diff --git a/Register.php b/Register.php index a0751de02f65a4ad6f1bc9c20deaae408f1ef003..eca4b5b7a21a08786d60671d49f628b7a04bb47d 100644 --- a/Register.php +++ b/Register.php @@ -52,20 +52,27 @@ if (isset($provided_email) && isset($provided_password) && isset($provided_age)) if ($num_rows == 1) { $errors = "user with email $provided_email already exists"; } else { - // hashed password $hashed_password = password_hash($provided_password, PASSWORD_BCRYPT); - // signup + // signup token $token = hash('sha256', time() . $provided_email . 'BX'); - $query = "INSERT INTO `users` VALUE (null, '$provided_user_name', '$provided_age','$provided_email','$hashed_password', '$provided_bio', 0, 0, '$token', null, null);"; + + $message = ['email' => $provided_email, 'token' => $token]; // we can add the valid_until time also + + $verification_token = ['message' => $message, 'reset' => 0, 'hash_of_message' => $obj->encrypt(json_encode($message))]; + + $encrypted_token = $obj->encrypt(json_encode($verification_token)); + + + $query = "INSERT INTO `users` VALUE (null, '$provided_user_name', '$provided_age','$provided_email',null,'$hashed_password', '$provided_bio', 0, 0, '$token', null, null);"; $result = $obj->executeQuery($query); $body = ' <p>click on this link to verify your account</p> - <p><b><a href="localhost/verifyAcount.php?token=' . $token . '&email=' . $provided_email . '">confirm your account</a></b></p> + <p><b><a href="localhost/verifyAcount.php?token=' . $encrypted_token . '">confirm your account</a></b></p> '; $sended = $obj->sendMail($provided_email, 'confirm your account', $body); diff --git a/accepte_or_reject_friend.php b/accepte_or_reject_friend.php new file mode 100644 index 0000000000000000000000000000000000000000..b7d107bb9032c89e00ff2b9771e8d609bf71a1bc --- /dev/null +++ b/accepte_or_reject_friend.php @@ -0,0 +1,39 @@ +<?php +require_once 'header.php'; + +if (!$obj->loggedin($obj)) { + header("Location: login.php"); +} +if (!$obj->acountVerified($obj)) { + header("Location: verifyemail.php"); +} +$loged_user_email = $_SESSION['logged_user']; +$user_id = $obj->getUserIdByEmail($obj, $loged_user_email); + +if (isset($_POST["accepte"]) && !empty($_POST["accepte"])) { + + + $accpeted_user_id = $_POST["accepte"]; + + // accepte friend request + $query = "UPDATE user_has_friend SET accepted = 1 where user_id2 = '$user_id' AND user_id1 = '$accpeted_user_id';"; + $result = $obj->executeQuery($query); + + // create a bidirectional relation + $query = "INSERT INTO user_has_friend VALUE ('$user_id', '$accpeted_user_id', 1);"; + $result = $obj->executeQuery($query); +} + +if (isset($_POST["rejecte"]) && !empty($_POST["rejecte"])) { + + $rejected_user_id = $_POST["rejecte"]; + + // rejecte friend request + $query = "DELETE FROM user_has_friend where user_id2 = '$user_id' AND user_id1 = '$rejected_user_id';"; + $result = $obj->executeQuery($query); + +} + +header("Location: " . $_SERVER['HTTP_REFERER']); + +?> \ No newline at end of file diff --git a/add_friend.php b/add_friend.php new file mode 100644 index 0000000000000000000000000000000000000000..e6443029a0af625651d7c9c980a562c8b943cd36 --- /dev/null +++ b/add_friend.php @@ -0,0 +1,39 @@ +<?php +require_once 'header.php'; + +if (!$obj->loggedin($obj)) { + header("Location: login.php"); +} +if (!$obj->acountVerified($obj)) { + header("Location: verifyemail.php"); +} + +if (isset($_POST["friend"]) && !empty($_POST["friend"])) { + + $freind_id = $_POST["friend"]; + $logged_user = $_SESSION['logged_user']; + $user_id = $obj->getUserIdByEmail($obj, $logged_user); + + // check if two user has freind relationship + $query = "SELECT * FROM user_has_friend WHERE (user_id1 = '$user_id' AND user_id2='$freind_id') OR (user_id2 = '$user_id' AND user_id1='$freind_id');"; + + $result = $obj->executeQuery($query); + + // there is no relation between : already freinds + if (mysqli_num_rows($result) == 0) { + $query = "INSERT INTO user_has_friend VALUE ('$user_id', '$freind_id', 0);"; + + $result = $obj->executeQuery($query); + if ($result) { + // redirect + header("Location: index.php"); + } + } + + + + + + +} +?> \ No newline at end of file diff --git a/admin.php b/admin.php new file mode 100644 index 0000000000000000000000000000000000000000..ae2d19bf2423e276f8c912345d9e3ccc838cf614 --- /dev/null +++ b/admin.php @@ -0,0 +1,55 @@ +<?php +require_once 'header.php'; + +if (!$obj->loggedin($obj)) { + header("Location: login.php"); +} +if (!$obj->acountVerified($obj)) { + header("Location: verifyemail.php"); +} + +if (!$obj->isAdmin($obj)) { + header("Location: " . $_SERVER['HTTP_REFERER']); +} + + +$query = "SELECT * FROM users"; +$users = $obj->executeQuery($query); + + +?> + +<div class="admin-page"> + <h3>admin page</h3> + <table class="table table-striped"> + <thead> + <tr> + <th scope="col">User Name </th> + <th scope="col">Profile Photo </th> + <th scope="col">Email</th> + <th scope="col">User Type</th> + <th scope="col">Suspend</th> + <th scope="col">Delete</th> + </tr> + </thead> + <tbody> + <?php + while ($row = mysqli_fetch_array($users)) { + $isAdmin = ($row['isAdmin'] == 1) ? '@ADMIN' : '@USER'; + echo ' <tr> + <td>' . $row['user_name'] . '</td> + <td><img src="' . $row['profile_image'] . '" alt=""></td> + <th scope="row">' . $row['email'] . '</th> + <th>' . $isAdmin . '</th> + <td><button type="button" class="btn btn-sm btn-warning">suspend <i + class="fa-solid fa-stop"></i></button> + </td> + <td><button type="button" class="btn btn-sm btn-danger">Delete <i + class="fa-solid fa-trash"></i></button></td> + </tr>'; + } + ?> + </tbody> + </table> + +</div> \ No newline at end of file diff --git a/chat/index.html b/chat/index.html new file mode 100644 index 0000000000000000000000000000000000000000..59ce469149263c705465562172867373d4932ade --- /dev/null +++ b/chat/index.html @@ -0,0 +1,20 @@ +<!DOCTYPE html> +<html> + <head> + <meta charset="utf-8" /> + <title></title> + </head> + <body> + <p>my id: <span id="person1id"></span></p> + <input type="person2id" id="personid" placeholder="enter person id" /> + <input type="text" id="personmessage" placeholder="person1 message" /> + <button id="callperson1" onclick="callperson()">connect</button> + <button id="video_call" onclick="videocall()">video call</button> + <hr /> + <div id="result"></div> + <video id="localVideo" autoplay></video> + <video id="remoteVideo" autoplay></video> + <script src="https://unpkg.com/peerjs@1.5.1/dist/peerjs.min.js"></script> + <script src="index.js" charset="utf-8"></script> + </body> +</html> diff --git a/chat/index.js b/chat/index.js new file mode 100644 index 0000000000000000000000000000000000000000..e6c023a73455dcf66e4f04ebecb07a849c681ed9 --- /dev/null +++ b/chat/index.js @@ -0,0 +1,84 @@ +var peer1 = null; + + +(function(){ + + let myid = prompt('enter your