From f8c9454b85a2e85961e9421555f8c0d7054f3b3c Mon Sep 17 00:00:00 2001 From: Lars van Hijfte Date: Thu, 2 Feb 2017 17:43:32 +0100 Subject: [PATCH] empty SessionID sends the user to login page If the session is empty, it now sends you to the login page with a safed url so it can revert you back to the right page after login --- website/public/API/deletePost.php | 8 ++++---- website/public/API/postComment.php | 8 ++++---- website/public/API/postPost.php | 7 ++++--- website/public/API/sendMessage.php | 7 ++++--- website/public/js/chat.js | 2 ++ website/public/js/main.js | 5 ++--- website/public/js/masonry.js | 10 +++++++++- website/public/js/post.js | 4 ++++ website/public/styles/post-popup.css | 2 +- website/views/head.php | 4 ++-- website/views/post-view.php | 17 ++++++++--------- 11 files changed, 44 insertions(+), 30 deletions(-) diff --git a/website/public/API/deletePost.php b/website/public/API/deletePost.php index fffadf5..37f89a1 100644 --- a/website/public/API/deletePost.php +++ b/website/public/API/deletePost.php @@ -3,10 +3,10 @@ session_start(); require_once "../../queries/post.php"; require_once "../../queries/user.php"; - -if (isset($_SESSION["userID"]) and - getRoleByID($_SESSION["userID"]) != 'frozen' and - getRoleByID($_SESSION["userID"]) != 'banned') { +if (!isset($_SESSION["userID"])) { + echo "logged out"; +} else if (getRoleByID($_SESSION["userID"]) != 'frozen' and + getRoleByID($_SESSION["userID"]) != 'banned') { if (empty($_POST["postID"]) or empty($_SESSION["userID"])) { header('HTTP/1.1 500 Non enough arguments'); diff --git a/website/public/API/postComment.php b/website/public/API/postComment.php index 3864cc8..c9f8a53 100644 --- a/website/public/API/postComment.php +++ b/website/public/API/postComment.php @@ -7,10 +7,10 @@ require_once("../../queries/connect.php"); require_once("../../queries/checkInput.php"); require_once("../../queries/user.php"); - -if (isset($_SESSION["userID"]) && - getRoleByID($_SESSION["userID"]) != 'frozen' && - getRoleByID($_SESSION["userID"]) != 'banned') { +if (!isset($_SESSION["userID"])) { + echo "logged out"; +} else if (getRoleByID($_SESSION["userID"]) != 'frozen' && + getRoleByID($_SESSION["userID"]) != 'banned') { if ($_POST['button'] == 'reaction') { if (empty($_POST['newcomment-content'])) { echo 0; diff --git a/website/public/API/postPost.php b/website/public/API/postPost.php index 241bda6..2d703d3 100644 --- a/website/public/API/postPost.php +++ b/website/public/API/postPost.php @@ -8,9 +8,10 @@ require_once("../../queries/connect.php"); require_once("../../queries/checkInput.php"); require_once("../../queries/user.php"); -if (isset($_SESSION["userID"]) && - getRoleByID($_SESSION["userID"]) != 'frozen' && - getRoleByID($_SESSION["userID"]) != 'banned') { +if (!isset($_SESSION["userID"])) { + echo "logged out"; +} else if (getRoleByID($_SESSION["userID"]) != 'frozen' && + getRoleByID($_SESSION["userID"]) != 'banned') { if (empty($_SESSION["userID"])) { header('HTTP/1.1 500 Non enough arguments'); diff --git a/website/public/API/sendMessage.php b/website/public/API/sendMessage.php index c6e3231..a2d411b 100644 --- a/website/public/API/sendMessage.php +++ b/website/public/API/sendMessage.php @@ -7,9 +7,10 @@ require_once("../../queries/checkInput.php"); require_once("../../queries/user.php"); // Check if the user is allowed to send a message. -if (isset($_SESSION["userID"]) && - getRoleByID($_SESSION["userID"]) != 'frozen' && - getRoleByID($_SESSION["userID"]) != 'banned') { +if (!isset($_SESSION["userID"])) { + echo "logged out"; +} else if (getRoleByID($_SESSION["userID"]) != 'frozen' && + getRoleByID($_SESSION["userID"]) != 'banned') { if (!empty(test_input($_POST["destination"])) && !empty(test_input($_POST["content"])) ) { diff --git a/website/public/js/chat.js b/website/public/js/chat.js index a3ff430..f431b91 100644 --- a/website/public/js/chat.js +++ b/website/public/js/chat.js @@ -43,6 +43,8 @@ function sendMessage() { ).done(function(response) { if (response == "frozen") { alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denkt dat dit onjuist is."); + } else if (response == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; } // Load messages if the message has been send, so it shows in the chat. loadMessages(); diff --git a/website/public/js/main.js b/website/public/js/main.js index 30cd3ed..2ce58e4 100644 --- a/website/public/js/main.js +++ b/website/public/js/main.js @@ -3,8 +3,7 @@ var months = ["januari", "februari", "maart", "april", "mei", "juni", "juli", "a function fancyText(text) { // Add links, images, gifs and (youtube) video's. - var regex = /(https?:\/\/.