logburn/ibsite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Luke Ogburn
2019-03-30 22:43:34 -04:00
commit c4a666e3b6
78 changed files with 5332 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
user/banned.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
$GLOBALS["page"] = "banned";
require $_SERVER['DOCUMENT_ROOT']."/globalFuncs.php";
if(getUserInfo($current_user)->special!="banned"){
$title = "<h2>YOU HAVE NOT BEEN BANNED</h2>";
$message = "<p class=smallWidth>Why are you even here?</p>";
}else{
$title = "<h2>YOU HAVE BEEN BANNED</h2>";
$message = "<p class=smallWidth>An admin has banned you and left the following message:</p>\n<p class=smallWidth><i>".getUserInfo($current_user)->ban_reason."</i></p>";
}
?>
<!DOCTYPE html>
<html>
<?php
include "../res/head";
?>
<body>
<?php
include "../res/top";
?>
<div id=monoContainer>
<div class="card noHover center">
<?=$title?>
<?=$message?>
</div>
</div>
</body>
</html>

76
user/callback.php Normal file
View File

@@ -0,0 +1,76 @@
<?php
require_once("config.php");
require $_SERVER['DOCUMENT_ROOT']."/globalFuncs.php";
conn();
if($GLOBALS["verified"]){
//No idea what this used to do, but I'm scared to get rid of it
//header("Location: https://ib.lukeogburn.com/user/?user=".$_COOKIE["IBSITE_ID"]);
}
if(isset($_GET['code'])) {
$token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
} else {
reportError('callback.php: $_GET["code"] was not set!');
msg("Internal error. It has been reported.");
header("Location: /");
}
$oAuth = new Google_Service_Oauth2($client);
$user = $oAuth->userinfo->get();
//Adding cookie token thing
conn();
$stmt = $conn->prepare("INSERT INTO login_tokens (token, user_id) VALUES (:ac, :id)");
$id = substr($user->email, 0, strlen("@students.hcps.us"));
$access = password_hash($token["access_token"], PASSWORD_DEFAULT);
$stmt->bindParam(':ac', $access);
$stmt->bindParam(':id', $id);
$stmt->execute();
//Updating last login timestamp
$stmt = $conn->prepare("UPDATE users SET last_login = CURRENT_TIMESTAMP WHERE id = :id");
$stmt->bindParam(':id', $id);
$stmt->execute();
setcookie("IB_SESSION", $token["access_token"], time() + (60*60*24*14), "/", NULL, true, true);
setcookie("IB_ID", substr($user->email, 0, strlen("@students.hcps.us")), time() + (60*60*24*14), "/", NULL, true, true);
//Checking if user is in database
$dbID = getUserInfo($id)->id; //$id from above used
if(substr($user->email, -7) != "hcps.us"){
header("Location: https://ib.lukeogburn.com/user/reqHcps.php");
}else if($id!=$dbID){
//putting user in database if they aren't already
$stmt = $conn->prepare("INSERT INTO users (id, name, image_url, teacher) VALUES (:id, :nm, :im, :tc)");
$stmt->bindParam(':id', $id);
$name = str_replace(" ", "_", $user["name"]);
$stmt->bindParam(':nm', $name);
$stmt->bindParam(':im', $user["picture"]);
$teacher = is_numeric($id)?NULL:true;
$stmt->bindParam(':tc', $teacher);
$stmt->execute();
if(!$stmt){
reportError("Error signing in (013)");
msg("Error. Try again, maybe? This has been reported.");
header("Location: /");
}
msg("You have been logged in");
header("Location: https://ib.lukeogburn.com/forum/");
}else{
//updating the user's profile picture just in case they changed it in Google
$stmt = $GLOBALS['conn']->prepare("UPDATE users SET image_url = :im WHERE id = :id");
$stmt->bindParam(':im', $user->picture);
$stmt->bindParam(':id', $id);
$result = $stmt->execute();
if(!$result){
reportError("Error in callback - code 014");
msg("Error. It has been reported. Try again, maybe?");
header("Location: /");
}
msg("You have been logged in");
header("Location: https://ib.lukeogburn.com/forum/");
}
?>