id'); + peer1 = new Peer(myid); + peer1.on('open', function(id) { + var person1idcontainer = document.getElementById('person1id'); + person1idcontainer.innerHTML = id; + }); + + + peer1.on('connection', function(conn) { + let result = document.getElementById('result'); + conn.on('data', function(data){ + result.innerHTML = result.innerHTML + data; + }); + }); + + + + + peer1.on('call', function(call) { + var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia; + getUserMedia({ video: true, audio: true }) + .then(function (stream) { + let localVideo = document.getElementById('localVideo'); + localVideo.srcObject = stream; + let confirmcall = confirm("you have a call"); + + if(confirmcall){ + call.answer(stream); // Answer the call with an A/V stream. + call.on('stream', function (remoteStream) { + let remoteVideo = document.getElementById('remoteVideo'); + remoteVideo.srcObject = remoteStream; + }); + } + + }) + .catch(function (err) { + console.log('Failed to get local stream', err); + }); + }); + + +})(); + +// send message +function callperson(){ + var personid = document.getElementById("personid").value; + var person1 = peer1.connect(personid); + // on open will be launch when you successfully connect to PeerServer + person1.on('open', function(){ + // here you have conn.id + let message = document.getElementById('personmessage').value; + person1.send(message); + }); +} + +function videocall() { + var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia; + getUserMedia({ video: true, audio: true }) + .then(function (stream) { + + let localVideo = document.getElementById('localVideo'); + localVideo.srcObject = stream; + + var personid = document.getElementById("personid").value; + var call = peer1.call(personid, stream); + call.on('stream', function (remoteStream) { + + let remoteVideo = document.getElementById('remoteVideo'); + remoteVideo.srcObject = remoteStream; + // Show the stream in a video or canvas element. + }); + }) + .catch(function (err) { + console.log('Failed to get local stream', err); + }); +} + + + diff --git a/connection.php b/connection.php index 9900dc087670eec210dcfaef79f3390437f426e0..549abf55cb7c617ff7ec63cfa41885740dc5dfe9 100644 --- a/connection.php +++ b/connection.php @@ -15,15 +15,17 @@ class Connection public $connection = NULL; public $USER_SESSION_DURATION = NULL; + public $key = NULL; public function __construct() { - $this->env = parse_ini_file('.env'); + $this->env = parse_ini_file('dev.env'); $this->servername = $this->env["DB_HOST"]; // cause we are on the docker network $this->username = $this->env['DB_USER']; $this->password = $this->env['DB_PASSWORD']; $this->DB_name = $this->env['DB_NAME']; + $this->key = $this->env['ecryption_key']; // Create connection $this->connection = mysqli_connect($this->servername, $this->username, $this->password, $this->DB_name); @@ -38,6 +40,7 @@ class Connection user_name VARCHAR(64), age INT, email VARCHAR(255), + profile_image VARCHAR(1024), password VARCHAR(255), bio VARCHAR(512), isAdmin Boolean default 0, @@ -54,6 +57,24 @@ class Connection die("Query failed: " . mysqli_error($this->connection)); } + + // user has friends tables + $query = 'CREATE TABLE IF NOT EXISTS `user_has_friend` ( + `user_id1` INTEGER NOT NULL, + `user_id2` INTEGER NOT NULL, + accepted BOOLEAN DEFAULT 0, + FOREIGN KEY (`user_id1`) REFERENCES `users` (`id`), + FOREIGN KEY (`user_id2`) REFERENCES `users` (`id`))'; + + // Execute the query + $result = mysqli_query($this->connection, $query); + // Check if the query was successful + if (!$result) { + die("Query failed: " . mysqli_error($this->connection)); + } + + + // create posts table $query = 'CREATE TABLE IF NOT EXISTS posts ( id INT PRIMARY KEY AUTO_INCREMENT, title VARCHAR(255), @@ -71,6 +92,27 @@ class Connection } + + // create messages table + // user has friends tables + $query = 'CREATE TABLE IF NOT EXISTS user_has_messages ( + user_id1 INTEGER NOT NULL, + user_id2 INTEGER NOT NULL, + message varchar(512), + sended_at DATETIME DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id1) REFERENCES users (id), + FOREIGN KEY (user_id2) REFERENCES users (id))'; + // Execute the query + $result = mysqli_query($this->connection, $query); + // Check if the query was successful + if (!$result) { + die("Query failed: " . mysqli_error($this->connection)); + } + + + + + } public function executeQuery($query) @@ -130,6 +172,17 @@ class Connection } + public function isAdmin($obj) + { + $loged_user_email = $_SESSION['logged_user']; + $query = "SELECT * FROM users where email='$loged_user_email'"; + $result = $obj->executeQuery($query); + $result = mysqli_fetch_assoc($result)['isAdmin']; + return ($result == 1); + + } + + public function getUserIdByEmail($obj, $email) { // echo $_SESSION['logged_user']; @@ -152,7 +205,7 @@ class Connection $mail->isSMTP(); $mail->Host = $this->env['SMTP_HOST']; //gmail SMTP server $mail->SMTPAuth = true; - + $mail->Username = $this->env['SMTP_USER_MAIL']; //email $mail->Password = $this->env['SMTP_USER_PASSWORD']; //16 character obtained from app password created $mail->Port = $this->env['SMTP_PORT']; //SMTP port @@ -180,6 +233,22 @@ class Connection return ($sended == true); } + function encrypt($message) + { + $iv = substr($message, 0, 16); + $cipherMessage = openssl_encrypt($message, 'aes-256-cbc', $this->key, 0, $iv); + return base64_encode($iv . $cipherMessage); + } + + function decrypt($message) + { + $data = base64_decode($message); + $iv = substr($data, 0, 16); + $message = substr($data, 16); + return openssl_decrypt($message, 'aes-256-cbc', $this->key, 0, $iv); + } + + public function __destruct() { $this->closeConnection(); diff --git a/css/main.css b/css/main.css index 6f2f0aa96bc4bcac0890d85c6427ef715e22cf24..db17c4c699b5e31150f45b1150059f2a279b90f4 100644 --- a/css/main.css +++ b/css/main.css @@ -77,6 +77,11 @@ body { border-radius: 5px; background: white; } + +.register_post h6 { + color: var(--bs-gray-700); + font-weight: bold; +} /* new post */ @@ -84,11 +89,11 @@ body { /* friend list page */ .freind-list { background: white; - min-height: 200px; + /* min-height: 200px; */ margin-top: 15px; padding: 1rem; border-radius: 10px; - height: 90vh; + /* height: 90vh; */ } .freind-list .title { @@ -97,15 +102,17 @@ body { .freind-list .friend-list-box { max-height: 300px; overflow: scroll; - border-top: 1px solid var(--main-color-ligther); + overflow-x: hidden; + border-top: 5px solid var(--bs-gray-400); margin-top: 10px; padding: 1em; - border-bottom: 1px solid var(--main-color-ligther); + border-bottom: 5px solid var(--bs-gray-400); } .freind-list .friend-list-box .friends { display: flex; margin: 1em 0; + justify-content: space-between; } @@ -129,8 +136,51 @@ body { margin-top: 5px; color: var(--main-color-gray); } +.freind-list .friend-list-box .friends .cals { + align-items: center; +} +.freind-list .friend-list-box .friends .cals i { + margin: 0 10px; +} + +.freind-list .friend-list-box .friends .cals button.message-button i { + color: var(--main-color); +} +.freind-list .friend-list-box .friends .cals button { + background: transparent; + border: none; +} +.freind-list .friend-list-box .friends .cals > button.green { + color: var(--bs-success); +} + +.freind-list .friend-list-box .friends .cals > button.red { + color: var(--bs-danger); +} + +.freind-list .friend-list-box .friends .cals > form:nth-child(1) button{ + color: var(--bs-success); +} + +.freind-list .friend-list-box .friends .cals > form:nth-child(2) button { + color: var(--bs-danger); +} + + +.freind-list .videos { + display: flex; +} + +.freind-list .videos video { + width: 50%; +} + + + /* friend list page */ + + .author { color: #FF5722; background: #2196f34d; @@ -154,7 +204,7 @@ body { .sidebar { background: #ffffff; border: 1px solid #edeaea; - margin: 1rem; + margin: 15px 1rem; padding: 1rem; border-radius: 5px; position: fixed; @@ -201,6 +251,10 @@ body { border-radius: 5px; transition: background 0.7s ease-in-out; } + +.sidebar .profile_menu .is-admin a i { + color: #FFC107; +} .sidebar .profile_menu ul li:hover { background-color: var(--main-menu-color-hover); } @@ -259,7 +313,7 @@ body { border-bottom: 1px solid var(--main-color-ligther); } -.rsidebar .feeds { +.rsidebar .topics { margin: 10px 0; background: #efefef; border-radius: 10px; @@ -273,11 +327,11 @@ body { padding: 1em; margin: 15px 0 0 0; border-radius: 5px; - background: white; - transition: background 0.3s ease-in-out; + background-color: white; + transition: background-color 0.3s ease-in-out; } .twit:hover { - background: #eef0f2; + background-color: #eef0f2; } .twit .twit-owner { display: flex; @@ -310,10 +364,16 @@ body { .twit .twit-header { margin: 15px 0px; } +.twit .twit-header h5{ + font-weight: 600; + text-decoration: underline; +} .twit .twit-body img { position: relative; width: 100%; border-radius: 3%; + max-height: 300px; + object-fit: cover; } @@ -365,6 +425,83 @@ body { background-color: rgb(255 193 7 / 33%); color: var(--bs-black); } + + +/* friend proposal */ +.friend_proposal { + background-color: white; + margin: 15px 0; + border-radius: 10px; + padding: 15px 0; +} +.friend_proposal .header { + padding: 1rem; + font-weight: bold; +} +.friend_proposal .proposal { + display: flex; +} +.friend_proposal .person { + display: flex; + flex-direction: column; + justify-content: flex-start; + align-items: center; + width: 130px; + padding: 0 10px; + box-sizing: border-box; +} +.friend_proposal .person:hover .person_content { + background: var(--bs-primary-bg-subtle); +} +.friend_proposal .person .person_image { + position: relative; + top: 7px; + z-index: 1; + height: 30%; + +} +.friend_proposal .person .person_image img { + width: 70px; + border: 5px solid var(--bs-white); + border-radius: 100%; +} +.friend_proposal .person .person_content { + background: var(--bs-gray-400); + text-align: center; + border-radius: 5px; + min-height: 70%; + min-width: 100%; + display: flex; + flex-direction: column; + justify-content: end; + transition: background 0.6s ease-in-out; +} +.friend_proposal .person .person_content .person_details { + padding-top: 15px; + font-size: 13px; + text-transform: lowercase; + margin-bottom: 5px; +} + +.friend_proposal .person .person_content .connect button { + font-size: 10pt; + border-radius: 10px; + margin-bottom: 6px; + text-transform: lowercase; + padding: 2px 12px; + background: #2c9afb; + border: none; + color: white; + transition: background 0.5s ease-in-out; +} + +.friend_proposal .person .person_content .connect button:hover { + background: #146ebe; +} + +/* friend proposal */ + + /* index twits */ /* verify email */ @@ -392,5 +529,232 @@ body { background: white; border-radius: 10px; padding: 1em; +} +/* verify_account */ + + +/* settings */ + +.settings { + background-color: white; + padding: 1em; + border-radius: 10px; + margin-top: 15px; +} +.settings h6 { + font-weight: bold; + margin: 10px 0; +} + +.settings .profile { + border: 1px solid var(--bs-gray-300); + border-radius: 10px; + display: flex; + justify-content: space-between; + align-items: center; + padding: 10px; +} + +.settings .profile .p_details { + display: flex; + align-items: center; + +} +.settings .profile .p_details .user-name { + margin-left: 15px; +} +.settings .profile .p_details .user-name p{ + margin: 0; + text-transform: uppercase; + font-weight: bold; + font-size: 12px; + color: var(--bs-gray); +} +.settings .profile .p_details .p_image img { + width: 50px; + border-radius: 100%; +} + +.profile .config button { + background: transparent; + border: 1px solid lightgray; + border-radius: 30px; + padding: 2px 10px; + font-size: 10pt; +} + +.profile .config button span,i { + margin: 0 5px; +} + +.profile button > i, .p_info button > i { + color: var(--bs-code-color); +} + +.profile .config { + display: flex; + flex-direction: column; + justify-content: space-around; + align-items: center; +} + +.p_info { + margin: 15px 0; + border: 1px solid var(--bs-gray-300); + border-radius: 10px; + padding: 15px; +} +.p_info h6 { + margin: 0; + color: var(--bs-gray-600); + font-size: 13px; +} + +.p_info .header { + display: flex; + justify-content: space-between; + align-items: center; + width: 100%; +} +.p_info .config button { + background: transparent; + border: 1px solid lightgray; + border-radius: 30px; + padding: 2px 10px; + font-size: 10pt; +} +.p_info .user_info .line { + display: flex; + justify-content: space-between; + margin: 20px 0; +} +.p_info .user_info .line label,b{ + display: block; + font-size: 13px; + font-weight: bold; +} + +.p_info .user_info .line div { + min-width: 100px; +} + +.p_info .user_info .line label { + color: var(--bs-gray-600); + +} + +.p_info .user_info .line .profile_bio p { + margin: 5px 0; +} + +.p_info .user_info .line div.delete_acount button { + border: none; + background: var(--bs-form-invalid-border-color); + color: white; + padding: 5px 10px; + border-radius: 10px; + margin-top: 10px; + +} + +/* settings */ + + +/* messages */ +.messages, .admin-page { + background-color: white; + border-radius: 10px; + margin-top: 15px; + padding: 1rem; +} +.messages .message-dist { + display: flex; +} +.messages .message-dist .message-dist-image { + margin-right: 10px; +} +.messages .message-dist .message-dist-image img { + height: 50px; + border-radius: 100%; +} + +.messages .message-dist .message-dist-username p { + margin: 0; +} +.messages .message-dist .message-dist-username p:nth-child(2) { + color: var(--main-color-gray); + font-size: 12px; +} +.messages .message-dist .message-dist-username p span:nth-child(2){ + color: var(--main-color-ligther); + font-size: 15px; +} +.messages .message-box { + min-height: 200px; + border: 1px solid var(--main-color-gray); + border-radius: 10px; + margin: 10px 0px; + max-height: 350px; + overflow: scroll; + padding: 10px 5px; +} + +.messages .message-box p { + width: fit-content; + margin: 5px 10px; + background: var(--main-color-ligther); + color: white; + padding: 4px 14px; + font-size: 13px; +} +.messages .message-box div.me { + display: flex; + justify-content: end; +} +.messages .message-box div.target p { + border-radius: 10px 0px; +} +.messages .message-box div.me p { + border-radius: 0px 10px; +} + + +.messages .input-message input { + border: 1px solid var(--bs-gray-500); + padding: 5px 10px; + border-radius: 10px; + outline: none; + color: var(--bs-gray-600); + min-width: 84%; +} + +.messages .input-message button { + border: none; + background: var(--main-color); + color: white; + padding: 5px 10px; + border-radius: 10px; + outline: none; +} +/* messages */ + + + +/* admin */ + +.admin-page { + width: 150%; +} +.admin-page tbody { + font-size: 12px; +} + +.admin-page tbody tr { + line-height: 50px; +} + +.admin-page tbody tr img { + width: 50px; + border-radius: 100%; } -/* verify_account */ \ No newline at end of file +/* admin */ diff --git a/edit_profile.php b/edit_profile.php new file mode 100644 index 0000000000000000000000000000000000000000..31f0e92bdcdc7540a6f89e10e39770cb2651dd37 --- /dev/null +++ b/edit_profile.php @@ -0,0 +1,212 @@ +<?php +require_once 'header.php'; + +if (!$obj->loggedin($obj)) { + header("Location: login.php"); +} +if (!$obj->acountVerified($obj)) { + header("Location: verifyemail.php"); +} + +$logged_user = $_SESSION['logged_user']; +$user = $obj->getUserByEmail($obj, $logged_user); + + + +$provided_user_name = NULL; +$provided_password = NULL; +$provided_age = NULL; +$provided_bio = NULL; +$errors = NULL; +$message = NULL; + +$profileImageName = null; +$profileImageTmpName = null; +$fileSize = null; +$fileError = null; + +if (isset($_POST['user_name'])) { + $provided_user_name = $_POST['user_name']; +} + + +if (isset($_FILES["profile_image"]["name"])) { + $profileImageName = $_FILES["profile_image"]["name"]; + $profileImageTmpName = $_FILES["profile_image"]["tmp_name"]; + $fileSize = $_FILES["profile_image"]["size"]; + $fileError = $_FILES["profile_image"]["error"]; +} + +if (isset($_POST['password'])) { + $provided_password = $_POST['password']; +} + +if (isset($_POST['age'])) { + $provided_age = $_POST['age']; +} + +if (isset($_POST['bio'])) { + $provided_bio = $_POST['bio']; +} + + +if ( + isset($provided_user_name) + && isset($provided_age) + && isset($provided_bio) + && !empty($profileImageName) + && !empty($provided_password) +) { + // hashed password + $hashed_password = password_hash($provided_password, PASSWORD_BCRYPT); + // errors during upload + if ($fileError === 0) { + // delete pervious image_profile + + if (!unlink($user['profile_image'])) { + $errors = "can't delete old image"; + } + + // upload directory + $uploadDir = "uploads/"; + + // Generate a unique name for the uploaded file + $uniqueFileName = $uploadDir . uniqid() . "_" . $profileImageName; + // Move the file from the temporary location to the desired directory + if (move_uploaded_file($profileImageTmpName, $uniqueFileName)) { + $query = "UPDATE `users` SET user_name= '$provided_user_name',password='$hashed_password', profile_image='$uniqueFileName', age='$provided_age',bio='$provided_bio' where email='$logged_user'"; + $result = $obj->executeQuery($query); + if ($result) { + $message = 'profile updated successfuly'; + $user = $obj->getUserByEmail($obj, $logged_user); + } + } else { + $errors = "Error uploading file."; + } + } + + +} else if ( + isset($provided_user_name) + && isset($provided_age) + && isset($provided_bio) +) { + + if (empty($profileImageName) && empty($provided_password)) { + $query = "UPDATE `users` SET user_name= '$provided_user_name', age='$provided_age',bio='$provided_bio' where email='$logged_user'"; + $result = $obj->executeQuery($query); + + if ($result) { + $message = 'profile updated successfuly'; + $user = $obj->getUserByEmail($obj, $logged_user); + } + } + + // don't want change profile_image + else if (empty($profileImageName) && !empty($provided_password)) { + // hashed password + $hashed_password = password_hash($provided_password, PASSWORD_BCRYPT); + + $query = "UPDATE `users` SET user_name= '$provided_user_name',password='$hashed_password', age='$provided_age',bio='$provided_bio' where email='$logged_user'"; + $result = $obj->executeQuery($query); + + if ($result) { + $message = 'profile updated successfuly'; + $user = $obj->getUserByEmail($obj, $logged_user); + } + + } else if (!empty($profileImageName) && empty($provided_password)) { + if ($fileError === 0) { + // delete pervious image_profile + + if (!unlink($user['profile_image'])) { + $errors = "can't delete old image"; + } + // upload directory + $uploadDir = "uploads/"; + + // Generate a unique name for the uploaded file + $uniqueFileName = $uploadDir . uniqid() . "_" . $profileImageName; + // Move the file from the temporary location to the desired directory + if (move_uploaded_file($profileImageTmpName, $uniqueFileName)) { + $query = "UPDATE `users` SET user_name= '$provided_user_name', profile_image='$uniqueFileName', age='$provided_age',bio='$provided_bio' where email='$logged_user'"; + $result = $obj->executeQuery($query); + if ($result) { + $message = 'profile updated successfuly'; + $user = $obj->getUserByEmail($obj, $logged_user); + } + } else { + $errors = "Error uploading file."; + } + } + } +} + +?> + +<div class="container m-3 d-flex justify-content-start flex-wrap"> + + <div class="content"> + <div class="signup"> + <h2 class='text-center'>Edit Profile</h2> + + <text class='text-danger text-center'> + <?php + if ($errors != null) { + echo $errors; + } + ?> + </text> + + <text class='text-success text-center'> + <?php + if ($message != null) { + echo $message; + } + ?> + </text> + + + <form action="" method="POST" enctype="multipart/form-data"> + <div class="mb-3"> + <label for="user_name" class="form-label">User Name</label> + <input value="<?php echo $user['user_name'] ?>" type="text" name="user_name" class="form-control" + id="user_name" aria-describedby="user_name"> + </div> + + <div class="mb-3"> + <label for="age" class="form-label">Age</label> + <input value="<?php echo $user['age'] ?>" type="number" name="age" class="form-control" id="age" + aria-describedby="ageHelp"> + </div> + + <div class="mb-3"> + <label for="email" class="form-label">Profile Image </label> + <input type="file" name="profile_image" class="form-control" id="profile_photo" multiple> + </div> + + <div class="mb-3"> + <label for="password" class="form-label">Password</label> + <input type="password" name="password" class="form-control" id="password"> + </div> + + <div class="mb-3"> + <label for="bio" class="form-label">Bio</label> + <textarea name="bio" class="form-control" id="bio" + aria-describedby="bioHelp"><?php echo $user['bio'] ?