Favicon

Lars

See merge request !206

website/public/API/adminChangeUser.php

@@ -3,18 +3,29 @@ session_start();
 
 require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
-require_once ("../../queries/user.php");
 require_once ("../../queries/group_page.php");
+require_once ("../../queries/user.php");
 
-if (isset($_POST["actions"]) && isset($_POST["userID"])) {
+if (isset($_SESSION["userID"]) &&
+    (getRoleByID($_SESSION["userID"]) == 'admin' ||
+     getRoleByID($_SESSION["userID"]) == 'owner')) {
+    $userinfo = getRoleByID($_SESSION['userID']);
+
+    if (isset($_POST["actions"]) && isset($_POST["userID"])) {
         changeUserStatusByID($_POST["userID"], $_POST["actions"]);
-} else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
+    } else if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
         changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
-} else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
+    } else if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
+        if ($userinfo == 'owner') {
             changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
-} else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
+        } else {
+            changeMultipleUserStatusByIDAdmin($_POST["checkbox-user"], $_POST["batchactions"]);
+        }
+    } else if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
         changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
+    } else if (isset($_POST['bancommentuserID']) && isset($_POST['bancommenttext'])) {
+        editBanCommentByID($_POST['bancommentuserID'], $_POST['bancommenttext']);
+    }
+} else {
+    header('HTTP/1.0 403 Forbidden');
 }
-
-//header("location: ../admin.php");
-print_r($_POST);

website/public/API/adminPageNumber.php

@@ -5,24 +5,40 @@ session_start();
 require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/user.php");
+require_once ("../../queries/group_page.php");
 
-$search = "";
+if (isset($_SESSION["userID"]) &&
-if (isset($_POST["search"])) {
+    (getRoleByID($_SESSION["userID"]) == 'admin' ||
+     getRoleByID($_SESSION["userID"]) == 'owner')) {
+    $search = "";
+    if (isset($_POST["search"])) {
         $search = test_input($_POST["search"]);
-}
+    }
 
-$pagetype = "user";
+    $pagetype = "user";
-if (isset($_POST['pagetype'])) {
+    if (isset($_POST['pagetype'])) {
         $pagetype = test_input($_POST['pagetype']);
-}
+    }
 
-$status = array();
+    $status = array();
-if (isset($_POST['status'])) {
+    if (isset($_POST['status'])) {
         $status = $_POST["status"];
-}
+    }
+
+    $groupstatus = array();
+    if (isset($_POST['groupstatus'])) {
+        $groupstatus = $_POST["groupstatus"];
+    }
+
+    $entries = 20;
+    $currentpage = 1;
+    if (isset($_POST['currentpage'])) {
+        $currentpage = (int) test_input($_POST["currentpage"]);
+    }
+
+    $offset = (int) $currentpage * $entries - $entries;
 
-if ($pagetype == "user") {
     include ("../../views/adminpanel-page.php");
 } else {
-    echo "Pagenumber failed!";
+    header('HTTP/1.0 403 Forbidden');
 }

website/public/API/adminSearchUsers.php

@@ -7,38 +7,44 @@ require_once ("../../queries/checkInput.php");
 require_once ("../../queries/user.php");
 require_once ("../../queries/group_page.php");
 
-$offset = 0;
+if (isset($_SESSION["userID"]) &&
-if (isset($_POST["n"])) {
+    (getRoleByID($_SESSION["userID"]) == 'admin' ||
-    $offset = (int) test_input($_POST["n"]);
+     getRoleByID($_SESSION["userID"]) == 'owner')) {
-}
+    $offset = 0;
-$entries = 20;
+    $entries = 20;
-if (isset($_POST["m"])) {
+    if (isset($_POST["currentpage"])) {
-    $entries = (int) test_input($_POST["m"]);
+        $offset = (int)test_input($_POST["currentpage"]) * $entries - $entries;
-}
+    }
-$search = "";
+
-if (isset($_POST["search"])) {
+    $search = "";
+    if (isset($_POST["search"])) {
         $search = test_input($_POST["search"]);
-}
+    }
 
-$pagetype = "user";
+    $pagetype = "user";
-if (isset($_POST['pagetype'])) {
+    if (isset($_POST['pagetype'])) {
         $pagetype = test_input($_POST['pagetype']);
-}
+    }
 
-$status = array();
+    $status = array();
-if (isset($_POST['status'])) {
+    if (isset($_POST['status'])) {
         $status = $_POST["status"];
-}
+    }
 
-$groupstatus = array();
+    $groupstatus = array();
-if (isset($_POST['groupstatus'])) {
+    if (isset($_POST['groupstatus'])) {
         $groupstatus = $_POST["groupstatus"];
-}
+    }
 
-if ($pagetype == "user") {
+    $userinfo = getRoleByID($_SESSION['userID']);
-    include ("../../views/adminpanel-table.php");
+
-} else if ($pagetype == "group") {
+    if ($pagetype == "user") {
-    include ("../../views/adminpanel-grouptable.php");
+        include("../../views/adminpanel-table.php");
-} else {
+    } else if ($pagetype == "group") {
+        include("../../views/adminpanel-grouptable.php");
+    } else {
         echo "Search failed!";
+    }
+} else {
+    header('HTTP/1.0 403 Forbidden');
 }

website/public/API/deletePost.php

@@ -0,0 +1,20 @@
+<?php
+session_start();
+
+require_once "../../queries/post.php";
+require_once "../../queries/user.php";
+if (!isset($_SESSION["userID"])) {
+    echo "logged out";
+} else if (getRoleByID($_SESSION["userID"]) != 'frozen' and
+           getRoleByID($_SESSION["userID"]) != 'banned') {
+
+    if (empty($_POST["postID"]) or empty($_SESSION["userID"])) {
+        header('HTTP/1.1 500 Non enough arguments');
+    }
+
+    deletePost($_POST["postID"], $_SESSION["userID"]);
+    return;
+
+} else {
+    echo "frozen";
+}

website/public/API/editFriendship.php

@@ -3,25 +3,32 @@
 session_start();
 
 require_once ("../../queries/friendship.php");
+require_once("../../queries/user.php");
 
-if(empty($_POST["usr"]) OR empty($_POST["action"]) OR !in_array($_POST["action"], array("request", "accept", "delete"))) {
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    if (empty($_POST["usr"]) OR empty($_POST["action"]) OR !in_array($_POST["action"], array("request", "accept", "delete"))) {
         header('HTTP/1.1 500 Non enough arguments');
-}
+    }
 
-$friendship_status = getFriendshipStatus($_POST["usr"]);
+    $friendship_status = getFriendshipStatus($_POST["usr"]);
 
-if($_POST["action"] == "request" AND $friendship_status == 0) {
+    if ($_POST["action"] == "request" AND $friendship_status == 0) {
         if (!requestFriendship($_POST["usr"])) {
             header('HTTP/1.1 500 Query (request) failed');
         }
-} else if($_POST["action"] == "delete" AND in_array($friendship_status, array(1, 2, 3))) {
+    } else if ($_POST["action"] == "delete" AND in_array($friendship_status, array(1, 2, 3))) {
         if (!removeFriendship($_POST["usr"])) {
             header('HTTP/1.1 500 Query (delete) failed');
         }
-} else if ($_POST["action"] == "accept" AND $friendship_status == 3) {
+    } else if ($_POST["action"] == "accept" AND $friendship_status == 3) {
         if (!acceptFriendship($_POST["usr"])) {
             header('HTTP/1.1 500 Query (accept) failed');
         }
-} else {
+    } else {
         header('HTTP/1.1 500 Not the right friendship status');
+    }
+} else {
+    header('HTTP/1.0 403 Forbidden');
 }

website/public/API/editMembership.php

@@ -0,0 +1,40 @@
+<?php
+
+session_start();
+
+if(empty($_POST["grp"]) or empty($_POST["role"])) {
+    header('HTTP/1.1 500 Non enough arguments');
+}
+
+if(in_array($_POST["role"], array('request', 'member', 'banned', 'mod', 'admin'))) {
+    header('HTTP/1.1 500 Wrong argument given for role');
+}
+
+require_once ("../../queries/group_member.php");
+require_once ("../../queries/group_page.php");
+require_once ("../../queries/group_member.php");
+
+$currentRole = selectGroupRole($_POST["grp"]);
+$groupStatus = selectGroupStatus($_POST["grp"]);
+echo "role: $currentRole status: $groupStatus ";
+
+if($_POST["role"] == 'request' and $currentRole == 'none') {
+    if($groupStatus = 'public') {
+        // Add member to public group
+        addMember($_POST["grp"], $_SESSION["userID"], 'member');
+        echo "ADDED";
+    } else if($groupStatus = 'membersonly') {
+        // Send request to members only group
+        addMember($_POST["grp"], $_SESSION["userID"], 'request');
+    } else {
+        // Can't invite yourself to hidden groups
+        header('HTTP/1.1 500 This group is hidden');
+    }
+    header('HTTP/1.1 200');
+} else if($_POST["role"] == 'none' and $currentRole != 'none') {
+    // Remove yourself from a group
+    deleteMember($_POST["grp"], $_SESSION["userID"]);
+} else {
+    echo "failure";
+    header('HTTP/1.1 500 Wrong argument given for role');
+}

website/public/API/getFriendshipStatus.php

@@ -10,15 +10,21 @@
 session_start();
 
 require_once ("../../queries/friendship.php");
+require_once("../../queries/user.php");
 
-if(empty($_POST["usr"])) {
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    if (empty($_POST["usr"])) {
         header('HTTP/1.1 500 Non enough arguments');
-}
+    }
 
-$friendship_status = getFriendshipStatus($_POST["usr"]);
+    $friendship_status = getFriendshipStatus($_POST["usr"]);
 
-if($friendship_status == -2) {
+    if ($friendship_status == -2) {
         header('HTTP/1.1 500 Query failed');
-}
+    }
 
-echo $friendship_status;
+    echo $friendship_status;
+} else {
+    header('HTTP/1.0 403 Forbidden');
+}

website/public/API/getGrouprole.php

@@ -0,0 +1,12 @@
+<?php
+
+session_start();
+
+if(empty($_POST["grp"])) {
+    header('HTTP/1.1 500 Non enough arguments');
+}
+
+require_once("../../queries/group_page.php");
+
+echo selectGroupRole($_POST["grp"]);
+

website/public/API/getPosts.php

@@ -1,26 +1,37 @@
 <?php
 
-if(empty($_POST["usr"]) and empty($_POST["grp"])) {
+if(!isset($_POST["offset"]) or !isset($_POST["limit"])) {
-    header('HTTP/1.1 500 Non enough arguments');
+    header('HTTP/1.1 500 Not enough arguments');
 }
+if(!isset($_POST["usr"]) and !isset($_POST["grp"])) {
+    header('HTTP/1.1 500 Not enough arguments');
+}
+
+session_start();
 
 require_once ("../../queries/post.php");
 require_once ("../../queries/nicetime.php");
+require_once("../../queries/user.php");
 
-if(empty($_POST["usr"])) {
+if (isset($_SESSION["userID"]) &&
-    $posts = selectAllPosts(0, $_POST["grp"]);
+    getRoleByID($_SESSION["userID"]) != 'banned') {
-} else {
+    if(empty($_POST["usr"])) {
-    $posts = selectAllPosts($_POST["usr"], 0);
+        $posts = selectSomePosts(0, $_POST["grp"], $_POST["offset"], $_POST["limit"]);
-}
+    } else {
+        $posts = selectSomePosts($_POST["usr"], 0, $_POST["offset"], $_POST["limit"]);
+    }
 
-if(!$posts) {
+    if(!$posts) {
-    header('HTTP/1.1 500 Query failed');
+        echo false;
-}
+    } else {
+        $results = $posts->fetchAll(PDO::FETCH_ASSOC);
 
-$results = $posts->fetchAll(PDO::FETCH_ASSOC);
+        for($i = 0; $i < sizeof($results); $i++) {
-
-for($i = 0; $i < sizeof($results); $i++) {
             $results[$i]["nicetime"] = nicetime($results[$i]["creationdate"]);
-}
+        }
 
-echo json_encode($results);
+        echo json_encode($results);
+    }
+} else {
+    header('HTTP/1.0 403 Forbidden');
+}

website/public/API/loadChatNotifications.php

@@ -4,5 +4,12 @@ session_start();
 
 require_once ("../../queries/connect.php");
 require_once ("../../queries/private_message.php");
+require_once("../../queries/user.php");
 
-echo selectAllUnreadChat();
+// Check if the user is allowed to load them.
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    echo selectAllUnreadChat();
+} else {
+    header('HTTP/1.0 403 Forbidden');
+}

website/public/API/loadFriendRequest.php

@@ -4,5 +4,13 @@ session_start();
 
 require_once ("../../queries/connect.php");
 require_once ("../../queries/friendship.php");
+require_once ("../../queries/user.php");
 
-echo selectAllFriendRequests();
+// Check if the user is allowed to load them.
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    echo selectAllFriendRequests();
+} else {
+    header('HTTP/1.0 403 Forbidden');
+}

website/public/API/loadFriends.php

@@ -5,12 +5,24 @@ session_start();
 require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/friendship.php");
+require_once("../../queries/user.php");
 
-if (isset($_POST["limit"])) {
+// Check if the user is allowed to load them.
-    echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_POST["limit"]));
+if (isset($_SESSION["userID"]) &&
-} else if (isset($_GET["limit"])) {
+    getRoleByID($_SESSION["userID"]) != 'banned') {
-    echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_GET["limit"]));
+    if (isset($_SESSION["userID"])) {
-} else {
+        // Echo the limited or unlimited users.
+        if (isset($_POST["limit"])) {
+            echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"]));
+        } else if (isset($_GET["limit"])) {
+            echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"]));
+        } else {
             echo selectFriends($_SESSION["userID"]);
+        }
+    } else {
+        echo "[]";
+    }
+} else {
+    header('HTTP/1.0 403 Forbidden');
 }
 

website/public/API/loadGroups.php

@@ -6,9 +6,17 @@ require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/group_member.php");
 
-if (isset($_POST["limit"])) {
+require_once("../../queries/user.php");
-    echo selectLimitedGroupsFromUser($_SESSION["userID"], (int) test_input($_POST["limit"]));
-} else {
-    echo selectAllGroupsFromUser($_SESSION["userID"]);
-}
 
+// Check if the user is allowed to load them.
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    // Echo the limited or unlimited groups.
+    if (isset($_POST["limit"])) {
+        echo selectLimitedGroupsFromUser($_SESSION["userID"], (int)test_input($_POST["limit"]));
+    } else {
+        echo selectAllGroupsFromUser($_SESSION["userID"]);
+    }
+} else {
+    header('HTTP/1.0 403 Forbidden');
+}

website/public/API/loadMessages.php

@@ -6,11 +6,19 @@ require_once("../../queries/connect.php");
 require_once("../../queries/private_message.php");
 require_once("../../queries/checkInput.php");
 require_once("../../queries/friendship.php");
+require_once("../../queries/user.php");
 
-if (isset($_POST["lastID"]) && $_POST["lastID"] != "") {
+// Check if the user is allowed to get the messages.
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    // Check if the users wants new messages or old ones, and give the right one back.
+    if (isset($_POST["lastID"]) && $_POST["lastID"] != "") {
         setLastVisited(test_input($_POST["destination"]));
         echo getNewChatMessages(test_input($_POST["lastID"]), test_input($_POST["destination"]));
-} else {
+    } else {
         setLastVisited(test_input($_POST["destination"]));
         echo getOldChatMessages(test_input($_POST["destination"]));
+    }
+} else {
+    header('HTTP/1.0 403 Forbidden');
 }

website/public/API/loadPost.php

@@ -1,12 +1,21 @@
 <?php
 
+session_start();
+
 require_once("../../queries/connect.php");
 require_once("../../queries/post.php");
 require_once("../../queries/checkInput.php");
 require_once("../../queries/nicetime.php");
 
-if(isset($_GET['postID'])) {
+require_once("../../queries/user.php");
+
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    if (isset($_GET['postID'])) {
         include("../../views/post-view.php");
+    } else {
+        echo "Kan de post niet laden";
+    }
 } else {
-    echo "Failed to load";
+    header('HTTP/1.0 403 Forbidden');
 }

website/public/API/nietSlecht.php

@@ -1,41 +0,0 @@
-<?php
-
-session_start();
-require_once ("../queries/connect.php");
-require_once ("../queries/checkInput.php");
-
-function getNietSlechtCountForPost(int $postID) : int {
-    $stmt = prepareQuery("
-    SELECT 
-        `userID`
-    FROM 
-        `niet_slecht`
-    WHERE
-        `postID` = :postID
-    ");
-    $stmt->bindParam(":postID", $postID);
-    $stmt->execute();
-    return $stmt->rowCount();
-}
-
-function getNietSlechtUsersForPost(int $postID) {
-    $stmt = prepareQuery("
-    SELECT
-      `fname`,
-      `lname`,
-      CONCAT(`user`.`fname`, ' ', `user`.`lname`) as `fullname`
-    FROM
-      `user`
-    INNER JOIN
-      `niet_slecht`
-    WHERE
-      `user`.`userID` = `niet_slecht`.`userID` AND
-        `niet_slecht`.`postID` = :postID
-    ");
-    $stmt->bindParam(":postID", $postID);
-    $stmt->execute();
-    $rows = $stmt->fetchAll();
-    foreach ($rows as $row) {
-        print($row["fullname"]);
-    }
-}

website/public/API/postComment.php

@@ -2,11 +2,16 @@
 
 session_start();
 
-require("../../queries/post.php");
+require_once("../../queries/post.php");
 require_once("../../queries/connect.php");
-require("../../queries/checkInput.php");
+require_once("../../queries/checkInput.php");
-print_r($_POST);
+require_once("../../queries/user.php");
-if ($_POST['button'] == 'reaction') {
+
+if (!isset($_SESSION["userID"])) {
+    echo "logged out";
+} else if (getRoleByID($_SESSION["userID"]) != 'frozen' &&
+           getRoleByID($_SESSION["userID"]) != 'banned') {
+    if ($_POST['button'] == 'reaction') {
         if (empty($_POST['newcomment-content'])) {
             echo 0;
         } else {
@@ -18,12 +23,15 @@ if ($_POST['button'] == 'reaction') {
                 echo 0;
             }
         }
-} else if ($_POST['button'] == 'nietslecht') {
+    } else if ($_POST['button'] == 'nietslecht') {
         if (makeNietSlecht($_POST["postID"], $_SESSION["userID"])) {
             echo 1;
         } else {
             echo 0;
         }
-} else {
+    } else {
         echo 0;
+    }
+} else {
+    echo "frozen";
 }

website/public/API/postPost.php

@@ -6,14 +6,23 @@ require_once("../../queries/post.php");
 require_once("../../queries/group_page.php");
 require_once("../../queries/connect.php");
 require_once("../../queries/checkInput.php");
+require_once("../../queries/user.php");
 
-if (empty($_POST["title"]) or
+if (!isset($_SESSION["userID"])) {
-    empty($_POST["content"]) or
+    echo "logged out";
-    empty($_SESSION["userID"])) {
+} else if (getRoleByID($_SESSION["userID"]) != 'frozen' &&
+           getRoleByID($_SESSION["userID"]) != 'banned') {
+
+    if (empty($_SESSION["userID"])) {
         header('HTTP/1.1 500 Non enough arguments');
-}
+    }
 
-if (empty($_POST["group"])) {
+    if (empty(test_input($_POST["title"])) or
+        empty(test_input($_POST["content"]))
+    ) {
+        echo "empty";
+    } else {
+        if (empty($_POST["group"])) {
             // User Post
             makePost(
                 $_SESSION["userID"],
@@ -21,11 +30,11 @@ if (empty($_POST["group"])) {
                 test_input($_POST["title"]),
                 test_input($_POST["content"])
             );
-} else {
+        } else {
             // Group Post
 
             // Check if the user is an admin or mod of the group.
-    if(!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) {
+            if (!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) {
                 header('HTTP/1.1 500 Non enough rights');
                 return;
             }
@@ -36,19 +45,8 @@ if (empty($_POST["group"])) {
                 test_input($_POST["title"]),
                 test_input($_POST["content"])
             );
+        }
+    }
+} else {
+    echo "frozen";
 }
-
-
-
-
-
-
-//if (empty($_POST['newpost-title'])) {
-//} else {
-//    makePost($_SESSION['userID'],
-//             null,
-//             test_input($_POST['newpost-title']),
-//             test_input($_POST['newpost-content']));
-//}
-//
-//header("Location: ../profile.php");

website/public/API/searchGroups.php

@@ -7,22 +7,29 @@ require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/group_member.php");
 require_once ("../../queries/group_page.php");
+require_once ("../../queries/user.php");
 
