MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into kevin-prototype

Browse Source
This commit is contained in:
K. Nobel
2017-01-30 13:20:53 +01:00
parent 753c596056 b30ef0d0cf
commit f3df682af5
26 changed files with 451 additions and 308 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
website/public/API/adminChangeUser.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
if (isset($_POST["actions"]) && isset($_POST["userID"])) {
changeUserStatusByID($_POST["userID"], $_POST["actions"]);
} else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
} else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
} else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
}
//header("location: ../admin.php");
print_r($_POST);

28
website/public/API/adminPageNumber.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
$pagetype = "user";
if (isset($_POST['pagetype'])) {
$pagetype = test_input($_POST['pagetype']);
}
$status = array();
if (isset($_POST['status'])) {
$status = $_POST["status"];
}
if ($pagetype == "user") {
include ("../../views/adminpanel-page.php");
} else {
echo "Pagenumber failed!";
}

44
website/public/API/adminSearchUsers.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
session_start();
require_once ("../../queries/connect.php");
require_once ("../../queries/checkInput.php");
require_once ("../../queries/user.php");
require_once ("../../queries/group_page.php");
$offset = 0;
if (isset($_POST["n"])) {
$offset = (int) test_input($_POST["n"]);
}
$entries = 20;
if (isset($_POST["m"])) {
$entries = (int) test_input($_POST["m"]);
}
$search = "";
if (isset($_POST["search"])) {
$search = test_input($_POST["search"]);
}
$pagetype = "user";
if (isset($_POST['pagetype'])) {
$pagetype = test_input($_POST['pagetype']);
}
$status = array();
if (isset($_POST['status'])) {
$status = $_POST["status"];
}
$groupstatus = array();
if (isset($_POST['groupstatus'])) {
$groupstatus = $_POST["groupstatus"];
}
if ($pagetype == "user") {
include ("../../views/adminpanel-table.php");
} else if ($pagetype == "group") {
include ("../../views/adminpanel-grouptable.php");
} else {
echo "Search failed!";
}

4
website/public/API/nietSlecht.php
View File

@@ -5,7 +5,7 @@ require_once ("../queries/connect.php");
require_once ("../queries/checkInput.php");
function getNietSlechtCountForPost(int $postID) : int {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`
FROM
@@ -19,7 +19,7 @@ function getNietSlechtCountForPost(int $postID) : int {
}
function getNietSlechtUsersForPost(int $postID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`fname`,
`lname`,

15
website/public/admin.php
View File

@@ -1,10 +1,14 @@
<!DOCTYPE html>
<html>
<head>
<?php include("../views/head.php"); ?>
<?php
require_once ("../queries/user.php");
require_once ("../queries/group_page.php");
require_once ("../views/head.php"); ?>
<style>
@import url("styles/adminpanel.css");
</style>
<script src="js/admin.js" charset="utf-8"></script>
</head>
<body>
<?php
@@ -12,6 +16,15 @@
* This view adds the main layout over the screen.
* Header and menu.
*/
include_once ("../queries/user.php");
// auth
$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
header("location:profile.php");
}
include("../views/main.php");
/* Add your view files here. */

4
website/public/emailconfirm.php
View File

@@ -2,7 +2,7 @@
include_once("../queries/connect.php");
include_once("../views/messagepage.php");
if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
$checkHash = $GLOBALS["db"]->prepare("
$checkHash = prepareQuery("
SELECT
`email`,
`role`
@@ -28,7 +28,7 @@ if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
function doActivate(string $email) {
if (password_verify($email, $_GET["h"])) {
$confirmUser = $GLOBALS["db"]->prepare("
$confirmUser = prepareQuery("
UPDATE
`user`
SET

