views/adminpanel-table.php Normal file
View File

@@ -0,0 +1,47 @@
<tr>
<th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
<th class="table-username">Gebruikersnaam</th>
<th class="table-status">Status</th>
<th class="table-comment">Aantekening</th>
<th class="table-action">Actie</th>
</tr>
<!-- Table construction via php PDO. -->
<?php
$q = searchSomeUsersByStatus($offset, $entries, $search, $status);
while($user = $q->fetch(PDO::FETCH_ASSOC)) {
$userID = $user['userID'];
$username = $user['username'];
$role = $user['role'];
$bancomment = $user['bancomment'];
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td>
<input type='checkbox'
name='checkbox-user[]'
class='checkbox-list'
value='$userID'
form='admin-batchform'
onchange='$function'>
</td>
<td>$username</td>
<td>$role</td>
<td>$bancomment</td>
<td>
<form class='admin-useraction'
action='API/adminChangeUser.php'
method='post'>
<select class='action' name='actions'>
<option value='frozen'>Bevries</option>
<option value='banned'>Ban</option>
<option value='user'>Activeer</option>
</select>
<input type='hidden' name='userID' value='$userID'>
<input type='submit' value='Confirm'>
</form>
</td>
</tr>
");
}

209
website/views/adminpanel.php
View File

@@ -1,14 +1,11 @@
<script src="js/admin.js" charset="utf-8"></script>
<?php
require_once ("../queries/user.php");
require_once ("../queries/group_page.php");
?>
<!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp --> <!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
<?php <?php
$search = ""; $search = "";
$currentpage = 1; $currentpage = 1;
$perpage = 20; $perpage = 20;
$status = $groupstatus = array(); $status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
$groupstatus = array("hidden", "public", "membersonly");
$pagetype = "user"; $pagetype = "user";
if (isset($_GET["search"])) { if (isset($_GET["search"])) {
@@ -29,31 +26,11 @@ if (isset($_GET["groupstatus"])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST["actions"]) && isset($_POST["userID"])) {
changeUserStatusByID($_POST["userID"], $_POST["actions"]);
}
if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
}
if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
}
if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
}
if (isset($_POST["pageselect"])) { if (isset($_POST["pageselect"])) {
$currentpage = $_POST["pageselect"]; $currentpage = $_POST["pageselect"];
} }
} }
$listn = ($currentpage-1) * $perpage;
$listm = $currentpage * $perpage;
?> ?>
<div class="content"> <div class="content">
@@ -61,7 +38,8 @@ $listm = $currentpage * $perpage;
<h5>Zoek naar gebruikers of groepen:</h5> <h5>Zoek naar gebruikers of groepen:</h5>
<div class="admin-options"> <div class="admin-options">
<form class="admin-searchform" <form class="admin-searchform"
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" id="admin-searchform"
action="javascript:adminSearch();"
method="get"> method="get">
<div class="admin-searchbar"> <div class="admin-searchbar">
@@ -70,10 +48,11 @@ $listm = $currentpage * $perpage;
class="admin-searchinput" class="admin-searchinput"
placeholder="Naam" placeholder="Naam"
value="<?php echo $search;?>"> value="<?php echo $search;?>">
Op: <select name="pagetype" id="pagetype" onchange="changeFilter()"> Op: <select name="pagetype" id="pagetype" onchange="changeFilter()">
<option value="user" <option value="user"
<?php if (isset($pagetype) && $pagetype=="user") echo "selected";?>> <?php if (isset($pagetype) && $pagetype=="user") echo "selected";?>>
Gerbuiker Gebruiker
</option> </option>
<option value="group" <option value="group"
<?php if (isset($pagetype) && $pagetype=="group") echo "selected";?>> <?php if (isset($pagetype) && $pagetype=="group") echo "selected";?>>
@@ -82,32 +61,27 @@ $listm = $currentpage * $perpage;