-$n = 0;
+if (isset($_SESSION["userID"]) &&
-if (isset($_POST["n"])) {
+    getRoleByID($_SESSION["userID"]) != 'banned') {
-    $n = (int) test_input($_POST["n"]);
+
-}
+    $n = 0;
-$m = 20;
+    if (isset($_POST["n"])) {
-if (isset($_POST["m"])) {
+        $n = (int)test_input($_POST["n"]);
-    $m = (int) test_input($_POST["m"]);
+    }
-}
+    $m = 20;
-$search = "";
+    if (isset($_POST["m"])) {
-if (isset($_POST["search"])) {
+        $m = (int)test_input($_POST["m"]);
+    }
+    $search = "";
+    if (isset($_POST["search"])) {
         $search = test_input($_POST["search"]);
-}
+    }
 
-if (isset($_POST["filter"]) && $_POST["filter"] == "personal") {
+    if (isset($_POST["filter"]) && $_POST["filter"] == "personal") {
         echo searchSomeOwnGroups($n, $m, $search);
-} else {
+    } else {
         echo searchSomeGroups($n, $m, $search);
+    }
+} else {
+    header('HTTP/1.0 403 Forbidden');
 }

website/public/API/searchPageNumber.php

@@ -0,0 +1,53 @@
+<?php
+
+session_start();
+
+require_once ("../../queries/connect.php");
+require_once ("../../queries/checkInput.php");
+require_once ("../../queries/user.php");
+require_once ("../../queries/group_page.php");
+require_once ("../../queries/friendship.php");
+require_once ("../../queries/group_member.php");
+
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {$user_perpage = $group_perpage = 20;
+
+    $user_currentpage = $group_currentpage = 1;
+    if (isset($_POST['user-pageselect'])) {
+        $user_currentpage = test_input($_POST['user-pageselect']);
+    }
+    if (isset($_POST['group-pageselect'])) {
+        $group_currentpage = test_input($_POST['group-pageselect']);
+    }
+
+    $user_n = $user_currentpage * $user_perpage - $user_perpage;
+    $group_n = $group_currentpage * $group_perpage - $group_perpage;
+
+    $search = "";
+    if (isset($_POST['search'])) {
+        $search = test_input($_POST['search']);
+    }
+
+    $filter = "all";
+    if (isset($_POST['filter'])) {
+        $filter = test_input($_POST['filter']);
+    }
+
+    if ($filter == "all") {
+        $user_count = countSomeUsers($search)->fetchColumn();
+        $group_count = countSomeGroups($search)->fetchColumn();
+    } else {
+        $user_count = countSomeFriends($search);
+        $group_count = countSomeOwnGroups($search);
+    }
+
+
+    $option = "user";
+    if (isset($_POST['option'])) {
+        $option = test_input($_POST['option']);
+    }
+
+    include ("../../views/searchPageNumber.php");
+} else {
+    header('HTTP/1.0 403 Forbidden');
+}

website/public/API/searchUsers.php

@@ -7,21 +7,29 @@ require_once ("../../queries/checkInput.php");
 require_once ("../../queries/friendship.php");
 require_once ("../../queries/user.php");
 
-$n = 0;
+if (isset($_SESSION["userID"]) &&
-if (isset($_POST["n"])) {
+    getRoleByID($_SESSION["userID"]) != 'banned') {
-    $n = (int) test_input($_POST["n"]);
-}
-$m = 20;
-if (isset($_POST["m"])) {
-    $m = (int) test_input($_POST["m"]);
-}
-$search = "";
-if (isset($_POST["search"])) {
-    $search = test_input($_POST["search"]);
-}
 
-if (isset($_POST["filter"]) && $_POST["filter"] == "personal") {
+    $n = 0;
+    $m = 20;
+
+    $page = 1;
+    if (isset($_POST["user-pageselect"])) {
+        $page = (int)test_input($_POST['user-pageselect']);
+    }
+
+    $n = ($page - 1) * $m;
+
+    $search = "";
+    if (isset($_POST["search"])) {
+        $search = test_input($_POST["search"]);
+    }
+
+    if (isset($_POST["filter"]) && $_POST["filter"] == "personal") {
         echo searchSomeFriends($n, $m, $search);
-} else {
+    } else {
         echo searchSomeUsers($n, $m, $search);
+    }
+} else {
+    header('HTTP/1.0 403 Forbidden');
 }

website/public/API/sendMessage.php

@@ -4,14 +4,26 @@ session_start();
 require_once("../../queries/connect.php");
 require_once("../../queries/private_message.php");
 require_once("../../queries/checkInput.php");
+require_once("../../queries/user.php");
 
-if (!empty(test_input($_POST["destination"])) &&
+// Check if the user is allowed to send a message.
-    !empty(test_input($_POST["content"]))) {
+if (!isset($_SESSION["userID"])) {
+    echo "logged out";
+} else if (getRoleByID($_SESSION["userID"]) != 'frozen' &&
+           getRoleByID($_SESSION["userID"]) != 'banned') {
+    if (!empty(test_input($_POST["destination"])) &&
+        !empty(test_input($_POST["content"]))
+    ) {
+        // Send the message.
+        // Returns false when it didn't succeed sending the message.
         if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
             echo 1;
         } else {
             echo 0;
         }
-} else {
+    } else {
         echo 0;
+    }
+} else {
+    echo "frozen";
 }

website/public/admin.php

@@ -8,7 +8,7 @@
     <style>
         @import url("styles/adminpanel.css");
     </style>
-    <script src="js/admin.js" charset="utf-8"></script>
+<script src="js/admin.js" charset="utf-8"></script>
 </head>
 <body>
 <?php
@@ -19,9 +19,9 @@
 include_once ("../queries/user.php");
 
 // auth
-$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+$role = getRoleByID($_SESSION['userID']);
 
-if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
+if ($role != 'admin' AND $role != 'owner') {
     header("location:profile.php");
 }
 

website/public/bits/friend-item.php

@@ -4,6 +4,7 @@ session_start();
 
 include_once ("../../queries/friendship.php");
 
+// Initialize variables to given or default values.
 if (isset($_POST["action"])) {
     $action = $_POST["action"];
 } else {
@@ -18,6 +19,8 @@ if (isset($_POST["actionType"])) {
 
 $friends = json_decode($_POST["friends"]);
 
+
+// Foreach friend, return them as list item.
 foreach($friends as $i => $friend) {
     $friendshipStatus = getFriendshipStatus($friend->userID);
     ?>
@@ -33,12 +36,12 @@ foreach($friends as $i => $friend) {
                     }
                     ?>'>
                 <div class='friend'>
-                    <img alt='PF' class='profile-picture' src='<?= $friend->profilepicture ?>'/>
+                    <img alt='PF' class='profile-picture <?= $friend->onlinestatus ?>' src='<?= $friend->profilepicture ?>'/>
                     <div class='friend-name'>
                         <?= $friend->fullname ?><br/>
                         <span style='color: #666'><?php
                             if (isset($friend->username)) {
-                                echo $friend->username;
+                                echo $friend->usernameshort;
                             } else if (isset($friend->content)) {
                                 echo $friend->content;
                             }
@@ -48,6 +51,7 @@ foreach($friends as $i => $friend) {
             </button>
         </form>
         <?php
+        // Add friendship options if possible.
         if ($friendshipStatus > 1) {
             if ($friendshipStatus == 2) {
                 $denyName = "Annuleer";

website/public/bits/group-item.php

@@ -6,6 +6,7 @@ include_once ("../../queries/group_member.php");
 
 $groups = json_decode($_POST["groups"]);
 
+// Add each group as list item.
 foreach($groups as $i => $group) {
     ?>
     <li class='group-item'>

website/public/bits/niet-slecht.php

@@ -0,0 +1,8 @@
+<?php
+if (isset($_GET["groupname"])) {
+    $url = "https://myhyvesbookplus.nl/~lars/group.php?groupname=" . $_GET["groupname"];
+} else {
+    $url = "https://myhyvesbookplus.nl/";
+}
+?>
+<a href="<?= $url ?>" target='_blank'><img style="width: 100%; height: auto;" src="../external/nietslecht_button.png" alt='\"Niet slecht\" ons op MyHyvesbook+' /></a>

website/public/browserconfig.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+	<browserconfig>
+		<msapplication>
+			<tile>
+				<square70x70logo src="tiny.png"/>
+				<square150x150logo src="square.jpg"/>
+				<wide310x150logo src="wide.jpg"/>
+				<square310x310logo src="large.jpg"/>
+				<TileColor>#000000</TileColor>
+			</tile>
+		</msapplication>
+	</browserconfig>

website/public/createGroup.php

@@ -0,0 +1,36 @@
+<?php
+require_once "../queries/createGroup.php";
+require_once "../queries/connect.php";
+require_once "../queries/alerts.php"?>
+<!DOCTYPE html>
+<html>
+<head>
+    <?php include("../views/head.php"); ?>
+    <style>
+        @import url("styles/settings.css");
+    </style>
+</head>
+<body>
+<?php
+/*
+ * This view adds the main layout over the screen.
+ * Header and menu.
+ */
+include("../views/main.php");
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    try {
+        createGroup();
+    } catch (AlertMessage $e) {
+
+    }
+    $groupname = $_POST["groupName"];
+    header("location: group.php?groupname=$groupname");
+}
+/* Add your view files here. */
+include("../views/createGroup.php");
+
+/* This adds the footer. */
+include("../views/footer.php");
+?>
+</body>
+</html>

website/public/group.php

@@ -11,15 +11,17 @@
 <body>
 <?php
 
-include("../queries/group_page.php");
+include_once("../queries/group_page.php");
 
-$group = selectGroupByName($_GET["groupname"]);
+if(isset($_SESSION["userID"]) and !$group = selectGroupByName($_GET["groupname"])) {
-$members = selectGroupMembers(2);
+    header("HTTP/1.0 404 Not Found");
+    header("Location: error/404.php");
+    die();
+}
+
+
+$members = selectGroupMembers($group["groupID"]);
 
-?>
-<script>alert("<?= $members[0] ?>");</script>
-<script>alert("<?= $members[1] ?>");</script>
-<?php
 
 /*
  * This view adds the main layout over the screen.
@@ -40,12 +42,15 @@ if ($group["role"] == "mod" OR $group["role"] == "admin") {
 ?>
 
 <script src="js/masonry.js"></script>
+<script src="js/groupButtons.js"></script>
 <script src="js/post.js"></script>
 <script>
     $(document).ready(function() {
         userID = 0;
         groupID = <?= $group["groupID"] ?>;
 
+        placeGroupButtons();
+
         masonry(<?= $masonry_mode ?>);
     });
 </script>

website/public/groupAdmin.php

@@ -0,0 +1,72 @@
+<?php
+require_once "../queries/picture.php";
+require_once "../queries/groupAdmin.php";
+require_once "../queries/alerts.php";
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <?php include("../views/head.php"); ?>
+<style>
+    /*Insert own stylesheet here ;)*/
+    @import url("styles/settings.css");
+</style>
+</head>
+<body>
+<?php
+/*
+ * This view adds the main layout over the screen.
+ * Header and menu.
+ */
+include("../views/main.php");
+$alertClass;
+$alertMessage;
+
+// Select which button has been pressed.
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    try {
+        switch ($_POST["form"]) {
+            case "group":
+                updateGroupSettings($_POST["groupID"]);
+                break;
+            case "picture":
+                if (checkGroupAdmin($_POST["groupID"], $_SESSION["userID"])) {
+                    updateAvatar($_POST["groupID"]);
+                }
+                break;
+            case "mod":
+                if (!array_key_exists("userID", $_POST)) {
+                    throw new AngryAlert("Geen gebruiker geselecteerd.");
+                }
+                upgradeUser($_POST["groupID"], $_POST["userID"], "mod");
+                break;
+            case "admin":
+                if (!array_key_exists("userID", $_POST)) {
+                    throw new AngryAlert("Geen gebruiker geselecteerd.");
+                }
+                upgradeUser($_POST["groupID"], $_POST["userID"], "admin");
+                break;
+            case "deadmin":
+                if (!array_key_exists("userID", $_POST)) {
+                    throw new AngryAlert("Geen gebruiker geselecteerd.");
+                }
+                upgradeUser($_POST["groupID"], $_POST["userID"], "member");
+                break;
+            case "delete":
+                deleteGroup();
+                break;
+        }
+    } catch (AlertMessage $w) {
+        $alertClass = $w->getClass();
+        $alertMessage = $w->getMessage();
+    }
+}
+
+/* Add your view files here. */
+include("../views/groupAdmin.php");
+
+/* This adds the footer. */
+include("../views/footer.php");
+?>
+</body>
+</html>

website/public/js/admin.js

@@ -1,44 +1,51 @@
 $(window).on("load", function () {
     changeFilter();
+    searchFromOne();
+
     $(".admin-searchinput").keyup(function(){
-        adminSearch();
+        searchFromOne();
     });
     // all inputs and labels directly under admin filter and groupfilter
-    $("#admin-filter, #admin-groupfilter > input, label").click(function(){
+    $("#admin-filter, #admin-groupfilter > input, label").change(function(){
-        adminSearch();
+        searchFromOne();
     });
     $("#pagetype").change(function(){
-        adminSearch();
+        searchFromOne();
     });
 
-    adminSearch();
+    /* Update hidden input to be equal to submit pressed,
+        because serialize doesn't take submit values. */
+    $('#admin-batchform > button').click(function () {
+        $('#batchinput').prop('value', $(this).prop('value'));
+    });
+
+    $('#admin-groupbatchform > button').click(function () {
+        $('#groupbatchinput').prop('value', $(this).prop('value'));
+    });
 });
 
-function checkAll(allbox) {
+// Toggles all checkboxes based on one.
-    var checkboxes = document.getElementsByClassName('checkbox-list');
+function checkAll() {
-
+    $('.checkbox-list').each(function () {
-    for (var i = 0; i < checkboxes.length; i++) {
+        $(this).prop('checked', $('#checkall').prop('checked'));
-        if (checkboxes[i].type == 'checkbox') {
+    });
-            checkboxes[i].checked = allbox.checked;
-        }
-    }
 }
 
-function checkCheckAll(allbox) {
+// Simple function that checks if checkall should stay checked.
-    var checkboxes = document.getElementsByClassName('checkbox-list');
+function checkCheckAll() {
     var checked = true;
 
-    for (var i = 0; i < checkboxes.length; i++) {
+    $('.checkbox-list').each(function () {
-        if (checkboxes[i].type == 'checkbox') {
+        if ($(this).prop('checked') == false) {
-            if (checkboxes[i].checked == false) {
             checked = false;
-                break;
+            return;
         }
-        }
+    });
-    }
+
-    allbox.checked = checked;
+    $('#checkall').prop('checked', checked);
 }
 
+// Toggle of filter options.
 function changeFilter() {
     if ($('#pagetype').find(":selected").val() == "group") {
         document.getElementById('admin-filter').style.display = 'none';
@@ -55,15 +62,34 @@ function changeFilter() {
     }
 }
 
+// Sets the search page to one, relevant when changing filter or search.
+function searchFromOne() {
+    $('#currentpage').prop('value', 1);
+    adminSearch();
+}
+
+// AJAX live search.
 function adminSearch() {
     $.post(
         "API/adminSearchUsers.php",
         $("#admin-searchform").serialize()
     ).done(function (data) {
         $("#usertable").html(data);
+        updatePageN();
     })
 }
 
+// AJAX live update.
+function adminUpdate(form) {
+    $.post(
+        "API/adminChangeUser.php",
+        $(form).serialize()
+    ).done(function () {
+        adminSearch();
+    })
+}
+
+// AJAX pagenumber functionality.
 function updatePageN() {
     $.post(
         "API/adminPageNumber.php",
@@ -72,3 +98,19 @@ function updatePageN() {
         $("#admin-pageinfo").html(data);
     })
 }
+
+// Intended for the edit button to show a form.
+function toggleBancomment(button) {
+    $(button).siblings("div").toggle();
+    $(button).toggle();
+}
+
+// AJAX value editing.
+function editComment(form) {
+    $.post(
+        "API/adminChangeUser.php",
+        $(form).serialize()
+    ).done(function (data) {
+        adminSearch();
+    });
+}

website/public/js/chat.js

@@ -9,18 +9,25 @@ $(document).ready(function() {
     $(".chat-field").hide();
 });
 
+// This function loads the new messages and runs the addMessages function to show them.
 function loadMessages() {
+    // If the function is not running elsewhere, run it here.
     if (!gettingMessages) {
         gettingMessages = true;
+        // Get the messages.
         $.post(
             "API/loadMessages.php",
             $("#lastIDForm").serialize()
         ).done(function (data) {
+            // Post the messages in the chat.
             if (data && data != "[]") {
                 messages = JSON.parse(data);
                 addMessages(messages);
                 $("#lastID").val(messages[messages.length - 1].messageID);
             }
+
+            loadUnreadMessages();
+
             gettingMessages = false;
         });
     } else {
@@ -28,34 +35,47 @@ function loadMessages() {
     }
 }
 
-
+// Send a message to a friend of the user.
 function sendMessage() {
     $.post(
         "API/sendMessage.php",
         $("#sendMessageForm").serialize()
-    );
+    ).done(function(response) {
+        if (response == "frozen") {
+            alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denkt dat dit onjuist is.");
+        } else if (response == "logged out") {
+            window.location.href = "login.php?url=" + window.location.pathname;
+        }
+        // Load messages if the message has been send, so it shows in the chat.
+        loadMessages();
+    });
 
     $("#newContent").val("");
-    loadMessages();
+    $("#newContent").focus();
 }
 
+// Add messages to the chat.
 function addMessages(messages) {
     var messagesText = "";
+
+    // Loop over all the messages.
     for(var i in messages) {
-        // Initialize message variables
+        // Initialize message variables.
-        var thisDate = new Date(messages[i].creationdate);
+        var thisDate = new Date(messages[i].creationdate.replace(/ /,"T"));
-        var thisTime = thisDate.getHours() + ":" + thisDate.getMinutes();
+        var thisTime = thisDate.getHours() + ":" + ('0' + thisDate.getMinutes()).slice(-2);
         var type;
         thisDate.setHours(0,0,0,0);
 
+        // See where the message has been send from, so it shows on the right side.
         if (messages[i].destination == $(".destinationID").val()) {
             type = "chat-message-self";
         } else {
             type = "chat-message-other";
         }
+
+        // If it is the first message, open the message box and maybe add a year.
         if (i == 0) {
-            if (thisDate > previousDate) {
+            if (thisDate.getTime() > previousDate.getTime()) {
-                previousDate = thisDate;
                 messagesText += '\
                     <div class="day-message"> \
                         <div class="day-message-content">\
@@ -63,14 +83,20 @@ function addMessages(messages) {
                         </div> \
                     </div>';
             }
+            previousDate = thisDate;
+            previousTime = thisTime;
+            previousType = type;
             messagesText += '<div class="chat-message"><div class="' + type + '">';
-        } else if (type != previousType || thisTime != previousTime || thisDate > previousDate) {
+        // If it is not the first message, and has a different date/time/type then the previous message,
+        } else if (type != previousType || thisTime != previousTime || thisDate.getTime() > previousDate.getTime()) {
+            // Close the previous message.
             messagesText += '<div class="chat-time">\
                     ' + thisTime + '\
                     </div></div></div>';
 
             previousTime = thisTime;
             previousType = type;
+            // If the date is different, add a new date.
             if (thisDate > previousDate) {
                 previousDate = thisDate;
                 messagesText += '\
@@ -81,8 +107,11 @@ function addMessages(messages) {
                     </div>';
             }
 
+            // Open the new message.
             messagesText += '<div class="chat-message"><div class="' + type + '">';
         }
+
+        // Add the content of the message in the new box.
         messagesText += fancyText(messages[i].content) + "<br />";
     }
 
@@ -91,11 +120,14 @@ function addMessages(messages) {
                     ' + thisTime + '\
                     </div></div></div>';
 
+    // Add all the new created messaged to the chat.
     $("#chat-history").append(messagesText);
 
+    // Scroll down, so the user can see the new messages.
     $("#chat-history").scrollTop($("#chat-history")[0].scrollHeight - $('#chat-history')[0].clientHeight);
 }
 
+// Switch to a different user.
 function switchUser(userID) {
     previousDate = new Date("1970-01-01 00:00:00");
     $(".chat-field").show();
@@ -106,6 +138,7 @@ function switchUser(userID) {
     $("#friend-item-" + userID).addClass("active-friend-chat");
 }
 