8
user/config.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
require_once($_SERVER['DOCUMENT_ROOT']."/googleApi/vendor/autoload.php");
$client = new Google_Client();
$client->setAuthConfig($_SERVER['DOCUMENT_ROOT'].'/googleApi/creds.json');
$client->addScope(Google_Service_Oauth2::PLUS_LOGIN);
$client->addScope(Google_Service_Oauth2::USERINFO_EMAIL);
$client->setRedirectUri("https://ib.lukeogburn.com/user/callback.php");
?>

9
user/finishLogout.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
if(!isset($_COOKIE['IB_ID']) && !isset($_COOKIE['IB_SESSION'])){
header("Location: /");
}else{
reportError("Error in /user/finishLogout.php");
msg("There was an error logging you out. It has been reported.");
header("Location: /");
}
?>

211
user/index.php Normal file
View File

@@ -0,0 +1,211 @@
<?php
require $_SERVER['DOCUMENT_ROOT']."/globalFuncs.php";
conn();
$row = getUserInfo($_GET["user"]);
$id = $row->id;
$name = $row->name;
$classes = $row->classes;
$grade = $row->grade;
$image = $row->image_url;
$teacher = $row->teacher;
if($_COOKIE["IB_ID"]==$_GET['user']){
$accountOwner = true;
}else{
$accountOwner = false;
}
if($id == NULL){
msg("User doesn't exist.");
header('Location: https://ib.lukeogburn.com/forum/');
}
?>
<!DOCTYPE html>
<html>
<?php
$css = 'user';
include $_SERVER['DOCUMENT_ROOT']."/res/head";
?>
<body>
<?php
include $_SERVER['DOCUMENT_ROOT']."/res/top";
function a($type){
$check = $_GET['type']=="" ? "forum" : $_GET['type'];
echo $type == $check ? "active" : "";
}
?>
<div id=userTopWrapper>
<div id=userTop>
<a class=userTopSel <?php a("forum"); ?> href=<?php echo "?user=".$_GET["user"]; ?>&type=forum>POSTS</a>
<a class=userTopSel <?php a("saved"); ?> href=<?php echo "?user=".$_GET["user"]; ?>&type=saved>SAVED</a>
</div>
</div>
<!-- Begin mobile-only part -->
<div id=right class=mobileOnly>
<div id=userInfo class="card noHover">
<div id=userInfoTop>
<img id=userImg src=<?php echo $image; ?>>
<div class=infoDump>
<h2><?php echo $name; ?></h2>
<p><?php
$grade = $teacher?"Teacher":$grade;
echo $grade==null?"Grade level unknown":ucwords($grade);
echo verifyUser("admin", $_GET["user"])?" | Admin":"";
?></p>
<p><?=$_GET["user"]?>@hcps.us</p>
<p><?=$numOfPosts;?></p>
</div>
</div>
</div>
<?php
if(!$teacher){
echo "<div id=userClassInfo class='card noHover'>
<div id=userClassInfoTop class=infoDump>
<h2>Classes</h2>\n";
if($classes==NULL){
echo "<p>Unknown</p>";
}else{
$classesArray= explode(",", $classes);
foreach($classesArray as $class){
$class = ucwords(str_replace("_", " ", $class));
echo "<p>$class</p>";
}
}
echo "</div>
</div>\n";
}
if($accountOwner){
if(verifyUser("admin")){
$admin = "<p><a href=/admin/portal/>Admin Portal</a></p>";
}
echo "<div id=userActionsWrapper class='card noHover'>
<div id=userActions>
<p><a href=/user/logout.php>Logout</a></p>
<p><a href=/user/settings.php>Account Settings</a></p>
<p><a href=/report.php>Report Site Issue</a></p>
$admin
</div>
</div>";
}
?>
</div>
<!-- End mobile-only part -->
<div id=container>
<div id=left>
<?php
$limit = 20;
$page = is_numeric($_GET["page"])&&$_GET["page"]>0?$_GET["page"]:1;
$start = $limit * ($page - 1);
//setting amount of posts allowed on page