></textarea> + + </div> + + + + <div class="d-flex justify-content-between"> + <button type="submit" class="btn btn-danger">submit</button> + </div> + </form> + </div> + </div> + +</div> +<?php +include_once 'footer.php'; +?> \ No newline at end of file diff --git a/footer.php b/footer.php index 2cfdc2aea64d86eece43214dd8700de84a2fcc42..73ef5bf71b487b605d5fc4e33d6e45ade5a36423 100644 --- a/footer.php +++ b/footer.php @@ -12,11 +12,15 @@ <div class="input_search"> <input type="text"> </div> - </div> - - <div class="feeds"> - What\'s happening? - </div> + </div>'; + + ?> + + + <div class="topics"> + <b>Todays Hot topic</b> + </div> + <?php echo ' <div> <blockquote class="twitter-tweet"> <p lang="fr" dir="ltr">La classe à la française. <a @@ -44,4 +48,6 @@ crossorigin="anonymous"></script> </body> +<script src="js/main.js"></script> + </html> \ No newline at end of file diff --git a/forgotpassword.php b/forgotpassword.php index e0738bbcf6245821053b3c4637ba00b9839392c7..ba4a0d58e7bd604a77f563cb1bbea22c1bc6a333 100644 --- a/forgotpassword.php +++ b/forgotpassword.php @@ -38,12 +38,24 @@ if (!empty($_POST['email']) && !empty($_POST['password'])) { $token = hash('sha256', time() . $provided_email . 'BX'); + // signup token + $token = hash('sha256', time() . $provided_email . 'BX'); + + + $message = ['email' => $provided_email, 'token' => $token]; + + $verification_token = ['message' => $message, 'reset' => 1, 'hash_of_message' => $obj->encrypt(json_encode($message))]; + + + $encrypted_token = $obj->encrypt(json_encode($verification_token)); + + $query = "update users set email_verified= 0 , password='$hashed_password', password_reset_token = '$token', verified_at = current_timestamp where email='$provided_email';"; $result = $obj->executeQuery($query); if ($result) { $body = ' <p>click on this link below to reset password</p> - <p><b><a href="localhost/verifyAcount.php?token=' . $token . '&email=' . $provided_email . '&reset=1">confirm reset password</a></b></p> + <p><b><a href="localhost/verifyAcount.php?token=' . $encrypted_token . '">confirm reset password</a></b></p> '; $sended = $obj->sendMail($provided_email, 'confirm reset password', $body); diff --git a/friends.php b/friends.php index 7d0ed4c69f791da2455948bba643803156dedfc1..8f2919134fadb2bdd60d8f6298ec71549de9533e 100644 --- a/friends.php +++ b/friends.php @@ -8,31 +8,245 @@ if (!$obj->loggedin($obj)) { if (!$obj->acountVerified($obj)) { header("Location: verifyemail.php"); } +$loged_user_email = $_SESSION['logged_user']; +$user_id = $obj->getUserIdByEmail($obj, $loged_user_email); + +$user = $obj->getUserByEmail($obj, $loged_user_email); +$user_name = $user['user_name']; + + +$query = "SELECT user2.* FROM users + LEFT JOIN user_has_friend ON users.id = user_has_friend.user_id2 + LEFT JOIN users AS user2 ON user2.id = user_id1 + WHERE user_id2 = '$user_id' AND accepted = 0;"; + +$friend_requests = $obj->executeQuery($query); + + +$query = "SELECT user2.* FROM users + LEFT JOIN user_has_friend ON users.id = user_has_friend.user_id2 + LEFT JOIN users AS user2 ON user2.id = user_id1 + WHERE user_id2 = '$user_id' AND accepted = 1;"; + +$friends = $obj->executeQuery($query); + ?> <div class="freind-list"> <div class="title"> - Connections + new requests </div> <div class="friend-list-box"> <?php - for ($i = 0; $i < 10; $i++) { + while ($row = mysqli_fetch_assoc($friend_requests)) { echo '<div class="friends"> + <div class="d-flex"> <div class="friends-image"> - <img src="uploads/profile.jpg" alt=""> + <img src="' . $row['profile_image'] . '" alt=""> </div> <div class="friend-details"> - <p>ahmadi zabiullah</p> + <p>' . $row['user_name'] . '</p> <p>@USER</p> </div> </div> - '; + + <div class="cals d-flex"> + <form action="accepte_or_reject_friend.php" method="post"> + <input type="text" name="accepte" value="' . $row['id'] . '" id="" style="display:none"> + <button type="submit"><i class="fa-solid fa-check"></i> accepte</button> + </form> + + + + <form action="accepte_or_reject_friend.php" method="post"> + <input type="text" name="rejecte" value="' . $row['id'] . '" id="" style="display:none"> + <button type="submit"><i class="fa-solid fa-ban"></i> reject</button> + </form> + + </div> + </div>'; } ?> </div> + </div> + + +<div class="freind-list"> + <div class="title"> + friend list + </div> + <div class="friend-list-box"> + + <?php + while ($row = mysqli_fetch_assoc($friends)) { + echo '<div class="friends"> + <div class="d-flex"> + <div class="friends-image"> + <img src="' . $row['profile_image'] . '" alt=""> + </div> + <div class="friend-details"> + <p>' . $row['user_name'] . '</p> + <p>@USER</p> + </div> + </div> + + <div class="cals d-flex"> + <form action="messages.php" method="POST"> + <input type="text" name="target_user_mail" value="' . $row['email'] . '" style="display:none"> + <button type="submit" class="message-button"><i class="fa-solid fa-message"></i></button> + </form> + <button class="green" onclick="calluser(\'' . $row['user_name'] . '\', false)" href=""><i class="fa-solid fa-phone"></i></button> + <button class="red" onclick="calluser(\'' . $row['user_name'] . '\', true)" href=""><i class="fa-solid fa-video"></i></button> + </div> + </div>'; + } + ?> + + + + </div> + + <div class="videos"> + <video id="localVideo" autoplay></video> + <video id="remoteVideo" autoplay></video> + </div> +</div> + + + + +<script src="https://unpkg.com/peerjs@1.5.1/dist/peerjs.min.js"></script> +<script> + var peer; + var ringLoop; + var isvideo = true; + window.onload = function () { + peer = new Peer("<?php echo $user_name; ?