+// Insert a message in the chat, this is used when it is empty.
 function sayEmpty() {
     $("#chat-history").html("Probeer ook eens foto's en video's te sturen");
 }

website/public/js/dobPicker.js

@@ -1,123 +0,0 @@
-/**
- * jQuery DOB Picker
- * Website: https://github.com/tyea/dobpicker
- * Version: 1.0
- * Author: Tom Yeadon
- * License: BSD 3-Clause
- */
-
-jQuery.extend({
-
-	dobPicker: function(params) {
-
-		// set the defaults		
-		if (typeof(params.dayDefault)==='undefined') params.dayDefault = 'Day';
-		if (typeof(params.monthDefault)==='undefined') params.monthDefault = 'Month';
-		if (typeof(params.yearDefault)==='undefined') params.yearDefault = 'Year';
-		if (typeof(params.minimumAge)==='undefined') params.minimumAge = 12;
-		if (typeof(params.maximumAge)==='undefined') params.maximumAge = 80;
-
-		// set the default messages		
-		$(params.daySelector).append('<option value="">' + params.dayDefault + '</option>');
-		$(params.monthSelector).append('<option value="">' + params.monthDefault + '</option>');
-		$(params.yearSelector).append('<option value="">' + params.yearDefault + '</option>');
-
-		// populate the day select
-		for (i = 1; i <= 31; i++) {
-			if (i <= 9) {
-				var val = '0' + i;
-			} else {
-				var val = i;
-			}
-			$(params.daySelector).append('<option value="' + val + '">' + i + '</option>');
-		}
-
-		// populate the month select		
-		var months = [
-			"January",
-			"February",
-			"March",
-			"April",
-			"May",
-			"June",
-			"July",
-			"August",
-			"September",
-			"October",
-			"November",
-			"December"
-		];
-			
-		for (i = 1; i <= 12; i++) {
-			if (i <= 9) {
-				var val = '0' + i;
-			} else {
-				var val = i;
-			}
-			$(params.monthSelector).append('<option value="' + val + '">' + months[i - 1] + '</option>');
-		}
-
-		// populate the year select
-		var date = new Date();
-		var year = date.getFullYear();
-		var start = year - params.minimumAge;
-		var count = start - params.maximumAge;
-		
-		for (i = start; i >= count; i--) {
-			$(params.yearSelector).append('<option value="' + i + '">' + i + '</option>');
-		}
-		
-		// do the logic for the day select
-		$(params.daySelector).change(function() {
-			
-			$(params.monthSelector)[0].selectedIndex = 0;
-			$(params.yearSelector)[0].selectedIndex = 0;
-			$(params.yearSelector + ' option').removeAttr('disabled');
-			
-			if ($(params.daySelector).val() >= 1 && $(params.daySelector).val() <= 29) {
-			
-				$(params.monthSelector + ' option').removeAttr('disabled');
-				
-			} else if ($(params.daySelector).val() == 30) {
-			
-				$(params.monthSelector + ' option').removeAttr('disabled');
-				$(params.monthSelector + ' option[value="02"]').attr('disabled', 'disabled');
-				
-			} else if($(params.daySelector).val() == 31) {
-			
-				$(params.monthSelector + ' option').removeAttr('disabled');
-				$(params.monthSelector + ' option[value="02"]').attr('disabled', 'disabled');
-				$(params.monthSelector + ' option[value="04"]').attr('disabled', 'disabled');
-				$(params.monthSelector + ' option[value="06"]').attr('disabled', 'disabled');
-				$(params.monthSelector + ' option[value="09"]').attr('disabled', 'disabled');
-				$(params.monthSelector + ' option[value="11"]').attr('disabled', 'disabled');
-				
-			}
-			
-		});
-		
-		// do the logic for the month select
-		$(params.monthSelector).change(function() {
-			
-			$(params.yearSelector)[0].selectedIndex = 0;
-			$(params.yearSelector + ' option').removeAttr('disabled');
-			
-			if ($(params.daySelector).val() == 29 && $(params.monthSelector).val() == '02') {
-			
-				$(params.yearSelector + ' option').each(function(index) {
-					if (index !== 0) {
-						var year = $(this).attr('value');
-						var leap = !((year % 4) || (!(year % 100) && (year % 400)));
-						if (leap === false) {
-							$(this).attr('disabled', 'disabled');
-						}
-					}
-				});
-				
-			}
-			
-		});
-		
-	}
-	
-});

website/public/js/dobPicker.min.js

@@ -1 +0,0 @@
-jQuery.extend({dobPicker:function(a){for("undefined"==typeof a.dayDefault&&(a.dayDefault="Day"),"undefined"==typeof a.monthDefault&&(a.monthDefault="Month"),"undefined"==typeof a.yearDefault&&(a.yearDefault="Year"),"undefined"==typeof a.minimumAge&&(a.minimumAge=12),"undefined"==typeof a.maximumAge&&(a.maximumAge=80),$(a.daySelector).append('<option value="">'+a.dayDefault+"</option>"),$(a.monthSelector).append('<option value="">'+a.monthDefault+"</option>"),$(a.yearSelector).append('<option value="">'+a.yearDefault+"</option>"),i=1;i<=31;i++){if(i<=9)var b="0"+i;else var b=i;$(a.daySelector).append('<option value="'+b+'">'+i+"</option>")}var c=["January","February","March","April","May","June","July","August","September","October","November","December"];for(i=1;i<=12;i++){if(i<=9)var b="0"+i;else var b=i;$(a.monthSelector).append('<option value="'+b+'">'+c[i-1]+"</option>")}var d=new Date,e=d.getFullYear(),f=e-a.minimumAge,g=f-a.maximumAge;for(i=f;i>=g;i--)$(a.yearSelector).append('<option value="'+i+'">'+i+"</option>");$(a.daySelector).change(function(){$(a.monthSelector)[0].selectedIndex=0,$(a.yearSelector)[0].selectedIndex=0,$(a.yearSelector+" option").removeAttr("disabled"),$(a.daySelector).val()>=1&&$(a.daySelector).val()<=29?$(a.monthSelector+" option").removeAttr("disabled"):30==$(a.daySelector).val()?($(a.monthSelector+" option").removeAttr("disabled"),$(a.monthSelector+' option[value="02"]').attr("disabled","disabled")):31==$(a.daySelector).val()&&($(a.monthSelector+" option").removeAttr("disabled"),$(a.monthSelector+' option[value="02"]').attr("disabled","disabled"),$(a.monthSelector+' option[value="04"]').attr("disabled","disabled"),$(a.monthSelector+' option[value="06"]').attr("disabled","disabled"),$(a.monthSelector+' option[value="09"]').attr("disabled","disabled"),$(a.monthSelector+' option[value="11"]').attr("disabled","disabled"))}),$(a.monthSelector).change(function(){$(a.yearSelector)[0].selectedIndex=0,$(a.yearSelector+" option").removeAttr("disabled"),29==$(a.daySelector).val()&&"02"==$(a.monthSelector).val()&&$(a.yearSelector+" option").each(function(a){if(0!==a){var b=$(this).attr("value"),c=!(b%4||!(b%100)&&b%400);c===!1&&$(this).attr("disabled","disabled")}})})}});

website/public/js/friendButtons.js

@@ -19,24 +19,24 @@ function placeFriendButtons() {
                     case "0":
                         value1 = "request";
                         class1 = "green";
-                        text1 = "Bevriend";
+                        text1 = "Word vrienden";
-                        icon1 = "fa-handshake-o";
+                        icon1 = "fa-user-plus";
                         break;
                     case "1":
                         value1 = userID;
                         class1 = "green";
                         text1 = "Chat";
-                        icon1 = "fa-comment-o";
+                        icon1 = "fa-comment";
                         value2 = "delete";
                         class2 = "red";
-                        text2 = "Verwijder";
+                        text2 = "Ontvriend";
-                        icon2 = "fa-times";
+                        icon2 = "fa-user-times";
                         break;
                     case "2":
                         value1 = "delete";
                         class1 = "red";
                         text1 = "Trek verzoek in";
-                        icon1 = "fa-cross";
+                        icon1 = "fa-times";
                         break;
                     case "3":
                         value1 = "accept";
@@ -51,16 +51,18 @@ function placeFriendButtons() {
                 }
 
                 $buttonContainer.append(
-                    "<button class='"+ class1 +" friend-button' value='"+ value1 +"'>" +
+                    "<div><button class='"+ class1 +" fancy-button friend-button' value='"+ value1 +"'>" +
-                        "<i class='fa "+ icon1 +"'></i> " + text1 +
+                    "<span>"+ text1 +"</span>" +
-                    "</button>");
+                    "<i class='fa fa-fw "+ icon1 +"'></i> " +
+                    "</button></div>");
                 $buttonContainer.append(
-                    "<button class='"+ class2 +" friend-button' value='"+ value2 +"'>" +
+                    "<div><button class='"+ class2 +" fancy-button friend-button' value='"+ value2 +"'>" +
-                        "<i class='fa "+ icon2 +"'></i> " + text2 +
+                    "<span>"+ text2 +"</span>" +
-                    "</button>");
+                    "<i class='fa fa-fw "+ icon2 +"'></i> " +
+                    "</button></div>");
 
 
-            $buttonContainer.children().click(function() {
+            $buttonContainer.find("button").click(function() {
                 if (isNaN(this.value))
                     editFriendship(userID, this.value);
                 else if (this.value != "")

website/public/js/groupButtons.js

@@ -0,0 +1,44 @@
+function placeGroupButtons() {
+    $.post("API/getGrouprole.php", { grp: groupID })
+        .done(function(data) {
+            var $buttonContainer = $("div.group-button-container");
+
+            if (data == 'none') {
+                $buttonContainer.append(
+                    "<button class='green group-button fancy-button' value='request'>" +
+                    "<span>Treed toe</span><i class='fa fa-plus'></i>" +
+                    "</button>");
+            } else if (data == 'request') {
+                $buttonContainer.append(
+                    "<button class='red group-button fancy-button' value='none'>" +
+                    "<span>Trek verzoek in</span><i class='fa fa-times'></i>" +
+                    "</button>");
+            } else if (data == 'admin') {
+                $buttonContainer.append(
+                    "<button class='group-button fancy-button' value='admin'>" +
+                        "<span>Instellingen</span><i class='fa fa-cogs'></i>" +
+                        "</button>"
+                );
+            } else {
+                $buttonContainer.append(
+                    "<button class='red group-button fancy-button' value='none'>" +
+                    "<span>Verlaat groep</span><i class='fa fa-sign-out'></i>" +
+                    "</button>");
+            }
+
+            $buttonContainer.children().click(function() {
+                if (this.value == 'admin') {
+                    window.location.href='groupAdmin.php?groupID=' + groupID;
+                } else {
+                    $.post("API/editMembership.php", {grp: groupID, role: this.value})
+                        .done(function () {
+                            $buttonContainer.children().remove();
+                            placeGroupButtons();
+                            updateMenus();
+                        }).fail(function () {
+                    });
+                }
+            });
+
+    });
+}

website/public/js/header.js

@@ -11,7 +11,8 @@ $(document).ready(function() {
 
             // Add cookie so the menu stays open on other pages
             if (window.innerWidth > 1080) {
-                    $("#chat-history").width("calc(100% - 587px)");
+                $("#chat-history").css("margin-right", "266px");
+                $("#chat-history").css("width", "calc(100% - 512px - 75px)");
                 document.cookie = "menu=open; path=/";
             } else {
                 document.cookie = "menu=closed; path=/";
@@ -22,7 +23,8 @@ $(document).ready(function() {
             $("#notification-center").css("display", "none");
 
             if (window.innerWidth > 1080) {
-                    $("#chat-history").width("calc(100% - 331px)");
+                $("#chat-history").css("margin-right", "10px");
+                $("#chat-history").css("width", "calc(100% - 256px - 85px)");
             } else {
                 // Make the menu invisible and move the content to the right.
                 $("#contact-menu").css("display", "none");
@@ -30,11 +32,24 @@ $(document).ready(function() {
 
             // Change menu cookie to close
             document.cookie = "menu=closed; path=/";
-
         }
     });
 
     if (getCookie("menu") == "open") {
-        $("#own-profile-picture").click();
+        // Make the menu visible and move the content to the left.
+        $(".modal").width("calc(100% - 512px)");
+        $(".content").css("margin-right", "256px");
+        $("#notification-center").css("right", "0px");
+        $("#notification-center").css("display", "block");
+        $("#contact-menu").css("display", "block");
+
+        // Add cookie so the menu stays open on other pages
+        if (window.innerWidth > 1080) {
+            $("#chat-history").css("margin-right", "266px");
+            $("#chat-history").width("calc(100% - 587px)");
+            document.cookie = "menu=open; path=/";
+        } else {
+            document.cookie = "menu=closed; path=/";
+        }
     }
 });

website/public/js/loginRegisterModals.js

@@ -0,0 +1,68 @@
+
+// Get the modal
+var modal = document.getElementById('myModal');
+var registerModal = document.getElementById('registerModal');
+var facebookModal = document.getElementById("fbModal");
+
+// Get the button that opens the modal
+var registerBtn = document.getElementById("registerBtn");
+var btn = document.getElementById("myBtn");
+
+
+// Get the <span> element that closes the modal
+var span = document.getElementsByClassName("close")[0];
+var registerSpan = document.getElementsByClassName("close")[1];
+var facebookCLose = document.getElementsByClassName("close")[2];
+
+/**
+ * When the user clicks the button, open the modal
+ */
+btn.onclick = function () {
+    modal.style.display = "block";
+
+}
+registerBtn.onclick = function () {
+    registerModal.style.display = "block";
+}
+
+/**
+ * WHen the user clicks on (X), close the modal
+ */
+span.onclick = function () {
+    modal.style.display = "none";
+}
+registerSpan.onclick = function () {
+    registerModal.style.display = "none";
+}
+facebookCLose.onclick = function () {
+    facebookModal.style.display = "none";
+}
+
+/**
+ * When the user clicks anywhere outside of the modal, close it
+ */
+window.onclick = function (event) {
+    if (event.target == modal) {
+        modal.style.display = "none";
+    }
+    if (event.target == registerModal) {
+        registerModal.style.display = "none";
+    }
+    if (event.target == facebookModal) {
+        facebookModal.style.display = "none";
+    }
+}
+
+/**
+ * When ESC is pressed, close modal
+ */
+document.addEventListener('keyup', function(e) {
+    if (e.keyCode == 27) {
+        modal.style.display = "none";
+        registerModal.style.display = "none";
+
+    }
+});
+/**
+ * Created by joey on 2-2-17.
+ */

website/public/js/main.js

@@ -3,8 +3,7 @@ var months = ["januari", "februari", "maart", "april", "mei", "juni", "juli", "a
 
 function fancyText(text) {
     // Add links, images, gifs and (youtube) video's.
-    var regex = /(https?:\/\/.[^ ]*)/ig;
+    text = text.replace(/(https?:\/\/.[^ \n<>"]*)/ig, function(link) {
-    text = text.replace(regex, function(link) {
         // Add images
         if (link.match(/(https?:\/\/.[^ ]*\.(?:png|jpg|jpeg|gif))/ig)) {
             return "<img alt='" + link + "' src='" + link + "' />";
@@ -14,14 +13,14 @@ function fancyText(text) {
             return "<video width='100%'>" +
                         "<source src='"+ link +"' type='video/mp4'>" +
                         "<b>Je browser ondersteund geen video</b>" +
-                "</video><button class='gray' onclick='$(this).prev().get(0).play();'>Speel af</button>";
+                "</video><button class='gray' onclick='$(this).prev().get(0).play();'><i class='fa fa-play'></i></button>";
         }
         // Add ogg video's
         else if (link.match(/(https?:\/\/.[^ ]*\.(?:ogg))/ig)) {
             return "<video width='100%'>" +
                 "<source src='"+ link +"' type='video/ogg'>" +
                 "<b>Je browser ondersteund geen video</b>" +
-                "</video><button onclick='$(this).prev().get(0).play();'>Speel af</button>";
+                "</video><button class='gray' onclick='$(this).prev().get(0).play();'><i class='fa fa-play'></i></button>";
         }
         // Add youtube video's
         else if (link.match(/(https?:\/\/.(www.)?youtube|youtu.be)*watch/ig)) {
@@ -31,13 +30,15 @@ function fancyText(text) {
         }
         // Add links
         else {
-            return "<a href='" + link + "'>" + link + "</a>";
+            return "<a href='" + link + "' target='_blank'>" + link + "</a>";
         }
     });
 
     return text;
 }
 
+// This function gets the value of a cookie when given a key.
+// If it didn´t find any compatible cookie, it returns false.
 function getCookie(key) {
     cookies = document.cookie.split("; ");
     for (var i in cookies) {
@@ -49,13 +50,17 @@ function getCookie(key) {
     return false;
 }
 
+// Edit the friendship status of two users.
 function editFriendship(userID, value) {
     $.post("API/editFriendship.php", { usr: userID, action: value })
     .done(function() {
         placeFriendButtons();
+        updateMenus();
     });
 }
 
+// Show the given friends in the given list.
+// The friends are giving in JSON, and the list is giving with a hashtag.
 function showFriends(friends, list) {
     if(friends && friends != "[]") {
         $(list).load("bits/friend-item.php", {
@@ -68,6 +73,8 @@ function showFriends(friends, list) {
     }
 }
 
+// Show the given friends in the given list.
+// This function supports more options given as parameters. This adds extra functionality.
 function showFriendsPlus(friends, list, limit, action, actionType) {
     if(friends && friends != "[]") {
         $(list).load("bits/friend-item.php", {
@@ -83,6 +90,7 @@ function showFriendsPlus(friends, list, limit, action, actionType) {
     }
 }
 
+// Show the given groups in the given list.
 function showGroups(groups, list) {
     if(groups && groups != "[]") {
         $(list).load("bits/group-item.php", {

website/public/js/masonry.js

@@ -19,51 +19,113 @@ function requestPost(postID) {
         var scrollBarWidth = window.innerWidth - document.body.offsetWidth;
         scrollbarMargin(scrollBarWidth, 'hidden');
         $('#modal-response').show();
-        $('#modal-response').html(data);
+        $('#modal-response').html(fancyText(data));
     });
 }
 
 function postPost() {
     title = $("input.newpost[name='title']").val();
     content = $("textarea.newpost[name='content']").val();
-
+    console.log(masonryMode);
     if (masonryMode == 2) {
         $.post("API/postPost.php", { title: title,
                                      content : content,
                                      group : groupID })
-            .done(function() {
+            .done(function(data) {
+                if (data == "empty") {
+                    $('#alertbox').show();
+                    $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in.");
+                    window.scrollTo(0,0);
+                } else if (data == "logged out") {
+                    window.location.href = "login.php?url=" + window.location.pathname;
+                } else if (data == "frozen") {
+                    alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is.");
+                } else {
+                    $('#alertbox').hide();
                     masonry(masonryMode);
+                }
             });
     } else {
         $.post("API/postPost.php", { title: title,
                                      content : content })
-            .done(function() {
+            .done(function(data) {
+                if (data == "empty") {
+                    $('#alertbox').show();
+                    $('#alerttext').html("Geen titel of inhoud; vul a.u.b. in.");
+                    window.scrollTo(0,0);
+                } else if (data == "logged out") {
+                    window.location.href = "login.php?url=" + window.location.pathname;
+                } else if (data == "frozen") {
+                    alert("Je account is bevroren, dus je kan geen posts plaatsen. Contacteer een admin als je denkt dat dit onjuist is.");
+                } else {
+                    $('#alertbox').hide();
                     masonry(masonryMode);
+                }
             });
     }
 
 
 }
 
+var masonryMode = 0;
+var windowWidth;
+var columnCount;
+var columns;
+var postLimit;
+var postAmount = 0;
+var noposts = false;
+
+$(document).ready(function () {
+    windowWidth = $(window).width();
+    columnCount = Math.floor($(".posts").width() / 250);
+    columns = new Array(columnCount);
+    postLimit = columnCount * 7;
+});
+
 $(window).on("load", function() {
-    $(".modal-close").click(function () {
+    $(".modal-close").click(function (){closeModal()});
+
+    // http://stackoverflow.com/questions/9439725/javascript-how-to-detect-if-browser-window-is-scrolled-to-bottom
+    window.onscroll = function(ev) {
+        if($(window).scrollTop() + $(window).height() == $(document).height() ) {
+            loadMorePosts(userID, groupID, postAmount, postLimit);
+        }
+    };
+
+    $(document).keyup(function(e) {
+        if (e.keyCode == 27) {
+            closeModal();
+        }
+    });
+
+    $('.modal').click(function() {
+        closeModal();
+    });
+
+    $('.modal-content').click(function(event){
+        event.stopPropagation();
+    });
+
+});
+
+function closeModal() {
     $(".modal").hide();
     scrollbarMargin(0, 'auto');
     $('#modal-response').hide();
     $('.modal-default').show();
-    });
+}
-});
-
-var masonryMode = 0;
-var windowWidth = $(window).width();
 
