zanex/ITL-Huge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: zanex:cf634bd78831d166bf7fdd03f82e37a3c5cb04e4
Branches Tags
zanex:main
..
compare: zanex:main
Branches Tags
zanex:main

7 Commits
cf634bd788 ... main

Author SHA1 Message Date
Elias F.
edcc1b5403 Now that we have a working chat system, we just need to build a layout, which works dynamically and looks decent along with not having the page always reload when sending a message. 2025-12-15 13:29:11 +01:00
Elias F.
aa9b3359b1 Basic message implementation 2025-12-15 11:08:23 +01:00
Elias F.
2b6d4c49f5 feat(groups): user_groups lookup, admin assignment UI, public directory with DataTables 2025-12-10 10:01:07 +01:00
Elias F.
9094b58b6d Reroute getConnection() function in NoteModel.php to getConnectionWithMySQLI 2025-12-10 09:36:57 +01:00
Elias F.
1a30c45d62 Fixed admin panel user registration. 
Now including start.sh to start a php server using the router.php so no webserver is needed.
 2025-12-03 08:10:38 +01:00
Elias F.
3a99bd6683 Move user registration to the backend and remove mail veification and captures. 2025-11-26 09:49:48 +01:00
Elias F.
60bd4ae03d Fix running huge via php shell 2025-11-26 09:29:35 +01:00
31 changed files with 1264 additions and 272 deletions
Expand all files Collapse all files

12
.gitignore vendored
View File

@@ -6,3 +6,15 @@
./.idea ./.idea
./.idea/* ./.idea/*
./.crush
/AGENTS.md
/composer.lock
/.idea/copilot.data.migration.agent.xml
/.idea/copilot.data.migration.ask.xml
/.idea/copilot.data.migration.ask2agent.xml
/.idea/copilot.data.migration.edit.xml
/.idea/php.xml
/.idea/phpunit.xml
/PROFILES_README.md
/.idea/vcs.xml
/.idea/workspace.xml

20
application/_installation/04-create-table-messages.sql Normal file
View File

@@ -0,0 +1,20 @@
CREATE TABLE IF NOT EXISTS `messages` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`sender_id` int(11) NOT NULL,
`receiver_id` int(11) DEFAULT NULL,
`group_type` enum('admins','moderators','all_users') DEFAULT NULL,
`subject` varchar(255) NOT NULL,
`message` text NOT NULL,
`is_read` tinyint(1) NOT NULL DEFAULT 0,
`created_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
`updated_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `sender_id` (`sender_id`),
KEY `receiver_id` (`receiver_id`),
KEY `is_read` (`is_read`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-- Foreign key constraints
ALTER TABLE `messages`
ADD CONSTRAINT `messages_ibfk_1` FOREIGN KEY (`sender_id`) REFERENCES `users` (`user_id`) ON DELETE CASCADE,
ADD CONSTRAINT `messages_ibfk_2` FOREIGN KEY (`receiver_id`) REFERENCES `users` (`user_id`) ON DELETE CASCADE;

15
application/_installation/04-create-table-user-groups.sql Normal file
View File

@@ -0,0 +1,15 @@
CREATE TABLE IF NOT EXISTS `huge`.`user_groups` (
`group_id` TINYINT(1) NOT NULL COMMENT 'numeric user group id, matches users.user_account_type',
`group_name` VARCHAR(64) COLLATE utf8_unicode_ci NOT NULL COMMENT 'human readable group name',
PRIMARY KEY (`group_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci COMMENT='user groups lookup';
INSERT INTO `huge`.`user_groups` (`group_id`, `group_name`) VALUES
(1, 'Gast'),
(2, 'Benutzer'),
(3, 'Gruppe 3'),
(4, 'Gruppe 4'),
(5, 'Gruppe 5'),
(6, 'Gruppe 6'),
(7, 'Admin')
ON DUPLICATE KEY UPDATE `group_name` = VALUES(`group_name`);

2
application/config/texts.php
View File

@@ -38,7 +38,7 @@ return array(
"FEEDBACK_PASSWORD_REPEAT_WRONG" => "Password and password repeat are not the same.", "FEEDBACK_PASSWORD_REPEAT_WRONG" => "Password and password repeat are not the same.",
"FEEDBACK_PASSWORD_TOO_SHORT" => "Password has a minimum length of 6 characters.", "FEEDBACK_PASSWORD_TOO_SHORT" => "Password has a minimum length of 6 characters.",
"FEEDBACK_USERNAME_TOO_SHORT_OR_TOO_LONG" => "Username cannot be shorter than 2 or longer than 64 characters.", "FEEDBACK_USERNAME_TOO_SHORT_OR_TOO_LONG" => "Username cannot be shorter than 2 or longer than 64 characters.",
"FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED" => "Your account has been created successfully and we have sent you an email. Please click the VERIFICATION LINK within that mail.", "FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED" => "The account has been created successfully.",
"FEEDBACK_VERIFICATION_MAIL_SENDING_FAILED" => "Sorry, we could not send you an verification mail. Your account has NOT been created.", "FEEDBACK_VERIFICATION_MAIL_SENDING_FAILED" => "Sorry, we could not send you an verification mail. Your account has NOT been created.",
"FEEDBACK_ACCOUNT_CREATION_FAILED" => "Sorry, your registration failed. Please go back and try again.", "FEEDBACK_ACCOUNT_CREATION_FAILED" => "Sorry, your registration failed. Please go back and try again.",
"FEEDBACK_VERIFICATION_MAIL_SENDING_ERROR" => "Verification mail could not be sent due to: ", "FEEDBACK_VERIFICATION_MAIL_SENDING_ERROR" => "Verification mail could not be sent due to: ",

10
application/controller/AdminController.php
View File

@@ -20,7 +20,9 @@ class AdminController extends Controller
public function index() public function index()
{ {
$this->View->render('admin/index', array( $this->View->render('admin/index', array(
'users' => UserModel::getPublicProfilesOfAllUsers()) 'users' => UserModel::getPublicProfilesOfAllUsers(),
'groups' => GroupModel::getAllGroups()
)
); );
} }
@@ -32,4 +34,10 @@ class AdminController extends Controller
Redirect::to("admin"); Redirect::to("admin");
} }
public function changeUserGroup()
{
GroupModel::setUserGroup(Request::post('user_id'), Request::post('group_id'));
Redirect::to("admin");
}
} }

16
application/controller/DirectoryController.php Normal file
View File

@@ -0,0 +1,16 @@
<?php
class DirectoryController extends Controller
{
public function __construct()
{
parent::__construct();
}
public function index()
{
$this->View->render('directory/index', [
'users' => UserModel::getUsersWithGroups()
]);
}
}

