website/public/API/loadFriendRequest.php

@@ -4,5 +4,12 @@ session_start();
 
 require_once ("../../queries/connect.php");
 require_once ("../../queries/friendship.php");
+require_once ("../../queries/user.php");
 
-echo selectAllFriendRequests();
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    echo selectAllFriendRequests();
+} else {
+    echo "[]";
+}

website/public/API/loadFriends.php

@@ -6,11 +6,15 @@ require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/friendship.php");
 
-if (isset($_POST["limit"])) {
-    echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_POST["limit"]));
-} else if (isset($_GET["limit"])) {
-    echo selectLimitedFriends($_SESSION["userID"], (int) test_input($_GET["limit"]));
+if (isset($_SESSION["userID"])) {
+    if (isset($_POST["limit"])) {
+        echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"]));
+    } else if (isset($_GET["limit"])) {
+        echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"]));
+    } else {
+        echo selectFriends($_SESSION["userID"]);
+    }
 } else {
-    echo selectFriends($_SESSION["userID"]);
+    echo "[]";
 }
 

website/public/API/sendMessage.php

@@ -4,11 +4,19 @@ session_start();
 require_once("../../queries/connect.php");
 require_once("../../queries/private_message.php");
 require_once("../../queries/checkInput.php");
+require_once("../../queries/user.php");
 
-if (!empty(test_input($_POST["destination"])) &&
-    !empty(test_input($_POST["content"]))) {
-    if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
-        echo 1;
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    if (!empty(test_input($_POST["destination"])) &&
+        !empty(test_input($_POST["content"]))
+    ) {
+        if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
+            echo 1;
+        } else {
+            echo 0;
+        }
     } else {
         echo 0;
     }

website/public/admin.php

@@ -19,9 +19,9 @@
 include_once ("../queries/user.php");
 
 // auth
-$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+$role = getRoleByID($_SESSION['userID']);
 
-if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
+if ($role != 'admin' AND $role != 'owner') {
     header("location:profile.php");
 }
 

website/public/js/chat.js

@@ -33,7 +33,11 @@ function sendMessage() {
     $.post(
         "API/sendMessage.php",
         $("#sendMessageForm").serialize()
-    );
+    ).done(function(data) {
+        if (data == "0") {
+            alert("Je account is bevroren, dus je kan niet chat berichten versturen. Contacteer een admin als je denk dat dit onjuist is.");
+        }
+    });
 
     $("#newContent").val("");
     loadMessages();

website/queries/user.php

@@ -9,7 +9,7 @@ function updateLastActivity() {
       SET
         `lastactivity` = NOW()
       WHERE
-      `userID` = :userID
+        `userID` = :userID
     ");
     $stmt->bindParam(":userID", $_SESSION["userID"]);
     return $stmt->execute();
@@ -417,5 +417,5 @@ function getRoleByID($userID) {
 
     $stmt->bindParam(':userID', $userID);
     $stmt->execute();
-    return $stmt;
+    return $stmt->fetch()["role"];
 }

website/views/notification-center.php

@@ -7,9 +7,9 @@
         include_once ("../queries/user.php");
 
         // auth
-        $userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+        $role = getRoleByID($_SESSION['userID']);
 
-        if ($userinfo['role'] == 'admin' OR $userinfo['role'] == 'owner') {
+        if ($role == 'admin' OR $role == 'owner') {
             echo "<a href=\"admin.php\" data-title=\"Admin\"><i class=\"fa fa-lock\"></i></a>";
             echo "<style>@import url('styles/adminbutton.css'); </style>";
         }