 $(window).resize(function() {
     clearTimeout(window.resizedFinished);
     window.resizeFinished = setTimeout(function() {
         if ($(window).width() != windowWidth) {
             windowWidth = $(window).width();
+
+            if (columnCount != Math.floor($(".posts").width() / 250)) {
+                columnCount = Math.floor($(".posts").width() / 250);
                 masonry(masonryMode);
             }
+        }
     }, 250);
 });
 
@@ -72,13 +134,15 @@ var $container = $(".posts");
 function masonry(mode) {
     masonryMode = mode;
     $container.children().remove();
-    columnCount = Math.floor($(".posts").width() / 250);
+
+    // reinit posts
+    noposts = false;
+    postAmount = 0;
 
     /*
      * Initialise columns.
      */
-    var columns = new Array(columnCount);
+
-    var $columns = new Array(columnCount);
     for (i = 0; i < columnCount; i++) {
         $column = $("<div class=\"column\">");
         $column.width(100/columnCount + "%");
@@ -96,8 +160,8 @@ function masonry(mode) {
         }
 
         $form.append($("<input class=\"newpost\" name=\"title\" placeholder=\"Titel\" type=\"text\">"));
-        $form.append($("<textarea class=\"newpost\" name=\"content\" placeholder=\"Schrijf een berichtje...\">"));
+        $form.append($("<textarea class=\"newpost\" name=\"content\" placeholder=\"Schrijf een berichtje...\" maxlength='1000'></textarea><span></span>"));
-        $form.append($("<input value=\"Plaats!\" type=\"submit\">"));
+        $form.append($("<button type=\"submit\"><i class='fa fa-sticky-note-o'></i> Plaats!</button>"));
         columns[0][1].append($postInput);
 
         columns[0][0] = $postInput.height() + margin;
@@ -106,7 +170,15 @@ function masonry(mode) {
     /*
      * Function will find the column with the shortest height.
      */
-    function getShortestColumn(columns) {
+
+
+    /*
+     * Get the posts from the server.
+     */
+    loadMorePosts(userID, groupID, 0, postLimit);
+}
+
+function getShortestColumn(columns) {
     column = columns[0];
 
     for (i = 1; i < columnCount; i++) {
@@ -115,13 +187,24 @@ function masonry(mode) {
         }
     }
     return column;
+}
+
+function loadMorePosts(uID, gID, offset, limit) {
+    if (noposts) {
+        return;
     }
 
-    /*
+    $.post("API/getPosts.php", { usr : uID,
-     * Get the posts from the server.
+                                 grp : gID,
-     */
+                                 offset : offset,
-    $.post("API/getPosts.php", { usr : userID, grp : groupID })
+                                 limit : limit})
         .done(function(data) {
+            if (!data) {
+                $('.noposts').show();
+                noposts = true;
+                return;
+            }
+
             posts = JSON.parse(data);
 
             /*
@@ -130,7 +213,7 @@ function masonry(mode) {
             $.each(posts, function() {
                 $post = $("<div class=\"post platform\" onclick=\"requestPost(\'"+this['postID']+"\')\">");
                 $post.append($("<h2>").html(this["title"]));
-                   $post.append($("<p>").html(this["content"]));
+                $post.append($("<p>").html(fancyText(this["content"])));
                 $post.append($("<p class=\"subscript\">").text(this["nicetime"]));
                 $post.append($("<p class=\"subscript\">").text("comments: " + this["comments"] + ", niet slechts: " + this["niet_slechts"]));
 
@@ -139,5 +222,6 @@ function masonry(mode) {
                 shortestColumn[0] = shortestColumn[0] + $post.height() + margin;
             });
         });
-}
 
+    postAmount += limit;
+}

website/public/js/menu.js

@@ -2,92 +2,125 @@ var menuFriendsData;
 var menuGroupsData;
 var notificationMessagesData;
 var notificationRequestsData;
+var updatingMenus = 0;
 
-
+// On document load, load menus and loops loading menus every 10 seconds.
 $(document).ready(function() {
-    loadMenuFriends(5);
+    updateMenus();
-    loadNotificationFriends();
+    setInterval(updateMenus, 10000);
-    loadUnreadMessages();
-    loadMenuGroups();
-    setInterval(updateMenus, 3000);
 });
 
 
 // Update the menu  and notification items.
 function updateMenus() {
+    if (updatingMenus <= 0) {
         loadMenuFriends(5);
         loadNotificationFriends();
         loadUnreadMessages();
         loadMenuGroups();
+    }
 }
 
 
-// Get, every 3 seconds, the friends and insert them in the menu.
+// Get the friends and insert them in the menu.
 function loadMenuFriends(limit) {
+    updatingMenus ++;
     $.post(
         "API/loadFriends.php",
         {
             limit: 5
         }
     ).done(function(data) {
+        if (data == "" || data == "[]") {
+            $("#friends-menu-section").hide();
+        } else {
+            $("#friends-menu-section").show();
+        }
         if (menuFriendsData != data) {
             menuFriendsData = data;
-            if (showFriends(data, "#menu-friends-list", 5, "profile.php", "GET", limit)) {
+            if (!showFriends(data, "#menu-friends-list", 5, "profile.php", "GET", limit)) {
-                $("#friends-menu-section").show();
-            } else {
                 $("#friends-menu-section").hide();
             }
         }
+    }).fail(function() {
+        $("#friends-menu-section").hide();
+    }).always(function() {
+        updatingMenus --;
     });
 }
 
-// Get, every 3 seconds, the groups and insert them in the menu.
+// Get the groups and insert them in the menu.
 function loadMenuGroups() {
+    updatingMenus ++;
     $.post(
         "API/loadGroups.php",
         {
             limit: 5
         }
     ).done(function(data) {
+
+        if (data == "" || data == "[]") {
+            $("#groups-menu-section").hide();
+        } else {
+            $("#groups-menu-section").show();
+        }
         if (menuGroupsData != data) {
             menuGroupsData = data;
-            if (showGroups(data, "#menu-groups-list")) {
+            if (!showGroups(data, "#menu-groups-list")) {
-                $("#groups-menu-section").show();
-            } else {
                 $("#groups-menu-section").hide();
             }
         }
+    }).fail(function() {
+        $("#groups-menu-section").hide();
+    }).always(function() {
+        updatingMenus --;
     });
 }
 
-// Get, every 3 seconds, the friends requests and insert them in the notification center.
+// Get the friends requests and insert them in the notification center.
 function loadNotificationFriends() {
+    updatingMenus ++;
     $.post(
         "API/loadFriendRequest.php"
     ).done(function(data) {
+        if (data == "" || data == "[]") {
+            $("#friend-request-section").hide();
+        } else {
+            $("#friend-request-section").show();
+        }
         if (notificationRequestsData != data) {
             notificationRequestsData = data;
-            if (showFriendsPlus(data, "#friend-requests-list", 5, "profile.php", "GET")) {
+            if (!showFriendsPlus(data, "#friend-requests-list", 5, "profile.php", "GET")) {
-                $("#friend-request-section").show();
-            } else {
                 $("#friend-request-section").hide();
             }
         }
+    }).fail(function() {
+        $("#friend-request-section").hide();
+    }).always(function() {
+        updatingMenus --;
     });
 }
 
-// Get, every 3 seconds, the unread messages and insert them in the notification center.
+// Get the unread messages and insert them in the notification center.
 function loadUnreadMessages() {
+    updatingMenus ++;
     $.post(
         "API/loadChatNotifications.php"
     ).done(function(data) {
+        if (data == "" || data == "[]") {
+            $("#unread-messages-section").hide();
+        } else {
+            $("#unread-messages-section").show();
+        }
         if (notificationMessagesData != data) {
             notificationMessagesData = data;
-            if (showFriendsPlus(data, "#unread-chat-list", 5, "chat.php", "GET")) {
+            if (!showFriendsPlus(data, "#unread-chat-list", 5, "chat.php", "GET")) {
-                $("#unread-messages-section").show();
-            } else {
                 $("#unread-messages-section").hide();
             }
         }
+    }).fail(function() {
+        $("#unread-messages-section").hide();
+    }).always(function() {
+        updatingMenus --;
     });
 }

website/public/js/post.js

@@ -1,11 +1,16 @@
+
 function postComment(buttonValue) {
     formData = $("#newcommentform").serializeArray();
     formData.push({name: "button", value: buttonValue});
     $.post(
         "API/postComment.php",
         formData
-    ).done(function(data) {
+    ).done(function (response) {
-        console.log(data);
+        if (response == "frozen") {
+            alert("Je account is bevroren, dus je kan geen comments plaatsen of \"niet slechten\". Contacteer een admin als je denkt dat dit onjuist is.");
+        } else if (response == "logged out") {
+            window.location.href = "login.php?url=" + window.location.pathname;
+        }
     });
 
     $("#newcomment").val("");
@@ -15,6 +20,22 @@ function postComment(buttonValue) {
         "API/loadPost.php",
         $("#newcommentform").serialize()
     ).done(function (data) {
-        $('#modal-response').html(data);
+        $('#modal-response').html(fancyText(data));
     });
 }
+
+function deletePost(postID) {
+    var formData = [{name: "postID", value: postID}];
+    $.post(
+        "API/deletePost.php",
+        formData
+    ).done(function (response) {
+        if (response == "frozen") {
+            alert("Je account is bevroren, dus je kan geen posts verwijderen. Contacteer een admin als je denkt dat dit onjuist is.");
+        } else if (response == "logged out") {
+            window.location.href = "login.php?url=" + window.location.pathname;
+        }
+    });
+    closeModal();
+    masonry(masonryMode);
+}

website/public/js/registerAndLogin.js

@@ -1,15 +1,23 @@
 function checkLoggedIn() {
-    if (confirm("U bent al ingelogd!!\nWilt u uitloggen?\nKlik ok om uit te loggen.") == true) {
+    if (confirm("U bent al ingelogd!\nWilt u uitloggen?\nKlik ok om uit te loggen.") == true) {
         window.location.href = "logout.php";
     } else {
         window.location.href = "profile.php";
     }
 }
 
+function emailAlert(){
+    alert("Bevestigingsemail is gestuurd!\n");
+}
+
 function bannedAlert(){
     alert("Uw account is geband!");
 }
 
+function frozenAlert(){
+    alert("Uw account is bevroren!\n");
+}
+
 function emailNotConfirmed(){
     alert("Uw account is nog niet bevestigd!\nEr is een nieuwe email gestuurd om uw account te bevestigen");
 }

website/public/js/search.js

@@ -1,12 +1,12 @@
-function searchUsers(n, m) {
+$(window).on('load', function () {
+    pageNumber();
+});
+
+// Search for the users and put them in the user list.
+function searchUsers() {
     $.post(
         "API/searchUsers.php",
-        {
+        $('#search-form').serialize()
-            n: n,
-            m: m,
-            search: $("#search-input").val(),
-            filter: $("#search-filter").val()
-        }
     ).done(function(data) {
         if (!showFriends(data, "#search-users-list", 0, "profile.php", "GET")) {
             $("#search-users-list").text("Niemand gevonden");
@@ -14,18 +14,31 @@ function searchUsers(n, m) {
     });
 }
 
-function searchGroups(n, m) {
+// Search for the groups and put them in the group list.
+function searchGroups() {
     $.post(
         "API/searchGroups.php",
-        {
+        $('#search-form').serialize()
-            n: n,
-            m: m,
-            search: $("#search-input").val(),
-            filter: $("#search-filter").val()
-        }
     ).done(function(data) {
         if (!showGroups(data, "#search-groups-list")) {
             $("#search-groups-list").text("Geen groepen gevonden");
         }
     });
 }
+
+// Get the page numbers and return them in the select.
+function pageNumber() {
+    var input = input2 = $('#search-form').serialize();
+    $.post(
+        "API/searchPageNumber.php",
+        input + "&option=user"
+    ).done(function (data) {
+        $('#user-pageselect').html(data);
+    });
+    $.post(
+        "API/searchPageNumber.php",
+        input2 + "&option=group"
+    ).done(function (data) {
+        $('#group-pageselect').html(data);
+    });
+}

website/public/login.php

@@ -8,58 +8,17 @@
     include_once("../queries/emailconfirm.php");
     include_once("../queries/requestpassword.php");
     include_once("../queries/register.php");
+    require_once("../queries/Facebook/autoload.php");
+
 ?>
 <body>
 <?php
-    session_start();
 
-    if(isset($_SESSION["userID"])){
+include("../views/homeLoginRegister.php");
-      echo "<script>
-                window.onload=checkLoggedIn();
-            </script>";
-    }
 
-    // define variables and set to empty values
-    $name = $surname = $bday = $username = $password = $confirmpassword = $location = $housenumber = $email = $confirmEmail = $captcha = $ip = "";
-    $genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $locationErr = $housenumberErr = $emailErr = $confirmEmailErr = $captchaErr = "";
-    $correct = true;
-    $day_date = "dag";
-    $month_date = "maand";
-    $year_date = "jaar";
-
-    // Define variables and set to empty values
-    $user = $psw = $remember ="";
-    $loginErr = $resetErr ="";
-
-    if ($_SERVER["REQUEST_METHOD"] == "POST") {
-        switch ($_POST["submit"]) {
-            case "login":
-                try {
-                    $user = ($_POST["user"]);
-                    validateLogin($_POST["user"], $_POST["psw"]);
-                } catch(loginException $e) {
-                    $loginErr = $e->getMessage();
-                }
-                break;
-            case "reset":
-                try {
-                    resetEmail($_POST["forgotEmail"]);
-                    sendPasswordRecovery($_POST["forgotEmail"]);
-                } catch (emailException $e){
-                    $resetErr = $e->getMessage();
-                    echo "<script>
-                            window.onload = function() {
-                              $('#myModal').show();
-                            }
-                          </script>";
-                }
-                break;
-            case "register":
-                include("register.php");
-        }
-    }
 /* This view adds login view */
 include("../views/login-view.php");
 ?>
+<script src="js/loginRegisterModals.js"></script>;
 </body>
 </html>

website/public/manifest.json

@@ -0,0 +1,44 @@
+{
+  "name": "Web Application Manifest Sample",
+  "icons": [
+    {
+      "src": "launcher-icon-0-75x.png",
+      "sizes": "36x36",
+      "type": "image/png",
+      "density": "0.75"
+    },
+    {
+      "src": "launcher-icon-1x.png",
+      "sizes": "48x48",
+      "type": "image/png",
+      "density": "1.0"
+    },
+    {
+      "src": "launcher-icon-1-5x.png",
+      "sizes": "72x72",
+      "type": "image/png",
+      "density": "1.5"
+    },
+    {
+      "src": "launcher-icon-2x.png",
+      "sizes": "96x96",
+      "type": "image/png",
+      "density": "2.0"
+    },
+    {
+      "src": "launcher-icon-3x.png",
+      "sizes": "144x144",
+      "type": "image/png",
+      "density": "3.0"
+    },
+    {
+      "src": "launcher-icon-4x.png",
+      "sizes": "192x192",
+      "type": "image/png",
+      "density": "4.0"
+    }
+  ],
+  "start_url": "index.html",
+  "display": "standalone",
+  "orientation": "portrait"
+}

website/public/profile.php

@@ -13,10 +13,11 @@
 </head>
 <body>
 <?php
-include("../queries/user.php");
+include_once("../queries/user.php");
-include("../queries/friendship.php");
+include_once("../queries/friendship.php");
-include("../queries/nicetime.php");
+include_once("../queries/nicetime.php");
-include("../queries/post.php");
+include_once("../queries/post.php");
+include_once("../queries/calcAge.php");
 
 if(empty($_GET["username"])) {
     $userID = $_SESSION["userID"];
@@ -24,9 +25,16 @@ if(empty($_GET["username"])) {
     $userID = getUserID($_GET["username"]);
 }
 
-$user = selectUser($_SESSION["userID"], $userID);
+
+if (isset($_SESSION["userID"]) and !$user = selectUser($_SESSION["userID"], $userID)) {
+    header("HTTP/1.0 404 Not Found");
+    header("Location: error/404.php");
+    die();
+}
+
 $profile_friends = selectAllFriends($userID);
 $profile_groups = selectAllUserGroups($userID);
+$showProfile = $user["showProfile"] || ($user["status"] == 'confirmed') || $_SESSION["userID"] == $userID;
 
 
 if ($userID == $_SESSION["userID"]) {

website/public/register(stash).php

@@ -1,116 +0,0 @@
-<!DOCTYPE html>
-<html>
-<?php
-    include("../views/login_head.php");
-    require_once("../queries/connect.php");
-    include_once("../queries/register.php");
-    include_once("../queries/checkInput.php");
-    include_once("../queries/emailconfirm.php");
-?>
-<body>
-<?php
-    session_start();
-
-    if(isset($_SESSION["userID"])){
-        header("location: login.php");
-    }
-    // define variables and set to empty values
-    $name = $surname = $bday = $username = $password = $confirmpassword = $location = $housenumber = $email = $confirmEmail = $captcha = $ip = "";
-    $genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $locationErr = $housenumberErr = $emailErr = $confirmEmailErr = $captchaErr = "";
-    $correct = true;
-    $day_date = "dag";
-    $month_date = "maand";
-    $year_date = "jaar";
-
-    // Trying to register an account
-    if ($_SERVER["REQUEST_METHOD"] == "POST") {
-        try {
-            $name = test_input(($_POST["name"]));
-            checkInputChoice($name, "lettersAndSpaces");
-        } catch(lettersAndSpacesException $e){
-            $correct = false;
-            $nameErr = $e->getMessage();
-        }
-
-        try {
-            $surname = test_input(($_POST["surname"]));
-            checkInputChoice($surname, "lettersAndSpaces");
-        }
-        catch(lettersAndSpacesException $e){
-            $correct = false;
-            $surnameErr = $e->getMessage();
-        }
-
-        try{
-            $day_date = test_input(($_POST["day_date"]));
-            $month_date = test_input(($_POST["month_date"]));
-            $year_date = test_input(($_POST["year_date"]));
-            $bday = $year_date . "-" . $month_date . "-" . $day_date;
-            checkInputChoice($bday, "bday");
-        } catch(bdayException $e){
-            $correct = false;
-            $bdayErr = $e->getMessage();
-        }
-
-        try{
-            $username = str_replace(' ', '', test_input(($_POST["username"])));
-            checkInputChoice($username, "username");
-        } catch(usernameException $e){
-            $correct = false;
-            $usernameErr = $e->getMessage();
-        }
-
-        try{
-            $password = str_replace(' ', '', test_input(($_POST["password"])));
-            checkInputChoice($password, "longerEight");
-            matchPassword();
-        } catch(passwordException $e){
-            $correct = false;
-            $passwordErr = $e->getMessage();
-        } catch(confirmPasswordException $e){
-            $correct = false;
-            $confirmPasswordErr = $e->getMessage();
-        }
-
-        try{
-            $location = test_input(($_POST["location"]));
-            checkInputChoice($location, "lettersAndSpaces");
-        } catch(lettersAndSpacesException $e){
-            $correct = false;
-            $locationErr = $e->getMessage();
-        }
-
-        try{
-            $email = test_input(($_POST["email"]));
-            checkInputChoice($email, "email");
-            $confirmEmail = test_input(($_POST["confirmEmail"]));
-            matchEmail();
-        } catch(emailException $e){
-            $correct = false;
-            $emailErr = $e->getMessage();
-        } catch(confirmEmailException $e){
-            $correct = false;
-            $confirmEmailErr = $e->getMessage();
-        }
-
-        try{
-            $captcha = $_POST['g-recaptcha-response'];
-            checkCaptcha($captcha);
-        } catch(captchaException $e){
-            $correct = false;
-            $captchaErr = $e->getMessage();
-        }
-
-        try {
-            getIp();
-            registerCheck($correct);
-            sendConfirmEmailUsername($username);
-        } catch(registerException $e){
-            $genericErr = $e->getMessage();
-        }
-    }
-/* This view adds register view */
-include("../views/register-view.php");
-?>
-</body>
-</html>

website/public/settings.php

@@ -14,11 +14,13 @@
 <?php
 $alertClass;
 $alertMessage;
+
+// Select which button has been pressed.
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     try {
         switch ($_POST["form"]) {
             case "profile":
-                updateSettings();
+                checkUpdateSettings();
                 break;
             case "password":
                 changePassword();
@@ -29,7 +31,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             case "picture":
                 updateAvatar();
                 break;
-
         }
     } catch (AlertMessage $w) {
         $alertClass = $w->getClass();

website/public/styles/adminpanel.css

@@ -1,13 +1,15 @@
-.admin-panel {
-    min-width: 800px;
-}
 
 .admin-panel input[type="radio"], input[type="checkbox"] {
     vertical-align: middle;
-    height: auto;
+    height: 28px;
+    width: 28px;
     margin: 2px;
 }
 
