From bbc4457ac3eda444359025437ee7e0b592bf070c Mon Sep 17 00:00:00 2001
From: bx khateri <bx@bxs-MacBook-Pro.local>
Date: Sat, 4 Nov 2023 00:42:11 +0100
Subject: [PATCH] implementing api
---
Register.php | 10 +--
account_disabled.php | 12 ++++
admin.php | 151 +++++++++++++++++++++++++++++++++++++++++--
api.php | 111 +++++++++++++++++++++++++++++--
chat/index.html | 20 ------
chat/index.js | 84 ------------------------
connection.php | 42 ++++++++++--
css/main.css | 12 ++++
edit_profile.php | 21 ++++--
footer.php | 24 +++----
header.php | 4 +-
index.php | 19 +++---
login.php | 19 +++++-
report_message.php | 73 +++++++++++++++++++++
settings.php | 14 ++++
twits.php | 67 +++++++++++++------
verifyAcount.php | 2 +-
verifyemail.php | 6 +-
18 files changed, 510 insertions(+), 181 deletions(-)
create mode 100644 account_disabled.php
delete mode 100644 chat/index.html
delete mode 100644 chat/index.js
create mode 100644 report_message.php
diff --git a/Register.php b/Register.php
index d7be8e2..d411b84 100644
--- a/Register.php
+++ b/Register.php
@@ -66,7 +66,7 @@ if (isset($provided_email) && isset($provided_password) && isset($provided_age))
$encrypted_token = $obj->encrypt(json_encode($verification_token));
- $query = "INSERT INTO `users` VALUE (null, '$provided_user_name', '$provided_age','$provided_email',null,'$hashed_password', '$provided_bio', 0, 0, '$token', null, null);";
+ $query = "INSERT INTO `users` VALUE (null, '$provided_user_name', '$provided_age','$provided_email',1,'$token',null,'$hashed_password', '$provided_bio', 0, 0, '$token', null, null);";
$result = $obj->executeQuery($query);
@@ -78,7 +78,8 @@ if (isset($provided_email) && isset($provided_password) && isset($provided_age))
$sended = $obj->sendMail($provided_email, 'confirm your account', $body);
if ($sended) {
- $message = 'user created successfully';
+ $message = '<p>user created successfully</p>
+ <p>an email has been send to ' . $provided_email . ' please confirm your email</p>';
}
@@ -142,8 +143,6 @@ if (isset($provided_email) && isset($provided_password) && isset($provided_age))
<input type="text" name="bio" class="form-control" id="bio" aria-describedby="bioHelp">
</div>
-
-
<div class="d-flex justify-content-between">
<button type="submit" class="btn btn-primary btn-sm">Signup</button>
</div>
@@ -154,4 +153,5 @@ if (isset($provided_email) && isset($provided_password) && isset($provided_age))
</div>
<?php
include_once 'footer.php';
-?>
\ No newline at end of file
+?>
+
diff --git a/account_disabled.php b/account_disabled.php
new file mode 100644
index 0000000..1f1c8eb
--- /dev/null
+++ b/account_disabled.php
@@ -0,0 +1,12 @@
+<?php
+require_once 'header.php';
+if ($obj->acountActive($obj) && $obj->acountVerified($obj)) {
+ header("Location: index.php");
+}
+$loged_user_email = $_SESSION['logged_user'];
+?>
+
+<div class="verify_email">
+ <p>your account has been disabled for some reason </p>
+ <p>please contact the admin to solve this problem !</p>
+</div>
\ No newline at end of file
diff --git a/admin.php b/admin.php
index ba26f32..4104b08 100644
--- a/admin.php
+++ b/admin.php
@@ -13,14 +13,85 @@ if (!$obj->isAdmin($obj)) {
}
-$query = "SELECT * FROM users";
+$query = "SELECT * FROM users where isAdmin=0";
$users = $obj->executeQuery($query);
+$post_id = NULL;
+if (isset($_POST["delete_post"]) && !empty(isset($_POST["delete_post"]))) {
+ $post_id = $_POST["delete_post"];
+
+
+ // delete reported post image
+ $query = "SELECT * FROM posts where id='$post_id'";
+ $result = $obj->executeQuery($query);
+
+ // delete reported post id
+ $query = "DELETE FROM reports where post_id='$post_id'";
+ $result = $obj->executeQuery($query);
+
+ while ($rows = mysqli_fetch_array($result)) {
+ if (!unlink($rows['image_url'])) {