212
application/controller/MessageController.php Normal file
View File

@@ -0,0 +1,212 @@
<?php
class MessageController extends Controller
{
public function __construct()
{
parent::__construct();
// Require login for all message features
Auth::checkAuthentication();
}
/**
* Send a message to a specific user via URL parameters
* URL format: message/send/{receiver_id}/{subject}/{message}
*/
public function send()
{
// Handle POST request
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$receiver_id = isset($_POST['receiver_id']) ? $_POST['receiver_id'] : null;
$subject = isset($_POST['subject']) ? $_POST['subject'] : 'No Subject';
$message = isset($_POST['message']) ? $_POST['message'] : null;
if (!$receiver_id || !$message) {
Session::add('feedback_negative', 'Receiver and message are required');
Redirect::to('message');
return;
}
// Send the message
$sender_id = Session::get('user_id');
$success = MessageModel::sendToUser($sender_id, $receiver_id, $subject, $message);
if ($success) {
Session::add('feedback_positive', 'Message sent successfully');
} else {
Session::add('feedback_negative', 'Failed to send message');
}
// If coming from conversation view, return there
if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'conversation') !== false) {
Redirect::to('message/conversation/' . $receiver_id);
} else {
Redirect::to('message');
}
return;
}
// Handle GET request
$url_parts = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
$receiver_id = isset($url_parts[2]) ? $url_parts[2] : null;
$subject = isset($url_parts[3]) ? urldecode($url_parts[3]) : null;
$message = isset($url_parts[4]) ? urldecode($url_parts[4]) : null;
if (!$receiver_id || !$subject || !$message) {
header('Content-Type: application/json');
echo json_encode(['success' => false, 'message' => 'Missing parameters. Use: message/send/{receiver_id}/{subject}/{message}']);
return;
}
// Verify receiver exists
$receiver = UserModel::getPublicProfileOfUser($receiver_id);
if (!$receiver) {
header('Content-Type: application/json');
echo json_encode(['success' => false, 'message' => 'Receiver not found']);
return;
}
// Send the message
$sender_id = Session::get('user_id');
$success = MessageModel::sendToUser($sender_id, $receiver_id, $subject, $message);
header('Content-Type: application/json');
if ($success) {
echo json_encode(['success' => true, 'message' => 'Message sent successfully']);
} else {
echo json_encode(['success' => false, 'message' => 'Failed to send message']);
}
}
/**
* Send a message to a group via URL parameters
* URL format: message/sendgroup/{group_type}/{subject}/{message}
* group_type can be: admins, moderators, all_users
*/
public function sendgroup()
{
// Handle POST request
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$group_type = isset($_POST['group_type']) ? $_POST['group_type'] : null;
$subject = isset($_POST['subject']) ? $_POST['subject'] : 'No Subject';
$message = isset($_POST['message']) ? $_POST['message'] : null;
if (!$group_type || !$message) {
Session::add('feedback_negative', 'Group type and message are required');
Redirect::to('message');
return;
}
// Validate group type
if (!in_array($group_type, ['admins', 'moderators', 'all_users'])) {
Session::add('feedback_negative', 'Invalid group type');
Redirect::to('message');
return;
}
// Send the message
$sender_id = Session::get('user_id');
$success = MessageModel::sendToGroup($sender_id, $group_type, $subject, $message);
if ($success) {
Session::add('feedback_positive', 'Message sent to group successfully');
} else {
Session::add('feedback_negative', 'Failed to send message to group');
}
Redirect::to('message');
return;
}
// Handle GET request
$url_parts = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
$group_type = isset($url_parts[2]) ? $url_parts[2] : null;
$subject = isset($url_parts[3]) ? urldecode($url_parts[3]) : null;
$message = isset($url_parts[4]) ? urldecode($url_parts[4]) : null;
if (!$group_type || !$subject || !$message) {
header('Content-Type: application/json');
echo json_encode(['success' => false, 'message' => 'Missing parameters. Use: message/sendgroup/{group_type}/{subject}/{message}']);
return;
}
// Validate group type
if (!in_array($group_type, ['admins', 'moderators', 'all_users'])) {
header('Content-Type: application/json');
echo json_encode(['success' => false, 'message' => 'Invalid group type. Must be: admins, moderators, or all_users']);
return;
}
// Send the message
$sender_id = Session::get('user_id');
$success = MessageModel::sendToGroup($sender_id, $group_type, $subject, $message);
header('Content-Type: application/json');
if ($success) {
echo json_encode(['success' => true, 'message' => 'Message sent to group successfully']);
} else {
echo json_encode(['success' => false, 'message' => 'Failed to send message to group']);
}
}
/**
* Show the messenger interface
*/
public function index()
{
$user_id = Session::get('user_id');
// Get conversations and unread count
$conversations = MessageModel::getConversations($user_id);
$unread_count = MessageModel::getUnreadCount($user_id);
$this->View->render('message/index', array(
'conversations' => $conversations,
'unread_count' => $unread_count,
'all_users' => MessageModel::getAllUsers($user_id)
));
}
/**
* Show conversation with a specific user
*/
public function conversation()
{
$user_id = Session::get('user_id');
$url_parts = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
$other_user_id = isset($url_parts[2]) ? $url_parts[2] : null;
if (!$other_user_id) {
Redirect::to('message');
return;
}
// Get user info for the other person
$other_user = UserModel::getPublicProfileOfUser($other_user_id);
if (!$other_user) {
Redirect::to('message');
return;
}
// Get messages
$messages = MessageModel::getMessagesWithUser($user_id, $other_user_id);
$this->View->render('message/conversation', array(
'messages' => $messages,
'other_user' => $other_user
));
}
/**
* Get unread count as JSON
*/
public function unreadcount()
{
$user_id = Session::get('user_id');
$unread_count = MessageModel::getUnreadCount($user_id);
header('Content-Type: application/json');
echo json_encode(['unread_count' => $unread_count]);
}
}

10
application/controller/ProfileController.php
View File

@@ -16,8 +16,16 @@ class ProfileController extends Controller
*/ */
public function index() public function index()
{ {
$all_users = UserModel::getPublicProfilesOfAllUsers();
// Remove current user from the list
$current_user_id = Session::get('user_id');
if ($current_user_id && isset($all_users[$current_user_id])) {
unset($all_users[$current_user_id]);
}
$this->View->render('profile/index', array( $this->View->render('profile/index', array(
'users' => UserModel::getPublicProfilesOfAllUsers()) 'users' => $all_users)
); );
} }

26
application/controller/RegisterController.php
View File

@@ -22,12 +22,10 @@ class RegisterController extends Controller
*/ */
public function index() public function index()
{ {
if (LoginModel::isUserLoggedIn()) { // only admins can access registration; reuse existing admin auth check
Redirect::home(); Auth::checkAdminAuthentication();
} else {
$this->View->render('register/index'); $this->View->render('register/index');
} }
}
/** /**
* Register page action * Register page action
@@ -35,13 +33,12 @@ class RegisterController extends Controller
*/ */
public function register_action() public function register_action()
{ {
$registration_successful = RegistrationModel::registerNewUser(); // enforce admin-only for registration
Auth::checkAdminAuthentication();
if ($registration_successful) { RegistrationModel::registerNewUser();
Redirect::to('login/index');
} else { Redirect::to('admin/index');
Redirect::to('register/index');
}
} }
/** /**
@@ -62,13 +59,12 @@ class RegisterController extends Controller
/** /**
* Generate a captcha, write the characters into $_SESSION['captcha'] and returns a real image which will be used * Generate a captcha, write the characters into $_SESSION['captcha'] and returns a real image which will be used
* like this: <img src="......./login/showCaptcha" /> * like this: <img src="......./login/showCaptcha" />
* IMPORTANT: As this action is called via <img ...> AFTER the real application has finished executing (!), the *
* SESSION["captcha"] has no content when the application is loaded. The SESSION["captcha"] gets filled at the * This method is now deprecated as Captcha is no longer used in the registration process.
* moment the end-user requests the <img .. >
* Maybe refactor this sometime.
*/ */
public function showCaptcha() public function showCaptcha()
{ {
CaptchaModel::generateAndShowCaptcha(); // Captcha no longer used
Redirect::to('register/index');
} }
} }