>"); + peer.on('open', function (id) { + console.log('open', id); + }); + + + peer.on('connection', function (conn) { + conn.on('data', function (data) { + console.log(data); + if (data == 'isAudioCall') { + isvideo = false; + } + + }); + }); + + + peer.on('call', function (call) { + + if (isvideo) { + console.log("isvideo"); + } else { + console.log("isaudio"); + } + + if (confirm("you have a call")) { + var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia; + getUserMedia({ video: isvideo, audio: true }) + .then(function (stream) { + call.answer(stream); // Answer the call. + + call.on('stream', function (remoteStream) { + + let remoteVideo = document.getElementById('remoteVideo'); + remoteVideo.srcObject = remoteStream; + }); + + let localVideo = document.getElementById('localVideo'); + localVideo.srcObject = stream; + if (!isvideo) { + stream.getVideoTracks()[0].stop(); + localVideo.srcObject = null; + } + + + }) + .catch(function (err) { + console.log('Failed to get local stream reciever', err); + }); + + } else { + let callerId = call.peer; + let reciever = peer.connect(callerId); + // on open will be launch when you successfully connect to PeerServer + reciever.on('open', function () { + reciever.send('refused'); + }); + } + + + }); + } + function calluser(userid, isVideo) { + + + if (!isVideo) { + let reciever = peer.connect(userid); + // on open will be launch when you successfully connect to PeerServer + reciever.on('open', function () { + reciever.send('isAudioCall'); + }); + } + + + var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia; + getUserMedia({ video: isVideo, audio: true }) + .then(function (stream) { + + var call = peer.call(userid, stream); + + console.log("calling ...", userid); + var aud = new Audio('/images/ringing.mp3'); + + var aud_replay_duration = 0; + aud.onloadeddata = function (data) { + aud_replay_duration = aud.duration; + aud.play(); + ringLoop = setInterval(function () { + aud.play(); + }, aud_replay_duration + 3000); + } + + call.on('stream', function (remoteStream) { + clearInterval(ringLoop); + console.log("call accepted", userid); + + let localVideo = document.getElementById('localVideo'); + localVideo.srcObject = stream; + + let remoteVideo = document.getElementById('remoteVideo'); + remoteVideo.srcObject = remoteStream; + + }); + + peer.on('connection', function (conn) { + conn.on('data', function (data) { + if (data == 'refused') { + clearInterval(ringLoop); + console.log('call refused'); + } + }); + }); + + }) + .catch(function (err) { + console.log('Failed to get local stream caller', err); + }); + + + } +</script> + + <?php include_once 'footer.php'; ?> \ No newline at end of file diff --git a/header.php b/header.php index c2e8b68f087fc59a050ca4275077fb50784ecf23..346858c114eda9d46828c475e27d4c98fa60e4ae 100644 --- a/header.php +++ b/header.php @@ -22,7 +22,8 @@ $obj = new Connection(); <body> <nav class="navbar bg-ligth navbar-expand-lg border-bottom border-body bg-body-tertiary" data-bs-theme="ligth"> <div class="container"> - <a class="navbar-brand" href="index.php"><i class="fa-brands fa-twitter" style="color: #146ebe;"></i></a> + <a class="navbar-brand" href="index.php">secure app <i class="fa-brands fa-twitter" + style="color: #146ebe;"></i></a> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> @@ -30,11 +31,6 @@ $obj = new Connection(); </button> <div class="collapse navbar-collapse" id="navbarSupportedContent"> <ul class="navbar-nav me-auto mb-2 mb-lg-0"> - <li class="nav-item"> - <a class="nav-link active" aria-current="page" href="index.php">Acueil</a> - </li> - - </ul> <div class="d-flex"> <form class="d-flex" role="search"> @@ -53,8 +49,6 @@ $obj = new Connection(); ?> </button> </form> - - </div> </div> @@ -67,13 +61,17 @@ $obj = new Connection(); <div class="col-3"> <?php + if ($obj->loggedin($obj) && $obj->acountVerified($obj)) { + $logged_user = $_SESSION['logged_user']; + $user = $obj->getUserByEmail($obj, $logged_user); + echo '<div class="sidebar"> <div class="profile_image"> - <img src="uploads/profile.jpg" alt=""> + <img src="' . $user['profile_image'] . '" alt=""> </div> <div class="profile_info"> - ahmadi zabiullah + ' . $user['user_name'] . ' <span class="post__headerSpecial"> <span class="material-icons post__badge"> verified </span> @@ -82,11 +80,15 @@ $obj = new Connection(); <div class="profile_menu"> <ul> - <li><a href="profile.php"><i class="fa-solid fa-address-card"></i> <i>Profile</i></a></li> + <li> + <a class="nav-link active" aria-current="page" href="index.php"><i class="fa-solid fa-house"></i> <i>Home</i></a> + + </li> <li><a href="twits.php"><i class="fa-brands fa-twitter"></i> <i>twits</i></a></li> <li><a href="friends.php"><i class="fa-solid fa-user-group"></i> <i>friends</i></a></li> - <li><a href=""><i class="fa-regular fa-message"></i> <i>messages</i></a></li> - <li><a href="setting.php"><i class="fa-solid fa-gear"></i> <i>settings</i></a></li> + <li><a href="settings.php"><i class="fa-solid fa-gear"></i> <i>settings</i></a></li> + <li class="is-admin"><a href="Admin.php"><i class="fa-solid fa-crown"></i> <i>Admin</i></a></li> + </ul> </div> @@ -97,4 +99,4 @@ $obj = new Connection(); ?> </div> <!--end of col-3 --> - <div class="col-6"> \ No newline at end of file + <div class="col-6" style="margin-left: -10px;padding-left: 0;"> \ No newline at end of file diff --git a/index.php b/index.php index 9972feb6171b46cae1c77d2722ab0d804448aa74..cb023f45ff71689ab01b63fab2423989c7e92b70 100644 --- a/index.php +++ b/index.php @@ -9,103 +9,119 @@ if (!$obj->acountVerified($obj)) { header("Location: verifyemail.php"); } +$loged_user_email = $_SESSION['logged_user']; +$loged_user_id = $obj->getUserIdByEmail($obj, $loged_user_email); -$query = "SELECT * FROM posts - LEFT JOIN users on users.id = posts.user_id; +$query = "SELECT u.id, u.user_name,u.profile_image, f1.*, f2.* +FROM users u +LEFT JOIN user_has_friend f1 ON u.id = f1.user_id1 AND f1.user_id2 = $loged_user_id +LEFT JOIN user_has_friend f2 ON u.id = f2.user_id2 AND f2.user_id1 = $loged_user_id +WHERE u.email != '$loged_user_email' AND u.id != $loged_user_id +AND (f1.user_id2 IS NULL AND f2.user_id1 IS NULL); "; -$result = $obj->executeQuery($query); - +$users = $obj->executeQuery($query); -?> -<div class="d-flex justify-content-start flex-wrap"> - <div class="twit"> - <div class="twit-owner"> - <div class="owner-image"> - <img src="uploads/profile.jpg" alt=""> - </div> - <div class="owner-username"> - <p> - <a href=""><span>zabiullah ahmadi</span></a> - <span class="material-icons post__badge"> verified - </span> - </p> - <p>@USER</p> - </div> +?> - </div> - <div class="twit-header"> - Lorem ipsum dolor, sit amet consectetur adipisicing elit. Aliquam deserunt impedit possimus quis! Omnis fugiat - sequi nostrum beatae optio sint, dolor mollitia delectus recusandae distinctio. Id ex doloribus voluptas - veritatis. - </div> - <div class="twit-body"> - <img src="uploads/tesla.jpeg" alt=""> - </div> - <div class="twit-footer"> - <div class="twit-date"> - <p>12:09 PM 10 Nov 2023</p> +<div class="friend_proposal"> + <div class="header"> + Peoples you may know + </div> + <div class="proposal"> + <?php + while ($row = mysqli_fetch_array($users)) { + echo '<div class="person"> + <div class="person_image"> + <img src="' . $row['profile_image'] . '" alt=""> </div> - - <div class="share_like"> - <i class="fa-regular fa-comment"></i> - <i class="fa-solid fa-arrow-up-right-from-square"></i> - <i class="fa-regular fa-heart"></i> - <i class="fa-regular fa-bookmark"></i> + <div class="person_content"> + <div class="person_details"> + <b>' . $row['user_name'] . '</b> + </div> + <div class="connect"> + <form action="add_friend.php" method="post"> + <input type="hidden" name="friend" value="' . $row['id'] . '"> + <button type="submit">Follow</button> + </form> + + </div> </div> - - </div> - - + </div>'; + } + ?