MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

empty SessionID sends the user to login page

Browse Source 
If the session is empty, it now sends you to the login page with a safed url so it can revert you back to the right page after login
This commit is contained in:
Lars van Hijfte
2017-02-02 17:43:32 +01:00
parent b1941f0191
commit f8c9454b85
11 changed files with 44 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
website/public/API/deletePost.php
View File

@@ -3,9 +3,9 @@ session_start();
require_once "../../queries/post.php"; require_once "../../queries/post.php";
require_once "../../queries/user.php"; require_once "../../queries/user.php";
if (!isset($_SESSION["userID"])) {
if (isset($_SESSION["userID"]) and echo "logged out";
getRoleByID($_SESSION["userID"]) != 'frozen' and } else if (getRoleByID($_SESSION["userID"]) != 'frozen' and
getRoleByID($_SESSION["userID"]) != 'banned') { getRoleByID($_SESSION["userID"]) != 'banned') {
if (empty($_POST["postID"]) or empty($_SESSION["userID"])) { if (empty($_POST["postID"]) or empty($_SESSION["userID"])) {

6
website/public/API/postComment.php
View File

@@ -7,9 +7,9 @@ require_once("../../queries/connect.php");
require_once("../../queries/checkInput.php"); require_once("../../queries/checkInput.php");
require_once("../../queries/user.php"); require_once("../../queries/user.php");
if (!isset($_SESSION["userID"])) {
if (isset($_SESSION["userID"]) && echo "logged out";
getRoleByID($_SESSION["userID"]) != 'frozen' && } else if (getRoleByID($_SESSION["userID"]) != 'frozen' &&
getRoleByID($_SESSION["userID"]) != 'banned') { getRoleByID($_SESSION["userID"]) != 'banned') {
if ($_POST['button'] == 'reaction') { if ($_POST['button'] == 'reaction') {
if (empty($_POST['newcomment-content'])) { if (empty($_POST['newcomment-content'])) {

5
website/public/API/postPost.php
View File

@@ -8,8 +8,9 @@ require_once("../../queries/connect.php");
require_once("../../queries/checkInput.php"); require_once("../../queries/checkInput.php");
require_once("../../queries/user.php"); require_once("../../queries/user.php");
if (isset($_SESSION["userID"]) && if (!isset($_SESSION["userID"])) {
getRoleByID($_SESSION["userID"]) != 'frozen' && echo "logged out";
} else if (getRoleByID($_SESSION["userID"]) != 'frozen' &&
getRoleByID($_SESSION["userID"]) != 'banned') { getRoleByID($_SESSION["userID"]) != 'banned') {
if (empty($_SESSION["userID"])) { if (empty($_SESSION["userID"])) {

5
website/public/API/sendMessage.php
View File

@@ -7,8 +7,9 @@ require_once("../../queries/checkInput.php");
require_once("../../queries/user.php"); require_once("../../queries/user.php");
// Check if the user is allowed to send a message. // Check if the user is allowed to send a message.
if (isset($_SESSION["userID"]) && if (!isset($_SESSION["userID"])) {
getRoleByID($_SESSION["userID"]) != 'frozen' && echo "logged out";
} else if (getRoleByID($_SESSION["userID"]) != 'frozen' &&
getRoleByID($_SESSION["userID"]) != 'banned') { getRoleByID($_SESSION["userID"]) != 'banned') {
if (!empty(test_input($_POST["destination"])) && if (!empty(test_input($_POST["destination"])) &&
!empty(test_input($_POST["content"])) !empty(test_input($_POST["content"]))

2
website/public/js/chat.js
View File

@@ -43,6 +43,8 @@ function sendMessage() {
).done(function(response) { ).done(function(response) {
if (response == "frozen") { if (response == "frozen") {
alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denkt dat dit onjuist is."); alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denkt dat dit onjuist is.");
} else if (response == "logged out") {
window.location.href = "login.php?url=" + window.location.pathname;
} }
// Load messages if the message has been send, so it shows in the chat. // Load messages if the message has been send, so it shows in the chat.
loadMessages(); loadMessages();

5
website/public/js/main.js
View File

@@ -3,8 +3,7 @@ var months = ["januari", "februari", "maart", "april", "mei", "juni", "juli", "a
function fancyText(text) { function fancyText(text) {
// Add links, images, gifs and (youtube) video's. // Add links, images, gifs and (youtube) video's.
var regex = /(https?:\/\/.[^ <>"]*)/ig; text = text.replace(/(https?:\/\/.[^ \n<>"]*)/ig, function(link) {
text = text.replace(regex, function(link) {
// Add images // Add images
if (link.match(/(https?:\/\/.[^ ]*\.(?:png|jpg|jpeg|gif))/ig)) { if (link.match(/(https?:\/\/.[^ ]*\.(?:png|jpg|jpeg|gif))/ig)) {
return "<img alt='" + link + "' src='" + link + "' />"; return "<img alt='" + link + "' src='" + link + "' />";
@@ -39,7 +38,7 @@ function fancyText(text) {
} }
// This function gets the value of a cookie when given a key. // This function gets the value of a cookie when given a key.
// If didn´t find any compatible cookie, it returns false. // If it didn´t find any compatible cookie, it returns false.
function getCookie(key) { function getCookie(key) {
cookies = document.cookie.split("; "); cookies = document.cookie.split("; ");
for (var i in cookies) { for (var i in cookies) {