43
website/public/js/admin.js
View File

@@ -1,6 +1,18 @@
window.onload = function() {
$(window).on("load", function () {
changeFilter();
};
$(".admin-searchinput").keyup(function(){
adminSearch();
});
// all inputs and labels directly under admin filter and groupfilter
$("#admin-filter, #admin-groupfilter > input, label").click(function(){
adminSearch();
});
$("#pagetype").change(function(){
adminSearch();
});
adminSearch();
});
function checkAll(allbox) {
var checkboxes = document.getElementsByClassName('checkbox-list');
@@ -32,13 +44,32 @@ function changeFilter() {
document.getElementById('admin-filter').style.display = 'none';
document.getElementById('admin-groupfilter').style.display = 'inline-block';
document.getElementById('admin-batchactions').style.display = 'none';
document.getElementById('admin-groupbatchactions').style.display = 'inline-block';
document.getElementById('admin-batchform').style.display = 'none';
document.getElementById('admin-groupbatchform').style.display = 'inline-block';
} else {
document.getElementById('admin-filter').style.display = 'inline-block';
document.getElementById('admin-groupfilter').style.display = 'none';
document.getElementById('admin-batchactions').style.display = 'inline-block';
document.getElementById('admin-groupbatchactions').style.display = 'none';
document.getElementById('admin-batchform').style.display = 'inline-block';
document.getElementById('admin-groupbatchform').style.display = 'none';
}
}
function adminSearch() {
$.post(
"API/adminSearchUsers.php",
$("#admin-searchform").serialize()
).done(function (data) {
console.log(data);
$("#usertable").html(data);
})
}
function updatePageN() {
$.post(
"API/adminPageNumber.php",
$("#admin-searchform").serialize()
).done(function (data) {
$("#admin-pageinfo").html(data);
})
}

4
website/public/resetpassword.php
View File

@@ -28,7 +28,7 @@ if ($_SERVER["REQUEST_METHOD"] == "GET") {
}
function changePassword() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
UPDATE
`user`
SET
@@ -42,7 +42,7 @@ function changePassword() {
}
function verifyLink(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`password`
FROM

4
website/queries/connect.php
View File

@@ -8,4 +8,8 @@ else {
$GLOBALS["db"] = new PDO("mysql:host=$dbconf->mysql_host;dbname=$dbconf->mysql_database;charset=utf8",
"$dbconf->mysql_username", "$dbconf->mysql_password")
or die('Error connecting to mysql server');
}
function prepareQuery(string $query) : PDOStatement {
return $GLOBALS["db"]->prepare($query);
}

4
website/queries/emailconfirm.php
View File

@@ -1,7 +1,7 @@
<?php
function sendConfirmEmailUsername(string $username) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`
FROM
@@ -16,7 +16,7 @@ function sendConfirmEmailUsername(string $username) {
}
function sendConfirmEmail(int $userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`email`,
`fname`

18
website/queries/friendship.php
View File

@@ -7,7 +7,7 @@ function selectFriends($userID) {
}
function selectLimitedFriends($userID, $limit) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`,
`username`,
@@ -41,7 +41,7 @@ function selectLimitedFriends($userID, $limit) {
function selectAllFriends($userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`,
`username`,
@@ -73,7 +73,7 @@ function selectAllFriends($userID) {
}
function selectAllFriendRequests() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`,
`username`,
@@ -115,7 +115,7 @@ function getFriendshipStatus($userID) {
return -1;
}
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
CASE `status` IS NULL
WHEN TRUE THEN 0
@@ -148,7 +148,7 @@ function getFriendshipStatus($userID) {
}
function requestFriendship($userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
INSERT INTO `friendship` (user1ID, user2ID)
VALUES (:user1, :user2)
");
@@ -159,7 +159,7 @@ function requestFriendship($userID) {
}
function removeFriendship($userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
DELETE FROM `friendship`
WHERE
`user1ID` = :user1 AND
@@ -175,7 +175,7 @@ function removeFriendship($userID) {
}
function acceptFriendship($userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
UPDATE `friendship`
SET `status`='confirmed'
WHERE
@@ -190,7 +190,7 @@ function acceptFriendship($userID) {
}
function setLastVisited($friend) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
UPDATE
`friendship`
SET `friendship`.chatLastVisted1=(
@@ -220,7 +220,7 @@ function setLastVisited($friend) {
}
function searchSomeFriends($n, $m, $search) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`,
`username`,

4
website/queries/group_member.php
View File

@@ -5,7 +5,7 @@ function selectAllGroupsFromUser($userID) {
}
function selectLimitedGroupsFromUser($userID, $limit) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`group_page`.`name`,
`group_page`.`picture`
@@ -28,7 +28,7 @@ function selectLimitedGroupsFromUser($userID, $limit) {
}
function searchSomeOwnGroups($n, $m, $search) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`group_page`.`name`,
`group_page`.`picture`