</select> </select>
<button type="submit"><i class="fa fa-search"></i></button> <button type="submit"><i class="fa fa-search"></i></button>
</div> </div>
<div id="admin-filter"> <div id="admin-filter">
<h5>Type gebruiker:</h5> <h5>Type gebruiker:</h5>
<input type="checkbox"
name="status[]"
id="all"
value="all"
<?php if (in_array("all", $status)) echo "checked";?>>
<label for="normal">Allemaal</label><br>
<input type="checkbox" <input type="checkbox"
name="status[]" name="status[]"
id="normal" id="normal"
value="user" value="user"
<?php if (in_array("user", $status)) echo "checked";?>> <?php if (in_array("user", $status)) echo "checked";?>>
<label for="normal">Normal</label><br> <label for="normal">Normaal</label><br>
<input type="checkbox" <input type="checkbox"
name="status[]" name="status[]"
id="frozen" id="frozen"
value="frozen" value="frozen"
<?php if (in_array("frozen", $status)) echo "checked";?>> <?php if (in_array("frozen", $status)) echo "checked";?>>
<label for="frozen">Frozen</label><br> <label for="frozen">Gefrozen</label><br>
<input type="checkbox" <input type="checkbox"
name="status[]" name="status[]"
id="banned" id="banned"
value="banned" value="banned"
<?php if (in_array("banned", $status)) echo "checked";?>> <?php if (in_array("banned", $status)) echo "checked";?>>
<label for="banned">Banned</label><br> <label for="banned">Gebant</label><br>
<input type="checkbox" <input type="checkbox"
name="status[]" name="status[]"
id="admin" id="admin"
@@ -119,7 +93,7 @@ $listm = $currentpage * $perpage;
id="unvalidated" id="unvalidated"
value="unconfirmed" value="unconfirmed"
<?php if (in_array("unconfirmed", $status)) echo "checked";?>> <?php if (in_array("unconfirmed", $status)) echo "checked";?>>
<label for="unvalidated">Unvalidated</label><br> <label for="unvalidated">Ongevalideerd</label><br>
<input type="checkbox" <input type="checkbox"
name="status[]" name="status[]"
id="owner" id="owner"
@@ -130,160 +104,47 @@ $listm = $currentpage * $perpage;
<div id="admin-groupfilter"> <div id="admin-groupfilter">
<h5>Type groep:</h5> <h5>Type groep:</h5>
<input type="checkbox" name="groupstatus[]" id="all" value="all" <input type="checkbox" name="groupstatus[]" id="hidden" value="hidden"
<?php if (in_array("all", $groupstatus)) echo "checked";?>> <?php if (in_array("hidden", $groupstatus)) echo "checked";?>>
<label for="hidden">Allemaal</label><br> <label for="hidden">Verborgen</label><br>
<input type="checkbox" name="groupstatus[]" id="hidden" value="0" <input type="checkbox" name="groupstatus[]" id="public" value="public"
<?php if (in_array("0", $groupstatus)) echo "checked";?>> <?php if (in_array("public", $groupstatus)) echo "checked";?>>
<label for="hidden">Hidden</label><br> <label for="public">Publiek</label><br>
<input type="checkbox" name="groupstatus[]" id="public" value="1" <input type="checkbox" name="groupstatus[]" id="membersonly" value="membersonly"
<?php if (in_array("1", $groupstatus)) echo "checked";?>> <?php if (in_array("membersonly", $groupstatus)) echo "checked";?>>
<label for="public">Public</label><br> <label for="membersonly">Alleen Leden</label><br>
<input type="checkbox" name="groupstatus[]" id="membersonly" value="2"
<?php if (in_array("2", $groupstatus)) echo "checked";?>>
<label for="membersonly">Members-only</label><br>
</div> </div>
</form> </form>
</div> </div>
<div class="admin-users"> <div class="admin-users">
<div class="admin-usertitle"> <div class="admin-usertitle">
<h4>Resultaat:</h4> <h4>Resultaat:</h4>
<span style="float: right"> <span style="float: right" id="admin-pageinfo">
<?php
if ($pagetype == "user") {
$pages = countSomeUsersByStatus($search, $status);
} else {
$pages = countSomeGroupsByStatus($search, $groupstatus);
}
$countresults = $pages->fetchColumn();
