Any profile page now always viewable

Add feature for any profile page to be viewable by any user, including a user who is not signed in. If the user viewing a profile page is not the owner of that profile page, then the ability for editing the user profile is disabled. User can only edit their own profile.

Author: jonman5

fetchProfile.php

@@ -14,6 +14,16 @@ function fetchProfile($email){
     $_SESSION["about"] = $userProfile["about"];
     mysqli_free_result($resultProfile);
   }
+  function getProfileByID($ID){
+    include "server.php";
+    $profileQuery = "SELECT * FROM users where userID = '$ID'"; //Fetches user info from database.
+
+    $resultProfile = mysqli_query($db, $profileQuery);
+    $userProfile = mysqli_fetch_assoc($resultProfile); //retrieves all user data stored in the result from SQL query
+    mysqli_free_result($resultProfile);
+
+    return $userProfile; //returns entire user profile (without image)
+  }
 
   function fetchProfilePic($username) {
     include "server.php";

index.php

@@ -172,7 +172,7 @@
         <?php
       		if (isset($_SESSION["userID"])){
       			echo("<a href=\"logout.php\" class=\"right\">Logout</a>");
-      			echo("<a href=\"#\" class=\"right\">". $_SESSION["username"] ."</a>");
+      			echo("<a href=\"profile.php?userID=". $_SESSION["userID"] ."\" class=\"right\">". $_SESSION["username"] ."</a>");
       		}
       		else{
             echo("<a href=\"registration.php\" class=\"right\" >Register</a>");
@@ -214,8 +214,8 @@
                         echo("
                     <div class=\"col-sm-3 well\">
                     <div class=\"well\">
-                        <p><a href=\"#\">". $_SESSION["username"] ."</a></p>
-                    <img class=\"img-circle\" src=\"data:image/jpeg;base64, " . fetchProfilePic($_SESSION["username"]) . "\" alt=\"Profile Picture\" height=\"65\" width=\"65\">
+                        <p><a href=\"profile.php?userID=". $_SESSION["userID"] ."\">". $_SESSION["username"] ."</a></p>
+                    <a href=\"profile.php?userID=". $_SESSION["userID"] ."\"><img class=\"img-circle\" src=\"data:image/jpeg;base64, " . fetchProfilePic($_SESSION["username"]) . "\" alt=\"Profile Picture\" height=\"65\" width=\"65\"></a>
 
                     </div>
                     <div class=\"well\">

printQandA.phtml

@@ -7,7 +7,7 @@ $result_numAnswers = mysqli_query($db, $numAnswersQuery);
 $ans = mysqli_fetch_assoc($result_numAnswers);
 $row_answers = mysqli_num_rows($result_numAnswers);
 
-$asker_query = "SELECT username FROM users where userID = '$currentQ[asker]'";
+$asker_query = "SELECT username, userID FROM users where userID = '$currentQ[asker]'";
 $asker_result = mysqli_query($db, $asker_query);
 $askerName=mysqli_fetch_assoc($asker_result);
 
@@ -21,8 +21,9 @@ $askerName=mysqli_fetch_assoc($asker_result);
 <!--    </div>-->
     <div class="col-sm-2" style="margin-left: 30px">
         <div class="well">
-            <p><?php echo($askerName['username']); ?></p>
-            <img class="img-circle" src="data:image/jpeg;base64, <?php echo fetchProfilePic($askerName['username']) ?>" alt="Profile Picture" height="55" width="55">
+            <p><?php echo("<a href=\"profile.php?userID=". $askerName["userID"] ."\">". $askerName["username"] ."</a>"); ?></p>
+            <a href="profile.php?userID=<?php echo $askerName["userID"]?>"><img class="img-circle" src="data:image/jpeg;base64, <?php echo fetchProfilePic($askerName['username']) ?>" alt="Profile Picture" height="55" width="55"></a>
+            <p style="margin-top: 10px;">Asked:</p>
         </div>
     </div>
     <div class="col-sm-9">