[^ <>"]*)/ig; - text = text.replace(regex, function(link) { + text = text.replace(/(https?:\/\/.[^ \n<>"]*)/ig, function(link) { // Add images if (link.match(/(https?:\/\/.[^ ]*\.(?:png|jpg|jpeg|gif))/ig)) { return "" + link + ""; @@ -39,7 +38,7 @@ function fancyText(text) { } // This function gets the value of a cookie when given a key. -// If didn´t find any compatible cookie, it returns false. +// If it didn´t find any compatible cookie, it returns false. function getCookie(key) { cookies = document.cookie.split("; "); for (var i in cookies) { diff --git a/website/public/js/masonry.js b/website/public/js/masonry.js index a628e96..d43577b 100644 --- a/website/public/js/masonry.js +++ b/website/public/js/masonry.js @@ -26,7 +26,7 @@ function requestPost(postID) { function postPost() { title = $("input.newpost[name='title']").val(); content = $("textarea.newpost[name='content']").val(); - + console.log(masonryMode); if (masonryMode == 2) { $.post("API/postPost.php", { title: title, content : content, @@ -36,6 +36,10 @@ function postPost() { $('#alertbox').show(); $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in."); window.scrollTo(0,0); + } else if (data == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; + } else if (data == "frozen") { + alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is."); } else { $('#alertbox').hide(); masonry(masonryMode); @@ -49,6 +53,10 @@ function postPost() { $('#alertbox').show(); $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in."); window.scrollTo(0,0); + } else if (data == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; + } else if (data == "frozen") { + alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is."); } else { $('#alertbox').hide(); masonry(masonryMode); diff --git a/website/public/js/post.js b/website/public/js/post.js index 4009023..4f77d4d 100644 --- a/website/public/js/post.js +++ b/website/public/js/post.js @@ -8,6 +8,8 @@ function postComment(buttonValue) { ).done(function (response) { if (response == "frozen") { alert("Je account is bevroren, dus je kan geen comments plaatsen of \"niet slechten\". Contacteer een admin als je denkt dat dit onjuist is."); + } else if (response == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; } }); @@ -30,6 +32,8 @@ function deletePost(postID) { ).done(function (response) { if (response == "frozen") { alert("Je account is bevroren, dus je kan geen posts verwijderen. Contacteer een admin als je denkt dat dit onjuist is."); + } else if (response == "logged out") { + window.location.href = "login.php?url=" + window.location.pathname; } }); closeModal(); diff --git a/website/public/styles/post-popup.css b/website/public/styles/post-popup.css index 24badcb..9493b83 100644 --- a/website/public/styles/post-popup.css +++ b/website/public/styles/post-popup.css @@ -91,7 +91,7 @@ .deleteButton { background-color: firebrick; - + float: right; } .deleteButton i { diff --git a/website/views/head.php b/website/views/head.php index f831f5d..52bcab8 100644 --- a/website/views/head.php +++ b/website/views/head.php @@ -26,8 +26,8 @@ require_once ("../queries/user.php"); session_start(); -if(!isset($_SESSION["userID"])){ - header("location:login.php"); +if(!isset($_SESSION["userID"])) { + header("location:login.php?url=" . "$_SERVER[REQUEST_URI]"); } else { updateLastActivity(); } diff --git a/website/views/post-view.php b/website/views/post-view.php index f8fe902..717e6a8 100644 --- a/website/views/post-view.php +++ b/website/views/post-view.php @@ -5,14 +5,6 @@ $fullname = $post['fname'] . " " . $post['lname'] . " (" . $post['username'] . " ?>

- -
- gepost door , '> @@ -20,7 +12,14 @@ $fullname = $post['fname'] . " " . $post['lname'] . " (" . $post['username'] . "
- + +
+