34
website/queries/group_page.php
View File

@@ -3,7 +3,7 @@
require("connect.php");
function selectGroupByName($name) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`group_page`.`groupID`,
`name`,
@@ -29,7 +29,7 @@ function selectGroupByName($name) {
}
function selectGroupMembers(int $groupID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`username`,
`fname`,
@@ -54,7 +54,7 @@ function selectGroupMembers(int $groupID) {
}
function selectGroupById($groupID) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
`group_page`.`name`,
`group_page`.`picture`,
@@ -73,7 +73,7 @@ function selectGroupById($groupID) {
}
function select20GroupsFromN($n) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
`group_page`.`groupID`,
`group_page`.`name`,
@@ -95,7 +95,7 @@ function select20GroupsFromN($n) {
}
function select20GroupsByStatusFromN($n, $status) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
`group_page`.`groupID`,
`group_page`.`name`,
@@ -120,7 +120,7 @@ function select20GroupsByStatusFromN($n, $status) {
}
function search20GroupsFromNByStatus($n, $keyword, $status) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
`groupID`,
`name`,
@@ -147,7 +147,7 @@ function search20GroupsFromNByStatus($n, $keyword, $status) {
}
function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
$q = $GLOBALS['db']->prepare("
$q = prepareQuery("
SELECT
`groupID`,
`name`,
@@ -175,7 +175,7 @@ function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
}
function countSomeGroupsByStatus($keyword, $status) {
$q = $GLOBALS['db']->prepare("
$q = prepareQuery("
SELECT
COUNT(*)
FROM
@@ -196,20 +196,23 @@ function countSomeGroupsByStatus($keyword, $status) {
}
function changeGroupStatusByID($id, $status) {
$q = $GLOBALS["db"]->query("
$q = prepareQuery("
UPDATE
`group_page`
SET
`status` = $status
`status` = :status
WHERE
`groupID` = $id
`groupID` = :id
");
$q->bindParam(':status', $status);
$q->bindParam(':id', $id);
$q->execute();
return $q;
}
function changeMultipleGroupStatusByID($ids, $status) {
$q = $GLOBALS['db']->prepare("
$q = prepareQuery("
UPDATE
`group_page`
SET
@@ -226,7 +229,7 @@ function changeMultipleGroupStatusByID($ids, $status) {
}
function searchSomeGroups($n, $m, $search) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`name`,
`picture`
@@ -249,7 +252,7 @@ function searchSomeGroups($n, $m, $search) {
}
function countSomeGroups($search) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
COUNT(*)
FROM
@@ -264,5 +267,4 @@ function countSomeGroups($search) {
$stmt->bindParam(':keyword', $search);
$stmt->execute();
return $stmt;
}
?>
}

2
website/queries/header.php
View File

@@ -1,6 +1,6 @@
<?php
function getHeaderInfo() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`fname`,
`lname`,

3
website/queries/login.php
View File

@@ -1,7 +1,7 @@
<?php
function getUser() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`password`,
`userID`,
@@ -61,5 +61,4 @@ class loginException extends Exception
parent::__construct($message, $code, $previous);
}
}
?>

56
website/queries/nicetime.php
View File

@@ -1,39 +1,39 @@
<?php
function nicetime($date) {
if(empty($date)) {
return "No date provided";
}
if(empty($date)) {
return "No date provided";
}
$single_periods = array("seconde", "minuut", "uur", "dag", "week", "maand", "jaar", "decennium");
$multiple_periods = array("seconden", "minuten", "uur", "dagen", "weken", "maanden", "jaar", "decennia");
$lengths = array("60", "60", "24", "7", "4.35", "12", "10", "0");
$single_periods = array("seconde", "minuut", "uur", "dag", "week", "maand", "jaar", "decennium");
$multiple_periods = array("seconden", "minuten", "uur", "dagen", "weken", "maanden", "jaar", "decennia");
$lengths = array("60", "60", "24", "7", "4.35", "12", "10", "0");
$now = time();
$unix_date = strtotime($date);
$now = time();
$unix_date = strtotime($date);
if(empty($unix_date)) {
return "Bad date";
}
if(empty($unix_date)) {
return "Bad date";
}
if($now > $unix_date) {
$difference = $now - $unix_date;
$tense = "geleden";
} else {
$difference = $unix_date - $now;
$tense = "vanaf nu";
}
if($now > $unix_date) {
$difference = $now - $unix_date;
$tense = "geleden";
} else {
$difference = $unix_date - $now;
$tense = "vanaf nu";
}
for($i = 0; $difference >= $lengths[$i] && $i < count($lengths) - 1; $i++) {
$difference /= $lengths[$i];
}
for($i = 0; $difference >= $lengths[$i] && $i < count($lengths) - 1; $i++) {
$difference /= $lengths[$i];
}
$difference = round($difference);
$difference = round($difference);
if($difference != 1) {
$period = $multiple_periods[$i];
} else {
$period = $single_periods[$i];
}
if($difference != 1) {
$period = $multiple_periods[$i];
} else {
$period = $single_periods[$i];
}
return "$difference $period $tense";
return "$difference $period $tense";
}