if($_GET["type"]=="saved"){
//Getting the saved posts
conn();
$stop = $limit+1;
$stmt = $conn->prepare("SELECT * FROM bookmarks WHERE user_id = :uid ORDER BY unused_id DESC LIMIT $start,$stop");
$stmt->bindParam(":uid", $_GET["user"]);
$stmt->execute();
$row = $stmt->fetchAll();
$count = $stmt->rowCount();
$row = array_slice($row, 0, $limit);
foreach($row as $thing){
$stmt = $conn->prepare("SELECT * FROM forums WHERE post_id = :pid");
$stmt->bindParam(":pid", $thing["post_id"]);
$stmt->execute();
$post = $stmt->fetchAll();
makePost($post[0]);
}
if($count == 0){
$referer = $accountOwner?"your":getUserInfo($_GET["user"])->name."'s";
echo "<h3 class='center noSelect' style=color:#888;font-style:italic;margin-top:10vh;>This is where ".$referer." saved posts would be</h3>";
}
}else{
//Getting user's posts
conn();
$stop = $limit+1;
$stmt = $conn->prepare("SELECT * FROM forums WHERE poster_id = :pid ORDER BY date DESC LIMIT $start,$stop");
$stmt->bindParam(":pid", $_GET["user"]);
$stmt->execute();
$row = $stmt->fetchAll();
$count = $stmt->rowCount();
$row = array_slice($row, 0, $limit);
foreach($row as $post){
makePost($post);
}
}
//Getting how many posts the user has made
$stmt = $conn->prepare("SELECT COUNT(*) FROM forums WHERE poster_id = :id");
$stmt->bindParam(":id", $_GET["user"]);
$stmt->execute();
$numOfPosts = $postCount = $stmt->fetchColumn(0);
$numOfPosts = $numOfPosts==1?"$numOfPosts Post":"$numOfPosts Posts";
if($postCount == 0 && $_GET["type"]!="saved"){
$referer = $accountOwner?"your":getUserInfo($_GET["user"])->name."'s";
echo "<h3 class='center noSelect' style=color:#888;font-style:italic;margin-top:10vh;>This is where ".$referer." posts would be</h3>";
}
//Page arrows
echo "<div id=pages>";
$user = $_GET["user"];
$type = $_GET["type"];
echo $page!=1?"<div id=prevPage><a href=/user/?user=$user&type=$type&page=".($page-1).">&larr;</a></div>":"<div></div>";
echo $count>$limit?"<div id=nextPage><a href=/user/?user=$user&type=$type&page=".($page+1).">&rarr;</a></div>":"<div></div>";
echo "</div>";
?>
</div>
<div id=right>
<div id=userInfo class="card noHover">
<div id=userInfoTop>
<img id=userImg src=<?php echo $image; ?>>
<div class=infoDump>
<h2><?php echo $name; ?></h2>
<p><?php
$grade = $teacher?"Teacher":$grade;
echo $grade==null?"Grade level unknown":ucwords($grade);
echo verifyUser("admin", $_GET["user"])?" | Admin":"";
?></p>
<p><?=$_GET["user"]?>@hcps.us</p>
<p><?=$numOfPosts;?></p>
</div>
</div>
</div>
<?php
if(!$teacher){
echo "<div id=userClassInfo class='card noHover'>
<div id=userClassInfoTop class=infoDump>
<h2>Classes</h2>\n";
if($classes==NULL){
echo "<p>Unknown</p>";
}else{
$classesArray= explode(",", $classes);
foreach($classesArray as $class){
$class = ucwords(str_replace("_", " ", $class));
echo "<p>$class</p>";
}
}
echo "</div>
</div>\n";
}
if($accountOwner){
if(verifyUser("admin")){
$admin = "<p><a href=/admin/portal/>Admin Portal</a></p>";
}
echo "<div id=userActionsWrapper class='card noHover'>
<div id=userActions>
<p><a href=/user/logout.php>Logout</a></p>
<p><a href=/user/settings.php>Account Settings</a></p>
<p><a href=/report.php>Report Site Issue</a></p>
$admin
</div>
</div>";
}
?>
</div>
</div>
</body>
</html>

