2017-01-25 16:20:49 +01:00
8 changed files with 55 additions and 28 deletions
--- a/website/public/js/registerAndLogin.js
+++ b/website/public/js/registerAndLogin.js
@@ -4,5 +4,8 @@ function checkLoggedIn() {
    } else {
        window.location.href = "profile.php";
    }
-    document.getElementById("demo").innerHTML = x;
 }
+
+function bannedAlert(){
+    alert("Your account is banned");
+}
--- a/website/public/login.php
+++ b/website/public/login.php
@@ -22,26 +22,11 @@

    // Trying to login
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
-        // Empty username or password field
-        if (empty($_POST["uname"]) || empty($_POST["psw"])) {
-            $loginErr = "Gebruikersnaam of wachtwoord is niet ingevuld";
-
-        }
-        else {
+        try{
            $uname = strtolower(test_input($_POST["uname"]));
-            $psw = test_input($_POST["psw"]);
-            $hash = getUser()["password"];
-            $userid = getUser()["userID"];
-
-            // If there's an account, go to the profile page
-            if(password_verify($psw, $hash)) {
-               $_SESSION["userID"] = $userid;
-               header("location: profile.php");
-
-            } else {
-               $loginErr = "Inloggegevens zijn niet correct";
-            }
-
+            validateLogin($_POST["uname"], $_POST["psw"]);
+        } catch(loginException $e) {
+            $loginErr = $e->getMessage();
        }
    }

--- a/website/public/register.php
+++ b/website/public/register.php
@@ -45,7 +45,7 @@
        }

        try{
-            $username = test_input(($_POST["username"]));
+            $username = str_replace(' ', '', test_input(($_POST["username"])));
            checkInputChoice($username, "username");
        } catch(usernameException $e){
            $correct = false;
@@ -53,7 +53,7 @@
        }

        try{
-            $password = test_input(($_POST["password"]));
+            $password = str_replace(' ', '', test_input(($_POST["password"])));
            checkInputChoice($password, "longerEight");
            matchPassword();
        } catch(passwordException $e){
--- a/website/public/styles/index.css
+++ b/website/public/styles/index.css
@@ -1,6 +1,6 @@
 a.button {
    background-color: #C8CABD;
-    border-radius: 10px;
+    border-radius: 5px;
    color: black;
    cursor: pointer;
    height: 50%;
--- a/website/queries/checkInput.php
+++ b/website/queries/checkInput.php
@@ -38,7 +38,8 @@ function checkName($variable){
    if (empty($variable)) {
        throw new lettersAndSpacesException("Verplicht!");
    } else if (!preg_match("/^[a-zA-Z ]*$/", $variable)) {
-        throw new lettersAndSpacesException("Alleen letters en spaties zijn toegestaan!");
+
+            throw new lettersAndSpacesException("Alleen letters en spaties zijn toegestaan!");
    }
 }

--- a/website/queries/login.php
+++ b/website/queries/login.php
@@ -4,7 +4,8 @@ function getUser() {
    $stmt = $GLOBALS["db"]->prepare("
    SELECT
      `password`,
-      `userID`
+      `userID`,
+      `role`
    FROM
      `user`
    WHERE
@@ -15,3 +16,40 @@ function getUser() {
    $stmt->execute();
    return $stmt->fetch(PDO::FETCH_ASSOC);
 }
+
+function validateLogin($username, $password){
+    // Empty username or password field
+    if (empty($username) || empty($password)) {
+        throw new loginException("Gebruikersnaam of wachtwoord is niet ingevuld");
+    }
+    else {
+        $psw = test_input($password);
+        $hash = getUser()["password"];
+        $userID = getUser()["userID"];
+        $role = getUser()["role"];
+
+        // If there's an account, go to the profile page
+        if(password_verify($psw, $hash)) {
+            if ($role == "banned"){
+                echo "<script>
+                         window.onload=bannedAlert();
+                    </script>";
+            } else {
+                $_SESSION["userID"] = $userID;
+                header("location: profile.php");
+            }
+        } else {
+            throw new loginException("Inloggevens zijn niet correct");
+        }
+
+    }
+}
+
+class loginException extends Exception
+{
+    public function __construct($message = "", $code = 0, Exception $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+}
+?>
--- a/website/views/login_head.php
+++ b/website/views/login_head.php
@@ -7,7 +7,7 @@
    <link rel="stylesheet"
          type="text/css"
          href="styles/index.css">
-    <script src="/js/jqeury.js"></script>
-    <script src="/js/registerAndLogin.js"></script>
+    <script src="js/jqeury.js"></script>
+    <script src="js/registerAndLogin.js"></script>
    <script src='https://www.google.com/recaptcha/api.js'></script>
 </head>
--- a/website/views/register-view.php
+++ b/website/views/register-view.php
@@ -96,7 +96,7 @@

        <!-- Register location -->
        <div class="login_containerregister">
-            <label><b>Woonplaats</b></label>
+            <label><b>Locatie</b></label>
            <input type="text"
                   placeholder="Voer uw woonplaats in"
                   name="location"