14
website/queries/post.php
View File

@@ -1,7 +1,7 @@
<?php
function selectPostById($postID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`user`.`fname`,
`user`.`lname`,
@@ -26,7 +26,7 @@ function selectPostById($postID) {
}
function selectCommentsByPostId($postID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`comment`.`commentID`,
`comment`.`postID`,
@@ -52,7 +52,7 @@ function selectCommentsByPostId($postID) {
}
function makePost($userID, $groupID, $title, $content) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
INSERT INTO
`post` (
`author`,
@@ -76,7 +76,7 @@ function makePost($userID, $groupID, $title, $content) {
}
function makeComment($postID, $userID, $content) : int {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
INSERT INTO
`comment` (
`postID`,
@@ -106,7 +106,7 @@ function makeNietSlecht(int $postID, int $userID) : int {
}
function checkNietSlecht(int $postID, int $userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
*
FROM
@@ -122,7 +122,7 @@ function checkNietSlecht(int $postID, int $userID) {
}
function addNietSlecht(int $postID, int $userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
INSERT INTO
`niet_slecht` (`userID`, `postID`)
VALUES (:userID, :postID)
@@ -134,7 +134,7 @@ function addNietSlecht(int $postID, int $userID) {
}
function deleteNietSlecht(int $postID, int $userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
DELETE FROM
`niet_slecht`
WHERE

8
website/queries/private_message.php
View File

@@ -4,7 +4,7 @@ function getOldChatMessages($user2ID) {
require_once ("friendship.php");
$user1ID = $_SESSION["userID"];
if (getFriendshipStatus($user2ID) == 1) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
*
FROM
@@ -32,7 +32,7 @@ function getOldChatMessages($user2ID) {
function sendMessage($destination, $content) {
require_once("friendship.php");
if (getFriendshipStatus($destination) == 1) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
INSERT INTO
`private_message`
(
@@ -61,7 +61,7 @@ function sendMessage($destination, $content) {
function getNewChatMessages($lastID, $destination) {
require_once("friendship.php");
if (getFriendshipStatus($destination) == 1) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
*
FROM
@@ -91,7 +91,7 @@ function getNewChatMessages($lastID, $destination) {
function selectAllUnreadChat() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
LEFT(CONCAT(`user`.`fname`, ' ', `user`.`lname`), 15) AS `fullname`,
`user`.`userID`,

8
website/queries/register.php
View File

@@ -1,7 +1,7 @@
<?php
function getExistingUsername() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`username`
FROM
@@ -17,7 +17,7 @@ function getExistingUsername() {
}
function getExistingEmail() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`email`
FROM
@@ -33,7 +33,7 @@ function getExistingEmail() {
}
function getResetEmail() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`email`
FROM
@@ -49,7 +49,7 @@ function getResetEmail() {
}
function registerAccount() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
INSERT INTO
`user`(fname,
lname,

4
website/queries/requestpassword.php
View File

@@ -3,7 +3,7 @@ include_once "../queries/connect.php";
function sendPasswordRecovery(string $email) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`,
`username`
@@ -39,7 +39,7 @@ function doSendPasswordRecovery(int $userID, string $email, string $username, st
}
function setHashToDatabase(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
UPDATE
`user`
SET