+.table-checkbox {
+    width: 28px;
+}
+
 .admin-searchform {
     display: inline-block;
     width: 100%;
@@ -34,20 +36,33 @@
     width: 100%;
 }
 
-.usertable .table-checkbox {width: 20px}
+.table-checkbox {width: 20px}
-.usertable .table-username {width: 150px}
+.table-username {width: 150px}
-.usertable .table-status {width: 100px}
+.table-status {width: 100px}
-.usertable .table-action {width: 200px}
+.table-action {width: 200px}
 
 .usertable th, td {
     border-bottom: 1px solid #ddd;
     padding: 3px;
+    word-wrap: break-word;
 }
 
-.usertable tr {
+.usertable th, tr {
     text-align: left;
 }
 
 .usertable tr:hover {
     background-color: #f5f5f5;
 }
+
+.bancomment {
+    width: 80%;
+}
+
+.bancommentedit {
+    display: none;
+}
+
+.bancommentform input[type="text"] {
+    width: 80%;
+}

website/public/styles/chat.css

@@ -22,6 +22,7 @@ body {
     height: calc(100% - 100px);
 
     display: inline-block;
+    float: left;
 
     overflow-y: auto;
 }
@@ -31,12 +32,14 @@ body {
     overflow-y: auto;
     overflow-x: hidden;
 
-    width: calc(100% - 256px - 75px);
+    width: calc(100% - 256px - 85px);
     height: calc(100% - 80px);
+    margin-right: 10px;
 
     padding: 10px;
 
     display: inline-block;
+    float: right;
 
     word-wrap: break-word;
 }

website/public/styles/header.css

@@ -49,7 +49,7 @@ header div {
 }
 
 #open-notifications {
-    padding: 5px 20px 5px 0px;
+    padding: 20px 20px 20px 0px;
 }
 
 @media only screen and (max-width: 1080px) {

website/public/styles/index.css

@@ -10,6 +10,19 @@ a.button {
 
 }
 
+a.fbButton {
+    background-color: #3B5998;
+    border-radius: 5px;
+    color: black;
+    cursor: pointer;
+    padding: 8px 20px;
+    font-family: Arial;
+    font-size: 22px;
+    color: white;
+    box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);
+
+}
+
 /* Body */
 body {
     height: 100%;
@@ -28,7 +41,7 @@ body {
 form {
     /*background-color: #a87a87;*/
     border-radius: 12px;
-    height: 85%;
+    height: 80%;
     margin: auto;
     width: 600px;
     overflow-y: auto;
@@ -120,6 +133,12 @@ label {
     color: red;
 }
 
+.login_containerNoscript {
+    padding: 4px;
+    text-align: center;
+    color: red;
+}
+
 @keyframes animatezoom {
     from {transform: scale(0)}
     to {transform: scale(1)}
@@ -137,7 +156,7 @@ label {
     margin: 16px auto;
     overflow-y: auto;
     padding: 20px;
-    width: 600px;
+    width: 650px;
 }
 
 select{
@@ -154,7 +173,7 @@ ul {
     display: none; /* Hidden by default */
     position: fixed; /* Stay in place */
     z-index: 1; /* Sit on top */
-    padding-top: 30px; /* Location of the box */
+    padding-top: 75px; /* Location of the box */
     left: 0;
     top: 0;
     width: 100%; /* Full width */
@@ -179,12 +198,6 @@ ul {
     animation-duration: 0.4s
 }
 
-/* Add Animation */
-@-webkit-keyframes animatetop {
-    from {top:-300px; opacity:0}
-    to {top:0; opacity:1}
-}
-
 @keyframes animatetop {
     from {top:-300px; opacity:0}
     to {top:0; opacity:1}
@@ -216,6 +229,7 @@ ul {
 }
 
 .modal-footer {
+    padding: 2px 8px;
     background-color: #FBC02D;
     color: black;
 }

website/public/styles/main.css

@@ -92,6 +92,14 @@ p {
     border-radius: 50%;
 }
 
+.online {
+    border: #4CAF50 solid 3px;
+}
+
+.offline {
+    border: #666666 solid 3px;
+}
+
 .group-picture {
     border-radius: 5px;
 }
@@ -108,7 +116,7 @@ p {
 
 @media only screen and (max-width: 1400px) {
     .item-box {
-        width: calc(100% - 50px);
+        width: calc(100% - 50px)!important;
     }
 }
 
@@ -248,8 +256,6 @@ div[data-title]:hover:after {
     top: 150%;
     z-index: 200;
     white-space: nowrap;
-    -moz-border-radius: 3px;
-    -webkit-border-radius: 3px;
     border-radius: 3px;
     box-shadow: 0 14px 28px rgba(0,0,0,0.25), 0 10px 10px rgba(0,0,0,0.22);
     background-color: #333;
@@ -282,25 +288,20 @@ div[data-title]:hover:after {
     vertical-align: middle;
 }
 
-::-webkit-scrollbar {
-    width: 5px;
-    height: 5px;
-}
-::-webkit-scrollbar-track {
-    background: none;
-}
-::-webkit-scrollbar-thumb {
-    -webkit-border-radius: 20px;
-    border-radius: 20px;
-    background: #4CAF50;
-}
-
 @media only screen and (max-width: 1080px) {
     body {
         font-size: 28px!important;
     }
-    button {
+    button, input, select {
         font-size: 28px;
+        height: 42px;
+    }
+    textarea {
+        font-size: 28px;
+    }
+    input[type="checkbox"], input[type="radio"] {
+        width: 28px;
+        height: 28px;
     }
 
 }

website/public/styles/post-popup.css

@@ -14,7 +14,7 @@
 
 /* Modal Content/Box */
 .modal-content {
-    margin: 5% auto;
+    margin: 50px auto;
     width: 70%; /* Could be more or less, depending on screen size */
     overflow-y: auto;
 }
@@ -48,6 +48,10 @@
     width: 90%;
 }
 
+.post-content a {
+    text-decoration: underline;
+}
+
 .commentfield {
     margin-bottom: 20px;
 }
@@ -84,3 +88,8 @@
     height: 24px;
     width: 24px;
 }
+
+.deleteButton {
+    background-color: firebrick;
+    float: right;
+}

website/public/styles/profile.css

@@ -1,5 +1,14 @@
 /* New */
 
+.alertbox {
+    display: none;
+    background-color: firebrick;
+}
+
+.alerttext {
+    color: white;
+}
+
 .user-box {
     text-align: center;
 }
@@ -11,21 +20,33 @@
     display: inline-block;
 }
 
-.friend-button-container {
+.friend-button-container, .group-button-container {
     position: relative;
     float: right;
     width: 200px;
     display: inline-block;
 }
 
-.friend-button-container button, .status-buttons-container button {
+.friend-button-container div, .status-buttons-container div {
+    width: 200px;
+    display: inline-block;
+}
+
+.friend-button-container button, .status-buttons-container button, .group-button-container button {
     display: block;
+    float: right;
 
     margin: 7px 0;
-    width: 200px;
 
     font-size: 18px;
 }
+.status-buttons-container button {
+    float: left;
+}
+
+.group-button-container button {
+    float: right;
+}
 
 .empty-button {
     background: none;
@@ -45,12 +66,36 @@
 
 .main-picture {
     position: relative;
-    border: #4CAF50 solid 5px;
+    border-width: 5px;
 
     display: inline-block;
     width: 150px;
     height: 150px;
     margin-bottom: -45px;
+
+    object-fit: cover;
+    vertical-align: middle;
+}
+
+.group-picture {
+    border: none;
+}
+
+.fancy-button span {
+    display: none;
+}
+
+.fancy-button:hover {
+    text-align: right;
+}
+
+.fancy-button i {
+    display: inline-block;
+}
+
+.fancy-button:hover span {
+    display: inline-block;
+    margin-right: 5px;
 }
 
 /* Old */
@@ -76,6 +121,10 @@ div.posts div.post {
     word-wrap: break-word;
 }
 
+div.posts div.post a {
+    text-decoration: underline;
+}
+
 div.posts div.post:hover {
     box-shadow: 0 10px 20px rgba(0,0,0,0.19), 0 6px 6px rgba(0,0,0,0.23);
 }
@@ -94,7 +143,7 @@ div.posts .post form input, div.posts .post form textarea {
     width: calc(100% - 15px);
 }
 
-div.posts .post form input[type="submit"] {
+div.posts .post form input[type="submit"], .post button{
     width: 100%;
 }
 
@@ -109,6 +158,11 @@ div.posts .post form textarea.newpost {
     font-size: 0.8em;
 }
 
+.noposts {
+    display: none;
+    text-align: center;
+}
+
 @media only screen and (max-width: 1500px) {
     .post-box {
         width: calc(50% - 68px);
@@ -120,4 +174,8 @@ div.posts .post form textarea.newpost {
     .post-box {
         width: calc(100% - 65px);
     }
+    .modal {
+        left: 0!important;
+        width: 100%!important;
+    }
 }

website/public/styles/settings.css

@@ -32,6 +32,11 @@
     text-align: right;
 }
 
+.settings-password, .settings-email {
+    width: calc(50% - 60px);
+    display: inline-flex;
+}
+
 .settings-password label, .settings-email label {
     text-align: left;
 }

website/queries/Facebook/Authentication/AccessToken.php

@@ -0,0 +1,160 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Authentication;
+
+/**
+ * Class AccessToken
+ *
+ * @package Facebook
+ */
+class AccessToken
+{
+    /**
+     * The access token value.
+     *
+     * @var string
+     */
+    protected $value = '';
+
+    /**
+     * Date when token expires.
+     *
+     * @var \DateTime|null
+     */
+    protected $expiresAt;
+
+    /**
+     * Create a new access token entity.
+     *
+     * @param string $accessToken
+     * @param int    $expiresAt
+     */
+    public function __construct($accessToken, $expiresAt = 0)
+    {
+        $this->value = $accessToken;
+        if ($expiresAt) {
+            $this->setExpiresAtFromTimeStamp($expiresAt);
+        }
+    }
+
+    /**
+     * Generate an app secret proof to sign a request to Graph.
+     *
+     * @param string $appSecret The app secret.
+     *
+     * @return string
+     */
+    public function getAppSecretProof($appSecret)
+    {
+        return hash_hmac('sha256', $this->value, $appSecret);
+    }
+
+    /**
+     * Getter for expiresAt.
+     *
+     * @return \DateTime|null
+     */
+    public function getExpiresAt()
+    {
+        return $this->expiresAt;
+    }
+
+    /**
+     * Determines whether or not this is an app access token.
+     *
+     * @return bool
+     */
+    public function isAppAccessToken()
+    {
+        return strpos($this->value, '|') !== false;
+    }
+
+    /**
+     * Determines whether or not this is a long-lived token.
+     *
+     * @return bool
+     */
+    public function isLongLived()
+    {
+        if ($this->expiresAt) {
+            return $this->expiresAt->getTimestamp() > time() + (60 * 60 * 2);
+        }
+
+        if ($this->isAppAccessToken()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Checks the expiration of the access token.
+     *
+     * @return boolean|null
+     */
+    public function isExpired()
+    {
+        if ($this->getExpiresAt() instanceof \DateTime) {
+            return $this->getExpiresAt()->getTimestamp() < time();
+        }
+
+        if ($this->isAppAccessToken()) {
+            return false;
+        }
+
+        return null;
+    }
+
+    /**
+     * Returns the access token as a string.
+     *
+     * @return string
+     */
+    public function getValue()
+    {
+        return $this->value;
+    }
+
+    /**
+     * Returns the access token as a string.
+     *
+     * @return string
+     */
+    public function __toString()
+    {
+        return $this->getValue();
+    }
+
+    /**
+     * Setter for expires_at.
+     *
+     * @param int $timeStamp
+     */
+    protected function setExpiresAtFromTimeStamp($timeStamp)
+    {
+        $dt = new \DateTime();
+        $dt->setTimestamp($timeStamp);
+        $this->expiresAt = $dt;
+    }
+}

website/queries/Facebook/Authentication/AccessTokenMetadata.php

@@ -0,0 +1,390 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Authentication;
+
+use Facebook\Exceptions\FacebookSDKException;
+
+/**
+ * Class AccessTokenMetadata
+ *
+ * Represents metadata from an access token.
+ *
+ * @package Facebook
+ * @see     https://developers.facebook.com/docs/graph-api/reference/debug_token
+ */
+class AccessTokenMetadata
+{
+    /**
+     * The access token metadata.
+     *
+     * @var array
+     */
+    protected $metadata = [];
+
+    /**
+     * Properties that should be cast as DateTime objects.
+     *
+     * @var array
+     */
+    protected static $dateProperties = ['expires_at', 'issued_at'];
+
+    /**
+     * @param array $metadata
+     *
+     * @throws FacebookSDKException
+     */
+    public function __construct(array $metadata)
+    {
+        if (!isset($metadata['data'])) {
+            throw new FacebookSDKException('Unexpected debug token response data.', 401);
+        }
+
+        $this->metadata = $metadata['data'];
+
+        $this->castTimestampsToDateTime();
+    }
+
+    /**
+     * Returns a value from the metadata.
+     *
+     * @param string $field   The property to retrieve.
+     * @param mixed  $default The default to return if the property doesn't exist.
+     *
+     * @return mixed
+     */
+    public function getField($field, $default = null)
+    {
+        if (isset($this->metadata[$field])) {
+            return $this->metadata[$field];
+        }
+
+        return $default;
+    }
+
+    /**
+     * Returns a value from the metadata.
+     *
+     * @param string $field   The property to retrieve.
+     * @param mixed  $default The default to return if the property doesn't exist.
+     *
+     * @return mixed
+     *
+     * @deprecated 5.0.0 getProperty() has been renamed to getField()
+     * @todo v6: Remove this method
+     */
+    public function getProperty($field, $default = null)
+    {
+        return $this->getField($field, $default);
+    }
+
+    /**
+     * Returns a value from a child property in the metadata.
+     *
+     * @param string $parentField The parent property.
+     * @param string $field       The property to retrieve.
+     * @param mixed  $default     The default to return if the property doesn't exist.
+     *
+     * @return mixed
+     */
+    public function getChildProperty($parentField, $field, $default = null)
+    {
+        if (!isset($this->metadata[$parentField])) {
+            return $default;
+        }
+
+        if (!isset($this->metadata[$parentField][$field])) {
+            return $default;
+        }
+
+        return $this->metadata[$parentField][$field];
+    }
+
+    /**
+     * Returns a value from the error metadata.
+     *
+     * @param string $field   The property to retrieve.
+     * @param mixed  $default The default to return if the property doesn't exist.
+     *
+     * @return mixed
+     */
+    public function getErrorProperty($field, $default = null)
+    {
+        return $this->getChildProperty('error', $field, $default);
+    }
+
+    /**
+     * Returns a value from the "metadata" metadata. *Brain explodes*
+     *
+     * @param string $field   The property to retrieve.
+     * @param mixed  $default The default to return if the property doesn't exist.
+     *
+     * @return mixed
+     */
+    public function getMetadataProperty($field, $default = null)
+    {
+        return $this->getChildProperty('metadata', $field, $default);
+    }
+
+    /**
+     * The ID of the application this access token is for.
+     *
+     * @return string|null
+     */
+    public function getAppId()
+    {
+        return $this->getField('app_id');
+    }
+
+    /**
+     * Name of the application this access token is for.
+     *
+     * @return string|null
+     */
+    public function getApplication()
+    {
+        return $this->getField('application');
+    }
+
+    /**
+     * Any error that a request to the graph api
+     * would return due to the access token.
+     *
+     * @return bool|null
+     */
+    public function isError()
+    {
+        return $this->getField('error') !== null;
+    }
+
+    /**
+     * The error code for the error.
+     *
+     * @return int|null
+     */
+    public function getErrorCode()
+    {
+        return $this->getErrorProperty('code');
+    }
+
+    /**
+     * The error message for the error.
+     *
+     * @return string|null
+     */
+    public function getErrorMessage()
+    {
+        return $this->getErrorProperty('message');
+    }
+
+    /**
+     * The error subcode for the error.
+     *
+     * @return int|null
+     */
+    public function getErrorSubcode()
+    {
+        return $this->getErrorProperty('subcode');
+    }
+
+    /**
+     * DateTime when this access token expires.
+     *
+     * @return \DateTime|null
+     */
+    public function getExpiresAt()
+    {
+        return $this->getField('expires_at');
+    }
+
+    /**
+     * Whether the access token is still valid or not.
+     *
+     * @return boolean|null
+     */
+    public function getIsValid()
+    {
+        return $this->getField('is_valid');
+    }
+
+    /**
+     * DateTime when this access token was issued.
+     *
+     * Note that the issued_at field is not returned
+     * for short-lived access tokens.
+     *
+     * @see https://developers.facebook.com/docs/facebook-login/access-tokens#debug
+     *
+     * @return \DateTime|null
+     */
+    public function getIssuedAt()
+    {
+        return $this->getField('issued_at');
+    }
+
+    /**
+     * General metadata associated with the access token.
+     * Can contain data like 'sso', 'auth_type', 'auth_nonce'.
+     *
+     * @return array|null
+     */
+    public function getMetadata()
+    {
+        return $this->getField('metadata');
+    }
+
+    /**
+     * The 'sso' child property from the 'metadata' parent property.
+     *
+     * @return string|null
+     */
+    public function getSso()
+    {
+        return $this->getMetadataProperty('sso');
+    }
+
+    /**
+     * The 'auth_type' child property from the 'metadata' parent property.
+     *
+     * @return string|null
+     */
+    public function getAuthType()
+    {
+        return $this->getMetadataProperty('auth_type');
+    }
+
+    /**
+     * The 'auth_nonce' child property from the 'metadata' parent property.
+     *
+     * @return string|null
+     */
+    public function getAuthNonce()
+    {
+        return $this->getMetadataProperty('auth_nonce');
+    }
+
+    /**
+     * For impersonated access tokens, the ID of
+     * the page this token contains.
+     *
+     * @return string|null
+     */
+    public function getProfileId()
+    {
+        return $this->getField('profile_id');
+    }
+
+    /**
+     * List of permissions that the user has granted for
+     * the app in this access token.
+     *
+     * @return array
+     */
+    public function getScopes()
+    {
+        return $this->getField('scopes');
+    }
+
+    /**
+     * The ID of the user this access token is for.
+     *
+     * @return string|null
+     */
+    public function getUserId()
+    {
+        return $this->getField('user_id');
+    }
+
+    /**
+     * Ensures the app ID from the access token
+     * metadata is what we expect.
+     *
+     * @param string $appId
+     *
+     * @throws FacebookSDKException
+     */
+    public function validateAppId($appId)
+    {
+        if ($this->getAppId() !== $appId) {
+            throw new FacebookSDKException('Access token metadata contains unexpected app ID.', 401);
+        }
+    }
+
+    /**
+     * Ensures the user ID from the access token
+     * metadata is what we expect.
+     *
+     * @param string $userId
+     *
+     * @throws FacebookSDKException
+     */
+    public function validateUserId($userId)
+    {
+        if ($this->getUserId() !== $userId) {
+            throw new FacebookSDKException('Access token metadata contains unexpected user ID.', 401);
+        }
+    }
+
+    /**
+     * Ensures the access token has not expired yet.
+     *
+     * @throws FacebookSDKException
+     */
+    public function validateExpiration()
+    {
+        if (!$this->getExpiresAt() instanceof \DateTime) {
+            return;
+        }
+
+        if ($this->getExpiresAt()->getTimestamp() < time()) {
+            throw new FacebookSDKException('Inspection of access token metadata shows that the access token has expired.', 401);
+        }
+    }
+
+    /**
+     * Converts a unix timestamp into a DateTime entity.
+     *
+     * @param int $timestamp
+     *
+     * @return \DateTime
+     */
+    private function convertTimestampToDateTime($timestamp)
+    {
+        $dt = new \DateTime();
+        $dt->setTimestamp($timestamp);
+
+        return $dt;
+    }
+
+    /**
+     * Casts the unix timestamps as DateTime entities.
+     */
+    private function castTimestampsToDateTime()
+    {
+        foreach (static::$dateProperties as $key) {
+            if (isset($this->metadata[$key])) {
+                $this->metadata[$key] = $this->convertTimestampToDateTime($this->metadata[$key]);
+            }
+        }
+    }
+}