7
user/login.php Normal file
View File

@@ -0,0 +1,7 @@
<?php
require_once("config.php");
$authUrl = $client->createAuthUrl();
header("Location: ".$authUrl);
?>

13
user/logout.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
require $_SERVER['DOCUMENT_ROOT']."/globalFuncs.php";
conn();
$stmt = $conn->prepare("DELETE FROM login_tokens WHERE user_id = :tk");
$stmt->bindParam(":tk", $_COOKIE["IB_ID"]);
$stmt->execute();
setcookie("IB_ID", $_COOKIE["IB_ID"], time()-3600, "/");
setcookie("IB_SESSION", $_COOKIE["IB_SESSION"], time()-3600, "/");
header("Location: finishLogout.php");
//Without this, PHP can't tell the cookie was deleted. It's dumb but it works.
?>

59
user/reqHcps.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
require $_SERVER['DOCUMENT_ROOT']."/globalFuncs.php";
conn();
$stmt = $conn->prepare("DELETE FROM login_tokens WHERE user_id = :tk");
$stmt->bindParam(":tk", $_COOKIE["IB_ID"]);
$stmt->execute();
setcookie("IB_ID", $_COOKIE["IB_ID"], time()-3600, "/");
setcookie("IB_SESSION", $_COOKIE["IB_SESSION"], time()-3600, "/");
?>
<html>
<head>
<?php
include $_SERVER['DOCUMENT_ROOT']."/res/head";
?>
<style>
#error{
color: red;
margin-top: 10%;
}
.link{
text-decoration: none;
display: inline;
}
.link:hover{
cursor: pointer;
text-decoration: underline;
}
#ebody{
margin: 0 15%;
text-align: center;
}
</style>
</head>
<body>
<?php
require $_SERVER['DOCUMENT_ROOT']."/res/top";
?>
<div id=ebody>
<h3 id=error>You need to use your school account.</h3>
<br><!-- so -->
<p class=link>(<a class=link href=login.php>Back to login page</a>)</p>
<br><!-- sorry -->
<br><!-- for -->
<br><!-- this -->
<p>
If you weren't given the option, you need to:<br>
<div style=display:inline-block;margin-left:auto;margin-right:auto;>
<ol style=text-align:left;>
<li>Go to <a class=link target=_BLANK href=https://google.com/>google.com</a></li>
<li>Sign in with your HCPS account</li>
<li>Re-login here</li>
</ol>
</div>
</p>
</div>
</body>
</html>

