<?php
include 'inc/header.php';
?>
</div>
</div>
<div id="content">
<?php
if (isset($_SESSION['user'])) {
$subject = '';
$message = '';
$recieverId = 1;
//Sorry martijn - Geeft niet (Martijn)
//Boven aan pagina gezet voor makkelijker lezen
if (isset($_POST['send'])) {
$dbConnect = portfolio_connect();
$subject = filter_input(INPUT_POST, 'subject');
$message = filter_input(INPUT_POST, 'message');
$recieverId = filter_input(INPUT_POST, 'reciever');
if (empty($subject) || empty($message)) {
echo "U heeft geen onderwerp of bericht ingevult.";
} else {
if (strlen($subject) > 155 || strlen($message) > 65535) {
if (strlen($subject) > 155) {
echo "<p style='color: red'>Your subject is too long. (max 155 characters)</p>";
} else {
echo "<p style='color: red'>Your message is to long. (max 65535 characters)</p>";
echo "<p style='color: red'>Seriously, how did you do that?</p>";
}
} else {
$senderId = $_SESSION['user']['gebruikersId'];
//Alles
echo "<h2>Welkom " . $_SESSION['user']['voornaam'] . " " . $_SESSION['user']['achternaam'] . "</h2>";
$matData = portfolio_get_material($matId);
$noteData = portfolio_get_note($matId);
if ($matData && $noteData) {
echo '<h2>Verwijder cijfer voor ' . $matData['naam'] . '</h2>';
/*
* Checks + verwijderen van materiaal.
*/
if (portfolio_user_is_of_type(array('admin')) || $_SESSION['user']['gebruikersId'] == $noteData['beoordelaarId']) {
$pwCorrect = false;
$deleted = false;
if (isset($_POST['submit']) && isset($_SESSION['user']) && $matId) {
$userId = $_SESSION['user']['gebruikersId'];
$userPass = filter_input(INPUT_POST, 'userPass');
$link = portfolio_connect();
if ($link) {
$sql = "SELECT * FROM " . TABLE_USER . " WHERE gebruikersId='" . mysqli_real_escape_string($link, $userId) . "'";
$result = mysqli_query($link, $sql);
if ($result !== false) {
if (($array = mysqli_fetch_assoc($result)) != null) {
if (password_verify($userPass, $array['wachtwoord'])) {
$pwCorrect = true;
$deleted = portfolio_delete_note($matId);
}
}
}
}
}
/*
* Wachtwoord prompt + teruggave info over succes van verwijderen
function portfolio_reset_pass($userId)
{
$link = portfolio_connect();
if ($link) {
$userData = portfolio_get_user_details($userId);
if (count($userData) > 0) {
$newPass = dechex(rand(268435456, 4294967295)) . dechex(rand(268435456, 4294967295));
//Will result in 16 hexadecimal 'digits'
$hashed = password_hash($newPass, PASSWORD_DEFAULT);
$sql = "UPDATE " . TABLE_USER . " \n\t\t\t\t\tSET wachtwoord='" . mysqli_real_escape_string($link, $hashed) . "' \n\t\t\t\t\tWHERE gebruikersId=" . mysqli_real_escape_string($link, $userId);
if (mysqli_query($link, $sql)) {
mail($userData['eMail'], 'Password reset for portfolio', "Hello " . $userData['voornaam'] . "\r\n\r\nA password reset was requested for your portfolio account.\r\nYour new password is " . $newPass . "\r\n\r\nThe admin team");
return true;
}
}
}
return null;
}