16
website/queries/settings.php
View File

@@ -50,7 +50,7 @@ class AngryAlert extends AlertMessage {
* @return mixed Setting as an array.
*/
function getSettings() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`fname`,
`lname`,
@@ -77,7 +77,7 @@ function getSettings() {
* @return mixed passwordhash
*/
function getPasswordHash() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`password`,
`username`
@@ -96,7 +96,7 @@ function getPasswordHash() {
* @throws HappyAlert
*/
function updateSettings() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
UPDATE
`user`
SET
@@ -146,7 +146,7 @@ function changePassword() {
* @throws HappyAlert
*/
function doChangePassword() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
UPDATE
`user`
SET
@@ -184,7 +184,7 @@ function changeEmail() {
}
function emailIsAvailableInDatabase($email) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`email`
FROM
@@ -201,7 +201,7 @@ function emailIsAvailableInDatabase($email) {
}
function doChangeEmail($email) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
UPDATE
`user`
SET
@@ -245,7 +245,7 @@ function updateAvatar() {
}
function removeOldAvatar() {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`profilepicture`
FROM
@@ -262,7 +262,7 @@ function removeOldAvatar() {
}
function setAvatarToDatabase(string $url) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
UPDATE
`user`
SET

47
website/queries/user.php
View File

@@ -1,9 +1,9 @@
<?php
require("connect.php");
require_once ("connect.php");
function getUserID($username) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`
FROM
@@ -18,7 +18,7 @@ function getUserID($username) {
}
function getUsername($userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`username`
FROM
@@ -33,7 +33,7 @@ function getUsername($userID) {
}
function selectUser($me, $other) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`,
`username`,
@@ -81,7 +81,7 @@ function selectUser($me, $other) {
}
function selectAllUserGroups($userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`group_page`.`groupID`,
`name`,
@@ -104,7 +104,7 @@ function selectAllUserGroups($userID) {
}
function selectAllUserPosts($userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`post`.`postID`,
`post`.`author`,
@@ -146,7 +146,7 @@ function selectAllUserPosts($userID) {
}
function select20UsersFromN($n) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
`userID`,
`username`,
@@ -167,7 +167,7 @@ function select20UsersFromN($n) {
}
function search20UsersFromN($n, $keyword) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
`userID`,
`username`,
@@ -191,7 +191,7 @@ function search20UsersFromN($n, $keyword) {
}
function search20UsersFromNByStatus($n, $keyword, $status) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
`userID`,
`username`,
@@ -219,7 +219,7 @@ function search20UsersFromNByStatus($n, $keyword, $status) {
}
function searchSomeUsersByStatus($n, $m, $keyword, $status) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
`userID`,
`username`,
@@ -248,7 +248,7 @@ function searchSomeUsersByStatus($n, $m, $keyword, $status) {
}
function countSomeUsersByStatus($keyword, $status) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
COUNT(*)
FROM
@@ -271,7 +271,7 @@ function countSomeUsersByStatus($keyword, $status) {
function changeUserStatusByID($id, $status) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
UPDATE
`user`
SET
@@ -287,7 +287,7 @@ function changeUserStatusByID($id, $status) {
}
function changeMultipleUserStatusByID($ids, $status) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
UPDATE
`user`
SET
@@ -304,7 +304,7 @@ function changeMultipleUserStatusByID($ids, $status) {
}
function selectRandomNotFriendUser($userID) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`user`.`username`
FROM
@@ -332,7 +332,7 @@ function selectRandomNotFriendUser($userID) {
}
function searchSomeUsers($n, $m, $search) {
$stmt = $GLOBALS["db"]->prepare("
$stmt = prepareQuery("
SELECT
`userID`,
`username`,
@@ -367,7 +367,7 @@ function searchSomeUsers($n, $m, $search) {
}
function countSomeUsers($search) {
$q = $GLOBALS["db"]->prepare("
$q = prepareQuery("
SELECT
COUNT(*)
FROM
@@ -387,3 +387,18 @@ function countSomeUsers($search) {
$q->execute();
return $q;
}
function getRoleByID($userID) {
$stmt = prepareQuery("
SELECT
`role`
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(':userID', $userID);
$stmt->execute();
return $stmt;
}