+ $errors = "can't delete post image";
+ }
+ }
+
+ // delete reported post
+ $query = "DELETE FROM posts where id='$post_id'";
+ $result = $obj->executeQuery($query);
+ header("Location: " . $_SERVER['HTTP_REFERER']); // to refresh
+
+}
+
+$toggle_disabled_user = NULL;
+if (isset($_POST["toggle_disabled_user"]) && !empty(isset($_POST["toggle_disabled_user"]))) {
+ $toggle_disabled_user = $_POST["toggle_disabled_user"];
+ $query = "UPDATE users SET active= NOT active where id =$toggle_disabled_user;";
+ $result = $obj->executeQuery($query);
+ header("Location: " . $_SERVER['HTTP_REFERER']);
+}
+
+$delete_user_id = NULL;
+if (isset($_POST["delete_user_id"]) && !empty(isset($_POST["delete_user_id"]))) {
+ $delete_user_id = $_POST["delete_user_id"];
+ $user = $obj->getUserById($obj, $delete_user_id);
+
+ // delete user posts && posts image
+ $query = "SELECT * FROM posts where user_id='$delete_user_id'";
+ $result = $obj->executeQuery($query);
+
+ while ($rows = mysqli_fetch_array($result)) {
+
+ // delete user report
+ $query = "DELETE FROM reports where post_id='" . $row['id'] . "'";
+ $result = $obj->executeQuery($query);
+
+ if (!unlink($rows['image_url'])) {
+ $errors = "can't delete user profile_image";
+ }
+ }
+
+ // delet user posts
+ $query = "DELETE FROM posts where user_id='$delete_user_id'";
+ $result = $obj->executeQuery($query);
+
+ // delet user_image
+ if (!unlink($user['profile_image'])) {
+ $errors = "can't delete user profile_image";
+ }
+
+ // delete user connections
+ $query = "DELETE FROM user_has_friend where user_id1='$delete_user_id' or user_id2='$delete_user_id'";
+ $result = $obj->executeQuery($query);
+
+ // delete user
+ $query = "DELETE FROM users where id='$delete_user_id'";
+ $result = $obj->executeQuery($query);
+}
?>
<div class="admin-page">
- <h3>admin page</h3>
+ <h3>User Management</h3>
<table class="table table-striped">
<thead>
<tr>
@@ -28,7 +99,8 @@ $users = $obj->executeQuery($query);
<th scope="col">Profile Photo </th>
<th scope="col">Email</th>
<th scope="col">User Type</th>
- <th scope="col">Suspend</th>
+ <th scope="col">Edit</th>
+ <th scope="col">Status</th>
<th scope="col">Delete</th>
</tr>
</thead>
@@ -41,11 +113,76 @@ $users = $obj->executeQuery($query);
<td><img src="' . $row['profile_image'] . '" alt=""></td>
<th scope="row">' . $row['email'] . '</th>
<th>' . $isAdmin . '</th>
- <td><button type="button" class="btn btn-sm btn-warning">suspend <i
- class="fa-solid fa-stop"></i></button>
+ <td>
+ <form action="edit_profile.php" method="POST">
+ <input type="text" name="profile_email" value="' . $row['email'] . '" style="display:none">
+ <button type="submit" class="btn btn-sm btn-primary">edit <i class="fa-solid fa-pen-to-square"></i></button>
+ </form>
+ </td>
+
+ <td>
+ <form action="" method="POST">
+ <input type="text" name="toggle_disabled_user" value="' . $row['id'] . '" style="display:none">
+ ';
+
+ if ($row['active'] == 1) {
+ echo '<button type="submit" class="btn btn-sm btn-warning">enable <i class="fa-solid fa-user-shield"></i></button>';
+ } else {
+ echo '<button type="submit" class="btn btn-sm btn-warning">disable <i class="fa-solid fa-user-large-slash"></i></button>';
+ }
+ echo '
+ </form>
+ </td>
+ <td>
+ <form action="" method="POST">
+ <input type="text" name="delete_user_id" value="' . $row['id'] . '" style="display:none">
+ <button type="submit" class="btn btn-sm btn-danger">Delete <i class="fa-solid fa-trash"></i></button>
+ </form>
+ </td>
+ </tr>';
+ }
+ ?>
+ </tbody>
+ </table>
+</div>
+
+<?php
+$query = "SELECT * FROM reports
+LEFT JOIN posts ON reports.post_id = posts.id
+LEFT JOIN users ON posts.user_id = users.id";
+$reports = $obj->executeQuery($query);
+
+
+?>
+<div class="admin-page">