10
website/public/js/masonry.js
View File

@@ -26,7 +26,7 @@ function requestPost(postID) {
function postPost() { function postPost() {
title = $("input.newpost[name='title']").val(); title = $("input.newpost[name='title']").val();
content = $("textarea.newpost[name='content']").val(); content = $("textarea.newpost[name='content']").val();
console.log(masonryMode);
if (masonryMode == 2) { if (masonryMode == 2) {
$.post("API/postPost.php", { title: title, $.post("API/postPost.php", { title: title,
content : content, content : content,
@@ -36,6 +36,10 @@ function postPost() {
$('#alertbox').show(); $('#alertbox').show();
$('#alerttext').html("Geen titel of inhoud; vul a.u.b. in."); $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in.");
window.scrollTo(0,0); window.scrollTo(0,0);
} else if (data == "logged out") {
window.location.href = "login.php?url=" + window.location.pathname;
} else if (data == "frozen") {
alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is.");
} else { } else {
$('#alertbox').hide(); $('#alertbox').hide();
masonry(masonryMode); masonry(masonryMode);
@@ -49,6 +53,10 @@ function postPost() {
$('#alertbox').show(); $('#alertbox').show();
$('#alerttext').html("Geen titel of inhoud; vul a.u.b. in."); $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in.");
window.scrollTo(0,0); window.scrollTo(0,0);
} else if (data == "logged out") {
window.location.href = "login.php?url=" + window.location.pathname;
} else if (data == "frozen") {
alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is.");
} else { } else {
$('#alertbox').hide(); $('#alertbox').hide();
masonry(masonryMode); masonry(masonryMode);

4
website/public/js/post.js
View File

@@ -8,6 +8,8 @@ function postComment(buttonValue) {
).done(function (response) { ).done(function (response) {
if (response == "frozen") { if (response == "frozen") {
alert("Je account is bevroren, dus je kan geen comments plaatsen of \"niet slechten\". Contacteer een admin als je denkt dat dit onjuist is."); alert("Je account is bevroren, dus je kan geen comments plaatsen of \"niet slechten\". Contacteer een admin als je denkt dat dit onjuist is.");
} else if (response == "logged out") {
window.location.href = "login.php?url=" + window.location.pathname;
} }
}); });
@@ -30,6 +32,8 @@ function deletePost(postID) {
).done(function (response) { ).done(function (response) {
if (response == "frozen") { if (response == "frozen") {
alert("Je account is bevroren, dus je kan geen posts verwijderen. Contacteer een admin als je denkt dat dit onjuist is."); alert("Je account is bevroren, dus je kan geen posts verwijderen. Contacteer een admin als je denkt dat dit onjuist is.");
} else if (response == "logged out") {
window.location.href = "login.php?url=" + window.location.pathname;
} }
}); });
closeModal(); closeModal();

2
website/public/styles/post-popup.css
View File

@@ -91,7 +91,7 @@
.deleteButton { .deleteButton {
background-color: firebrick; background-color: firebrick;
float: right;
} }
.deleteButton i { .deleteButton i {

4
website/views/head.php
View File

@@ -26,8 +26,8 @@ require_once ("../queries/user.php");
session_start(); session_start();
if(!isset($_SESSION["userID"])){ if(!isset($_SESSION["userID"])) {
header("location:login.php"); header("location:login.php?url=" . "$_SERVER[REQUEST_URI]");
} else { } else {
updateLastActivity(); updateLastActivity();
} }

17
website/views/post-view.php
View File

@@ -5,14 +5,6 @@ $fullname = $post['fname'] . " " . $post['lname'] . " (" . $post['username'] . "
?> ?>
<div class='post-header header'> <div class='post-header header'>
<h4><?=$post['title']?></h4> <h4><?=$post['title']?></h4>
<?php if (checkPermissionOnPost($postID, $_SESSION["userID"])) {?>
<button class="deleteButton"
onclick="deletePost('<?=$postID?>')"
type="submit">
<i class="fa fa-trash"></i>
<span>Verwijder post</span>
</button><br />
<?php } ?>
<span class='postinfo'> <span class='postinfo'>
gepost door <?=$fullname?>, gepost door <?=$fullname?>,
<span class='posttime' title='<?=$post['creationdate']?>'> <span class='posttime' title='<?=$post['creationdate']?>'>
@@ -20,7 +12,14 @@ $fullname = $post['fname'] . " " . $post['lname'] . " (" . $post['username'] . "
</span> </span>
</span> </span>
</div> </div>
<?php if (checkPermissionOnPost($postID, $_SESSION["userID"])) {?>
<button class="deleteButton"
onclick="deletePost('<?=$postID?>')"
type="submit">
<i class="fa fa-trash"></i>
<span>Verwijder post</span>
</button><br />
<?php } ?>
<div class='post-content'> <div class='post-content'>
<p><?=$post['content']?></p> <p><?=$post['content']?></p>
</div> </div>