48
website/views/adminpanel-grouptable.php Normal file
View File

@@ -0,0 +1,48 @@
<tr>
<th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
<th class="table-username">Gebruikersnaam</th>
<th class="table-status">Status</th>
<th class="table-comment">Aantekening</th>
<th class="table-action">Actie</th>
</tr>
<?php
print_r($_POST);
$q = searchSomeGroupsByStatus($offset, $entries, $search, $groupstatus);
while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
$groupID = $group['groupID'];
$name = $group['name'];
$role = $group['status'];
$description = $group['description'];
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td><input type='checkbox'
name='checkbox-group[]'
class='checkbox-list'
value='$groupID'
form='admin-groupbatchform'
onchange='$function'>
</td>
<td>$name</td>
<td>$role</td>
<td>$description</td>
<td>
<form class='admin-groupaction'
action='API/adminChangeUser.php'
method='post'>
<select class='action' name='actions'>
<option value='hidden'>Hidden</option>
<option value='public'>Public</option>
<option value='membersonly'>Members</option>
</select>
<input type='hidden' name='groupID' value='$groupID'>
<input type='submit' value='Confirm'>
</form>
</td>
</tr>
");
}

31
website/views/adminpanel-page.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
if ($pagetype == "user") {
$pages = countSomeUsersByStatus($search, $status);
} else {
$pages = countSomeGroupsByStatus($search, $groupstatus);
}
$countresults = $pages->fetchColumn();
$mincount = min($listm, $countresults);
$minlist = min($listn + 1, $countresults);
?>
Pagina: <form class="admin-pageselector"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
method="post">
<select class="admin-pageselect"
name="pageselect"
onchange="this.form.submit()"
value="">
<?php
for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
if ($currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
}
?>
</select>
</form>
<?php
echo "$minlist tot $mincount ($countresults totaal)";
?>

47
website/views/adminpanel-table.php Normal file
View File

@@ -0,0 +1,47 @@
<tr>
<th><input class="table-checkbox" type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
<th class="table-username">Gebruikersnaam</th>
<th class="table-status">Status</th>
<th class="table-comment">Aantekening</th>
<th class="table-action">Actie</th>
</tr>
<!-- Table construction via php PDO. -->
<?php
$q = searchSomeUsersByStatus($offset, $entries, $search, $status);
while($user = $q->fetch(PDO::FETCH_ASSOC)) {
$userID = $user['userID'];
$username = $user['username'];
$role = $user['role'];
$bancomment = $user['bancomment'];
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td>
<input type='checkbox'
name='checkbox-user[]'
class='checkbox-list'
value='$userID'
form='admin-batchform'
onchange='$function'>
</td>
<td>$username</td>
<td>$role</td>
<td>$bancomment</td>
<td>
<form class='admin-useraction'
action='API/adminChangeUser.php'
method='post'>
<select class='action' name='actions'>
<option value='frozen'>Bevries</option>
<option value='banned'>Ban</option>
<option value='user'>Activeer</option>
</select>
<input type='hidden' name='userID' value='$userID'>
<input type='submit' value='Confirm'>
</form>
</td>
</tr>
");
}

