-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprofile.php
130 lines (117 loc) · 3.32 KB
/
profile.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
$action = $_POST['action'];
$servername = "localhost";
$username = "host";
$dbpassword = "Team017FTW!";
$database = "makeitall";
$conn = new mysqli($servername, $username, $dbpassword, $database);
if ($action == "change_password") {
$id = $_POST['id'];
//hashes password for security
$password = hash('sha256', $_POST['password']);
//get current password
$stmt = $conn->prepare("SELECT password FROM `users` WHERE user_id = ?");
$stmt->bind_param("s", $id);
$stmt->execute();
$stmt->bind_result($existing_password);
$stmt->fetch();
$stmt->close();
if ($password == $existing_password) {
echo "invalid";
}
else {
//if new password is different, update password in database
$stmt = $conn->prepare("UPDATE `users` SET password = ? WHERE user_id = ?");
$stmt->bind_param("ss", $password, $id);
$stmt->execute();
$stmt->close();
echo "valid";
}
}
else if ($action == "get_projects") {
$id = $_POST['id'];
//get number of projects that current user is part of
$stmt = $conn->prepare("SELECT COUNT(project_id) FROM `project_staff` WHERE user_id = ?");
$stmt->bind_param("s", $id);
$stmt->execute();
$stmt->bind_result($num_projects);
$stmt->fetch();
$stmt->close();
if ($num_projects == 0) {
echo "none";
}
else {
//if current user is part of at least one project, get project ids in order
$stmt = $conn->prepare("SELECT project_id FROM `project_staff` WHERE user_id = ? ORDER BY project_id");
$stmt->bind_param("s", $id);
$stmt->execute();
$stmt->bind_result($projects);
while ($stmt->fetch()) {
$conn2 = new mysqli($servername, $username, $dbpassword, $database);
//get name and leader status for every project that the current user is part of
$stmt2 = $conn2->prepare("SELECT proj_name, leader_id FROM `projects` WHERE project_id = ?");
$stmt2->bind_param("s", $projects);
$stmt2->execute();
$stmt2->bind_result($name, $leader);
$stmt2->fetch();
$stmt2->close();
if ($id == $leader) {
echo "$name-L/";
}
else {
echo "$name/";
}
}
$stmt->close();
}
}
else if ($action == "get_posts") {
$id = $_POST['id'];
include 'db.php';
//get post details for current user
$sql = "SELECT PostID, Title, DateCreated, IsDraft, LikesCount, Topic
FROM Posts
WHERE IsDraft = 0 AND UserID = ?
ORDER BY DateCreated DESC";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $id);
$stmt->execute();
$result = $stmt->get_result();
$posts = array();
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$posts[] = $row;
}
echo json_encode($posts);
}
else {
echo json_encode([]);
}
$stmt->close();
}
else if ($action == "get_comments") {
$id = $_POST['id'];
include 'db.php';
//get comment details for current user
$sql = "SELECT p.PostID, p.Title, p.Topic, c.CommentContent, c.Likes, c.LastModified
FROM Comments c
INNER JOIN Posts p ON c.PostID = p.PostID
WHERE c.UserID = ?
ORDER BY c.LastModified DESC";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $id);
$stmt->execute();
$result = $stmt->get_result();
$posts = array();
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$posts[] = $row;
}
echo json_encode($posts);
}
else {
echo json_encode([]);
}
$stmt->close();
}
?>