5
application/core/Application.php
View File

@@ -19,10 +19,13 @@ class Application
private $action_name; private $action_name;
/** /**
* Start the application, analyze URL elements, call according controller/method or relocate to fallback location * Construct
*/ */
public function __construct() public function __construct()
{ {
// Reset header render flag
View::resetHeaderRendered();
// create array with URL parts in $url // create array with URL parts in $url
$this->splitUrl(); $this->splitUrl();

3
application/core/Config.php
View File

@@ -2,14 +2,13 @@
class Config class Config
{ {
// this is public to allow better Unit Testing
public static $config; public static $config;
public static function get($key) public static function get($key)
{ {
if (!self::$config) { if (!self::$config) {
$config_file = '../application/config/config.' . Environment::get() . '.php'; $config_file = __DIR__ . '/../config/config.' . Environment::get() . '.php';
if (!file_exists($config_file)) { if (!file_exists($config_file)) {
return false; return false;

36
application/core/DatabaseFactory.php
View File

@@ -32,7 +32,36 @@ class DatabaseFactory
return self::$factory; return self::$factory;
} }
public function getConnection() { public function getConnectionWithMySQLI()
{
if (!$this->database) {
// Throw exceptions and prevent also throwing credentials.
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
try {
$host = Config::get('DB_HOST');
$user = Config::get('DB_USER');
$pass = Config::get('DB_PASS');
$name = Config::get('DB_NAME');
$port = (int) Config::get('DB_PORT');
$charset = Config::get('DB_CHARSET') ? Config::get('DB_CHARSET') : 'utf8mb4';
$this->database = new mysqli($host, $user, $pass, $name, $port);
// Set charset (important for security + correct encoding)
$this->database->set_charset($charset);
} catch (mysqli_sql_exception $e) {
echo 'Database connection can not be estabilished. Please try again later.' . '<br>';
echo 'Error code: ' . $e->getCode();
exit;
}
}
return $this->database;
}
public function getConnection()
{
if (!$this->database) { if (!$this->database) {
/** /**
@@ -46,7 +75,9 @@ class DatabaseFactory
$this->database = new PDO( $this->database = new PDO(
Config::get('DB_TYPE') . ':host=' . Config::get('DB_HOST') . ';dbname=' . Config::get('DB_TYPE') . ':host=' . Config::get('DB_HOST') . ';dbname=' .
Config::get('DB_NAME') . ';port=' . Config::get('DB_PORT') . ';charset=' . Config::get('DB_CHARSET'), Config::get('DB_NAME') . ';port=' . Config::get('DB_PORT') . ';charset=' . Config::get('DB_CHARSET'),
Config::get('DB_USER'), Config::get('DB_PASS'), $options Config::get('DB_USER'),
Config::get('DB_PASS'),
$options
); );
} catch (PDOException $e) { } catch (PDOException $e) {
@@ -59,6 +90,7 @@ class DatabaseFactory
exit; exit;
} }
} }
return $this->database; return $this->database;
} }
} }

21
application/core/Text.php
View File

@@ -2,29 +2,16 @@
class Text class Text
{ {
private static $texts; public static $texts;
public static function get($key, $data = null) public static function get($key)
{ {
// if not $key
if (!$key) {
return null;
}
if ($data) {
foreach ($data as $var => $value) {
${$var} = $value;
}
}
// load config file (this is only done once per application lifecycle)
if (!self::$texts) { if (!self::$texts) {
self::$texts = require('../application/config/texts.php'); self::$texts = require(__DIR__ . '/../config/texts.php');
} }
// check if array key exists
if (!array_key_exists($key, self::$texts)) { if (!array_key_exists($key, self::$texts)) {
return null; return "TEXT NOT FOUND";
} }
return self::$texts[$key]; return self::$texts[$key];

23
application/core/View.php
View File

@@ -17,6 +17,11 @@ class View
public $avatar_file_path; public $avatar_file_path;
public $user_account_type; public $user_account_type;
/**
* Static property to track if header has been rendered
*/
private static $header_rendered = false;
/** /**
* simply includes (=shows) the view. this is done from the controller. In the controller, you usually say * simply includes (=shows) the view. this is done from the controller. In the controller, you usually say
* $this->view->render('help/index'); to show (in this example) the view index.php in the folder help. * $this->view->render('help/index'); to show (in this example) the view index.php in the folder help.
@@ -32,9 +37,15 @@ class View
} }
} }
if (!self::$header_rendered) {
self::$header_rendered = true;
require Config::get('PATH_VIEW') . '_templates/header.php'; require Config::get('PATH_VIEW') . '_templates/header.php';
require Config::get('PATH_VIEW') . $filename . '.php'; require Config::get('PATH_VIEW') . $filename . '.php';
require Config::get('PATH_VIEW') . '_templates/footer.php'; require Config::get('PATH_VIEW') . '_templates/footer.php';
} else {
require Config::get('PATH_VIEW') . $filename . '.php';
}
} }
/** /**
@@ -51,6 +62,9 @@ class View
return false; return false;
} }
if (!self::$header_rendered) {
self::$header_rendered = true;
if ($data) { if ($data) {
foreach ($data as $key => $value) { foreach ($data as $key => $value) {
$this->{$key} = $value; $this->{$key} = $value;
@@ -58,6 +72,7 @@ class View
} }
require Config::get('PATH_VIEW') . '_templates/header.php'; require Config::get('PATH_VIEW') . '_templates/header.php';
}
foreach($filenames as $filename) { foreach($filenames as $filename) {
require Config::get('PATH_VIEW') . $filename . '.php'; require Config::get('PATH_VIEW') . $filename . '.php';
@@ -92,6 +107,14 @@ class View
echo json_encode($data); echo json_encode($data);
} }
/**
* Reset header render flag at start of request
*/
public static function resetHeaderRendered()
{
self::$header_rendered = false;
}
/** /**
* renders the feedback messages into the view * renders the feedback messages into the view
*/ */

