2017-02-03 21:19:51 +01:00
4 changed files with 25 additions and 11 deletions
--- a/website/public/group.php
+++ b/website/public/group.php
@@ -13,9 +13,16 @@
 include_once("../queries/group_page.php");
-$group = selectGroupByName($_GET["groupname"]);
+if(!$group = selectGroupByName($_GET["groupname"])) {
    header("HTTP/1.0 404 Not Found");
    header("Location: error/404.php");
    die();
 }
 $members = selectGroupMembers($group["groupID"]);
 /*
 * This view adds the main layout over the screen.
 * Header, menu, footer.
--- a/website/public/profile.php
+++ b/website/public/profile.php
@@ -21,19 +21,19 @@ include_once("../queries/calcAge.php");
 if(empty($_GET["username"])) {
    $userID = $_SESSION["userID"];
    $showProfile = True;
 } else {
    $userID = getUserID($_GET["username"]);
    $showProfile = False;
 }
-$user = selectUser($_SESSION["userID"], $userID);
+if(!$user = selectUser($_SESSION["userID"], $userID)) {
    header("HTTP/1.0 404 Not Found");
    header("Location: error/404.php");
    die();
 }
 $profile_friends = selectAllFriends($userID);
 $profile_groups = selectAllUserGroups($userID);
-$showProfile = $showProfile || $user["showProfile"] || ($user["status"] == 'confirmed');
+$showProfile = $user["showProfile"] || ($user["status"] == 'confirmed') || $_SESSION["userID"] == $userID;
 echo " friendship status: " . $user["status"];
 echo " showprofile: $showProfile";
 echo " userID: " . $user["userID"];
 if ($userID == $_SESSION["userID"]) {
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -33,7 +33,12 @@ function selectGroupByName($name) {
    if (!$stmt->execute()) {
        return False;
    }
-    return $stmt->fetch();
+    $row = $stmt->fetch();
    if($row["groupID"] == null) {
        return False;
    }
    return $row;
 }
 function selectGroupRole(int $groupID) {
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -101,7 +101,9 @@ function selectUser($me, $other) {
    $stmt->bindParam(':me', $me, PDO::PARAM_INT);
    $stmt->bindParam(':other', $other, PDO::PARAM_INT);
-    $stmt->execute();
+    if(!$stmt->execute() || $stmt->rowCount() == 0) {
        return False;
    }
    return $stmt->fetch();
 }
@@ -120,7 +122,7 @@ function selectAllUserGroups($userID) {
            `group_page`.`groupID` = `group_member`.`groupID`
        WHERE
            `userID` = :userID AND
-            `role` = 'member'
+            `role` IN ('member', 'mod', 'admin')
    ");
    $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);