website/queries/Facebook/Authentication/OAuth2Client.php

@@ -0,0 +1,292 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Authentication;
+
+use Facebook\Facebook;
+use Facebook\FacebookApp;
+use Facebook\FacebookRequest;
+use Facebook\FacebookResponse;
+use Facebook\FacebookClient;
+use Facebook\Exceptions\FacebookResponseException;
+use Facebook\Exceptions\FacebookSDKException;
+
+/**
+ * Class OAuth2Client
+ *
+ * @package Facebook
+ */
+class OAuth2Client
+{
+    /**
+     * @const string The base authorization URL.
+     */
+    const BASE_AUTHORIZATION_URL = 'https://www.facebook.com';
+
+    /**
+     * The FacebookApp entity.
+     *
+     * @var FacebookApp
+     */
+    protected $app;
+
+    /**
+     * The Facebook client.
+     *
+     * @var FacebookClient
+     */
+    protected $client;
+
+    /**
+     * The version of the Graph API to use.
+     *
+     * @var string
+     */
+    protected $graphVersion;
+
+    /**
+     * The last request sent to Graph.
+     *
+     * @var FacebookRequest|null
+     */
+    protected $lastRequest;
+
+    /**
+     * @param FacebookApp    $app
+     * @param FacebookClient $client
+     * @param string|null    $graphVersion The version of the Graph API to use.
+     */
+    public function __construct(FacebookApp $app, FacebookClient $client, $graphVersion = null)
+    {
+        $this->app = $app;
+        $this->client = $client;
+        $this->graphVersion = $graphVersion ?: Facebook::DEFAULT_GRAPH_VERSION;
+    }
+
+    /**
+     * Returns the last FacebookRequest that was sent.
+     * Useful for debugging and testing.
+     *
+     * @return FacebookRequest|null
+     */
+    public function getLastRequest()
+    {
+        return $this->lastRequest;
+    }
+
+    /**
+     * Get the metadata associated with the access token.
+     *
+     * @param AccessToken|string $accessToken The access token to debug.
+     *
+     * @return AccessTokenMetadata
+     */
+    public function debugToken($accessToken)
+    {
+        $accessToken = $accessToken instanceof AccessToken ? $accessToken->getValue() : $accessToken;
+        $params = ['input_token' => $accessToken];
+
+        $this->lastRequest = new FacebookRequest(
+            $this->app,
+            $this->app->getAccessToken(),
+            'GET',
+            '/debug_token',
+            $params,
+            null,
+            $this->graphVersion
+        );
+        $response = $this->client->sendRequest($this->lastRequest);
+        $metadata = $response->getDecodedBody();
+
+        return new AccessTokenMetadata($metadata);
+    }
+
+    /**
+     * Generates an authorization URL to begin the process of authenticating a user.
+     *
+     * @param string $redirectUrl The callback URL to redirect to.
+     * @param array  $scope       An array of permissions to request.
+     * @param string $state       The CSPRNG-generated CSRF value.
+     * @param array  $params      An array of parameters to generate URL.
+     * @param string $separator   The separator to use in http_build_query().
+     *
+     * @return string
+     */
+    public function getAuthorizationUrl($redirectUrl, $state, array $scope = [], array $params = [], $separator = '&')
+    {
+        $params += [
+            'client_id' => $this->app->getId(),
+            'state' => $state,
+            'response_type' => 'code',
+            'sdk' => 'php-sdk-' . Facebook::VERSION,
+            'redirect_uri' => $redirectUrl,
+            'scope' => implode(',', $scope)
+        ];
+
+        return static::BASE_AUTHORIZATION_URL . '/' . $this->graphVersion . '/dialog/oauth?' . http_build_query($params, null, $separator);
+    }
+
+    /**
+     * Get a valid access token from a code.
+     *
+     * @param string $code
+     * @param string $redirectUri
+     *
+     * @return AccessToken
+     *
+     * @throws FacebookSDKException
+     */
+    public function getAccessTokenFromCode($code, $redirectUri = '')
+    {
+        $params = [
+            'code' => $code,
+            'redirect_uri' => $redirectUri,
+        ];
+
+        return $this->requestAnAccessToken($params);
+    }
+
+    /**
+     * Exchanges a short-lived access token with a long-lived access token.
+     *
+     * @param AccessToken|string $accessToken
+     *
+     * @return AccessToken
+     *
+     * @throws FacebookSDKException
+     */
+    public function getLongLivedAccessToken($accessToken)
+    {
+        $accessToken = $accessToken instanceof AccessToken ? $accessToken->getValue() : $accessToken;
+        $params = [
+            'grant_type' => 'fb_exchange_token',
+            'fb_exchange_token' => $accessToken,
+        ];
+
+        return $this->requestAnAccessToken($params);
+    }
+
+    /**
+     * Get a valid code from an access token.
+     *
+     * @param AccessToken|string $accessToken
+     * @param string             $redirectUri
+     *
+     * @return AccessToken
+     *
+     * @throws FacebookSDKException
+     */
+    public function getCodeFromLongLivedAccessToken($accessToken, $redirectUri = '')
+    {
+        $params = [
+            'redirect_uri' => $redirectUri,
+        ];
+
+        $response = $this->sendRequestWithClientParams('/oauth/client_code', $params, $accessToken);
+        $data = $response->getDecodedBody();
+
+        if (!isset($data['code'])) {
+            throw new FacebookSDKException('Code was not returned from Graph.', 401);
+        }
+
+        return $data['code'];
+    }
+
+    /**
+     * Send a request to the OAuth endpoint.
+     *
+     * @param array $params
+     *
+     * @return AccessToken
+     *
+     * @throws FacebookSDKException
+     */
+    protected function requestAnAccessToken(array $params)
+    {
+        $response = $this->sendRequestWithClientParams('/oauth/access_token', $params);
+        $data = $response->getDecodedBody();
+
+        if (!isset($data['access_token'])) {
+            throw new FacebookSDKException('Access token was not returned from Graph.', 401);
+        }
+
+        // Graph returns two different key names for expiration time
+        // on the same endpoint. Doh! :/
+        $expiresAt = 0;
+        if (isset($data['expires'])) {
+            // For exchanging a short lived token with a long lived token.
+            // The expiration time in seconds will be returned as "expires".
+            $expiresAt = time() + $data['expires'];
+        } elseif (isset($data['expires_in'])) {
+            // For exchanging a code for a short lived access token.
+            // The expiration time in seconds will be returned as "expires_in".
+            // See: https://developers.facebook.com/docs/facebook-login/access-tokens#long-via-code
+            $expiresAt = time() + $data['expires_in'];
+        }
+
+        return new AccessToken($data['access_token'], $expiresAt);
+    }
+
+    /**
+     * Send a request to Graph with an app access token.
+     *
+     * @param string      $endpoint
+     * @param array       $params
+     * @param string|null $accessToken
+     *
+     * @return FacebookResponse
+     *
+     * @throws FacebookResponseException
+     */
+    protected function sendRequestWithClientParams($endpoint, array $params, $accessToken = null)
+    {
+        $params += $this->getClientParams();
+
+        $accessToken = $accessToken ?: $this->app->getAccessToken();
+
+        $this->lastRequest = new FacebookRequest(
+            $this->app,
+            $accessToken,
+            'GET',
+            $endpoint,
+            $params,
+            null,
+            $this->graphVersion
+        );
+
+        return $this->client->sendRequest($this->lastRequest);
+    }
+
+    /**
+     * Returns the client_* params for OAuth requests.
+     *
+     * @return array
+     */
+    protected function getClientParams()
+    {
+        return [
+            'client_id' => $this->app->getId(),
+            'client_secret' => $this->app->getSecret(),
+        ];
+    }
+}

website/queries/Facebook/Exceptions/FacebookAuthenticationException.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Exceptions;
+
+/**
+ * Class FacebookAuthenticationException
+ *
+ * @package Facebook
+ */
+class FacebookAuthenticationException extends FacebookSDKException
+{
+}

website/queries/Facebook/Exceptions/FacebookAuthorizationException.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Exceptions;
+
+/**
+ * Class FacebookAuthorizationException
+ *
+ * @package Facebook
+ */
+class FacebookAuthorizationException extends FacebookSDKException
+{
+}

website/queries/Facebook/Exceptions/FacebookClientException.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Exceptions;
+
+/**
+ * Class FacebookClientException
+ *
+ * @package Facebook
+ */
+class FacebookClientException extends FacebookSDKException
+{
+}

website/queries/Facebook/Exceptions/FacebookOtherException.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Exceptions;
+
+/**
+ * Class FacebookOtherException
+ *
+ * @package Facebook
+ */
+class FacebookOtherException extends FacebookSDKException
+{
+}

website/queries/Facebook/Exceptions/FacebookResponseException.php

@@ -0,0 +1,208 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Exceptions;
+
+use Facebook\FacebookResponse;
+
+/**
+ * Class FacebookResponseException
+ *
+ * @package Facebook
+ */
+class FacebookResponseException extends FacebookSDKException
+{
+    /**
+     * @var FacebookResponse The response that threw the exception.
+     */
+    protected $response;
+
+    /**
+     * @var array Decoded response.
+     */
+    protected $responseData;
+
+    /**
+     * Creates a FacebookResponseException.
+     *
+     * @param FacebookResponse     $response          The response that threw the exception.
+     * @param FacebookSDKException $previousException The more detailed exception.
+     */
+    public function __construct(FacebookResponse $response, FacebookSDKException $previousException = null)
+    {
+        $this->response = $response;
+        $this->responseData = $response->getDecodedBody();
+
+        $errorMessage = $this->get('message', 'Unknown error from Graph.');
+        $errorCode = $this->get('code', -1);
+
+        parent::__construct($errorMessage, $errorCode, $previousException);
+    }
+
+    /**
+     * A factory for creating the appropriate exception based on the response from Graph.
+     *
+     * @param FacebookResponse $response The response that threw the exception.
+     *
+     * @return FacebookResponseException
+     */
+    public static function create(FacebookResponse $response)
+    {
+        $data = $response->getDecodedBody();
+
+        if (!isset($data['error']['code']) && isset($data['code'])) {
+            $data = ['error' => $data];
+        }
+
+        $code = isset($data['error']['code']) ? $data['error']['code'] : null;
+        $message = isset($data['error']['message']) ? $data['error']['message'] : 'Unknown error from Graph.';
+
+        $previousException = null;
+
+        if (isset($data['error']['error_subcode'])) {
+            switch ($data['error']['error_subcode']) {
+                // Other authentication issues
+                case 458:
+                case 459:
+                case 460:
+                case 463:
+                case 464:
+                case 467:
+                    return new static($response, new FacebookAuthenticationException($message, $code));
+            }
+        }
+
+        switch ($code) {
+            // Login status or token expired, revoked, or invalid
+            case 100:
+            case 102:
+            case 190:
+                return new static($response, new FacebookAuthenticationException($message, $code));
+
+            // Server issue, possible downtime
+            case 1:
+            case 2:
+                return new static($response, new FacebookServerException($message, $code));
+
+            // API Throttling
+            case 4:
+            case 17:
+            case 341:
+                return new static($response, new FacebookThrottleException($message, $code));
+
+            // Duplicate Post
+            case 506:
+                return new static($response, new FacebookClientException($message, $code));
+        }
+
+        // Missing Permissions
+        if ($code == 10 || ($code >= 200 && $code <= 299)) {
+            return new static($response, new FacebookAuthorizationException($message, $code));
+        }
+
+        // OAuth authentication error
+        if (isset($data['error']['type']) && $data['error']['type'] === 'OAuthException') {
+            return new static($response, new FacebookAuthenticationException($message, $code));
+        }
+
+        // All others
+        return new static($response, new FacebookOtherException($message, $code));
+    }
+
+    /**
+     * Checks isset and returns that or a default value.
+     *
+     * @param string $key
+     * @param mixed  $default
+     *
+     * @return mixed
+     */
+    private function get($key, $default = null)
+    {
+        if (isset($this->responseData['error'][$key])) {
+            return $this->responseData['error'][$key];
+        }
+
+        return $default;
+    }
+
+    /**
+     * Returns the HTTP status code
+     *
+     * @return int
+     */
+    public function getHttpStatusCode()
+    {
+        return $this->response->getHttpStatusCode();
+    }
+
+    /**
+     * Returns the sub-error code
+     *
+     * @return int
+     */
+    public function getSubErrorCode()
+    {
+        return $this->get('error_subcode', -1);
+    }
+
+    /**
+     * Returns the error type
+     *
+     * @return string
+     */
+    public function getErrorType()
+    {
+        return $this->get('type', '');
+    }
+
+    /**
+     * Returns the raw response used to create the exception.
+     *
+     * @return string
+     */
+    public function getRawResponse()
+    {
+        return $this->response->getBody();
+    }
+
+    /**
+     * Returns the decoded response used to create the exception.
+     *
+     * @return array
+     */
+    public function getResponseData()
+    {
+        return $this->responseData;
+    }
+
+    /**
+     * Returns the response entity used to create the exception.
+     *
+     * @return FacebookResponse
+     */
+    public function getResponse()
+    {
+        return $this->response;
+    }
+}

website/queries/Facebook/Exceptions/FacebookSDKException.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Exceptions;
+
+/**
+ * Class FacebookSDKException
+ *
+ * @package Facebook
+ */
+class FacebookSDKException extends \Exception
+{
+}

website/queries/Facebook/Exceptions/FacebookServerException.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Exceptions;
+
+/**
+ * Class FacebookServerException
+ *
+ * @package Facebook
+ */
+class FacebookServerException extends FacebookSDKException
+{
+}

website/queries/Facebook/Exceptions/FacebookThrottleException.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\Exceptions;
+
+/**
+ * Class FacebookThrottleException
+ *
+ * @package Facebook
+ */
+class FacebookThrottleException extends FacebookSDKException
+{
+}