54
application/model/GroupModel.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
class GroupModel
{
public static function getAllGroups()
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT group_id, group_name FROM user_groups ORDER BY group_id";
$query = $database->prepare($sql);
$query->execute();
return $query->fetchAll();
}
public static function getGroupNameById($group_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT group_name FROM user_groups WHERE group_id = :gid LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':gid' => $group_id));
$row = $query->fetch();
return $row ? $row->group_name : null;
}
public static function setUserGroup($userId, $groupId)
{
if (!is_numeric($userId) || !is_numeric($groupId)) {
return false;
}
// Do not allow changing own group via admin UI to prevent lockout
if ((int)$userId === (int)Session::get('user_id')) {
Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_CANT_DELETE_SUSPEND_OWN'));
return false;
}
// Only allow groups that exist in lookup
$database = DatabaseFactory::getFactory()->getConnection();
$check = $database->prepare("SELECT 1 FROM user_groups WHERE group_id = :gid LIMIT 1");
$check->execute([':gid' => $groupId]);
if ($check->rowCount() !== 1) {
return false;
}
$query = $database->prepare("UPDATE users SET user_account_type = :gid WHERE user_id = :uid LIMIT 1");
$query->execute([':gid' => $groupId, ':uid' => $userId]);
if ($query->rowCount() === 1) {
Session::add('feedback_positive', 'Benutzergruppe aktualisiert.');
return true;
}
return false;
}
}

186
application/model/MessageModel.php Normal file
View File

@@ -0,0 +1,186 @@
<?php
class MessageModel
{
public static function sendMessage($sender_id, $receiver_id, $group_type, $subject, $message)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "INSERT INTO messages (sender_id, receiver_id, group_type, subject, message)
VALUES (:sender_id, :receiver_id, :group_type, :subject, :message)";
$query = $database->prepare($sql);
return $query->execute(array(
':sender_id' => $sender_id,
':receiver_id' => $receiver_id,
':group_type' => $group_type,
':subject' => $subject,
':message' => $message
));
}
public static function sendToUser($sender_id, $receiver_id, $subject, $message)
{
return self::sendMessage($sender_id, $receiver_id, null, $subject, $message);
}
public static function sendToGroup($sender_id, $group_type, $subject, $message)
{
return self::sendMessage($sender_id, null, $group_type, $subject, $message);
}
public static function getUnreadCount($user_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT COUNT(*) as count FROM messages
WHERE receiver_id = :user_id AND is_read = 0";
$query = $database->prepare($sql);
$query->execute(array(':user_id' => $user_id));
$result = $query->fetch();
return $result->count;
}
public static function getUnreadCountForUser($user_id, $sender_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT COUNT(*) as count FROM messages
WHERE receiver_id = :user_id AND sender_id = :sender_id AND is_read = 0";
$query = $database->prepare($sql);
$query->execute(array(
':user_id' => $user_id,
':sender_id' => $sender_id
));
$result = $query->fetch();
return $result->count;
}
public static function getConversations($user_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT DISTINCT
CASE
WHEN sender_id = :user_id THEN receiver_id
ELSE sender_id
END as other_user_id,
u.user_name,
u.user_email,
MAX(m.created_at) as last_message_time,
(SELECT COUNT(*) FROM messages m2
WHERE ((m2.sender_id = :user_id AND m2.receiver_id = other_user_id) OR
(m2.receiver_id = :user_id AND m2.sender_id = other_user_id))
AND m2.is_read = 0 AND m2.receiver_id = :user_id) as unread_count
FROM messages m
JOIN users u ON (CASE
WHEN sender_id = :user_id THEN receiver_id
ELSE sender_id
END) = u.user_id
WHERE (sender_id = :user_id OR receiver_id = :user_id)
AND receiver_id IS NOT NULL
GROUP BY other_user_id
ORDER BY last_message_time DESC";
$query = $database->prepare($sql);
$query->execute(array(':user_id' => $user_id));
return $query->fetchAll();
}
public static function getMessagesWithUser($user_id, $other_user_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT m.*, u_sender.user_name as sender_name,
CASE
WHEN m.sender_id = :user_id THEN 'sent'
ELSE 'received'
END as message_type
FROM messages m
JOIN users u_sender ON m.sender_id = u_sender.user_id
WHERE ((m.sender_id = :user_id AND m.receiver_id = :other_user_id) OR
(m.receiver_id = :user_id AND m.sender_id = :other_user_id))
AND m.group_type IS NULL
ORDER BY m.created_at ASC";
$query = $database->prepare($sql);
$query->execute(array(
':user_id' => $user_id,
':other_user_id' => $other_user_id
));
$messages = $query->fetchAll();
// Mark received messages as read
self::markAsRead($user_id, $other_user_id);
return $messages;
}
public static function markAsRead($user_id, $sender_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "UPDATE messages SET is_read = 1
WHERE receiver_id = :user_id AND sender_id = :sender_id AND is_read = 0";
$query = $database->prepare($sql);
return $query->execute(array(
':user_id' => $user_id,
':sender_id' => $sender_id
));
}
public static function getGroupMessages($user_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
// Check user role to determine which group messages they should receive
$user_role = UserModel::getUserRole($user_id);
$where_conditions = [];
$params = [':user_id' => $user_id];
// All users receive all_users messages
$where_conditions[] = "group_type = 'all_users'";
// Admins receive admin messages
if ($user_role === 'admin') {
$where_conditions[] = "group_type = 'admins'";
}
// Moderators receive moderator messages (and admin messages if not already covered)
if ($user_role === 'moderator' || $user_role === 'admin') {
$where_conditions[] = "group_type = 'moderators'";
}
if (empty($where_conditions)) {
return []; // User has no role that qualifies for group messages
}
$where_clause = "(" . implode(" OR ", $where_conditions) . ")";
$sql = "SELECT m.*, u.user_name as sender_name
FROM messages m
JOIN users u ON m.sender_id = u.user_id
WHERE $where_clause AND m.receiver_id IS NULL
ORDER BY m.created_at DESC";
$query = $database->prepare($sql);
$query->execute($params);
return $query->fetchAll();
}
public static function getAllUsers($current_user_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT user_id, user_name, user_email
FROM users
WHERE user_id != :current_user_id
ORDER BY user_name ASC";
$query = $database->prepare($sql);
$query->execute(array(':current_user_id' => $current_user_id));
return $query->fetchAll();
}
}

5
application/model/NoteModel.php
View File

@@ -29,14 +29,13 @@ class NoteModel
*/ */
public static function getNote($note_id) public static function getNote($note_id)
{ {
$database = DatabaseFactory::getFactory()->getConnection(); $database = DatabaseFactory::getFactory()->getConnectionWithMySQLI();
$sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id AND note_id = :note_id LIMIT 1"; $sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id AND note_id = :note_id LIMIT 1";
$query = $database->prepare($sql); $query = $database->prepare($sql);
$query->execute(array(':user_id' => Session::get('user_id'), ':note_id' => $note_id)); $query->execute(array(':user_id' => Session::get('user_id'), ':note_id' => $note_id));
// fetch() is the PDO method that gets a single result return $query;
return $query->fetch();
} }
/** /**