+ <h3>reported message</h3>
+ <table class="table table-striped">
+ <thead>
+ <tr>
+ <th scope="col">Posted by </th>
+ <th scope="col">Post title</th>
+ <th scope="col">Post image </th>
+ <th scope="col">Post content </th>
+ <th scope="col">Reported messages</th>
+ <th scope="col">Action</th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php
+ while ($row = mysqli_fetch_array($reports)) {
+ echo ' <tr>
+ <td><b>' . $row['user_name'] . '</b></td>
+ <td><b>' . $row['title'] . '</b></td>
+ <td><img classe="reported_image" src="' . $row['image_url'] . '" alt=""></td>
+ <th><p>' . $row['body'] . '</p></th>
+ <th><p>' . $row['report_body'] . '</p></th>
+ <td>
+ <form action="" method="POST">
+ <input type="text" name="delete_post" value="' . $row['post_id'] . '" style="display:none">
+ <button type="submit" class="btn btn-sm btn-danger">Delete <i class="fa-solid fa-trash"></i></button></td>
+ </form>
</td>
- <td><button type="button" class="btn btn-sm btn-danger">Delete <i
- class="fa-solid fa-trash"></i></button></td>
+
</tr>';
}
?>
diff --git a/api.php b/api.php
index 164e13d..df21363 100644
--- a/api.php
+++ b/api.php
@@ -1,17 +1,116 @@
<?php
-$base_path = $_SERVER['PHP_SELF'];
-$array_of_path = explode('/', $base_path);
+include 'connection.php';
+$obj = new Connection();
-echo $array_of_path[0], "<br>";
-echo $array_of_path[1], "<br>";
+// request method
+$requestMethod = $_SERVER['REQUEST_METHOD'];
-echo $array_of_path[2], "<br>";
-echo $array_of_path[3], "<br>";
+// user token
+$userToken = $_SERVER['HTTP_XAPITOKEN'];
+$requestPath = $_SERVER['REQUEST_URI'];
+$requestPath = explode('/', $requestPath);
+// send a JSON response
+$key = array_search('api.php', $requestPath);
+unset($requestPath[$key]);
+unset($requestPath[0]);
+function sendResponse($data)
+{
+ header('Content-Type: application/json');
+ echo json_encode($data);
+}
+function parseSQLResult($result)
+{
+ $data = [];
+ while ($row = mysqli_fetch_assoc($result))
+ array_push($data, $row);
+ return $data;
+}
+
+function sendBadRequest()
+{
+ header("HTTP/1.1 401 Unauthorized");
+ sendResponse(["message", "un authorized request"]);
+}
+
+
+
+
+
+if ($userToken == '') {
+ sendBadRequest();
+ die();
+}
+
+$query = "SELECT * FROM users WHERE user_token = '$userToken'";
+$result = $obj->executeQuery($query);
+$data = mysqli_fetch_assoc($result);
+
+if (empty($data)) {
+ sendBadRequest();
+ die();
+}
+if (count($requestPath) > 2) {
+ sendBadRequest();
+} else if (1 == 2) {
+
+} else {
+
+ $isAdmin = $data["isAdmin"];
+ $saved_token = $data["user_token"];
+
+ if (count($requestPath) == 1 && $requestPath[2] == 'messages' && $requestMethod == 'GET') {
+ // read all messages : GET /messages with admin token
+ if ($userToken == $saved_token && $isAdmin == 1) {
+ $query = "SELECT * FROM posts;";
+ $result = $obj->executeQuery($query);
+ sendResponse(parseSQLResult($result));
+ } else if ($userToken == $saved_token && $isAdmin == 0) {
+
+ $query = "SELECT * FROM posts where user_id = " . $data['id'] . ";";
+ $result = $obj->executeQuery($query);
+ sendResponse(parseSQLResult($result));
+
+ }
+ }
+ // GET /message/<Id>
+ // > Header XAPITOKEN token (if admin token, read all messages)
+ else if (count($requestPath) == 2 && $requestPath[2] == 'messages' && !empty($requestPath[3]) && $requestMethod == 'GET') {
+ if ($userToken == $saved_token && $isAdmin == 1) {
+
+ $query = "SELECT * FROM posts where id = $requestPath[3];";
+ $result = $obj->executeQuery($query);
+ sendResponse(parseSQLResult($result));
+ } else if ($userToken == $saved_token && $isAdmin == 0) {
+
+ $query = "SELECT * FROM posts where user_id = " . $data['id'] . " AND id = " . $requestPath[3] . ";";
+ $result = $obj->executeQuery($query);
+ sendResponse(parseSQLResult($result));