website/queries/Facebook/Facebook.php

@@ -0,0 +1,589 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook;
+
+use Facebook\Authentication\AccessToken;
+use Facebook\Authentication\OAuth2Client;
+use Facebook\FileUpload\FacebookFile;
+use Facebook\FileUpload\FacebookVideo;
+use Facebook\GraphNodes\GraphEdge;
+use Facebook\Url\UrlDetectionInterface;
+use Facebook\Url\FacebookUrlDetectionHandler;
+use Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface;
+use Facebook\PseudoRandomString\McryptPseudoRandomStringGenerator;
+use Facebook\PseudoRandomString\OpenSslPseudoRandomStringGenerator;
+use Facebook\PseudoRandomString\UrandomPseudoRandomStringGenerator;
+use Facebook\HttpClients\FacebookHttpClientInterface;
+use Facebook\HttpClients\FacebookCurlHttpClient;
+use Facebook\HttpClients\FacebookStreamHttpClient;
+use Facebook\HttpClients\FacebookGuzzleHttpClient;
+use Facebook\PersistentData\PersistentDataInterface;
+use Facebook\PersistentData\FacebookSessionPersistentDataHandler;
+use Facebook\PersistentData\FacebookMemoryPersistentDataHandler;
+use Facebook\Helpers\FacebookCanvasHelper;
+use Facebook\Helpers\FacebookJavaScriptHelper;
+use Facebook\Helpers\FacebookPageTabHelper;
+use Facebook\Helpers\FacebookRedirectLoginHelper;
+use Facebook\Exceptions\FacebookSDKException;
+
+/**
+ * Class Facebook
+ *
+ * @package Facebook
+ */
+class Facebook
+{
+    /**
+     * @const string Version number of the Facebook PHP SDK.
+     */
+    const VERSION = '5.0.0';
+
+    /**
+     * @const string Default Graph API version for requests.
+     */
+    const DEFAULT_GRAPH_VERSION = 'v2.4';
+
+    /**
+     * @const string The name of the environment variable that contains the app ID.
+     */
+    const APP_ID_ENV_NAME = 'FACEBOOK_APP_ID';
+
+    /**
+     * @const string The name of the environment variable that contains the app secret.
+     */
+    const APP_SECRET_ENV_NAME = 'FACEBOOK_APP_SECRET';
+
+    /**
+     * @var FacebookApp The FacebookApp entity.
+     */
+    protected $app;
+
+    /**
+     * @var FacebookClient The Facebook client service.
+     */
+    protected $client;
+
+    /**
+     * @var OAuth2Client The OAuth 2.0 client service.
+     */
+    protected $oAuth2Client;
+
+    /**
+     * @var UrlDetectionInterface|null The URL detection handler.
+     */
+    protected $urlDetectionHandler;
+
+    /**
+     * @var PseudoRandomStringGeneratorInterface|null The cryptographically secure pseudo-random string generator.
+     */
+    protected $pseudoRandomStringGenerator;
+
+    /**
+     * @var AccessToken|null The default access token to use with requests.
+     */
+    protected $defaultAccessToken;
+
+    /**
+     * @var string|null The default Graph version we want to use.
+     */
+    protected $defaultGraphVersion;
+
+    /**
+     * @var PersistentDataInterface|null The persistent data handler.
+     */
+    protected $persistentDataHandler;
+
+    /**
+     * @var FacebookResponse|FacebookBatchResponse|null Stores the last request made to Graph.
+     */
+    protected $lastResponse;
+
+    /**
+     * Instantiates a new Facebook super-class object.
+     *
+     * @param array $config
+     *
+     * @throws FacebookSDKException
+     */
+    public function __construct(array $config = [])
+    {
+        $appId = isset($config['app_id']) ? $config['app_id'] : getenv(static::APP_ID_ENV_NAME);
+        if (!$appId) {
+            throw new FacebookSDKException('Required "app_id" key not supplied in config and could not find fallback environment variable "' . static::APP_ID_ENV_NAME . '"');
+        }
+
+        $appSecret = isset($config['app_secret']) ? $config['app_secret'] : getenv(static::APP_SECRET_ENV_NAME);
+        if (!$appSecret) {
+            throw new FacebookSDKException('Required "app_secret" key not supplied in config and could not find fallback environment variable "' . static::APP_SECRET_ENV_NAME . '"');
+        }
+
+        $this->app = new FacebookApp($appId, $appSecret);
+
+        $httpClientHandler = null;
+        if (isset($config['http_client_handler'])) {
+            if ($config['http_client_handler'] instanceof FacebookHttpClientInterface) {
+                $httpClientHandler = $config['http_client_handler'];
+            } elseif ($config['http_client_handler'] === 'curl') {
+                $httpClientHandler = new FacebookCurlHttpClient();
+            } elseif ($config['http_client_handler'] === 'stream') {
+                $httpClientHandler = new FacebookStreamHttpClient();
+            } elseif ($config['http_client_handler'] === 'guzzle') {
+                $httpClientHandler = new FacebookGuzzleHttpClient();
+            } else {
+                throw new \InvalidArgumentException('The http_client_handler must be set to "curl", "stream", "guzzle", or be an instance of Facebook\HttpClients\FacebookHttpClientInterface');
+            }
+        }
+
+        $enableBeta = isset($config['enable_beta_mode']) && $config['enable_beta_mode'] === true;
+        $this->client = new FacebookClient($httpClientHandler, $enableBeta);
+
+        if (isset($config['url_detection_handler'])) {
+            if ($config['url_detection_handler'] instanceof UrlDetectionInterface) {
+                $this->urlDetectionHandler = $config['url_detection_handler'];
+            } else {
+                throw new \InvalidArgumentException('The url_detection_handler must be an instance of Facebook\Url\UrlDetectionInterface');
+            }
+        }
+
+        if (isset($config['pseudo_random_string_generator'])) {
+            if ($config['pseudo_random_string_generator'] instanceof PseudoRandomStringGeneratorInterface) {
+                $this->pseudoRandomStringGenerator = $config['pseudo_random_string_generator'];
+            } elseif ($config['pseudo_random_string_generator'] === 'mcrypt') {
+                $this->pseudoRandomStringGenerator = new McryptPseudoRandomStringGenerator();
+            } elseif ($config['pseudo_random_string_generator'] === 'openssl') {
+                $this->pseudoRandomStringGenerator = new OpenSslPseudoRandomStringGenerator();
+            } elseif ($config['pseudo_random_string_generator'] === 'urandom') {
+                $this->pseudoRandomStringGenerator = new UrandomPseudoRandomStringGenerator();
+            } else {
+                throw new \InvalidArgumentException('The pseudo_random_string_generator must be set to "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface');
+            }
+        }
+
+        if (isset($config['persistent_data_handler'])) {
+            if ($config['persistent_data_handler'] instanceof PersistentDataInterface) {
+                $this->persistentDataHandler = $config['persistent_data_handler'];
+            } elseif ($config['persistent_data_handler'] === 'session') {
+                $this->persistentDataHandler = new FacebookSessionPersistentDataHandler();
+            } elseif ($config['persistent_data_handler'] === 'memory') {
+                $this->persistentDataHandler = new FacebookMemoryPersistentDataHandler();
+            } else {
+                throw new \InvalidArgumentException('The persistent_data_handler must be set to "session", "memory", or be an instance of Facebook\PersistentData\PersistentDataInterface');
+            }
+        }
+
+        if (isset($config['default_access_token'])) {
+            $this->setDefaultAccessToken($config['default_access_token']);
+        }
+
+        if (isset($config['default_graph_version'])) {
+            $this->defaultGraphVersion = $config['default_graph_version'];
+        } else {
+            // @todo v6: Throw an InvalidArgumentException if "default_graph_version" is not set
+            $this->defaultGraphVersion = static::DEFAULT_GRAPH_VERSION;
+        }
+    }
+
+    /**
+     * Returns the FacebookApp entity.
+     *
+     * @return FacebookApp
+     */
+    public function getApp()
+    {
+        return $this->app;
+    }
+
+    /**
+     * Returns the FacebookClient service.
+     *
+     * @return FacebookClient
+     */
+    public function getClient()
+    {
+        return $this->client;
+    }
+
+    /**
+     * Returns the OAuth 2.0 client service.
+     *
+     * @return OAuth2Client
+     */
+    public function getOAuth2Client()
+    {
+        if (!$this->oAuth2Client instanceof OAuth2Client) {
+            $app = $this->getApp();
+            $client = $this->getClient();
+            $this->oAuth2Client = new OAuth2Client($app, $client, $this->defaultGraphVersion);
+        }
+
+        return $this->oAuth2Client;
+    }
+
+    /**
+     * Returns the last response returned from Graph.
+     *
+     * @return FacebookResponse|FacebookBatchResponse|null
+     */
+    public function getLastResponse()
+    {
+        return $this->lastResponse;
+    }
+
+    /**
+     * Returns the URL detection handler.
+     *
+     * @return UrlDetectionInterface
+     */
+    public function getUrlDetectionHandler()
+    {
+        if (!$this->urlDetectionHandler instanceof UrlDetectionInterface) {
+            $this->urlDetectionHandler = new FacebookUrlDetectionHandler();
+        }
+
+        return $this->urlDetectionHandler;
+    }
+
+    /**
+     * Returns the default AccessToken entity.
+     *
+     * @return AccessToken|null
+     */
+    public function getDefaultAccessToken()
+    {
+        return $this->defaultAccessToken;
+    }
+
+    /**
+     * Sets the default access token to use with requests.
+     *
+     * @param AccessToken|string $accessToken The access token to save.
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function setDefaultAccessToken($accessToken)
+    {
+        if (is_string($accessToken)) {
+            $this->defaultAccessToken = new AccessToken($accessToken);
+
+            return;
+        }
+
+        if ($accessToken instanceof AccessToken) {
+            $this->defaultAccessToken = $accessToken;
+
+            return;
+        }
+
+        throw new \InvalidArgumentException('The default access token must be of type "string" or Facebook\AccessToken');
+    }
+
+    /**
+     * Returns the default Graph version.
+     *
+     * @return string
+     */
+    public function getDefaultGraphVersion()
+    {
+        return $this->defaultGraphVersion;
+    }
+
+    /**
+     * Returns the redirect login helper.
+     *
+     * @return FacebookRedirectLoginHelper
+     */
+    public function getRedirectLoginHelper()
+    {
+        return new FacebookRedirectLoginHelper(
+            $this->getOAuth2Client(),
+            $this->persistentDataHandler,
+            $this->urlDetectionHandler,
+            $this->pseudoRandomStringGenerator
+        );
+    }
+
+    /**
+     * Returns the JavaScript helper.
+     *
+     * @return FacebookJavaScriptHelper
+     */
+    public function getJavaScriptHelper()
+    {
+        return new FacebookJavaScriptHelper($this->app, $this->client, $this->defaultGraphVersion);
+    }
+
+    /**
+     * Returns the canvas helper.
+     *
+     * @return FacebookCanvasHelper
+     */
+    public function getCanvasHelper()
+    {
+        return new FacebookCanvasHelper($this->app, $this->client, $this->defaultGraphVersion);
+    }
+
+    /**
+     * Returns the page tab helper.
+     *
+     * @return FacebookPageTabHelper
+     */
+    public function getPageTabHelper()
+    {
+        return new FacebookPageTabHelper($this->app, $this->client, $this->defaultGraphVersion);
+    }
+
+    /**
+     * Sends a GET request to Graph and returns the result.
+     *
+     * @param string                  $endpoint
+     * @param AccessToken|string|null $accessToken
+     * @param string|null             $eTag
+     * @param string|null             $graphVersion
+     *
+     * @return FacebookResponse
+     *
+     * @throws FacebookSDKException
+     */
+    public function get($endpoint, $accessToken = null, $eTag = null, $graphVersion = null)
+    {
+        return $this->sendRequest(
+            'GET',
+            $endpoint,
+            $params = [],
+            $accessToken,
+            $eTag,
+            $graphVersion
+        );
+    }
+
+    /**
+     * Sends a POST request to Graph and returns the result.
+     *
+     * @param string                  $endpoint
+     * @param array                   $params
+     * @param AccessToken|string|null $accessToken
+     * @param string|null             $eTag
+     * @param string|null             $graphVersion
+     *
+     * @return FacebookResponse
+     *
+     * @throws FacebookSDKException
+     */
+    public function post($endpoint, array $params = [], $accessToken = null, $eTag = null, $graphVersion = null)
+    {
+        return $this->sendRequest(
+            'POST',
+            $endpoint,
+            $params,
+            $accessToken,
+            $eTag,
+            $graphVersion
+        );
+    }
+
+    /**
+     * Sends a DELETE request to Graph and returns the result.
+     *
+     * @param string                  $endpoint
+     * @param array                   $params
+     * @param AccessToken|string|null $accessToken
+     * @param string|null             $eTag
+     * @param string|null             $graphVersion
+     *
+     * @return FacebookResponse
+     *
+     * @throws FacebookSDKException
+     */
+    public function delete($endpoint, array $params = [], $accessToken = null, $eTag = null, $graphVersion = null)
+    {
+        return $this->sendRequest(
+            'DELETE',
+            $endpoint,
+            $params,
+            $accessToken,
+            $eTag,
+            $graphVersion
+        );
+    }
+
+    /**
+     * Sends a request to Graph for the next page of results.
+     *
+     * @param GraphEdge $graphEdge The GraphEdge to paginate over.
+     *
+     * @return GraphEdge|null
+     *
+     * @throws FacebookSDKException
+     */
+    public function next(GraphEdge $graphEdge)
+    {
+        return $this->getPaginationResults($graphEdge, 'next');
+    }
+
+    /**
+     * Sends a request to Graph for the previous page of results.
+     *
+     * @param GraphEdge $graphEdge The GraphEdge to paginate over.
+     *
+     * @return GraphEdge|null
+     *
+     * @throws FacebookSDKException
+     */
+    public function previous(GraphEdge $graphEdge)
+    {
+        return $this->getPaginationResults($graphEdge, 'previous');
+    }
+
+    /**
+     * Sends a request to Graph for the next page of results.
+     *
+     * @param GraphEdge $graphEdge The GraphEdge to paginate over.
+     * @param string    $direction The direction of the pagination: next|previous.
+     *
+     * @return GraphEdge|null
+     *
+     * @throws FacebookSDKException
+     */
+    public function getPaginationResults(GraphEdge $graphEdge, $direction)
+    {
+        $paginationRequest = $graphEdge->getPaginationRequest($direction);
+        if (!$paginationRequest) {
+            return null;
+        }
+
+        $this->lastResponse = $this->client->sendRequest($paginationRequest);
+
+        // Keep the same GraphNode subclass
+        $subClassName = $graphEdge->getSubClassName();
+        $graphEdge = $this->lastResponse->getGraphEdge($subClassName, false);
+
+        return count($graphEdge) > 0 ? $graphEdge : null;
+    }
+
+    /**
+     * Sends a request to Graph and returns the result.
+     *
+     * @param string                  $method
+     * @param string                  $endpoint
+     * @param array                   $params
+     * @param AccessToken|string|null $accessToken
+     * @param string|null             $eTag
+     * @param string|null             $graphVersion
+     *
+     * @return FacebookResponse
+     *
+     * @throws FacebookSDKException
+     */
+    public function sendRequest($method, $endpoint, array $params = [], $accessToken = null, $eTag = null, $graphVersion = null)
+    {
+        $accessToken = $accessToken ?: $this->defaultAccessToken;
+        $graphVersion = $graphVersion ?: $this->defaultGraphVersion;
+        $request = $this->request($method, $endpoint, $params, $accessToken, $eTag, $graphVersion);
+
+        return $this->lastResponse = $this->client->sendRequest($request);
+    }
+
+    /**
+     * Sends a batched request to Graph and returns the result.
+     *
+     * @param array                   $requests
+     * @param AccessToken|string|null $accessToken
+     * @param string|null             $graphVersion
+     *
+     * @return FacebookBatchResponse
+     *
+     * @throws FacebookSDKException
+     */
+    public function sendBatchRequest(array $requests, $accessToken = null, $graphVersion = null)
+    {
+        $accessToken = $accessToken ?: $this->defaultAccessToken;
+        $graphVersion = $graphVersion ?: $this->defaultGraphVersion;
+        $batchRequest = new FacebookBatchRequest(
+            $this->app,
+            $requests,
+            $accessToken,
+            $graphVersion
+        );
+
+        return $this->lastResponse = $this->client->sendBatchRequest($batchRequest);
+    }
+
+    /**
+     * Instantiates a new FacebookRequest entity.
+     *
+     * @param string                  $method
+     * @param string                  $endpoint
+     * @param array                   $params
+     * @param AccessToken|string|null $accessToken
+     * @param string|null             $eTag
+     * @param string|null             $graphVersion
+     *
+     * @return FacebookRequest
+     *
+     * @throws FacebookSDKException
+     */
+    public function request($method, $endpoint, array $params = [], $accessToken = null, $eTag = null, $graphVersion = null)
+    {
+        $accessToken = $accessToken ?: $this->defaultAccessToken;
+        $graphVersion = $graphVersion ?: $this->defaultGraphVersion;
+
+        return new FacebookRequest(
+            $this->app,
+            $accessToken,
+            $method,
+            $endpoint,
+            $params,
+            $eTag,
+            $graphVersion
+        );
+    }
+
+    /**
+     * Factory to create FacebookFile's.
+     *
+     * @param string $pathToFile
+     *
+     * @return FacebookFile
+     *
+     * @throws FacebookSDKException
+     */
+    public function fileToUpload($pathToFile)
+    {
+        return new FacebookFile($pathToFile);
+    }
+
+    /**
+     * Factory to create FacebookVideo's.
+     *
+     * @param string $pathToFile
+     *
+     * @return FacebookVideo
+     *
+     * @throws FacebookSDKException
+     */
+    public function videoToUpload($pathToFile)
+    {
+        return new FacebookVideo($pathToFile);
+    }
+}

website/queries/Facebook/FacebookApp.php

@@ -0,0 +1,101 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook;
+
+use Facebook\Authentication\AccessToken;
+
+class FacebookApp implements \Serializable
+{
+    /**
+     * @var string The app ID.
+     */
+    protected $id;
+
+    /**
+     * @var string The app secret.
+     */
+    protected $secret;
+
+    /**
+     * @param string $id
+     * @param string $secret
+     */
+    public function __construct($id, $secret)
+    {
+        $this->id = $id;
+        $this->secret = $secret;
+    }
+
+    /**
+     * Returns the app ID.
+     *
+     * @return string
+     */
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    /**
+     * Returns the app secret.
+     *
+     * @return string
+     */
+    public function getSecret()
+    {
+        return $this->secret;
+    }
+
+    /**
+     * Returns an app access token.
+     *
+     * @return AccessToken
+     */
+    public function getAccessToken()
+    {
+        return new AccessToken($this->id . '|' . $this->secret);
+    }
+
+    /**
+     * Serializes the FacebookApp entity as a string.
+     *
+     * @return string
+     */
+    public function serialize()
+    {
+        return serialize([$this->id, $this->secret]);
+    }
+
+    /**
+     * Unserializes a string as a FacebookApp entity.
+     *
+     * @param string $serialized
+     */
+    public function unserialize($serialized)
+    {
+        list($id, $secret) = unserialize($serialized);
+
+        $this->__construct($id, $secret);
+    }
+}

website/queries/Facebook/FacebookBatchRequest.php

@@ -0,0 +1,303 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook;
+
+use ArrayIterator;
+use IteratorAggregate;
+use ArrayAccess;
+use Facebook\Authentication\AccessToken;
+use Facebook\Exceptions\FacebookSDKException;
+
+/**
+ * Class BatchRequest
+ *
+ * @package Facebook
+ */
+class FacebookBatchRequest extends FacebookRequest implements IteratorAggregate, ArrayAccess
+{
+    /**
+     * @var array An array of FacebookRequest entities to send.
+     */
+    protected $requests;
+
+    /**
+     * @var array An array of files to upload.
+     */
+    protected $attachedFiles;
+
+    /**
+     * Creates a new Request entity.
+     *
+     * @param FacebookApp|null        $app
+     * @param array                   $requests
+     * @param AccessToken|string|null $accessToken
+     * @param string|null             $graphVersion
+     */
+    public function __construct(FacebookApp $app = null, array $requests = [], $accessToken = null, $graphVersion = null)
+    {
+        parent::__construct($app, $accessToken, 'POST', '', [], null, $graphVersion);
+
+        $this->add($requests);
+    }
+
+    /**
+     * A a new request to the array.
+     *
+     * @param FacebookRequest|array $request
+     * @param string|null           $name
+     *
+     * @return FacebookBatchRequest
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function add($request, $name = null)
+    {
+        if (is_array($request)) {
+            foreach ($request as $key => $req) {
+                $this->add($req, $key);
+            }
+
+            return $this;
+        }
+
+        if (!$request instanceof FacebookRequest) {
+            throw new \InvalidArgumentException('Argument for add() must be of type array or FacebookRequest.');
+        }
+
+        $this->addFallbackDefaults($request);
+        $requestToAdd = [
+            'name' => $name,
+            'request' => $request,
+        ];
+
+        // File uploads
+        $attachedFiles = $this->extractFileAttachments($request);
+        if ($attachedFiles) {
+            $requestToAdd['attached_files'] = $attachedFiles;
+        }
+        $this->requests[] = $requestToAdd;
+
+        return $this;
+    }
+
+    /**
+     * Ensures that the FacebookApp and access token fall back when missing.
+     *
+     * @param FacebookRequest $request
+     *
+     * @throws FacebookSDKException
+     */
+    public function addFallbackDefaults(FacebookRequest $request)
+    {
+        if (!$request->getApp()) {
+            $app = $this->getApp();
+            if (!$app) {
+                throw new FacebookSDKException('Missing FacebookApp on FacebookRequest and no fallback detected on FacebookBatchRequest.');
+            }
+            $request->setApp($app);
+        }
+
+        if (!$request->getAccessToken()) {
+            $accessToken = $this->getAccessToken();
+            if (!$accessToken) {
+                throw new FacebookSDKException('Missing access token on FacebookRequest and no fallback detected on FacebookBatchRequest.');
+            }
+            $request->setAccessToken($accessToken);
+        }
+    }
+
+    /**
+     * Extracts the files from a request.
+     *
+     * @param FacebookRequest $request
+     *
+     * @return string|null
+     *
+     * @throws FacebookSDKException
+     */
+    public function extractFileAttachments(FacebookRequest $request)
+    {
+        if (!$request->containsFileUploads()) {
+            return null;
+        }
+
+        $files = $request->getFiles();
+        $fileNames = [];
+        foreach ($files as $file) {
+            $fileName = uniqid();
+            $this->addFile($fileName, $file);
+            $fileNames[] = $fileName;
+        }
+
+        $request->resetFiles();
+
+        // @TODO Does Graph support multiple uploads on one endpoint?
+        return implode(',', $fileNames);
+    }
+
+    /**
+     * Return the FacebookRequest entities.
+     *
+     * @return array
+     */
+    public function getRequests()
+    {
+        return $this->requests;
+    }
+
+    /**
+     * Prepares the requests to be sent as a batch request.
+     *
+     * @return string
+     */
+    public function prepareRequestsForBatch()
+    {
+        $this->validateBatchRequestCount();
+
+        $params = [
+            'batch' => $this->convertRequestsToJson(),
+            'include_headers' => true,
+        ];
+        $this->setParams($params);
+    }
+
+    /**
+     * Converts the requests into a JSON(P) string.
+     *
+     * @return string
+     */
+    public function convertRequestsToJson()
+    {
+        $requests = [];
+        foreach ($this->requests as $request) {
+            $attachedFiles = isset($request['attached_files']) ? $request['attached_files'] : null;
+            $requests[] = $this->requestEntityToBatchArray($request['request'], $request['name'], $attachedFiles);
+        }
+
+        return json_encode($requests);
+    }
+
+    /**
+     * Validate the request count before sending them as a batch.
+     *
+     * @throws FacebookSDKException
+     */
+    public function validateBatchRequestCount()
+    {
+        $batchCount = count($this->requests);
+        if ($batchCount === 0) {
+            throw new FacebookSDKException('There are no batch requests to send.');
+        } elseif ($batchCount > 50) {
+            // Per: https://developers.facebook.com/docs/graph-api/making-multiple-requests#limits
+            throw new FacebookSDKException('You cannot send more than 50 batch requests at a time.');
+        }
+    }
+
+    /**
+     * Converts a Request entity into an array that is batch-friendly.
+     *
+     * @param FacebookRequest $request       The request entity to convert.
+     * @param string|null     $requestName   The name of the request.
+     * @param string|null     $attachedFiles Names of files associated with the request.
+     *
+     * @return array
+     */
+    public function requestEntityToBatchArray(FacebookRequest $request, $requestName = null, $attachedFiles = null)
+    {
+        $compiledHeaders = [];
+        $headers = $request->getHeaders();
+        foreach ($headers as $name => $value) {
+            $compiledHeaders[] = $name . ': ' . $value;
+        }
+
+        $batch = [
+            'headers' => $compiledHeaders,
+            'method' => $request->getMethod(),
+            'relative_url' => $request->getUrl(),
+        ];
+
+        // Since file uploads are moved to the root request of a batch request,
+        // the child requests will always be URL-encoded.
+        $body = $request->getUrlEncodedBody()->getBody();
+        if ($body) {
+            $batch['body'] = $body;
+        }
+
+        if (isset($requestName)) {
+            $batch['name'] = $requestName;
+        }
+
+        if (isset($attachedFiles)) {
+            $batch['attached_files'] = $attachedFiles;
+        }
+
+        // @TODO Add support for "omit_response_on_success"
+        // @TODO Add support for "depends_on"
+        // @TODO Add support for JSONP with "callback"
+
+        return $batch;
+    }
+
+    /**
+     * Get an iterator for the items.
+     *
+     * @return ArrayIterator
+     */
+    public function getIterator()
+    {
+        return new ArrayIterator($this->requests);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function offsetSet($offset, $value)
+    {
+        $this->add($value, $offset);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function offsetExists($offset)
+    {
+        return isset($this->requests[$offset]);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function offsetUnset($offset)
+    {
+        unset($this->requests[$offset]);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function offsetGet($offset)
+    {
+        return isset($this->requests[$offset]) ? $this->requests[$offset] : null;
+    }
+}