101
user/settings.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
require $_SERVER['DOCUMENT_ROOT']."/globalFuncs.php";
if(!(isset($_COOKIE["IB_ID"]))){
header("Location: https://ib.lukeogburn.com/user/login.php");
}
conn();
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM users WHERE id = :id");
$id = $current_user;
$stmt->bindParam(":id", $id);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_OBJ);
$GLOBALS['grade'] = $row->grade;
$GLOBALS['userClasses'] = explode(",", $row->classes);
$GLOBALS['name'] = $row->name;
$GLOBALS['teacher'] = $row->teacher;
$GLOBALS['dark_theme'] = $row->dark_theme;
$GLOBALS['snow'] = $row->snow;
function dt($val){
if($val == $GLOBALS['dark_theme']){
return "checked";
}
}
function sw($val){
if($val == $GLOBALS['snow']){
return "checked";
}
}
?>
<!DOCTYPE html>
<html>
<?php
$css = "updateInfo";
include $_SERVER['DOCUMENT_ROOT']."/res/head";
?>
<body>
<?php
include $_SERVER['DOCUMENT_ROOT']."/res/top";
?>
<div id=monoContainer>
<div class='card noHover center'>
<h2>Account Settings</h2>
<form method=POST action="updateFunc.php">
<p class=question>Dark theme?</p>
<input type=radio name=dark_theme id=darkThemeOff value=0 <?=dt(0)?>>
<label class=sideBySide for=darkThemeOff>OFF</label>
<input type=radio name=dark_theme id=darkThemeOn value=1 <?=dt(1)?>>
<label class=sideBySide for=darkThemeOn>ON</label>
<p class=question>Snow?</p>
<input type=radio name=snow id=snowOff value=0 <?=sw(0)?>>
<label class=sideBySide for=snowOff>OFF</label>
<input type=radio name=snow id=snowOn value=1 <?=sw(1)?>>
<label class=sideBySide for=snowOn>ON</label>
<p class=question>What is your name?</p>
<input type=text name=name autocomplete=off maxlength=20 placeholder="Your name" value=<?php echo "\"".$GLOBALS['name']."\""; ?>>
<?php
function a($level){
if($level == $GLOBALS['grade']){
return "checked";
}
}
function b($class){
if(in_array($class, $GLOBALS['userClasses'])){
return "checked";
}
}
if($GLOBALS['teacher'] == NULL){
echo "
<p class=question>What grade level are you?</p>
<input type=radio name=grade id=fm value=freshman ".a('freshman')." >
<label for=fm>Freshman</label>
<input type=radio name=grade id=sp value=sophmore ".a('sophmore')." >
<label for=sp>Sophmore</label>
<input type=radio name=grade id=jr value=junior ".a('junior')." >
<label for=jr>Junior</label>
<input type=radio name=grade id=sn value=senior ".a('senior')." >
<label for=sn>Senior</label>
<p class=question>Which of these classes are you in?</p>";
$classes = file_get_contents($_SERVER['DOCUMENT_ROOT']."/res/classes");
$classes = array_filter(explode(",", $classes));
$tag = 1;
foreach($classes as $class){
echo "<input name=classes[] value=$class type=checkbox id=tag$tag ".b($class)."><label class=tagLabel for=tag$tag>".ucwords(str_replace("_", " ", $class))."</label>\n";
$tag++;
}
}
?>
<button class=save name=btn type=submit value=submit>Save</button>
</form>
</div>
<br> <!-- shows the margin-bottom of the last .card for some reason (also adds another space, which doesn't look horrible so I'm keeping it lol -->
</div>
</body>
</html>

64
user/updateFunc.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
require $_SERVER['DOCUMENT_ROOT']."/globalFuncs.php";
//Getting class settings
$i=0;//for the comma
if(isset($_POST['classes'])){
foreach($_POST['classes'] as $class){
if($i==1){//for the comma
$classes .= ",";
}else{
$i=1;
}
$classes .= $class;
}
}else{
$classes = "";
}
$id = $current_user;
//Making sure username is legal
if(strlen($_POST["name"])>20){
msg("You cannot have a name with more than 20 characters");
header("Location: /user/updateInfo.php");
exit();
}else if(strContains($_POST["name"], " ")){
msg("You cannot have a space in your username");
header("Location: /user/updateInfo.php");
exit();
}else if(preg_match('#[^a-zA-Z0-9\-_]+#', $_POST["name"])){
preg_match_all('#[^a-zA-Z0-9\-_]#', $_POST["name"], $match);
for($i=0; $i<sizeof($match[0]);$i++){
$char .= $match[0][$i].", ";
}
$char = substr($char, 0, -2);
msg("Please only use -, _, and alphanumeric characters (don't use $char)");
header("Location: /user/settings.php");
exit();
}
//Making sure the username isn't taken
if(getUserInfoByName($_POST["name"])->name != "" && getUserInfoByName($_POST["name"])->id != $id){
msg("That name is already taken");
header("Location: /user/updateInfo.php");
exit();
}
//Actually putting the info in the database
conn();
$stmt = $GLOBALS['conn']->prepare("UPDATE users SET name = :nm, grade = :gd, classes = :cs, dark_theme = :dt, snow = :sw WHERE id = :id");
$stmt->bindParam(":nm", $_POST["name"]);
$stmt->bindParam(":gd", $_POST["grade"]);
$stmt->bindParam(":cs", $classes);
$stmt->bindParam(":dt", $_POST["dark_theme"]);
$stmt->bindParam(":sw", $_POST["snow"]);
$stmt->bindParam(":id", $id);
$stmt->execute();
if($stmt){
msg("Information updated");
}else{
reportError("Error given at end of /user/updateFunc.php");
msg("Error updating. It has been reported.");
}
header("Location: https://ib.lukeogburn.com/user/?user=".$id);
?>