+
+ }
+
+ } else if (count($requestPath) == 1 && $requestPath[2] == 'messages' && $requestMethod == 'POST') {
+
+ if ($userToken == $saved_token && $isAdmin == 0) {
+ $requestBody = file_get_contents("php://input");
+
+ // You can then parse the request body, for example, if it's JSON data:
+ $recieved_data = json_decode($requestBody, true);
+
+ $query = "INSERT INTO posts VALUES (NULL, '" . $recieved_data['title'] . "','" . $recieved_data['body'] . "', '" . $recieved_data['image_url'] . "', CURRENT_TIMESTAMP, " . $data['id'] . ") ;";
+ $result = $obj->executeQuery($query);
+ if ($result) {
+ sendResponse(['message' => 'post created successfully']);
+ }
+ }
+ } else {
+ sendBadRequest();
+ }
+}
?>
\ No newline at end of file
diff --git a/chat/index.html b/chat/index.html
deleted file mode 100644
index 59ce469..0000000
--- a/chat/index.html
+++ /dev/null
@@ -1,20 +0,0 @@
-<!DOCTYPE html>
-<html>
- <head>
- <meta charset="utf-8" />
- <title></title>
- </head>
- <body>
- <p>my id: <span id="person1id"></span></p>
- <input type="person2id" id="personid" placeholder="enter person id" />
- <input type="text" id="personmessage" placeholder="person1 message" />
- <button id="callperson1" onclick="callperson()">connect</button>
- <button id="video_call" onclick="videocall()">video call</button>
- <hr />
- <div id="result"></div>
- <video id="localVideo" autoplay></video>
- <video id="remoteVideo" autoplay></video>
- <script src="https://unpkg.com/peerjs@1.5.1/dist/peerjs.min.js"></script>
- <script src="index.js" charset="utf-8"></script>
- </body>
-</html>
diff --git a/chat/index.js b/chat/index.js
deleted file mode 100644
index e6c023a..0000000
--- a/chat/index.js
+++ /dev/null
@@ -1,84 +0,0 @@
-var peer1 = null;
-
-
-(function(){
-
- let myid = prompt('enter your id');
- peer1 = new Peer(myid);
- peer1.on('open', function(id) {
- var person1idcontainer = document.getElementById('person1id');
- person1idcontainer.innerHTML = id;
- });
-
-
- peer1.on('connection', function(conn) {
- let result = document.getElementById('result');
- conn.on('data', function(data){
- result.innerHTML = result.innerHTML + data;
- });
- });
-
-
-
-
- peer1.on('call', function(call) {
- var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia;
- getUserMedia({ video: true, audio: true })
- .then(function (stream) {
- let localVideo = document.getElementById('localVideo');
- localVideo.srcObject = stream;
- let confirmcall = confirm("you have a call");
-
- if(confirmcall){
- call.answer(stream); // Answer the call with an A/V stream.
- call.on('stream', function (remoteStream) {
- let remoteVideo = document.getElementById('remoteVideo');
- remoteVideo.srcObject = remoteStream;
- });
- }
-
- })
- .catch(function (err) {
- console.log('Failed to get local stream', err);
- });
- });
-
-
-})();
-
-// send message
-function callperson(){
- var personid = document.getElementById("personid").value;
- var person1 = peer1.connect(personid);
- // on open will be launch when you successfully connect to PeerServer
- person1.on('open', function(){
- // here you have conn.id
- let message = document.getElementById('personmessage').value;
- person1.send(message);
- });
-}
-
-function videocall() {
- var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia;
- getUserMedia({ video: true, audio: true })
- .then(function (stream) {
-
- let localVideo = document.getElementById('localVideo');
- localVideo.srcObject = stream;
-
- var personid = document.getElementById("personid").value;
- var call = peer1.call(personid, stream);
- call.on('stream', function (remoteStream) {
-
- let remoteVideo = document.getElementById('remoteVideo');
- remoteVideo.srcObject = remoteStream;
- // Show the stream in a video or canvas element.