website/queries/Facebook/FacebookBatchResponse.php

@@ -0,0 +1,154 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook;
+
+use ArrayIterator;
+use IteratorAggregate;
+use ArrayAccess;
+
+/**
+ * Class FacebookBatchResponse
+ *
+ * @package Facebook
+ */
+class FacebookBatchResponse extends FacebookResponse implements IteratorAggregate, ArrayAccess
+{
+    /**
+     * @var FacebookBatchRequest The original entity that made the batch request.
+     */
+    protected $batchRequest;
+
+    /**
+     * @var array An array of FacebookResponse entities.
+     */
+    protected $responses = [];
+
+    /**
+     * Creates a new Response entity.
+     *
+     * @param FacebookBatchRequest $batchRequest
+     * @param FacebookResponse     $response
+     */
+    public function __construct(FacebookBatchRequest $batchRequest, FacebookResponse $response)
+    {
+        $this->batchRequest = $batchRequest;
+
+        $request = $response->getRequest();
+        $body = $response->getBody();
+        $httpStatusCode = $response->getHttpStatusCode();
+        $headers = $response->getHeaders();
+        parent::__construct($request, $body, $httpStatusCode, $headers);
+
+        $responses = $response->getDecodedBody();
+        $this->setResponses($responses);
+    }
+
+    /**
+     * Returns an array of FacebookResponse entities.
+     *
+     * @return array
+     */
+    public function getResponses()
+    {
+        return $this->responses;
+    }
+
+    /**
+     * The main batch response will be an array of requests so
+     * we need to iterate over all the responses.
+     *
+     * @param array $responses
+     */
+    public function setResponses(array $responses)
+    {
+        $this->responses = [];
+
+        foreach ($responses as $key => $graphResponse) {
+            $this->addResponse($key, $graphResponse);
+        }
+    }
+
+    /**
+     * Add a response to the list.
+     *
+     * @param int        $key
+     * @param array|null $response
+     */
+    public function addResponse($key, $response)
+    {
+        $originalRequestName = isset($this->batchRequest[$key]['name']) ? $this->batchRequest[$key]['name'] : $key;
+        $originalRequest = isset($this->batchRequest[$key]['request']) ? $this->batchRequest[$key]['request'] : null;
+
+        $httpResponseBody = isset($response['body']) ? $response['body'] : null;
+        $httpResponseCode = isset($response['code']) ? $response['code'] : null;
+        $httpResponseHeaders = isset($response['headers']) ? $response['headers'] : [];
+
+        $this->responses[$originalRequestName] = new FacebookResponse(
+            $originalRequest,
+            $httpResponseBody,
+            $httpResponseCode,
+            $httpResponseHeaders
+        );
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getIterator()
+    {
+        return new ArrayIterator($this->responses);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function offsetSet($offset, $value)
+    {
+        $this->addResponse($offset, $value);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function offsetExists($offset)
+    {
+        return isset($this->responses[$offset]);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function offsetUnset($offset)
+    {
+        unset($this->responses[$offset]);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function offsetGet($offset)
+    {
+        return isset($this->responses[$offset]) ? $this->responses[$offset] : null;
+    }
+}

website/queries/Facebook/FacebookClient.php

@@ -0,0 +1,250 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook;
+
+use Facebook\HttpClients\FacebookHttpClientInterface;
+use Facebook\HttpClients\FacebookCurlHttpClient;
+use Facebook\HttpClients\FacebookStreamHttpClient;
+use Facebook\Exceptions\FacebookSDKException;
+
+/**
+ * Class FacebookClient
+ *
+ * @package Facebook
+ */
+class FacebookClient
+{
+    /**
+     * @const string Production Graph API URL.
+     */
+    const BASE_GRAPH_URL = 'https://graph.facebook.com';
+
+    /**
+     * @const string Graph API URL for video uploads.
+     */
+    const BASE_GRAPH_VIDEO_URL = 'https://graph-video.facebook.com';
+
+    /**
+     * @const string Beta Graph API URL.
+     */
+    const BASE_GRAPH_URL_BETA = 'https://graph.beta.facebook.com';
+
+    /**
+     * @const string Beta Graph API URL for video uploads.
+     */
+    const BASE_GRAPH_VIDEO_URL_BETA = 'https://graph-video.beta.facebook.com';
+
+    /**
+     * @const int The timeout in seconds for a normal request.
+     */
+    const DEFAULT_REQUEST_TIMEOUT = 60;
+
+    /**
+     * @const int The timeout in seconds for a request that contains file uploads.
+     */
+    const DEFAULT_FILE_UPLOAD_REQUEST_TIMEOUT = 3600;
+
+    /**
+     * @const int The timeout in seconds for a request that contains video uploads.
+     */
+    const DEFAULT_VIDEO_UPLOAD_REQUEST_TIMEOUT = 7200;
+
+    /**
+     * @var bool Toggle to use Graph beta url.
+     */
+    protected $enableBetaMode = false;
+
+    /**
+     * @var FacebookHttpClientInterface HTTP client handler.
+     */
+    protected $httpClientHandler;
+
+    /**
+     * @var int The number of calls that have been made to Graph.
+     */
+    public static $requestCount = 0;
+
+    /**
+     * Instantiates a new FacebookClient object.
+     *
+     * @param FacebookHttpClientInterface|null $httpClientHandler
+     * @param boolean                          $enableBeta
+     */
+    public function __construct(FacebookHttpClientInterface $httpClientHandler = null, $enableBeta = false)
+    {
+        $this->httpClientHandler = $httpClientHandler ?: $this->detectHttpClientHandler();
+        $this->enableBetaMode = $enableBeta;
+    }
+
+    /**
+     * Sets the HTTP client handler.
+     *
+     * @param FacebookHttpClientInterface $httpClientHandler
+     */
+    public function setHttpClientHandler(FacebookHttpClientInterface $httpClientHandler)
+    {
+        $this->httpClientHandler = $httpClientHandler;
+    }
+
+    /**
+     * Returns the HTTP client handler.
+     *
+     * @return FacebookHttpClientInterface
+     */
+    public function getHttpClientHandler()
+    {
+        return $this->httpClientHandler;
+    }
+
+    /**
+     * Detects which HTTP client handler to use.
+     *
+     * @return FacebookHttpClientInterface
+     */
+    public function detectHttpClientHandler()
+    {
+        return function_exists('curl_init') ? new FacebookCurlHttpClient() : new FacebookStreamHttpClient();
+    }
+
+    /**
+     * Toggle beta mode.
+     *
+     * @param boolean $betaMode
+     */
+    public function enableBetaMode($betaMode = true)
+    {
+        $this->enableBetaMode = $betaMode;
+    }
+
+    /**
+     * Returns the base Graph URL.
+     *
+     * @param boolean $postToVideoUrl Post to the video API if videos are being uploaded.
+     *
+     * @return string
+     */
+    public function getBaseGraphUrl($postToVideoUrl = false)
+    {
+        if ($postToVideoUrl) {
+            return $this->enableBetaMode ? static::BASE_GRAPH_VIDEO_URL_BETA : static::BASE_GRAPH_VIDEO_URL;
+        }
+
+        return $this->enableBetaMode ? static::BASE_GRAPH_URL_BETA : static::BASE_GRAPH_URL;
+    }
+
+    /**
+     * Prepares the request for sending to the client handler.
+     *
+     * @param FacebookRequest $request
+     *
+     * @return array
+     */
+    public function prepareRequestMessage(FacebookRequest $request)
+    {
+        $postToVideoUrl = $request->containsVideoUploads();
+        $url = $this->getBaseGraphUrl($postToVideoUrl) . $request->getUrl();
+
+        // If we're sending files they should be sent as multipart/form-data
+        if ($request->containsFileUploads()) {
+            $requestBody = $request->getMultipartBody();
+            $request->setHeaders([
+                'Content-Type' => 'multipart/form-data; boundary=' . $requestBody->getBoundary(),
+            ]);
+        } else {
+            $requestBody = $request->getUrlEncodedBody();
+            $request->setHeaders([
+                'Content-Type' => 'application/x-www-form-urlencoded',
+            ]);
+        }
+
+        return [
+            $url,
+            $request->getMethod(),
+            $request->getHeaders(),
+            $requestBody->getBody(),
+        ];
+    }
+
+    /**
+     * Makes the request to Graph and returns the result.
+     *
+     * @param FacebookRequest $request
+     *
+     * @return FacebookResponse
+     *
+     * @throws FacebookSDKException
+     */
+    public function sendRequest(FacebookRequest $request)
+    {
+        if (get_class($request) === 'FacebookRequest') {
+            $request->validateAccessToken();
+        }
+
+        list($url, $method, $headers, $body) = $this->prepareRequestMessage($request);
+
+        // Since file uploads can take a while, we need to give more time for uploads
+        $timeOut = static::DEFAULT_REQUEST_TIMEOUT;
+        if ($request->containsFileUploads()) {
+            $timeOut = static::DEFAULT_FILE_UPLOAD_REQUEST_TIMEOUT;
+        } elseif ($request->containsVideoUploads()) {
+            $timeOut = static::DEFAULT_VIDEO_UPLOAD_REQUEST_TIMEOUT;
+        }
+
+        // Should throw `FacebookSDKException` exception on HTTP client error.
+        // Don't catch to allow it to bubble up.
+        $rawResponse = $this->httpClientHandler->send($url, $method, $body, $headers, $timeOut);
+
+        static::$requestCount++;
+
+        $returnResponse = new FacebookResponse(
+            $request,
+            $rawResponse->getBody(),
+            $rawResponse->getHttpResponseCode(),
+            $rawResponse->getHeaders()
+        );
+
+        if ($returnResponse->isError()) {
+            throw $returnResponse->getThrownException();
+        }
+
+        return $returnResponse;
+    }
+
+    /**
+     * Makes a batched request to Graph and returns the result.
+     *
+     * @param FacebookBatchRequest $request
+     *
+     * @return FacebookBatchResponse
+     *
+     * @throws FacebookSDKException
+     */
+    public function sendBatchRequest(FacebookBatchRequest $request)
+    {
+        $request->prepareRequestsForBatch();
+        $facebookResponse = $this->sendRequest($request);
+
+        return new FacebookBatchResponse($request, $facebookResponse);
+    }
+}

website/queries/Facebook/FacebookRequest.php

@@ -0,0 +1,536 @@
+<?php
+/**
+ * Copyright 2014 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook;
+
+use Facebook\Authentication\AccessToken;
+use Facebook\Url\FacebookUrlManipulator;
+use Facebook\FileUpload\FacebookFile;
+use Facebook\FileUpload\FacebookVideo;
+use Facebook\Http\RequestBodyMultipart;
+use Facebook\Http\RequestBodyUrlEncoded;
+use Facebook\Exceptions\FacebookSDKException;
+
+/**
+ * Class Request
+ *
+ * @package Facebook
+ */
+class FacebookRequest
+{
+    /**
+     * @var FacebookApp The Facebook app entity.
+     */
+    protected $app;
+
+    /**
+     * @var string|null The access token to use for this request.
+     */
+    protected $accessToken;
+
+    /**
+     * @var string The HTTP method for this request.
+     */
+    protected $method;
+
+    /**
+     * @var string The Graph endpoint for this request.
+     */
+    protected $endpoint;
+
+    /**
+     * @var array The headers to send with this request.
+     */
+    protected $headers = [];
+
+    /**
+     * @var array The parameters to send with this request.
+     */
+    protected $params = [];
+
+    /**
+     * @var array The files to send with this request.
+     */
+    protected $files = [];
+
+    /**
+     * @var string ETag to send with this request.
+     */
+    protected $eTag;
+
+    /**
+     * @var string Graph version to use for this request.
+     */
+    protected $graphVersion;
+
+    /**
+     * Creates a new Request entity.
+     *
+     * @param FacebookApp|null        $app
+     * @param AccessToken|string|null $accessToken
+     * @param string|null             $method
+     * @param string|null             $endpoint
+     * @param array|null              $params
+     * @param string|null             $eTag
+     * @param string|null             $graphVersion
+     */
+    public function __construct(FacebookApp $app = null, $accessToken = null, $method = null, $endpoint = null, array $params = [], $eTag = null, $graphVersion = null)
+    {
+        $this->setApp($app);
+        $this->setAccessToken($accessToken);
+        $this->setMethod($method);
+        $this->setEndpoint($endpoint);
+        $this->setParams($params);
+        $this->setETag($eTag);
+        $this->graphVersion = $graphVersion ?: Facebook::DEFAULT_GRAPH_VERSION;
+    }
+
+    /**
+     * Set the access token for this request.
+     *
+     * @param AccessToken|string
+     *
+     * @return FacebookRequest
+     */
+    public function setAccessToken($accessToken)
+    {
+        $this->accessToken = $accessToken;
+        if ($accessToken instanceof AccessToken) {
+            $this->accessToken = $accessToken->getValue();
+        }
+
+        return $this;
+    }
+
+    /**
+     * Sets the access token with one harvested from a URL or POST params.
+     *
+     * @param string $accessToken The access token.
+     *
+     * @return FacebookRequest
+     *
+     * @throws FacebookSDKException
+     */
+    public function setAccessTokenFromParams($accessToken)
+    {
+        $existingAccessToken = $this->getAccessToken();
+        if (!$existingAccessToken) {
+            $this->setAccessToken($accessToken);
+        } elseif ($accessToken !== $existingAccessToken) {
+            throw new FacebookSDKException('Access token mismatch. The access token provided in the FacebookRequest and the one provided in the URL or POST params do not match.');
+        }
+
+        return $this;
+    }
+
+    /**
+     * Return the access token for this request.
+     *
+     * @return string|null
+     */
+    public function getAccessToken()
+    {
+        return $this->accessToken;
+    }
+
+    /**
+     * Return the access token for this request an an AccessToken entity.
+     *
+     * @return AccessToken|null
+     */
+    public function getAccessTokenEntity()
+    {
+        return $this->accessToken ? new AccessToken($this->accessToken) : null;
+    }
+
+    /**
+     * Set the FacebookApp entity used for this request.
+     *
+     * @param FacebookApp|null $app
+     */
+    public function setApp(FacebookApp $app = null)
+    {
+        $this->app = $app;
+    }
+
+    /**
+     * Return the FacebookApp entity used for this request.
+     *
+     * @return FacebookApp
+     */
+    public function getApp()
+    {
+        return $this->app;
+    }
+
+    /**
+     * Generate an app secret proof to sign this request.
+     *
+     * @return string|null
+     */
+    public function getAppSecretProof()
+    {
+        if (!$accessTokenEntity = $this->getAccessTokenEntity()) {
+            return null;
+        }
+
+        return $accessTokenEntity->getAppSecretProof($this->app->getSecret());
+    }
+
+    /**
+     * Validate that an access token exists for this request.
+     *
+     * @throws FacebookSDKException
+     */
+    public function validateAccessToken()
+    {
+        $accessToken = $this->getAccessToken();
+        if (!$accessToken) {
+            throw new FacebookSDKException('You must provide an access token.');
+        }
+    }
+
+    /**
+     * Set the HTTP method for this request.
+     *
+     * @param string
+     *
+     * @return FacebookRequest
+     */
+    public function setMethod($method)
+    {
+        $this->method = strtoupper($method);
+    }
+
+    /**
+     * Return the HTTP method for this request.
+     *
+     * @return string
+     */
+    public function getMethod()
+    {
+        return $this->method;
+    }
+
+    /**
+     * Validate that the HTTP method is set.
+     *
+     * @throws FacebookSDKException
+     */
+    public function validateMethod()
+    {
+        if (!$this->method) {
+            throw new FacebookSDKException('HTTP method not specified.');
+        }
+
+        if (!in_array($this->method, ['GET', 'POST', 'DELETE'])) {
+            throw new FacebookSDKException('Invalid HTTP method specified.');
+        }
+    }
+
+    /**
+     * Set the endpoint for this request.
+     *
+     * @param string
+     *
+     * @return FacebookRequest
+     *
+     * @throws FacebookSDKException
+     */
+    public function setEndpoint($endpoint)
+    {
+        // Harvest the access token from the endpoint to keep things in sync
+        $params = FacebookUrlManipulator::getParamsAsArray($endpoint);
+        if (isset($params['access_token'])) {
+            $this->setAccessTokenFromParams($params['access_token']);
+        }
+
+        // Clean the token & app secret proof from the endpoint.
+        $filterParams = ['access_token', 'appsecret_proof'];
+        $this->endpoint = FacebookUrlManipulator::removeParamsFromUrl($endpoint, $filterParams);
+
+        return $this;
+    }
+
+    /**
+     * Return the HTTP method for this request.
+     *
+     * @return string
+     */
+    public function getEndpoint()
+    {
+        // For batch requests, this will be empty
+        return $this->endpoint;
+    }
+
+    /**
+     * Generate and return the headers for this request.
+     *
+     * @return array
+     */
+    public function getHeaders()
+    {
+        $headers = static::getDefaultHeaders();
+
+        if ($this->eTag) {
+            $headers['If-None-Match'] = $this->eTag;
+        }
+
+        return array_merge($this->headers, $headers);
+    }
+
+    /**
+     * Set the headers for this request.
+     *
+     * @param array $headers
+     */
+    public function setHeaders(array $headers)
+    {
+        $this->headers = array_merge($this->headers, $headers);
+    }
+
+    /**
+     * Sets the eTag value.
+     *
+     * @param string $eTag
+     */
+    public function setETag($eTag)
+    {
+        $this->eTag = $eTag;
+    }
+
+    /**
+     * Set the params for this request.
+     *
+     * @param array $params
+     *
+     * @return FacebookRequest
+     *
+     * @throws FacebookSDKException
+     */
+    public function setParams(array $params = [])
+    {
+        if (isset($params['access_token'])) {
+            $this->setAccessTokenFromParams($params['access_token']);
+        }
+
+        // Don't let these buggers slip in.
+        unset($params['access_token'], $params['appsecret_proof']);
+
+        // @TODO Refactor code above with this
+        //$params = $this->sanitizeAuthenticationParams($params);
+        $params = $this->sanitizeFileParams($params);
+        $this->dangerouslySetParams($params);
+
+        return $this;
+    }
+
+    /**
+     * Set the params for this request without filtering them first.
+     *
+     * @param array $params
+     *
+     * @return FacebookRequest
+     */
+    public function dangerouslySetParams(array $params = [])
+    {
+        $this->params = array_merge($this->params, $params);
+
+        return $this;
+    }
+
+    /**
+     * Iterate over the params and pull out the file uploads.
+     *
+     * @param array $params
+     *
+     * @return array
+     */
+    public function sanitizeFileParams(array $params)
+    {
+        foreach ($params as $key => $value) {
+            if ($value instanceof FacebookFile) {
+                $this->addFile($key, $value);
+                unset($params[$key]);
+            }
+        }
+
+        return $params;
+    }
+
+    /**
+     * Add a file to be uploaded.
+     *
+     * @param string       $key
+     * @param FacebookFile $file
+     */
+    public function addFile($key, FacebookFile $file)
+    {
+        $this->files[$key] = $file;
+    }
+
+    /**
+     * Removes all the files from the upload queue.
+     */
+    public function resetFiles()
+    {
+        $this->files = [];
+    }
+
+    /**
+     * Get the list of files to be uploaded.
+     *
+     * @return array
+     */
+    public function getFiles()
+    {
+        return $this->files;
+    }
+
+    /**
+     * Let's us know if there is a file upload with this request.
+     *
+     * @return boolean
+     */
+    public function containsFileUploads()
+    {
+        return !empty($this->files);
+    }
+
+    /**
+     * Let's us know if there is a video upload with this request.
+     *
+     * @return boolean
+     */
+    public function containsVideoUploads()
+    {
+        foreach ($this->files as $file) {
+            if ($file instanceof FacebookVideo) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Returns the body of the request as multipart/form-data.
+     *
+     * @return RequestBodyMultipart
+     */
+    public function getMultipartBody()
+    {
+        $params = $this->getPostParams();
+
+        return new RequestBodyMultipart($params, $this->files);
+    }
+
+    /**
+     * Returns the body of the request as URL-encoded.
+     *
+     * @return RequestBodyUrlEncoded
+     */
+    public function getUrlEncodedBody()
+    {
+        $params = $this->getPostParams();
+
+        return new RequestBodyUrlEncoded($params);
+    }
+
+    /**
+     * Generate and return the params for this request.
+     *
+     * @return array
+     */
+    public function getParams()
+    {
+        $params = $this->params;
+
+        $accessToken = $this->getAccessToken();
+        if ($accessToken) {
+            $params['access_token'] = $accessToken;
+            $params['appsecret_proof'] = $this->getAppSecretProof();
+        }
+
+        return $params;
+    }
+
+    /**
+     * Only return params on POST requests.
+     *
+     * @return array
+     */
+    public function getPostParams()
+    {
+        if ($this->getMethod() === 'POST') {
+            return $this->getParams();
+        }
+
+        return [];
+    }
+
+    /**
+     * The graph version used for this request.
+     *
+     * @return string
+     */
+    public function getGraphVersion()
+    {
+        return $this->graphVersion;
+    }
+
+    /**
+     * Generate and return the URL for this request.
+     *
+     * @return string
+     */
+    public function getUrl()
+    {
+        $this->validateMethod();
+
+        $graphVersion = FacebookUrlManipulator::forceSlashPrefix($this->graphVersion);
+        $endpoint = FacebookUrlManipulator::forceSlashPrefix($this->getEndpoint());
+
+        $url = $graphVersion . $endpoint;
+
+        if ($this->getMethod() !== 'POST') {
+            $params = $this->getParams();
+            $url = FacebookUrlManipulator::appendParamsToUrl($url, $params);
+        }
+
+        return $url;
+    }
+
+    /**
+     * Return the default headers that every request should use.
+     *
+     * @return array
+     */
+    public static function getDefaultHeaders()
+    {
+        return [
+            'User-Agent' => 'fb-php-' . Facebook::VERSION,
+            'Accept-Encoding' => '*',
+        ];
+    }
+}