various refactorings and bugfixes

SeanCullen1 · Dec 2, 2019 · c0f6462 · c0f6462
1 parent 0cc4c55
commit c0f6462
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 20 deletions.
diff --git a/LICENSE.md b/LICENSE.md
@@ -1,7 +1,7 @@
 MIT License
 ===========
 
-Copyright (c) 2017 Tim Steufmehl
+Copyright (c) 2019 Tim Steufmehl
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/app/content/editprofile.php b/app/content/editprofile.php
@@ -8,9 +8,9 @@
 $adminMode = false;
 
 $userId = $_SESSION['user_id'];
-if(isset($_GET['user_id'])) {
+if(isset($_GET['id'])) {
     $adminMode = true;
-    $userId = $_GET['user_id'];
+    $userId = $_GET['id'];
 }
 
 // get user's data
@@ -44,9 +44,9 @@
     if(empty($errors)){
         // change profile info
         try {
-            if($model->editUser($userId, $_POST['email'], $_POST['country'], $changePassword, ($adminMode ? (1 == $_POST['is_admin'] ? 1 : 0) : null))) {
+            if($model->editUser($userId, $_POST['email'], $_POST['country'], $changePassword, ($adminMode && $userId !== $_SESSION['user_id']  ? (1 == $_POST['is_admin'] ? 1 : 0) : null))) {
                 // on success: redirect
-                redirect('?page=editprofile&saved=1' . ($adminMode ? '&user_id=' . $userId : ''));
+                redirect('?page=editprofile&saved=1' . ($adminMode ? '&id=' . $userId : ''));
             }
             else {
                 $errors[] = ($adminMode ? 'The' : 'Your') . ' profile could not be updated.';
@@ -72,7 +72,7 @@
             echo '<div class="alert alert-success">' . ($adminMode ? 'The' : 'Your') . ' profile was updated.</div>';
         }
         ?>
-        <form method="post" action="?page=editprofile<?php echo ($adminMode ? '&user_id=' . $userId : '') ?>">
+        <form method="post" action="?page=editprofile<?php echo ($adminMode ? '&id=' . $userId : '') ?>">
             <div class="form-group">
                 <label for="email">Email address:</label>
                 <input type="email" class="form-control" name="email" value="<?php echo $userData['email']; ?>" id="email">

diff --git a/app/content/profile.php b/app/content/profile.php
@@ -1,26 +1,26 @@
 <?php
-$userId = false;
-if(isset($_GET['user_id'])) {
-    $userId =  $_GET['user_id'];
+$isAdmin = (isset($_SESSION['user']['is_admin']) && 1 == $_SESSION['user']['is_admin']);
+
+if(!empty($_GET['id'])) {
+    $userId =  $_GET['id'];
+}
+else {
+    error(404, 'User could not be found (No "id" provided).');
 }
 
 // find user in database
 try {
     if(false !== $userId) {
         $user = $model->getUserData($userId);
         if (count($user) <= 0) {
-            $userId = false;
+            error(404, 'User could not be found (Wrong "id" provided)');
         }
     }
 }
 catch (Exception $ex) {
     error(500, 'Could not query given user from Database', $ex);
 }
 
-if(false === $userId) {
-    error(404, 'User could not be found');
-}
-
 // find user's threads/posts
 try {
     $posts = $model->getPostsByUser($userId);
@@ -32,13 +32,27 @@
 ?>
 <div class="row">
     <div class="col-lg-12">
-        <h1><?php echo $user[0]['username']; ?>'s Profile<?php echo ($user[0]['is_admin'] ? '<span class="label label-danger pull-right">Admin</span>' : '<span class="label label-default pull-right">User</span>'); ?></h1>
+        <h1>
+            <?php echo $user[0]['username']; ?>'s Profile
+            <?php
+            if(isset($_SESSION['user']['id']) &&  $userId === $_SESSION['user']['id']) {
+                echo '<span class="pull-right"><a href="?page=editprofile" class="btn btn-primary">Edit your profile</a></span>';
+            }
+            elseif($isAdmin) {
+                echo '<span class="pull-right"><a href="?page=editprofile&id=' . $userId . '" class="btn btn-primary">Edit this profile</a></span>';
+            }
+            ?>
+        </h1>
         <table class="table">
             <tbody>
             <tr>
                 <td><strong>Username</strong></td>
                 <td><?php echo $user[0]['username']; ?></td>
             </tr>
+            <tr>
+                <td><strong>Status</strong></td>
+                <td><?php echo ($user[0]['is_admin'] ? '<span class="label label-danger">Admin</span>' : '<span class="label label-default">User</span>'); ?></td>
+            </tr>
             <tr>
                 <td><strong>E-Mail</strong></td>
                 <td><a href="mailto:<?php echo $user[0]['email']; ?>"><?php echo $user[0]['email']; ?></a></td>
@@ -59,7 +73,7 @@
             echo '<table class="table"><tbody>';
             foreach ($posts as $post) {
                 $adminsOnly = (1 == $post['thread_admins_only']);
-                $adminRestricted = ($adminsOnly && isset($_SESSION['user']['is_admin']) && 0 == $_SESSION['user']['is_admin']);
+                $adminRestricted = ($adminsOnly && $isAdmin);
                 ?>
                 <tr class="<?php echo ($adminRestricted ? '' : 'clickable-row'); ?>">
                     <td><?php echo ($adminsOnly ? icon('lock') : '') . ' <strong>' . ($adminRestricted ? '' . $post['thread_title'] : '<a href="?page=thread&id=' . $post['thread_id'] . '">' . $post['thread_title'] . '</a>') . '</strong>'; ?></td>