- });
- })
- .catch(function (err) {
- console.log('Failed to get local stream', err);
- });
-}
-
-
-
diff --git a/connection.php b/connection.php
index 549abf5..d199595 100644
--- a/connection.php
+++ b/connection.php
@@ -40,6 +40,8 @@ class Connection
user_name VARCHAR(64),
age INT,
email VARCHAR(255),
+ active TINYINT DEFAULT 1,
+ user_token VARCHAR(255) default null,
profile_image VARCHAR(1024),
password VARCHAR(255),
bio VARCHAR(512),
@@ -80,6 +82,7 @@ class Connection
title VARCHAR(255),
body VARCHAR(1024),
image_url varchar(255),
+ posted_at DATETIME default CURRENT_TIMESTAMP,
user_id INT,
foreign key (user_id) references users (id)
)';
@@ -91,6 +94,20 @@ class Connection
die("Query failed: " . mysqli_error($this->connection));
}
+ // create report table
+ $query = 'CREATE TABLE IF NOT EXISTS reports (
+ id INT PRIMARY KEY AUTO_INCREMENT,
+ report_body VARCHAR(1024),
+ post_id INT
+ )';
+
+ // Execute the query
+ $result = mysqli_query($this->connection, $query);
+ // Check if the query was successful
+ if (!$result) {
+ die("Query failed: " . mysqli_error($this->connection));
+ }
+
// create messages table
@@ -108,11 +125,6 @@ class Connection
if (!$result) {
die("Query failed: " . mysqli_error($this->connection));
}
-
-
-
-
-
}
public function executeQuery($query)
@@ -152,7 +164,6 @@ class Connection
// Format the timestamp as desired
$formattedTime = date("Y-m-d H:i:s", $timestamp);
-
$valid = isset($_SESSION['valid_until']) && $_SESSION['valid_until'] > time();
if (isset($_SESSION['logged_user']) && !empty($_SESSION['logged_user']) && $valid) {
@@ -172,6 +183,16 @@ class Connection
}
+ public function acountActive($obj)
+ {
+ $loged_user_email = $_SESSION['logged_user'];
+ $query = "SELECT * FROM users where email='$loged_user_email'";
+ $result = $obj->executeQuery($query);
+ $result = mysqli_fetch_assoc($result)['active'];
+ return ($result == 1);
+
+ }
+
public function isAdmin($obj)
{
$loged_user_email = $_SESSION['logged_user'];
@@ -191,6 +212,8 @@ class Connection
return mysqli_fetch_assoc($result)['id'];
}
+
+
public function getUserByEmail($obj, $email)
{
// echo $_SESSION['logged_user'];
@@ -199,6 +222,13 @@ class Connection
return mysqli_fetch_assoc($result);
}
+ public function getUserById($obj, $id)
+ {
+ // echo $_SESSION['logged_user'];
+ $query = "SELECT * FROM users where id='$id'";
+ $result = $obj->executeQuery($query);
+ return mysqli_fetch_assoc($result);
+ }
public function sendMail($to, $subject, $body)
{
$mail = new PHPMailer(true);
diff --git a/css/main.css b/css/main.css
index db17c4c..f798fe2 100644
--- a/css/main.css
+++ b/css/main.css
@@ -407,6 +407,11 @@ body {
.twit .twit-footer .share_like i {
cursor: pointer;
}
+
+.twit .twit-footer .share_like button {
+ border: none;
+ background: none;
+}
.twit .twit-footer .share_like i:nth-child(1):hover{
background-color: #146ebe38;
color: var(--main-color-ligther);
@@ -755,6 +760,13 @@ body {
.admin-page tbody tr img {
width: 50px;
+ height: 50px;
border-radius: 100%;
}
+
+.admin-page tbody tr p {
+ line-height: 15px;
+ font-weight: 500;
+ max-width: 200px;
+}
/* admin */
diff --git a/edit_profile.php b/edit_profile.php
index 31f0e92..01a20c8 100644
--- a/edit_profile.php
+++ b/edit_profile.php
@@ -8,8 +8,21 @@ if (!$obj->acountVerified($obj)) {
header("Location: verifyemail.php");
}
-$logged_user = $_SESSION['logged_user'];
-$user = $obj->getUserByEmail($obj, $logged_user);
+$logged_user = NULL;
+$user = NULL;
+
+// if logged user is admin
+if (isset($_POST["profile_email"])) {
+
+ $logged_user = $_POST["profile_email"];
+ $user = $obj->getUserByEmail($obj, $logged_user);
+
+} else {
+ $logged_user = $_SESSION['logged_user'];
+ $user = $obj->getUserByEmail($obj, $logged_user);
+}
+
+
@@ -165,11 +178,11 @@ if (
}
?>
</text>
-
-
<form action="" method="POST" enctype="multipart/form-data">
+
<div class="mb-3">