> </div> - <div class="twit"> - <div class="twit-owner"> - <div class="owner-image"> - <img src="uploads/profile.jpg" alt=""> - </div> - <div class="owner-username"> - <p> - <a href=""><span>zabiullah ahmadi</span></a> - <span class="material-icons post__badge"> verified - </span> - </p> - <p>@USER</p> - </div> +</div> - </div> - <div class="twit-header"> - Lorem ipsum dolor, sit amet consectetur adipisicing elit. Aliquam deserunt impedit possimus quis! Omnis fugiat - sequi nostrum beatae optio sint, dolor mollitia delectus recusandae distinctio. Id ex doloribus voluptas - veritatis. - </div> - <div class="twit-body"> - <img src="uploads/nature.jpeg" alt=""> - </div> - <div class="twit-footer"> - <div class="twit-date"> - <p>12:09 PM 10 Nov 2023</p> - </div> - <div class="share_like"> - <i class="fa-regular fa-comment"></i> - <i class="fa-solid fa-arrow-up-right-from-square"></i> - <i class="fa-regular fa-heart"></i> - <i class="fa-regular fa-bookmark"></i> - </div> +<?php +$query = "SELECT * FROM posts +LEFT JOIN users on users.id = posts.user_id; +"; +$posts = $obj->executeQuery($query); + +while ($row = mysqli_fetch_array($posts)) { + $isAdmin = ''; + if ($row['isAdmin'] == false) { + $isAdmin = '@USER'; + } else { + $isAdmin = '@ADMIN'; + } + + echo ' + <div class="d-flex justify-content-start flex-wrap"> + <div class="twit"> + <div class="twit-owner"> + <div class="owner-image"> + <img src="' . $row['profile_image'] . '" alt=""> + </div> + <div class="owner-username"> + <p> + <a href=""><span>' . $row['user_name'] . '</span></a> + <span class="material-icons post__badge"> verified + </span> + </p> + <p>' . $isAdmin . '</p> + </div> + + </div> + <div class="twit-header"> + <h4>' . $row['title'] . '</h4> + ' . $row['body'] . ' + </div> + <div class="twit-body"> + <img src="' . $row['image_url'] . '" alt=""> + </div> + <div class="twit-footer"> + <div class="twit-date"> + <p>12:09 PM 10 Nov 2023</p> + </div> + + <div class="share_like"> + <i class="fa-regular fa-comment"></i> + <i class="fa-solid fa-arrow-up-right-from-square"></i> + <i class="fa-regular fa-heart"></i> + <i class="fa-regular fa-bookmark"></i> + </div> + </div> + </div> + </div> + + '; +} - </div> - - +?> -</div> <?php include_once 'footer.php'; -?> \ No newline at end of file +?> + + diff --git a/js/main.js b/js/main.js index c87acf331cad1a643e707e37795c2973bf1b6b81..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 100644 --- a/js/main.js +++ b/js/main.js @@ -1,9 +0,0 @@ -$(document).ready(function () { - if ($(window).width() > 991){ - $('.navbar-light .d-menu').hover(function () { - $(this).find('.sm-menu').first().stop(true, true).slideDown(150); - }, function () { - $(this).find('.sm-menu').first().stop(true, true).delay(120).slideUp(100); - }); - } - }); \ No newline at end of file diff --git a/messages.php b/messages.php new file mode 100644 index 0000000000000000000000000000000000000000..7d197a9a959e8516e034d73225397606580c96b9 --- /dev/null +++ b/messages.php @@ -0,0 +1,122 @@ +<?php +require_once 'header.php'; + +if (!$obj->loggedin($obj)) { + header("Location: login.php"); +} +if (!$obj->acountVerified($obj)) { + header("Location: verifyemail.php"); +} + +$logged_user_mail = $_SESSION['logged_user']; +$logged_user_id = $obj->getUserIdByEmail($obj, $logged_user_mail); + +$target_user = null; +$target_user_mail = null; +$target_user_id = null; +$messages = NULL; + +function getMessages($obj, $logged_user_id, $target_user_id) +{ + $query = "SELECT * FROM user_has_messages + WHERE user_id1 = $logged_user_id AND user_id2 = $target_user_id OR (user_id1 = $target_user_id AND user_id2 = $logged_user_id) order by sended_at;"; + $messages = $obj->executeQuery($query); + return $messages; +} +if (isset($_POST["target_user_mail"]) && !empty($_POST["target_user_mail"])) { + $target_user_mail = $_POST["target_user_mail"]; + $target_user_id = $obj->getUserIdByEmail($obj, $target_user_mail); + $target_user = $obj->getUserByEmail($obj, $target_user_mail); + + $messages = getMessages($obj, $logged_user_id, $target_user_id); + + + + +} else { + header("Location: " . $_SERVER['HTTP_REFERER']); +} + + + + + +if (isset($_POST["message"]) && !empty($_POST["message"]) && isset($_POST["target_user_mail"]) && !empty($_POST["target_user_mail"])) { + + // send message + $message = htmlentities($_POST["message"]); + + + $message = mysqli_escape_string($obj->getConnection(), $message); + + $query = "INSERT INTO user_has_messages VALUE ($logged_user_id , $target_user_id, '$message', CURRENT_TIMESTAMP);"; + $result = $obj->executeQuery($query); + + $messages = getMessages($obj, $logged_user_id, $target_user_id); + + +} + +?> + +<div class="messages"> + <div class="message-dist"> + <div class="message-dist-image"> + <img src="uploads/profile.jpg" alt=""> + </div> + <div class="message-dist-username"> + <p> + <span> + <?php echo $target_user['user_name'] ?> + </span> + <span class="material-icons post__badge"> verified</span> + </p> + <p> + <?php + if ($user['isAdmin'] == false) { + echo '@USER'; + } else { + echo '@ADMIN'; + } + ?> + </p> + </div> + + </div> + <div class="message-box"> + + <?php + + while ($row = mysqli_fetch_assoc($messages)) { + if ($row['user_id1'] == $logged_user_id) { + echo ' + <div class="me"> + <p>' . $row['message'] . '</p> + </div> + '; + } else { + echo ' + <div class="target"> + <p>' . $row['message'] . '</p> + </div> + '; + } + } + ?> + </div> + <div class="input-message"> + <form action="messages.php" method="POST"> + <input type="text" name="target_user_mail" value="<?php echo $target_user_mail; ?>" style="display:none"> + <input type="text" name="message" placeholder="write your message"> + <button type="submit"> + <span>send</span> + <span> + <i class="fa-solid fa-paper-plane"></i> + </span> + </button> + </form> + </div> +</div> +<?php +include_once 'footer.php'; +?> \ No newline at end of file diff --git a/prod.env b/prod.env index 64e1eb1fa6d0c56d57dfccf8e2cae88da8d0d086..df7fba888f070dc7cf3e92854067a65798463d5f 100644 --- a/prod.env +++ b/prod.env @@ -8,4 +8,5 @@ SMTP_USER_PASSWORD=your_app_password SMTP_PORT=465 SMTP_PROTOCOL=ssl SMTP_SENDER_EMAIL_ADDRESS=webmaster@secur-app.ch -SESSION_DURATION=3600 \ No newline at end of file +SESSION_DURATION=3600 +ecryption_key=your_secret_key \ No newline at end of file diff --git a/profile.php b/profile.php deleted file mode 100644 index 7df377792796d90827a40d82afccd25cc4a84272..0000000000000000000000000000000000000000 --- a/profile.php +++ /dev/null @@ -1,13 +0,0 @@ -<?php -require_once 'header.php'; - -if (!$obj->loggedin($obj)) { - header("Location: login.php"); -} -if (!