249
website/views/adminpanel.php
View File

@@ -1,14 +1,11 @@
<script src="js/admin.js" charset="utf-8"></script>
<?php
require_once ("../queries/user.php");
require_once ("../queries/group_page.php");
?>
<!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
<?php
$search = "";
$currentpage = 1;
$perpage = 20;
$status = $groupstatus = array();
$status = array("user", "frozen", "banned", "unconfirmed", "admin", "owner");
$groupstatus = array("hidden", "public", "membersonly");
$pagetype = "user";
if (isset($_GET["search"])) {
@@ -29,31 +26,11 @@ if (isset($_GET["groupstatus"])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST["actions"]) && isset($_POST["userID"])) {
changeUserStatusByID($_POST["userID"], $_POST["actions"]);
}
if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
}
if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
}
if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
}
if (isset($_POST["pageselect"])) {
$currentpage = $_POST["pageselect"];
}
}
$listn = ($currentpage-1) * $perpage;
$listm = $currentpage * $perpage;
?>
<div class="content">
@@ -61,19 +38,21 @@ $listm = $currentpage * $perpage;
<h5>Zoek naar gebruikers of groepen:</h5>
<div class="admin-options">
<form class="admin-searchform"
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
id="admin-searchform"
action="javascript:adminSearch();"
method="get">
<div class="admin-searchbar">
Zoek: <input type="text"
name="search"
class="admin-searchinput"
placeholder="Naam"
value="<?php echo $search;?>">
Op: <select name="pagetype" id="pagetype" onchange="changeFilter()">
name="search"
class="admin-searchinput"
placeholder="Naam"
value="<?php echo $search;?>">
Op: <select name="pagetype" id="pagetype" onchange="changeFilter()">
<option value="user"
<?php if (isset($pagetype) && $pagetype=="user") echo "selected";?>>
Gerbuiker
Gebruiker
</option>
<option value="group"
<?php if (isset($pagetype) && $pagetype=="group") echo "selected";?>>
@@ -82,211 +61,93 @@ $listm = $currentpage * $perpage;
</select>
<button type="submit"><i class="fa fa-search"></i></button>
</div>
<div id="admin-filter">
<h5>Type gebruiker:</h5>
<input type="checkbox"
name="status[]"
id="all"
value="all"
<?php if (in_array("all", $status)) echo "checked";?>>
<label for="normal">Allemaal</label><br>
<input type="checkbox"
name="status[]"
id="normal"
value="user"
<?php if (in_array("user", $status)) echo "checked";?>>
<label for="normal">Normal</label><br>
<?php if (in_array("user", $status)) echo "checked";?>>
<label for="normal">Normaal</label><br>
<input type="checkbox"
name="status[]"
id="frozen"
value="frozen"
<?php if (in_array("frozen", $status)) echo "checked";?>>
<label for="frozen">Frozen</label><br>
<?php if (in_array("frozen", $status)) echo "checked";?>>
<label for="frozen">Gefrozen</label><br>
<input type="checkbox"
name="status[]"
id="banned"
value="banned"
<?php if (in_array("banned", $status)) echo "checked";?>>
<label for="banned">Banned</label><br>
<?php if (in_array("banned", $status)) echo "checked";?>>
<label for="banned">Gebant</label><br>
<input type="checkbox"
name="status[]"
id="admin"
value="admin"
<?php if (in_array("admin", $status)) echo "checked";?>>
<?php if (in_array("admin", $status)) echo "checked";?>>
<label for="admin">Admin</label><br>
<input type="checkbox"
name="status[]"
id="unvalidated"
value="unconfirmed"
<?php if (in_array("unconfirmed", $status)) echo "checked";?>>
<label for="unvalidated">Unvalidated</label><br>
<?php if (in_array("unconfirmed", $status)) echo "checked";?>>
<label for="unvalidated">Ongevalideerd</label><br>
<input type="checkbox"
name="status[]"
id="owner"
value="owner"
<?php if (in_array("owner", $status)) echo "checked";?>>
<?php if (in_array("owner", $status)) echo "checked";?>>
<label for="owner">Owner</label>
</div>
<div id="admin-groupfilter">
<h5>Type groep:</h5>
<input type="checkbox" name="groupstatus[]" id="all" value="all"
<?php if (in_array("all", $groupstatus)) echo "checked";?>>
<label for="hidden">Allemaal</label><br>
<input type="checkbox" name="groupstatus[]" id="hidden" value="0"
<?php if (in_array("0", $groupstatus)) echo "checked";?>>
<label for="hidden">Hidden</label><br>
<input type="checkbox" name="groupstatus[]" id="public" value="1"
<?php if (in_array("1", $groupstatus)) echo "checked";?>>
<label for="public">Public</label><br>
<input type="checkbox" name="groupstatus[]" id="membersonly" value="2"
<?php if (in_array("2", $groupstatus)) echo "checked";?>>
<label for="membersonly">Members-only</label><br>
<input type="checkbox" name="groupstatus[]" id="hidden" value="hidden"