90
application/model/RegistrationModel.php
View File

@@ -13,101 +13,68 @@ class RegistrationModel
* *
* @return boolean Gives back the success status of the registration * @return boolean Gives back the success status of the registration
*/ */
public static function registerNewUser() public static function registerNewUser($isAdmin = false)
{ {
// clean the input // clean the input
$user_name = strip_tags(Request::post('user_name')); $user_name = strip_tags(Request::post('user_name'));
$user_email = strip_tags(Request::post('user_email')); $user_email = strip_tags(Request::post('user_email'));
$user_email_repeat = strip_tags(Request::post('user_email_repeat')); // Use 'user_password' if provided (admin registration), otherwise 'user_password_new'
$user_password_new = Request::post('user_password_new'); $user_password_new = $isAdmin ? Request::post('user_password_new') : Request::post('user_password_new');
$user_password_repeat = Request::post('user_password_repeat'); $user_password_repeat = $user_password_new; // no repeat field
// stop registration flow if registrationInputValidation() returns false (= anything breaks the input check rules) // validate using existing validators and messages
$validation_result = self::registrationInputValidation(Request::post('captcha'), $user_name, $user_password_new, $user_password_repeat, $user_email, $user_email_repeat); $valid = true;
if (!$validation_result) { if (!self::validateUserName($user_name)) { $valid = false; }
return false; if (!self::validateUserEmail($user_email, $user_email)) { $valid = false; }
} if (!self::validateUserPassword($user_password_new, $user_password_repeat)) { $valid = false; }
if (!$valid) { return false; }
// crypt the password with the PHP 5.5's password_hash() function, results in a 60 character hash string. // hash the password
// @see php.net/manual/en/function.password-hash.php for more, especially for potential options
$user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT); $user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT);
// make return a bool variable, so both errors can come up at once if needed
$return = true; $return = true;
// check if username already exists
if (UserModel::doesUsernameAlreadyExist($user_name)) { if (UserModel::doesUsernameAlreadyExist($user_name)) {
Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_ALREADY_TAKEN')); Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_ALREADY_TAKEN'));
$return = false; $return = false;
} }
// check if email already exists
if (UserModel::doesEmailAlreadyExist($user_email)) { if (UserModel::doesEmailAlreadyExist($user_email)) {
Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN')); Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
$return = false; $return = false;
} }
// if Username or Email were false, return false
if (!$return) return false; if (!$return) return false;
// generate random hash for email verification (40 bytes) // directly activate user: set empty activation hash
$user_activation_hash = bin2hex(random_bytes(40)); $user_activation_hash = null;
// write user data to database // write user data to database
if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, time(), $user_activation_hash)) { if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, time(), $user_activation_hash)) {
Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED')); Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED'));
return false; // no reason not to return false here
}
// get user_id of the user that has been created, to keep things clean we DON'T use lastInsertId() here
$user_id = UserModel::getUserIdByUsername($user_name);
if (!$user_id) {
Session::add('feedback_negative', Text::get('FEEDBACK_UNKNOWN_ERROR'));
return false; return false;
} }
// send verification email
if (self::sendVerificationEmail($user_id, $user_email, $user_activation_hash)) {
Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED')); Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED'));
return true; return true;
} }
// if verification email sending failed: instantly delete the user
self::rollbackRegistrationByUserId($user_id);
Session::add('feedback_negative', Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_FAILED'));
return false;
}
/** /**
* Validates the registration input * Validates the registration input
* *
* @param $captcha
* @param $user_name * @param $user_name
* @param $user_password_new * @param $user_password_new
* @param $user_password_repeat
* @param $user_email * @param $user_email
* @param $user_email_repeat
* *
* @return bool * @return bool
*/ */
public static function registrationInputValidation($captcha, $user_name, $user_password_new, $user_password_repeat, $user_email, $user_email_repeat) public static function registrationInputValidation($user_name, $user_password_new, $user_email)
{ {
$return = true; $return = true;
// perform all necessary checks if (empty($user_name) || empty($user_password_new) || empty($user_email)) {
if (!CaptchaModel::checkCaptcha($captcha)) { Session::add('feedback_negative', Text::get('FEEDBACK_FIELDS_EMPTY'));
Session::add('feedback_negative', Text::get('FEEDBACK_CAPTCHA_WRONG'));
$return = false; $return = false;
} }
// if username, email and password are all correctly validated, but make sure they all run on first sumbit return $return;
if (self::validateUserName($user_name) AND self::validateUserEmail($user_email, $user_email_repeat) AND self::validateUserPassword($user_password_new, $user_password_repeat) AND $return) {
return true;
}
// otherwise, return false
return false;
} }
/** /**
@@ -181,11 +148,7 @@ class RegistrationModel
return false; return false;
} }
if (strlen($user_password_new) < 6) { // no minimum length restriction
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
return false;
}
return true; return true;
} }
@@ -204,16 +167,23 @@ class RegistrationModel
{ {
$database = DatabaseFactory::getFactory()->getConnection(); $database = DatabaseFactory::getFactory()->getConnection();
// write new users data into database // write new users data into database; set user_active=1 and user_activation_hash to provided value (can be null)
$sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp, user_activation_hash, user_provider_type) $sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp, user_activation_hash, user_provider_type, user_active)
VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp, :user_activation_hash, :user_provider_type)"; VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp, :user_activation_hash, :user_provider_type, 1)";
$query = $database->prepare($sql); $query = $database->prepare($sql);
$query->execute(array(':user_name' => $user_name, try {
$query->execute(array(
':user_name' => $user_name,
':user_password_hash' => $user_password_hash, ':user_password_hash' => $user_password_hash,
':user_email' => $user_email, ':user_email' => $user_email,
':user_creation_timestamp' => $user_creation_timestamp, ':user_creation_timestamp' => $user_creation_timestamp,
':user_activation_hash' => $user_activation_hash, ':user_activation_hash' => $user_activation_hash,
':user_provider_type' => 'DEFAULT')); ':user_provider_type' => 'DEFAULT'
));
} catch (PDOException $e) {
// only one feedback message on failure
return false;
}
$count = $query->rowCount(); $count = $query->rowCount();
if ($count == 1) { if ($count == 1) {
return true; return true;