<label for="user_name" class="form-label">User Name</label>
+ <input type="text" name="profile_email" value="<?php echo $user['email'] ?>" style="display:none">
<input value="<?php echo $user['user_name'] ?>" type="text" name="user_name" class="form-control"
id="user_name" aria-describedby="user_name">
</div>
diff --git a/footer.php b/footer.php
index 73ef5bf..a49277d 100644
--- a/footer.php
+++ b/footer.php
@@ -3,18 +3,18 @@
<?php
if ($obj->loggedin($obj)) {
- echo '<div class="rsidebar">
-
- <div class="search">
- <div class="icon">
- <i class="fa-solid fa-magnifying-glass"></i>
- </div>
- <div class="input_search">
- <input type="text">
- </div>
- </div>';
-
- ?>
+ echo '<div class="rsidebar">'
+
+ // <div class="search">
+ // <div class="icon">
+ // <i class="fa-solid fa-magnifying-glass"></i>
+ // </div>
+ // <div class="input_search">
+ // <input type="text">
+ // </div>
+ // </div>';
+
+ ?>
<div class="topics">
diff --git a/header.php b/header.php
index 346858c..f0f915b 100644
--- a/header.php
+++ b/header.php
@@ -22,7 +22,7 @@ $obj = new Connection();
<body>
<nav class="navbar bg-ligth navbar-expand-lg border-bottom border-body bg-body-tertiary" data-bs-theme="ligth">
<div class="container">
- <a class="navbar-brand" href="index.php">secure app <i class="fa-brands fa-twitter"
+ <a class="navbar-brand" href="index.php">The X2 Project<i class="fa-brands fa-twitter"
style="color: #146ebe;"></i></a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse"
data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false"
@@ -87,7 +87,7 @@ $obj = new Connection();
<li><a href="twits.php"><i class="fa-brands fa-twitter"></i> <i>twits</i></a></li>
<li><a href="friends.php"><i class="fa-solid fa-user-group"></i> <i>friends</i></a></li>
<li><a href="settings.php"><i class="fa-solid fa-gear"></i> <i>settings</i></a></li>
- <li class="is-admin"><a href="Admin.php"><i class="fa-solid fa-crown"></i> <i>Admin</i></a></li>
+ <li class="is-admin"><a href="admin.php"><i class="fa-solid fa-crown"></i> <i>Admin</i></a></li>
</ul>
diff --git a/index.php b/index.php
index cb023f4..69553e9 100644
--- a/index.php
+++ b/index.php
@@ -61,8 +61,8 @@ $users = $obj->executeQuery($query);
<?php
-$query = "SELECT * FROM posts
-LEFT JOIN users on users.id = posts.user_id;
+$query = "SELECT posts.id as post_id, title, body, image_url, posted_at, user_id, user_name, email, profile_image FROM posts
+LEFT JOIN users on users.id = posts.user_id order by posted_at DESC;
";
$posts = $obj->executeQuery($query);
@@ -100,28 +100,27 @@ while ($row = mysqli_fetch_array($posts)) {
</div>
<div class="twit-footer">
<div class="twit-date">
- <p>12:09 PM 10 Nov 2023</p>
+ <p>' . $row['posted_at'] . '</p>
</div>
<div class="share_like">
<i class="fa-regular fa-comment"></i>
<i class="fa-solid fa-arrow-up-right-from-square"></i>
<i class="fa-regular fa-heart"></i>
- <i class="fa-regular fa-bookmark"></i>
+ <form action="report_message.php" method="POST">
+ <input type="text" name="reported_message_id" value="' . $row['post_id'] . '" style="display:none;">
+ <button type="submit"><i class="fa-solid fa-bug"></i></button>
+ </form>
</div>
</div>
</div>
-
</div>
-
';
}
-
?>
+
<?php
include_once 'footer.php';
-?>
-
-
+?>
\ No newline at end of file
diff --git a/login.php b/login.php
index 15cd122..9c8189f 100644
--- a/login.php
+++ b/login.php
@@ -33,10 +33,23 @@ if (isset($provided_email) && isset($provided_password)) {
if (password_verify($provided_password, $password)) {
// Password is correct
- $_SESSION['logged_user'] = $email;
- $_SESSION['valid_until'] = $obj->USER_SESSION_DURATION;
- header("Location: index.php");
+ $target_user = $obj->getUserByEmail($obj, $email);
+
+ if ($target_user['active'] == 0) {
+ header("Location: account_disabled.php");
+ } else if ($target_user['email_verified'] == 0) {
+ header("Location: verifyemail.php");
+ } else {