diff --git a/app/content/thread.php b/app/content/thread.php
@@ -70,10 +70,18 @@
         foreach ($resultPosts as $post) {
             ?>
             <div class="panel panel-default">
-                <div class="panel-heading"><a name="post-<?php echo $post['id']; ?>"></a><p>User: <strong><a href="/?page=profile&user_id=<?php echo $post['user_id']; ?>"><?php echo $post['username']; ?></a></strong> <?php echo ($_SESSION['user_id'] == $post['user_id'] ? '(<a href="?page=editpost&id=' . $post['id'] . '">Edit</a>)' : '') ?><span class="pull-right"><?php echo $post['timestamp']; ?></span></p></div>
+                <div class="panel-heading">
+                    <a name="post-<?php echo $post['id']; ?>"></a>
+                    User: <strong><a href="/?page=profile&id=<?php echo $post['id']; ?>"><?php echo $post['username']; ?></a></strong> <span class="pull-right"><?php echo $post['timestamp']; ?></span>
+                </div>
                 <div class="panel-body">
                     <p><?php echo nl2br($post['text']); ?></p>
                 </div>
+                <?php if($_SESSION['user_id'] == $post['user_id']) { ?>
+                <div class="panel-footer">
+                    <a href="?page=editpost&id=<?php echo $post['id']; ?>">Edit this Post</a>
+                </div>
+                <?php } ?>
             </div>
             <?php
         }

diff --git a/app/content/users.php b/app/content/users.php
@@ -58,12 +58,12 @@
                 <?php foreach ($result as $user) { ?>
                     <tr>
                         <td><?php echo $user['id']; ?></td>
-                        <td><?php echo $user['username']; ?></td>
+                        <td><a href="/?page=profile&id=<?php echo $user['id']; ?>"><?php echo $user['username']; ?></a></td>
                         <td><?php echo $user['email']; ?></td>
                         <td><?php echo $user['country']; ?></td>
                         <td><?php echo (1 == $user['is_admin'] ? icon('ok') : ''); ?></td>
                         <td>
-                            <a href="?page=editprofile&user_id=<?php echo $user['id']; ?>" class="btn btn-default" title="Edit User"><?php echo icon('edit'); ?> Edit</a>
+                            <a href="?page=editprofile&id=<?php echo $user['id']; ?>" class="btn btn-default" title="Edit User"><?php echo icon('edit'); ?> Edit</a>
                             <a href="?page=users&remove=<?php echo $user['id']; ?>" class="btn btn-default remove-user" title="Remove User"><?php echo icon('remove'); ?> Remove</a>
                         </td>
                     </tr>

diff --git a/app/includes/model.php b/app/includes/model.php
@@ -78,7 +78,7 @@ public function editUser($pUserId, $pEmail, $pCountry, $pChangePassword, $pChang
             // change admin status?
             $adminSql = '';
             if(null !== $pChangeAdmin) {
-                $adminSql = ', is_admin = ' . (1 == $_POST['is_admin'] ? 1 : 0);
+                $adminSql = ', is_admin = ' . $pChangeAdmin;
             }
 
             $sql = 'UPDATE ' . $this->prefix . 'users SET email = \'' . $pEmail . '\', country = \'' . $pCountry . '\'' . $passwordSql . $adminSql . ' WHERE id = ' . $pUserId;