64
application/model/UserModel.php
View File

@@ -19,7 +19,7 @@ class UserModel
{ {
$database = DatabaseFactory::getFactory()->getConnection(); $database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT user_id, user_name, user_email, user_active, user_has_avatar, user_deleted FROM users"; $sql = "SELECT user_id, user_name, user_email, user_active, user_has_avatar, user_deleted, user_account_type FROM users";
$query = $database->prepare($sql); $query = $database->prepare($sql);
$query->execute(); $query->execute();
@@ -39,11 +39,46 @@ class UserModel
$all_users_profiles[$user->user_id]->user_active = $user->user_active; $all_users_profiles[$user->user_id]->user_active = $user->user_active;
$all_users_profiles[$user->user_id]->user_deleted = $user->user_deleted; $all_users_profiles[$user->user_id]->user_deleted = $user->user_deleted;
$all_users_profiles[$user->user_id]->user_avatar_link = (Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : AvatarModel::getPublicAvatarFilePathOfUser($user->user_has_avatar, $user->user_id)); $all_users_profiles[$user->user_id]->user_avatar_link = (Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : AvatarModel::getPublicAvatarFilePathOfUser($user->user_has_avatar, $user->user_id));
$all_users_profiles[$user->user_id]->user_account_type = $user->user_account_type;
} }
return $all_users_profiles; return $all_users_profiles;
} }
/**
* Gets list of users including their group name via user_groups lookup.
* @return array
*/
public static function getUsersWithGroups()
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT u.user_id, u.user_name, u.user_email, u.user_active, u.user_has_avatar, u.user_deleted, u.user_account_type,
g.group_name
FROM users u
LEFT JOIN user_groups g ON g.group_id = u.user_account_type";
$query = $database->prepare($sql);
$query->execute();
$result = [];
foreach ($query->fetchAll() as $user) {
array_walk_recursive($user, 'Filter::XSSFilter');
$obj = new stdClass();
$obj->user_id = $user->user_id;
$obj->user_name = $user->user_name;
$obj->user_email = $user->user_email;
$obj->user_active = $user->user_active;
$obj->user_deleted = $user->user_deleted;
$obj->user_account_type = $user->user_account_type;
$obj->group_name = $user->group_name;
$obj->user_avatar_link = (Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : AvatarModel::getPublicAvatarFilePathOfUser($user->user_has_avatar, $user->user_id));
$result[] = $obj;
}
return $result;
}
/** /**
* Gets a user's profile data, according to the given $user_id * Gets a user's profile data, according to the given $user_id
* @param int $user_id The user's id * @param int $user_id The user's id
@@ -340,4 +375,31 @@ class UserModel
// return one row (we only have one result or nothing) // return one row (we only have one result or nothing)
return $query->fetch(); return $query->fetch();
} }
/**
* Gets the user role type based on account type
*
* @param $user_id int user id
*
* @return string The user role (admin, moderator, user)
*/
public static function getUserRole($user_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT user_account_type FROM users WHERE user_id = :user_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':user_id' => $user_id));
$result = $query->fetch();
// Map account type to role
switch ($result->user_account_type) {
case 7: // admin
return 'admin';
case 2: // moderator (example value, adjust according to your system)
return 'moderator';
default:
return 'user';
}
}
} }

17
application/view/_templates/header.php
View File

@@ -24,6 +24,9 @@
<li <?php if (View::checkForActiveController($filename, "profile")) { echo ' class="active" '; } ?> > <li <?php if (View::checkForActiveController($filename, "profile")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>profile/index">Profiles</a> <a href="<?php echo Config::get('URL'); ?>profile/index">Profiles</a>
</li> </li>
<li <?php if (View::checkForActiveController($filename, "directory")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>directory/index">Benutzer</a>
</li>
<?php if (Session::userIsLoggedIn()) { ?> <?php if (Session::userIsLoggedIn()) { ?>
<li <?php if (View::checkForActiveController($filename, "dashboard")) { echo ' class="active" '; } ?> > <li <?php if (View::checkForActiveController($filename, "dashboard")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>dashboard/index">Dashboard</a> <a href="<?php echo Config::get('URL'); ?>dashboard/index">Dashboard</a>
@@ -31,14 +34,22 @@
<li <?php if (View::checkForActiveController($filename, "note")) { echo ' class="active" '; } ?> > <li <?php if (View::checkForActiveController($filename, "note")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>note/index">My Notes</a> <a href="<?php echo Config::get('URL'); ?>note/index">My Notes</a>
</li> </li>
<li <?php if (View::checkForActiveController($filename, "message")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>message/index">Messages</a>
<?php if (Session::userIsLoggedIn()) {
// Get unread message count
$user_id = Session::get('user_id');
$unread_count = MessageModel::getUnreadCount($user_id);
if ($unread_count > 0) {
echo '<span class="message-badge">' . $unread_count . '</span>';
}
} ?>
</li>
<?php } else { ?> <?php } else { ?>
<!-- for not logged in users --> <!-- for not logged in users -->
<li <?php if (View::checkForActiveControllerAndAction($filename, "login/index")) { echo ' class="active" '; } ?> > <li <?php if (View::checkForActiveControllerAndAction($filename, "login/index")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>login/index">Login</a> <a href="<?php echo Config::get('URL'); ?>login/index">Login</a>
</li> </li>
<li <?php if (View::checkForActiveControllerAndAction($filename, "register/index")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>register/index">Register</a>
</li>
<?php } ?> <?php } ?>
</ul> </ul>

24
application/view/admin/index.php
View File

@@ -22,6 +22,7 @@
<td>User's email</td> <td>User's email</td>
<td>Activated ?</td> <td>Activated ?</td>
<td>Link to user's profile</td> <td>Link to user's profile</td>
<td>Group</td>
<td>suspension Time in days</td> <td>suspension Time in days</td>
<td>Soft delete</td> <td>Soft delete</td>
<td>Submit</td> <td>Submit</td>
@@ -41,6 +42,19 @@
<td> <td>
<a href="<?= Config::get('URL') . 'profile/showProfile/' . $user->user_id; ?>">Profile</a> <a href="<?= Config::get('URL') . 'profile/showProfile/' . $user->user_id; ?>">Profile</a>
</td> </td>
<td>
<form action="<?= Config::get('URL'); ?>admin/changeUserGroup" method="post">
<input type="hidden" name="user_id" value="<?= $user->user_id; ?>" />
<select name="group_id">
<?php foreach ($this->groups as $group) { ?>
<option value="<?= $group->group_id; ?>" <?= (isset($user->user_account_type) && (int)$user->user_account_type === (int)$group->group_id ? 'selected' : '') ?>>
<?= (int)$group->group_id; ?> - <?= htmlspecialchars($group->group_name, ENT_QUOTES, 'UTF-8'); ?>
</option>
<?php } ?>
</select>
<input type="submit" value="Save" />
</form>
</td>
<form action="<?= config::get("URL"); ?>admin/actionAccountSettings" method="post"> <form action="<?= config::get("URL"); ?>admin/actionAccountSettings" method="post">
<td><input type="number" name="suspension" /></td> <td><input type="number" name="suspension" /></td>
<td><input type="checkbox" name="softDelete" <?php if ($user->user_deleted) { ?> checked <?php } ?> /></td> <td><input type="checkbox" name="softDelete" <?php if ($user->user_deleted) { ?> checked <?php } ?> /></td>
@@ -53,5 +67,15 @@
<?php } ?> <?php } ?>
</table> </table>
</div> </div>
<h3>Register a new user</h3>
<form method="post" action="<?php echo Config::get('URL'); ?>register/register_action">
<input type="text" name="user_name" placeholder="Username" required />
<input type="email" name="user_email" placeholder="Email address" required />
<input type="password" name="user_password_new" placeholder="Password" required autocomplete="off" />
<input type="submit" value="Register User" />
</form>
</div> </div>
</div> </div>