profile.php

@@ -1,13 +1,32 @@
 <?php
-include_once "server.php";
-session_start(); //start a new session if not already started
-if (!isset($_SESSION["username"])){
+  include_once "server.php";
+  session_start(); //start a new session if not already started
+  $editable = false;
+  if (isset($_GET['userID'])){
+    if ($_GET['userID'] != "") {
+      if (isset($_SESSION["username"])) {
+        if ($_SESSION["userID"] === $_GET['userID']) {//Check if the current signed-in user is the same as the user of the profile page
+          $editable = true; //if the current signed-in user is the same as the user of the profile page, profile will be editable
+        }
+      }
+      $profileID = $_GET['userID'];
+    }
+    else{//Else no userID in URL for profile page, redirect to homepage
+      header('location: index.php');
+    }
+  }
+
+  else{//Else no userID in URL for profile page, redirect to homepage
     header('location: index.php');
-}
-include 'fetchProfile.php';
-include 'updateProfile.php';
-fetchProfile($_SESSION['email']);
-$memberSince = strtotime($_SESSION["time_created"]);
+  }
+
+
+
+  include 'fetchProfile.php';
+  include 'updateProfile.php';
+  $profile = getProfilebyID($profileID);
+
+  $memberSince = strtotime($profile["time_created"]);
 ?>
 
 
@@ -198,7 +217,7 @@
     <div class="panel panel-default">
 
     <div class="panel-heading">
-        <img class="card-img-top" id="profilePic" src="data:image/jpeg;base64, <?php echo fetchProfilePic($_SESSION["username"]); ?>" alt="Profile Picture" style="width:75%; max-width: 300px; max-height: 300px;">
+        <img class="card-img-top" id="profilePic" src="data:image/jpeg;base64, <?php echo fetchProfilePic($profile["username"]); ?>" alt="Profile Picture" style="width:75%; max-width: 300px; max-height: 300px;">
         <div id="editImage" hidden>
             <div class="row justify-content-center" style="margin-top: 5px">
                 <div class="col-sm-3"></div>
@@ -214,7 +233,7 @@
             </div>
         </div>
         <div id="username">
-            <h2><?php echo $_SESSION["username"]; ?></h2>
+            <h2><?php echo $profile["username"]; ?></h2>
         </div>
         <div style="display: none" id="usernameText" class="row justify-content-center">
             <div class="col-sm-4">
@@ -223,27 +242,27 @@
             <div class="col-sm-8">
 
                 <textarea style="font-size: 18px; margin-top: 10px" id="newUsername" name="newUsername" class="form-control" rows="1"
-                ><?php echo $_SESSION["username"]; ?></textarea>
+                ><?php echo $profile["username"]; ?></textarea>
             </div>
         </div>
 
     </div>
     <div class="panel-body">
         <h4>About me:</h4>
-        <p id="aboutMe"> <?php echo $_SESSION["about"]; ?> </p>
-        <textarea style="display: none; width: 80%" class="form-control" id="aboutText" name="aboutText" rows="3"><?php echo $_SESSION["about"]; ?></textarea>
+        <p id="aboutMe"> <?php echo $profile["about"]; ?> </p>
+        <textarea style="display: none; width: 80%" class="form-control" id="aboutText" name="aboutText" rows="3"><?php echo $profile["about"]; ?></textarea>
         <div class="modal-footer"></div>
         <h4>Email:</h4>
-        <p> <?php echo $_SESSION["email"]; ?> </p>
+        <p> <?php echo $profile["email"]; ?> </p>
         <div class="modal-footer"></div>
         <h4>User ID:</h4>
-        <p> <?php echo $_SESSION["userID"]; ?> </p>
+        <p> <?php echo $profile["userID"]; ?> </p>
         <div class="modal-footer"></div>
         <h4 class="title">Registered Tech Hut User <span style="color: rgb(15, 184, 23)">&#10003;</span></h4>
         <h4>Member Since:</h4>
         <p> <?php echo date('m/d/Y', $memberSince); ?> </p>
     </div>
-    <div class="panel-footer" >
+    <div class="panel-footer" <?php if(!$editable) {echo "style=\"display:none;\"";} ?> >
         <div class="row justify-content-center">
             <div class="col-sm-3"></div>
             <div class="col-sm-6">

updateProfile.php

@@ -30,5 +30,8 @@
         $updateNoPic = "UPDATE users SET username = '$newUsername', about = '$newAbout' WHERE users.userID = $userID";
         mysqli_query($db,$updateNoPic);
       }
+      //Update the data stored in the session
+      $_SESSION['username'] = $newUsername;
+
     }
   }