80
user/updateInfo.css Normal file
View File

@@ -0,0 +1,80 @@
html, body{
height: calc(100% - 1em);
/* Allows the body content be centered vartically.
No idea why the "-1em" part matters, but it does and it works so don't touch it unless you are willing to see the proccess through
*/
}
#midtainer{
display: flex;
height: calc(100% - 2em - 4%);
/* 100% - top bar thing */
align-items: center;
justify-content: center;
}
#updateCard{
display: inline-block;
padding: 2em 4em;
margin: 5% auto;
text-align: center;
}
.question{
font-size: 1.1em;
margin-top: 2em;
margin-bottom: 0.7em;
}
select{
padding: 0.3em 2em;
align-items: center;
justify-content: center;
background-color: #eee;
border: none;
outline-width: 0;
font-size: 0.9em;
}
option{
text-align: center;
}
form>label:not(.sideBySide){
margin-left: auto;
margin-right: auto;
}
form>label:not(.sideBySide){
display: block;
}
.sideBySide{
display: inline;
}
.sideBySide:not(:last-of-type){
margin-right: 1%;
}
input[type=checkbox], input[type=radio]{
display: none;
}
.tagLabel{
display: inline-block;
}
label:not(:last-of-type){
margin-bottom: 0.3em;
}
input[type=checkbox]:checked+label, input[type=radio]:checked+label{
color: #00d09f;
}
input[type=text]:not(#searchBar){
border: none;
border-bottom: 1px solid black;
outline-width: 0;
text-align: center;
font-size: 1em;
margin-bottom: calc(1em + 1px);
}
button[type=submit]{
font-size: 1em;
background-color: white;
color: #00d09f;
border: 1px solid #00d09f;
padding: 0.5em 1em;
margin-top: 2em;
}
label:hover, button:hover{
cursor: pointer;
}

76
user/user.css Normal file
View File

@@ -0,0 +1,76 @@
#container{
grid-template-columns: 2fr 1fr;
}
/* General forum stuff */
.forumLink{
text-decoration: none;
}
/* Choosing section to view */
#userTopWrapper{
height: 2em;
background-color: white;
box-shadow: 0 1px 3px #ddd;
display: flex;
justify-content: center;
align-items: center;
position: relative;
z-index: 5;
}
.userTopSel{
color: black;
text-decoration: none;
margin: 0 1em 2px 1em;
}
.userTopSel[active]{
margin-bottom: 0;
padding-bottom: 1px;
border-bottom: 2px solid #00d09f;
border-radius: 0.2em;
}
.userTopSel:hover:not([active]){
margin-bottom: 0;
border-bottom: 2px solid #2ce4b9;
border-radius: 0.2em;
}
#top{
box-shadow: none; /* Overriding the top bar's shadow */
}
/*Didn't know where to put these so I put it here*/
#userImg{
border-radius: 50%;
}
#userActions>p>a{
color: inherit;
text-decoration: none;
}
#userActions>p>a:not(:first-of-type){
margin-top: 0.6em;
}
#userActions>p>a:hover{
text-decoration: underline;
}
/* User info */
#right{
background-color: rgba(0,0,0,0);
padding: 0;
margin: 0;
border: none;
box-shadow: none;
}
.infoDump>h2{
text-overflow: ellipsis;
}
#userImg{
width: 30%;
display: block;
margin: 0 auto;
}
.infoDump{
display: block;
}
.infoDump>p{
text-align: center;
margin: 0;
margin-top: 0.7em;
}