<?php if (in_array("hidden", $groupstatus)) echo "checked";?>>
<label for="hidden">Verborgen</label><br>
<input type="checkbox" name="groupstatus[]" id="public" value="public"
<?php if (in_array("public", $groupstatus)) echo "checked";?>>
<label for="public">Publiek</label><br>
<input type="checkbox" name="groupstatus[]" id="membersonly" value="membersonly"
<?php if (in_array("membersonly", $groupstatus)) echo "checked";?>>
<label for="membersonly">Alleen Leden</label><br>
</div>
</form>
</div>
<div class="admin-users">
<div class="admin-usertitle">
<h4>Resultaat:</h4>
<span style="float: right">
<?php
if ($pagetype == "user") {
$pages = countSomeUsersByStatus($search, $status);
} else {
$pages = countSomeGroupsByStatus($search, $groupstatus);
}
$countresults = $pages->fetchColumn();
$mincount = min($listm, $countresults);
$minlist = min($listn + 1, $countresults);
?>
Pagina: <form class="admin-pageselector"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
method="post">
<select class="admin-pageselect"
name="pageselect"
onchange="this.form.submit()"
value="">
<?php
for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
if ($currentpage == $i) {
echo "<option value='$i' selected>$i</option>";
} else {
echo "<option value='$i'>$i</option>";
}
}
?>
</select>
</form>
<?php
echo "$minlist tot $mincount ($countresults totaal)";
?>
</span>
</div>
<div class="admin-users">
<div class="admin-usertitle">
<h4>Resultaat:</h4>
<span style="float: right" id="admin-pageinfo">
</span>
<form
id="admin-batchform"
action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
action="API/adminChangeUser.php"
method="post">
<button type="submit" name="batchactions" id="freeze" value="frozen">Bevries</button>
<button type="submit" name="batchactions" id="ban" value="banned">Ban</button>
<button type="submit" name="batchactions" id="restore" value="user">Activeer</button>
</form>
</div>
<table class="usertable">
<tr>
<th><input type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)"></th>
<th class="table-username">Gebruikersnaam</th>
<th class="table-status">Status</th>
<th class="table-comment">Aantekening</th>
<th class="table-action">Actie</th>
</tr>
<form
id="admin-groupbatchform"
action="API/adminChangeUser.php"
method="post">
<!-- Table construction via php PDO. -->
<?php
$listn = ($currentpage-1) * $perpage;
$listm = $currentpage * $perpage;
if ($pagetype == 'user') {
$q = searchSomeUsersByStatus($listn, $listm, $search, $status);
while($user = $q->fetch(PDO::FETCH_ASSOC)) {
$userID = $user['userID'];
$username = $user['username'];
$role = $user['role'];
$bancomment = $user['bancomment'];
$thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td><input type='checkbox'
name='checkbox-user[]'
class='checkbox-list'
value='$userID'
form='admin-batchform'
onchange=" . "$function" . ">
</td>
<td>$username</td>
<td>$role</td>
<td>$bancomment</td>
<td>
<form class='admin-useraction'
action='$thispage'
method='post'>
<select class='action' name='actions'>
<option value='frozen'>Bevries</option>
<option value='banned'>Ban</option>
<option value='user'>Activeer</option>
</select>
<input type='hidden' name='userID' value='$userID'>
<input type='submit' value='Confirm'>
</form>
</td>
</tr>
");
}
} else {
$q = searchSomeGroupsByStatus($listn, $listm, $search, $groupstatus);
while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
$groupID = $group['groupID'];
$name = $group['name'];
$role = $group['status'];
$description = $group['description'];
$thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
$function = "checkCheckAll(document.getElementById('checkall'))";
echo("
<tr>
<td><input type='checkbox'
name='checkbox-group[]'
class='checkbox-list'
value='$groupID'
form='admin-groupbatchform'
onchange=" . "$function" . ">
</td>
<td>$name</td>
<td>$role</td>
<td>$description</td>
<td>
<form class='admin-groupaction'
action='$thispage'
method='post'>
<select class='action' name='actions'>
<option value='0'>Hide</option>
<option value='1'>Public</option>
<option value='2'>Members</option>
</select>
<input type='hidden' name='groupID' value='$groupID'>
<input type='submit' value='Confirm'>
</form>
</td>
</tr>
");
}
}
?>
</table>
<button type="submit" name="batchactions" id="hide" value="hidden">Hide</button>
<button type="submit" name="batchactions" id="ban" value="public">Public</button>
<button type="submit" name="batchactions" id="members" value="membersonly">Members</button>
</form>
</div>
<table class="usertable" id="usertable">
</table>
</div>
</div>
</div>
</body>
</html>
</html>