+
+ $_SESSION['logged_user'] = $email;
+ $_SESSION['valid_until'] = $obj->USER_SESSION_DURATION;
+ header("Location: index.php");
+ }
+
+
+
+
} else {
// Password is incorrect
diff --git a/report_message.php b/report_message.php
new file mode 100644
index 0000000..3f95a97
--- /dev/null
+++ b/report_message.php
@@ -0,0 +1,73 @@
+<?php
+require_once 'header.php';
+if (!$obj->loggedin($obj)) {
+ header("Location: login.php");
+}
+if (!$obj->acountVerified($obj)) {
+ header("Location: verifyemail.php");
+}
+
+$reported_message_id = NULL;
+$errors = NULL;
+$message = NULL;
+$report_body = NULL;
+
+if (isset($_POST["reported_message_id"])) {
+ $reported_message_id = $_POST["reported_message_id"];
+} else {
+ header("Location: index.php");
+}
+
+if (isset($_POST["report_body"]) && !empty($_POST["report_body"])) {
+ $report_body = $_POST["report_body"];
+} else {
+ $errors = "report body shoudn't be empty";
+}
+if ((isset($_POST["report_body"]) && !empty($_POST["report_body"])) && (isset($reported_message_id) && !empty($reported_message_id))) {
+ $query = "INSERT INTO reports VALUES (null,'$report_body', $reported_message_id);";
+ $result = $obj->executeQuery($query);
+ if ($result) {
+ $message = 'report sended successfully';
+ header("Location: index.php");
+ }
+}
+?>
+
+
+
+<div class="forgot_password">
+ <h4 class='text-center'>Report the message </h4>
+ <text class='text-danger text-center'>
+ <?php
+ if ($errors != null) {
+ echo $errors;
+ }
+ ?>
+ </text>
+
+ <text class='text-success text-center'>
+ <?php
+ if ($message != null) {
+ echo $message;
+ }
+ ?>
+ </text>
+ <form action='' method='POST'>
+
+ <div class="mb-3">
+ <input type="text" name="reported_message_id" value="<?php echo $reported_message_id; ?>"
+ style="display:none">
+ <label for="report_body" class="form-label">report body</label>
+ <textarea name="report_body" id="report_body" style="width: 100%; min-height: 200px; padding:10px"
+ placeholder="enter your report here"></textarea>
+ </div>
+
+ <div class="d-flex justify-content-between">
+ <button type="submit" class="btn btn-danger btn-sm">report</button>
+ </div>
+ </form>
+</div>
+
+<?php
+include_once 'footer.php';
+?>
\ No newline at end of file
diff --git a/settings.php b/settings.php
index fe73be4..a2fe115 100644
--- a/settings.php
+++ b/settings.php
@@ -34,6 +34,11 @@ if (isset($_POST['delete'])) {
if (!unlink($user['profile_image'])) {
$errors = "can't delete user profile_image";
}
+
+ // delete user connections
+ $query = "DELETE FROM user_has_friend where user_id1='$user_id' or user_id2='$user_id'";
+ $result = $obj->executeQuery($query);
+
// delete user
$query = "DELETE FROM users where email='$logged_user'";
$result = $obj->executeQuery($query);
@@ -134,6 +139,14 @@ if (isset($_POST['delete'])) {
</div>
</div>
+ <div class="line">
+ <div>
+ <label>TOKEN</label>
+ <p style="font-size: 10pt;margin: 0;color: black;font-weight: 600;">
+ <?php echo $user['user_token'] ?>
+ </p>
+ </div>
+ </div>
<div class="line">
<div class="profile_bio">
<label>Bio</label>
@@ -143,6 +156,7 @@ if (isset($_POST['delete'])) {
</div>
</div>
+
<div class="line">
<form action="" method="POST">
<div class="delete_acount">
diff --git a/twits.php b/twits.php
index c78bd32..283f762 100644
--- a/twits.php
+++ b/twits.php
@@ -20,6 +20,8 @@ $postImageTmpName = null;
$fileSize = null;
$fileError = null;
+$post_url_image = null;
+
if (isset($_POST['post_title'])) {
$post_title = $_POST['post_title'];
@@ -46,32 +48,54 @@ if (isset($postImageName)) {
$errors = "your post should have a image file";
}
-if ((isset($post_title) && $post_title != null) && (isset($post_body) && $post_body != null) && isset($postImageName)) {
- // errors during upload
- if ($fileError === 0) {
- // upload directory
- $uploadDir = "uploads/";
+if (isset($_POST['post_url_image'])) {
+ $post_url_image = $_POST['post_url_image'];