$obj->acountVerified($obj)) { - header("Location: verifyemail.php"); -} - -?> - -<h1>profile</h1> \ No newline at end of file diff --git a/settings.php b/settings.php new file mode 100644 index 0000000000000000000000000000000000000000..fe73be4195b046061c06f79b5425e47dc08c237b --- /dev/null +++ b/settings.php @@ -0,0 +1,164 @@ +<?php +require_once 'header.php'; + +if (!$obj->loggedin($obj)) { + header("Location: login.php"); +} +if (!$obj->acountVerified($obj)) { + header("Location: verifyemail.php"); +} +$logged_user = $_SESSION['logged_user']; +$user = $obj->getUserByEmail($obj, $logged_user); + +$delete = null; + +if (isset($_POST['delete'])) { + $delete = $_POST['delete']; + + + // delete user posts && posts image + $user_id = $obj->getUserIDByEmail($obj, $logged_user); + $query = "SELECT * FROM posts where user_id='$user_id'"; + $result = $obj->executeQuery($query); + + while ($rows = mysqli_fetch_array($result)) { + if (!unlink($rows['image_url'])) { + $errors = "can't delete user profile_image"; + } + } + // delet user posts + $query = "DELETE FROM posts where user_id='$user_id'"; + $result = $obj->executeQuery($query); + + // delet user_image + if (!unlink($user['profile_image'])) { + $errors = "can't delete user profile_image"; + } + // delete user + $query = "DELETE FROM users where email='$logged_user'"; + $result = $obj->executeQuery($query); + if ($result) { + unset($_SESSION['logged_user']); + header("Location: login.php"); + } + +} + +?> + +<div class="settings"> + <b> + <h6>my profile</h6> + </b> + <div class="profile"> + <div class="p_details"> + <div class="p_image"> + <img id="user_image_profile" src="<?php echo $user['profile_image'] ?>" alt=""> + </div> + <div class="user-name"> + <p> + <?php echo $user['user_name'] ?> + </p> + <p> + <?php + if ($user['isAdmin'] == false) { + echo 'USER'; + } else { + echo 'ADMIN'; + } + ?> + </p> + </div> + </div> + <div class="config"> + <a href="edit_profile.php"> + <button> + <span>Edit</span> <i class="fa-regular fa-pen-to-square"></i> + </button> + </a> + </div> + </div> + + + <div class="p_info"> + <div class="header"> + <div> + <b> + <h6>personel info</h6> + </b> + </div> + <div class="config"> + <a href="edit_profile.php"><button> + <span>Edit</span> <i class="fa-regular fa-pen-to-square"></i> + </button> + </a> + </div> + </div> + + + <div class="user_info"> + <div class="line"> + <div> + <label for="first_name">User Name</label> + <b> + <?php echo $user['user_name'] ?> + </b> + </div> + <div> + <label>Age</label> + <b> + <?php echo $user['age'] ?> + </b> + </div> + </div> + + + <div class="line"> + <div> + <label>Email</label> + <b> + <?php echo $user['email'] ?> + </b> + </div> + <div> + <label>Authority</label> + <b> + <?php + if ($user['isAdmin'] == false) { + echo 'USER'; + } else { + echo 'ADMIN'; + } + ?> + </b> + </div> + </div> + + <div class="line"> + <div class="profile_bio"> + <label>Bio</label> + <p> + <?php echo $user['bio'] ?> + </p> + </div> + </div> + + <div class="line"> + <form action="" method="POST"> + <div class="delete_acount"> + <label>Delete Account</label> + <input type="text" name="delete" value="delete" style="display: none;"> + <button type="submit">delete</button> + </div> + </form> + </div> + + + </div> + + </div> +</div> + +<?php +include_once 'footer.php'; +?> \ No newline at end of file diff --git a/twits.php b/twits.php index 0817684640aeb614252d1f756a74330cec05bd72..c78bd329855c1d78f020690771a6c8828fe2f045 100644 --- a/twits.php +++ b/twits.php @@ -73,18 +73,13 @@ if ((isset($post_title) && $post_title != null) && (isset($post_body) && $post_b } } } - - ?> - - - <div class="content"> <div class="register_post"> - <form action="posts.php" method="POST" enctype="multipart/form-data"> + <form action="twits.php" method="POST" enctype="multipart/form-data"> <div class="mb-3"> - <h5 class="text-primary"> create a new twit </h5> + <h6> create a new twit </h6> <text class='text-danger text-center'> <?php diff --git a/verifyAcount.php b/verifyAcount.php index 79a4678043ab15f9faf74dd2d199332615111562..fd10b424027bf489a233b105a143506ad9e9860f 100644 --- a/verifyAcount.php +++ b/verifyAcount.php @@ -10,39 +10,65 @@ $reset = $_GET['reset']; $token = $_GET['token']; -if ((isset($_GET['email']) && !empty($email)) && (isset($_GET['token']) && !empty($token))) { +if ((isset($_GET['token']) && !empty($token))) { - $target_user = $obj->getUserByEmail($obj, $email); - $verify_token = (isset($_GET['reset']) && !empty($reset) && $reset == 1) ? $target_user['password_reset_token'] : $target_user['verify_token']; + $decrypted_token = $obj->decrypt("$token"); + $json_obj = json_decode($decrypted_token); + $calculated_hash_of_message = $obj->encrypt(json_encode($json_obj->message)); - if ($token == $verify_token) { + // check the generated hash : here we are not sure that the message is not altered + if (($json_obj->hash_of_message == $calculated_hash_of_message)) { - $query = "update users set email_verified =1,password_reset_token=null,verify_token=null, verified_at = CURRENT_TIMESTAMP where email = '$email'"; - $result = $obj->executeQuery($query); + $target_user = $obj->getUserByEmail($obj, $json_obj->message->email); + + $verify_token = ($json_obj->reset == 1) ? $target_user['password_reset_token'] : $target_user['verify_token']; + + + // verify_token and sended token is the same : means that the token is not changed + if ($verify_token == $json_obj->message->token && $target_user['email'] == $json_obj->message->email) { + + // message is not altered and + $email = $target_user['email']; + + $query = "UPDATE users SET email_verified =1,password_reset_token=null,verify_token=null, verified_at = CURRENT_TIMESTAMP where email = '$email'"; + + $result = $obj->executeQuery($query); + + $verifed = $obj->connection->affected_rows; + + if ($verifed == 1) { + echo ' + <div class="verify_account"> + <div class="alert alert-success" role="alert"> + your email: ' . $email . ' has been verified + </div> + <a href="login.php" class="btn btn-primary">login</a> + </div> + '; + + + } else { + echo ' + <div class="verify_account"> + <div class="alert alert-danger" role="alert"> + error email verification + </div> - $verifed = $obj->connection->affected_rows; - if ($verifed == 1) { - echo ' - <div class="verify_account"> - <div class="alert alert-success" role="alert"> - your email: ' . $email . ' has been verified </div> - <a href="login.php" class="btn btn-primary">login</a> - </div> - '; - } + '; + } + } } else { echo ' <div class="verify_account"> <div class="alert alert-danger" role="alert"> - invalid email or token + invalid email or token </div> - </div> '; } @@ -53,7 +79,6 @@ if ((isset($_GET['email']) && !empty($email)) && (isset($_GET['token']) && !empt <div class="alert alert-danger" role="alert"> invalid email or token </div> - </div> '; }