54
application/view/directory/index.php Normal file
View File

@@ -0,0 +1,54 @@
<div class="container">
<h1>Benutzerverzeichnis</h1>
<div class="box">
<?php $this->renderFeedbackMessages(); ?>
<table id="users-table" class="overview-table" style="width:100%">
<thead>
<tr>
<td>Id</td>
<td>Avatar</td>
<td>Benutzername</td>
<td>Email</td>
<td>Aktiv?</td>
<td>Gruppe</td>
<td>Profil</td>
</tr>
</thead>
<tbody>
<?php foreach ($this->users as $user) { ?>
<tr class="<?= ($user->user_active == 0 ? 'inactive' : 'active'); ?>">
<td><?= $user->user_id; ?></td>
<td class="avatar">
<?php if (isset($user->user_avatar_link)) { ?>
<img src="<?= $user->user_avatar_link; ?>"/>
<?php } ?>
</td>
<td><?= $user->user_name; ?></td>
<td><?= $user->user_email; ?></td>
<td><?= ($user->user_active == 0 ? 'Nein' : 'Ja'); ?></td>
<td><?= htmlspecialchars($user->group_name ?: $user->user_account_type, ENT_QUOTES, 'UTF-8'); ?></td>
<td><a href="<?= Config::get('URL') . 'profile/showProfile/' . $user->user_id; ?>">Profil</a></td>
</tr>
<?php } ?>
</tbody>
</table>
</div>
</div>
<!-- jQuery & DataTables CDN -->
<link rel="stylesheet" href="https://cdn.datatables.net/1.13.8/css/jquery.dataTables.min.css">
<script src="https://code.jquery.com/jquery-3.7.1.min.js"></script>
<script src="https://cdn.datatables.net/1.13.8/js/jquery.dataTables.min.js"></script>
<script>
$(document).ready(function(){
$('#users-table').DataTable({
pageLength: 10,
order: [[ 0, 'asc' ]],
language: {
url: 'https://cdn.datatables.net/plug-ins/1.13.8/i18n/de-DE.json'
}
});
});
</script>

7
application/view/login/index.php
View File

@@ -38,13 +38,6 @@
<a href="<?php echo Config::get('URL'); ?>login/requestPasswordReset">I forgot my password</a> <a href="<?php echo Config::get('URL'); ?>login/requestPasswordReset">I forgot my password</a>
</div> </div>
</div> </div>
<!-- register box on right side -->
<div class="register-box">
<h2>No account yet ?</h2>
<a href="<?php echo Config::get('URL'); ?>register/index">Register</a>
</div>
</div> </div>
</div> </div>
</div> </div>

115
application/view/message/conversation.php Normal file
View File

@@ -0,0 +1,115 @@
<div class="container">
<div class="row">
<!-- Back to Messenger -->
<div class="col-md-12">
<a href="<?= Config::get('URL') ?>message" class="btn btn-default">
<span class="glyphicon glyphicon-arrow-left"></span> Back to Messenger
</a>
<hr>
</div>
</div>
<div class="row">
<!-- Chat Area -->
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
Conversation with <?= htmlspecialchars($this->other_user->user_name) ?>
</div>
<div class="panel-body message-container">
<?php if (empty($this->messages)): ?>
<div class="text-center">
<em>No messages yet. Start a conversation!</em>
</div>
<?php else: ?>
<?php foreach ($this->messages as $msg): ?>
<div class="message <?= $msg->message_type ?>">
<div class="message-bubble">
<?= htmlspecialchars($msg->message) ?>
</div>
<div class="message-time">
<?= date('M j, Y H:i', strtotime($msg->created_at)) ?>
</div>
</div>
<?php endforeach; ?>
<?php endif; ?>
</div>
<!-- Reply Form -->
<div class="panel-footer">
<form action="<?= Config::get('URL') ?>message/send" method="post" id="reply-form">
<input type="hidden" name="receiver_id" value="<?= $this->other_user->user_id ?>">
<div class="input-group">
<input type="text" name="message" class="form-control" placeholder="Type your message..." required>
<span class="input-group-btn">
<button type="submit" class="btn btn-primary">Send</button>
</span>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<style>
.message-container {
height: 400px;
overflow-y: auto;
background-color: #f5f5f5;
padding: 15px;
}
.message {
margin-bottom: 15px;
clear: both;
}
.message.sent {
text-align: right;
}
.message.received {
text-align: left;
}
.message-bubble {
display: inline-block;
max-width: 70%;
padding: 10px 15px;
border-radius: 18px;
position: relative;
word-wrap: break-word;
}
.message.sent .message-bubble {
background-color: #007bff;
color: white;
}
.message.received .message-bubble {
background-color: #e5e5ea;
color: black;
}
.message-time {
font-size: 0.8em;
color: #666;
margin-top: 5px;
}
/* Scroll to bottom of messages on load */
.message-container {
scroll-behavior: smooth;
}
</style>
<script>
// Scroll to bottom of messages
document.addEventListener('DOMContentLoaded', function() {
const container = document.querySelector('.message-container');
container.scrollTop = container.scrollHeight;
});
</script>
<?php $this->render('_templates/footer'); ?>