$mincount = min($listm, $countresults);
$minlist = min($listn + 1, $countresults);
?>
Pagina: <form class="admin-pageselector"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
method="post">
<select class="admin-pageselect"
name="pageselect"
onchange="this.form.submit()"
value="">
<?php
for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
if ($currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
}
?>
</select>
</form>
<?php
echo "$minlist tot $mincount ($countresults totaal)";
?>
</span> </span>
<form <form
id="admin-batchform" id="admin-batchform"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>" action="API/adminChangeUser.php"
method="post"> method="post">
<button type="submit" name="batchactions" id="freeze" value="frozen">Bevries</button> <button type="submit" name="batchactions" id="freeze" value="frozen">Bevries</button>
<button type="submit" name="batchactions" id="ban" value="banned">Ban</button> <button type="submit" name="batchactions" id="ban" value="banned">Ban</button>
<button type="submit" name="batchactions" id="restore" value="user">Activeer</button> <button type="submit" name="batchactions" id="restore" value="user">Activeer</button>
</form> </form>
<form
id="admin-groupbatchform"
action="API/adminChangeUser.php"
method="post">
<button type="submit" name="batchactions" id="hide" value="hidden">Hide</button>
<button type="submit" name="batchactions" id="ban" value="public">Public</button>
<button type="submit" name="batchactions" id="members" value="membersonly">Members</button>
</form>
</div> </div>
<table class="usertable">
<tr>
<th><input type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
<th class="table-username">Gebruikersnaam</th>
<th class="table-status">Status</th>
<th class="table-comment">Aantekening</th>
<th class="table-action">Actie</th>
</tr>
<!-- Table construction via php PDO. --> <table class="usertable" id="usertable">
<?php
$listn = ($currentpage-1) * $perpage;
$listm = $currentpage * $perpage;
if ($pagetype == 'user') {
$q = searchSomeUsersByStatus($listn, $listm, $search, $status);
while($user = $q->fetch(PDO::FETCH_ASSOC)) {
$userID = $user['userID'];
$username = $user['username'];
$role = $user['role'];
$bancomment = $user['bancomment'];
$thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td><input type='checkbox'
name='checkbox-user[]'
class='checkbox-list'
value='$userID'
form='admin-batchform'
onchange=" . "$function" . ">
</td>
<td>$username</td>
<td>$role</td>
<td>$bancomment</td>
<td>
<form class='admin-useraction'
action='$thispage'
method='post'>
<select class='action' name='actions'>
<option value='frozen'>Bevries</option>
<option value='banned'>Ban</option>
<option value='user'>Activeer</option>
</select>
<input type='hidden' name='userID' value='$userID'>
<input type='submit' value='Confirm'>
</form>
</td>
</tr>
");
}
} else {
$q = searchSomeGroupsByStatus($listn, $listm, $search, $groupstatus);
while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
$groupID = $group['groupID'];
$name = $group['name'];
$role = $group['status'];
$description = $group['description'];
$thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td><input type='checkbox'
name='checkbox-group[]'
class='checkbox-list'
value='$groupID'
form='admin-groupbatchform'
onchange=" . "$function" . ">
</td>
<td>$name</td>
<td>$role</td>
<td>$description</td>
<td>
<form class='admin-groupaction'
action='$thispage'
method='post'>
<select class='action' name='actions'>
<option value='0'>Hide</option>
<option value='1'>Public</option>
<option value='2'>Members</option>
</select>
<input type='hidden' name='groupID' value='$groupID'>
<input type='submit' value='Confirm'>
</form>
</td>
</tr>
");
}
}
?>
</table> </table>
</div> </div>
</div> </div>