+}
+
- // Generate a unique name for the uploaded file
- $uniqueFileName = $uploadDir . uniqid() . "_" . $postImageName;
+//if ((isset($post_title) && $post_title != null) && (isset($post_body) && $post_body != null) && isset($postImageName)) {
+if ((isset($post_title) && $post_title != null) && (isset($post_body) && $post_body != null)) {
+ // check if the file comes from url : default url
+ if (isset($post_url_image) && ((strncmp($post_url_image, 'https://', 8) === 0) || strncmp($post_url_image, 'http://', 7) === 0)) {
+ // create posts
$user_id = $obj->getUserIdByEmail($obj, $_SESSION['logged_user']);
+ $query = "INSERT INTO posts VALUE (null,'$post_title','$post_body', '$post_url_image',CURRENT_TIMESTAMP, '$user_id');";
+ $result = $obj->executeQuery($query);
+
+ // refresh session time
+ $_SESSION['valid_until'] = $obj->USER_SESSION_DURATION;
+ $message = 'post created successfully';
+
+
+ } else if (isset($postImageName)) {
+ // errors during upload
+ if ($fileError === 0) {
+ // upload directory
+ $uploadDir = "uploads/";
+
+ // Generate a unique name for the uploaded file
+ $uniqueFileName = $uploadDir . uniqid() . "_" . $postImageName;
+ $user_id = $obj->getUserIdByEmail($obj, $_SESSION['logged_user']);
- // Move the file from the temporary location to the desired directory
- if (move_uploaded_file($postImageTmpName, $uniqueFileName)) {
- // create posts
- $query = "INSERT INTO posts VALUE (null,'$post_title','$post_body', '$uniqueFileName', '$user_id');";
- $result = $obj->executeQuery($query);
- // refresh session time
- $_SESSION['valid_until'] = $obj->USER_SESSION_DURATION;
+ // Move the file from the temporary location to the desired directory
+ if (move_uploaded_file($postImageTmpName, $uniqueFileName)) {
+ // create posts
+ $query = "INSERT INTO posts VALUE (null,'$post_title','$post_body', '$uniqueFileName',CURRENT_TIMESTAMP, '$user_id');";
+ $result = $obj->executeQuery($query);
- $message = 'post created successfully';
- } else {
- $errors = "Error uploading file.";
+ // refresh session time
+ $_SESSION['valid_until'] = $obj->USER_SESSION_DURATION;
+
+ $message = 'post created successfully';
+ } else {
+ $errors = "Error uploading file.";
+ }
}
}
+
}
?>
@@ -111,8 +135,15 @@ if ((isset($post_title) && $post_title != null) && (isset($post_body) && $post_b
<div class="mb-3">
<label for="post_image" class="form-label">Twit image</label>
- <input class="form-control" type="file" name="post_image" id="post_image" multiple>
+ <input type="file" class="form-control" name="post_image" id="post_image" multiple>
</div>
+
+ <div class="mb-3">
+ <label for="post_url_image" class="form-label">Twit image from url</label>
+ <input type="url" class="form-control" name="post_url_image" id="post_url_image">
+ </div>
+
+
<div class="col-auto">
<button type="submit" class="btn btn-primary mb-3">create Twit</button>
</div>
diff --git a/verifyAcount.php b/verifyAcount.php
index fd10b42..d27450b 100644
--- a/verifyAcount.php
+++ b/verifyAcount.php
@@ -34,7 +34,7 @@ if ((isset($_GET['token']) && !empty($token))) {
// message is not altered and
$email = $target_user['email'];
- $query = "UPDATE users SET email_verified =1,password_reset_token=null,verify_token=null, verified_at = CURRENT_TIMESTAMP where email = '$email'";
+ $query = "UPDATE users SET active=1, email_verified =1,password_reset_token=null,verify_token=null, verified_at = CURRENT_TIMESTAMP where email = '$email'";
$result = $obj->executeQuery($query);
diff --git a/verifyemail.php b/verifyemail.php
index ac68bfe..ae470fe 100644
--- a/verifyemail.php
+++ b/verifyemail.php
@@ -1,8 +1,8 @@
<?php
require_once 'header.php';
-if (!$obj->loggedin($obj)) {
- header("Location: login.php");
-}
+// if (!$obj->loggedin($obj)) {
+// header("Location: login.php");
+// }
if ($obj->acountVerified($obj)) {
header("Location: index.php");
}
--
GitLab