175
application/view/message/index.php Normal file
View File

@@ -0,0 +1,175 @@
<div class="container">
<h1>Messenger</h1>
<div class="row">
<!-- Conversations List -->
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">
Conversations
<?php if ($this->unread_count > 0): ?>
<span class="badge pull-right"><?= $this->unread_count ?></span>
<?php endif; ?>
</div>
<div class="panel-body" style="padding: 0; max-height: 500px; overflow-y: auto;">
<div class="list-group">
<?php if (empty($this->conversations)): ?>
<div class="list-group-item">
<em>No conversations yet</em>
</div>
<?php else: ?>
<?php foreach ($this->conversations as $conv): ?>
<a href="<?= Config::get('URL') ?>message/conversation/<?= $conv->other_user_id ?>"
class="list-group-item <?= $conv->unread_count > 0 ? 'active' : '' ?>">
<h5 class="list-group-item-heading">
<?= htmlspecialchars($conv->user_name) ?>
<?php if ($conv->unread_count > 0): ?>
<span class="badge"><?= $conv->unread_count ?></span>
<?php endif; ?>
</h5>
<p class="list-group-item-text">
<small><?= date('M j, Y', strtotime($conv->last_message_time)) ?></small>
</p>
</a>
<?php endforeach; ?>
<?php endif; ?>
</div>
</div>
</div>
<!-- New Message -->
<div class="panel panel-default">
<div class="panel-heading">New Message</div>
<div class="panel-body">
<form action="<?= Config::get('URL') ?>message/send" method="post">
<div class="form-group">
<label for="receiver_id">To:</label>
<select name="receiver_id" id="receiver_id" class="form-control" required>
<option value="">Select user</option>
<?php foreach ($this->all_users as $user): ?>
<option value="<?= $user->user_id ?>"><?= htmlspecialchars($user->user_name) ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="form-group">
<label for="subject">Subject:</label>
<input type="text" name="subject" id="subject" class="form-control" required>
</div>
<div class="form-group">
<label for="message">Message:</label>
<textarea name="message" id="message" class="form-control" rows="3" required></textarea>
</div>
<button type="submit" class="btn btn-primary">Send Message</button>
</form>
</div>
</div>
<!-- Send to Group -->
<div class="panel panel-default">
<div class="panel-heading">Send to Group</div>
<div class="panel-body">
<form action="<?= Config::get('URL') ?>message/sendgroup" method="post">
<div class="form-group">
<label for="group_type">Group:</label>
<select name="group_type" id="group_type" class="form-control" required>
<option value="">Select group</option>
<option value="all_users">All Users</option>
<option value="admins">Administrators</option>
<option value="moderators">Moderators</option>
</select>
</div>
<div class="form-group">
<label for="group_subject">Subject:</label>
<input type="text" name="subject" id="group_subject" class="form-control" required>
</div>
<div class="form-group">
<label for="group_message">Message:</label>
<textarea name="message" id="group_message" class="form-control" rows="3" required></textarea>
</div>
<button type="submit" class="btn btn-warning">Send to Group</button>
</form>
</div>
</div>
</div>
<!-- Chat Area -->
<div class="col-md-8">
<div class="panel panel-default">
<div class="panel-heading">
Chat Area
<span class="pull-right">Select a conversation to start messaging</span>
</div>
<div class="panel-body" style="height: 500px; background-color: #f5f5f5; text-align: center; padding-top: 200px;">
<em>Select a conversation from the left to view messages</em>
</div>
</div>
</div>
</div>
</div>
<style>
.message-container {
height: 400px;
overflow-y: auto;
background-color: #f5f5f5;
padding: 15px;
border-radius: 5px;
margin-bottom: 15px;
}
.message {
margin-bottom: 10px;
clear: both;
}
.message.sent {
text-align: right;
}
.message.received {
text-align: left;
}
.message-bubble {
display: inline-block;
max-width: 70%;
padding: 10px 15px;
border-radius: 18px;
position: relative;
}
.message.sent .message-bubble {
background-color: #007bff;
color: white;
float: right;
}
.message.received .message-bubble {
background-color: #e5e5ea;
color: black;
float: left;
}
.message-time {
font-size: 0.8em;
color: #666;
margin-top: 5px;
clear: both;
}
.badge {
background-color: #d9534f;
}
.list-group-item.active {
background-color: #d9edf7;
border-color: #bce8f1;
color: #31708f;
}
.list-group-item.active .badge {
background-color: #d9534f;
}
</style>
<?php $this->render('_templates/footer'); ?>

10
application/view/profile/index.php
View File

@@ -35,6 +35,16 @@
<td><?= ($user->user_active == 0 ? 'No' : 'Yes'); ?></td> <td><?= ($user->user_active == 0 ? 'No' : 'Yes'); ?></td>
<td> <td>
<a href="<?= Config::get('URL') . 'profile/showProfile/' . $user->user_id; ?>">Profile</a> <a href="<?= Config::get('URL') . 'profile/showProfile/' . $user->user_id; ?>">Profile</a>
<?php
// Show unread message count for each user
if (Session::userIsLoggedIn()) {
$current_user_id = Session::get('user_id');
$unread_count = MessageModel::getUnreadCountForUser($current_user_id, $user->user_id);
if ($unread_count > 0) {
echo ' <span class="badge" style="background-color: #d9534f; color: white; padding: 2px 5px; border-radius: 50%;">' . $unread_count . '</span>';
}
}
?>
</td> </td>
</tr> </tr>
<?php } ?> <?php } ?>

20
application/view/register/index.php
View File

@@ -9,30 +9,10 @@
<!-- register form --> <!-- register form -->
<form method="post" action="<?php echo Config::get('URL'); ?>register/register_action"> <form method="post" action="<?php echo Config::get('URL'); ?>register/register_action">
<!-- the user name input field uses a HTML5 pattern check -->
<input type="text" pattern="[a-zA-Z0-9]{2,64}" name="user_name" placeholder="Username (letters/numbers, 2-64 chars)" required /> <input type="text" pattern="[a-zA-Z0-9]{2,64}" name="user_name" placeholder="Username (letters/numbers, 2-64 chars)" required />
<input type="text" name="user_email" placeholder="email address (a real address)" required /> <input type="text" name="user_email" placeholder="email address (a real address)" required />
<input type="text" name="user_email_repeat" placeholder="repeat email address (to prevent typos)" required />
<input type="password" name="user_password_new" pattern=".{6,}" placeholder="Password (6+ characters)" required autocomplete="off" /> <input type="password" name="user_password_new" pattern=".{6,}" placeholder="Password (6+ characters)" required autocomplete="off" />
<input type="password" name="user_password_repeat" pattern=".{6,}" required placeholder="Repeat your password" autocomplete="off" />
<!-- show the captcha by calling the login/showCaptcha-method in the src attribute of the img tag -->
<img id="captcha" src="<?php echo Config::get('URL'); ?>register/showCaptcha" />
<input type="text" name="captcha" placeholder="Please enter above characters" required />
<!-- quick & dirty captcha reloader -->
<a href="#" style="display: block; font-size: 11px; margin: 5px 0 15px 0; text-align: center"
onclick="document.getElementById('captcha').src = '<?php echo Config::get('URL'); ?>register/showCaptcha?' + Math.random(); return false">Reload Captcha</a>
<input type="submit" value="Register" /> <input type="submit" value="Register" />
</form> </form>
</div> </div>
</div> </div>
<div class="container">
<p style="display: block; font-size: 11px; color: #999;">
Please note: This captcha will be generated when the img tag requests the captcha-generation
(= a real image) from YOURURL/register/showcaptcha. As this is a client-side triggered request, a
$_SESSION["captcha"] dump will not show the captcha characters. The captcha generation
happens AFTER the request that generates THIS page has been finished.
</p>
</div>

14
public/css/style.css
View File

@@ -266,3 +266,17 @@ body {
.red-text { .red-text {
color: red; color: red;
} }
/* Message badge */
.message-badge {
display: inline-block;
background-color: #d9534f;
color: white;
font-size: 10px;
font-weight: bold;
padding: 2px 5px;
border-radius: 50%;
margin-left: 5px;
position: relative;
top: -2px;
}

2
public/index.php
View File

@@ -11,7 +11,7 @@
// auto-loading the classes (currently only from application/libs) via Composer's PSR-4 auto-loader // auto-loading the classes (currently only from application/libs) via Composer's PSR-4 auto-loader
// later it might be useful to use a namespace here, but for now let's keep it as simple as possible // later it might be useful to use a namespace here, but for now let's keep it as simple as possible
require '../vendor/autoload.php'; require __DIR__ . '/../vendor/autoload.php';
// start our application // start our application
new Application(); new Application();

11
public/router.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
if (php_sapi_name() === 'cli-server') {
$filePath = __DIR__ . parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
if (is_file($filePath)) {
return false;
}
}
$_GET['url'] = isset($_SERVER['PATH_INFO']) ? ltrim($_SERVER['PATH_INFO'], '/') : '';
require __DIR__ . '/index.php';

3
start.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
php -S localhost:8000 -t ./public ./public/router.php