empty SessionID sends the user to login page

If the session is empty, it now sends you to the login page with a safed url so it can revert you back to the right page after login

website/public/API/deletePost.php

@@ -3,9 +3,9 @@ session_start();
 
 require_once "../../queries/post.php";
 require_once "../../queries/user.php";
-
-if (isset($_SESSION["userID"]) and
-    getRoleByID($_SESSION["userID"]) != 'frozen' and
+if (!isset($_SESSION["userID"])) {
+    echo "logged out";
+} else if (getRoleByID($_SESSION["userID"]) != 'frozen' and
            getRoleByID($_SESSION["userID"]) != 'banned') {
 
     if (empty($_POST["postID"]) or empty($_SESSION["userID"])) {

website/public/API/postComment.php

@@ -7,9 +7,9 @@ require_once("../../queries/connect.php");
 require_once("../../queries/checkInput.php");
 require_once("../../queries/user.php");
 
-
-if (isset($_SESSION["userID"]) &&
-    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+if (!isset($_SESSION["userID"])) {
+    echo "logged out";
+} else if (getRoleByID($_SESSION["userID"]) != 'frozen' &&
            getRoleByID($_SESSION["userID"]) != 'banned') {
     if ($_POST['button'] == 'reaction') {
         if (empty($_POST['newcomment-content'])) {

website/public/API/postPost.php

@@ -8,8 +8,9 @@ require_once("../../queries/connect.php");
 require_once("../../queries/checkInput.php");
 require_once("../../queries/user.php");
 
-if (isset($_SESSION["userID"]) &&
-    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+if (!isset($_SESSION["userID"])) {
+    echo "logged out";
+} else if (getRoleByID($_SESSION["userID"]) != 'frozen' &&
            getRoleByID($_SESSION["userID"]) != 'banned') {
 
     if (empty($_SESSION["userID"])) {

website/public/API/sendMessage.php

@@ -7,8 +7,9 @@ require_once("../../queries/checkInput.php");
 require_once("../../queries/user.php");
 
 // Check if the user is allowed to send a message.
-if (isset($_SESSION["userID"]) &&
-    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+if (!isset($_SESSION["userID"])) {
+    echo "logged out";
+} else if (getRoleByID($_SESSION["userID"]) != 'frozen' &&
            getRoleByID($_SESSION["userID"]) != 'banned') {
     if (!empty(test_input($_POST["destination"])) &&
         !empty(test_input($_POST["content"]))

website/public/js/chat.js

@@ -43,6 +43,8 @@ function sendMessage() {
     ).done(function(response) {
         if (response == "frozen") {
             alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denkt dat dit onjuist is.");
+        } else if (response == "logged out") {
+            window.location.href = "login.php?url=" + window.location.pathname;
         }
         // Load messages if the message has been send, so it shows in the chat.
         loadMessages();

website/public/js/main.js

@@ -3,8 +3,7 @@ var months = ["januari", "februari", "maart", "april", "mei", "juni", "juli", "a
 
 function fancyText(text) {
     // Add links, images, gifs and (youtube) video's.
-    var regex = /(https?:\/\/.[^ <>"]*)/ig;
-    text = text.replace(regex, function(link) {
+    text = text.replace(/(https?:\/\/.[^ \n<>"]*)/ig, function(link) {
         // Add images
         if (link.match(/(https?:\/\/.[^ ]*\.(?:png|jpg|jpeg|gif))/ig)) {
             return "<img alt='" + link + "' src='" + link + "' />";
@@ -39,7 +38,7 @@ function fancyText(text) {
 }
 
 // This function gets the value of a cookie when given a key.
-// If didn´t find any compatible cookie, it returns false.
+// If it didn´t find any compatible cookie, it returns false.
 function getCookie(key) {
     cookies = document.cookie.split("; ");
     for (var i in cookies) {

website/public/js/masonry.js

@@ -26,7 +26,7 @@ function requestPost(postID) {
 function postPost() {
     title = $("input.newpost[name='title']").val();
     content = $("textarea.newpost[name='content']").val();
-
+    console.log(masonryMode);
     if (masonryMode == 2) {
         $.post("API/postPost.php", { title: title,
                                      content : content,
@@ -36,6 +36,10 @@ function postPost() {
                     $('#alertbox').show();
                     $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in.");
                     window.scrollTo(0,0);
+                } else if (data == "logged out") {
+                    window.location.href = "login.php?url=" + window.location.pathname;
+                } else if (data == "frozen") {
+                    alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is.");
                 } else {
                     $('#alertbox').hide();
                     masonry(masonryMode);
@@ -49,6 +53,10 @@ function postPost() {
                     $('#alertbox').show();
                     $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in.");
                     window.scrollTo(0,0);
+                } else if (data == "logged out") {
+                    window.location.href = "login.php?url=" + window.location.pathname;
+                } else if (data == "frozen") {
+                    alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is.");
                 } else {
                     $('#alertbox').hide();
                     masonry(masonryMode);

website/public/js/post.js

@@ -8,6 +8,8 @@ function postComment(buttonValue) {
     ).done(function (response) {
         if (response == "frozen") {
             alert("Je account is bevroren, dus je kan geen comments plaatsen of \"niet slechten\". Contacteer een admin als je denkt dat dit onjuist is.");
+        } else if (response == "logged out") {
+            window.location.href = "login.php?url=" + window.location.pathname;
         }
     });
 
@@ -30,6 +32,8 @@ function deletePost(postID) {
     ).done(function (response) {
         if (response == "frozen") {
             alert("Je account is bevroren, dus je kan geen posts verwijderen. Contacteer een admin als je denkt dat dit onjuist is.");
+        } else if (response == "logged out") {
+            window.location.href = "login.php?url=" + window.location.pathname;
         }
     });
     closeModal();

website/public/styles/post-popup.css

@@ -91,7 +91,7 @@
 
 .deleteButton {
     background-color: firebrick;
-
+    float: right;
 }
 
 .deleteButton i {

website/views/head.php

@@ -26,8 +26,8 @@ require_once ("../queries/user.php");
 
 session_start();
 
-if(!isset($_SESSION["userID"])){
-    header("location:login.php");
+if(!isset($_SESSION["userID"])) {
+    header("location:login.php?url=" . "$_SERVER[REQUEST_URI]");
 } else {
     updateLastActivity();
 }

website/views/post-view.php

@@ -5,14 +5,6 @@ $fullname = $post['fname'] . " " . $post['lname'] . " (" . $post['username'] . "
 ?>
 <div class='post-header header'>
     <h4><?=$post['title']?></h4>
-    <?php if (checkPermissionOnPost($postID, $_SESSION["userID"])) {?>
-    <button class="deleteButton"
-            onclick="deletePost('<?=$postID?>')"
-            type="submit">
-        <i class="fa fa-trash"></i>
-        <span>Verwijder post</span>
-    </button><br />
-    <?php } ?>
     <span class='postinfo'>
         gepost door <?=$fullname?>,
             <span class='posttime' title='<?=$post['creationdate']?>'>
@@ -20,7 +12,14 @@ $fullname = $post['fname'] . " " . $post['lname'] . " (" . $post['username'] . "
             </span>
     </span>
 </div>
-
+<?php if (checkPermissionOnPost($postID, $_SESSION["userID"])) {?>
+    <button class="deleteButton"
+            onclick="deletePost('<?=$postID?>')"
+            type="submit">
+        <i class="fa fa-trash"></i>
+        <span>Verwijder post</span>
+    </button><br />
+<?php } ?>
 <div class='post-content'>
     <p><?=$post['content']?></p>
 </div>