function ShowProfile($user)
{
    if (file_exists("{$user}.jpg")) {
        echo "<img src='{$user}.jpg' align ='left' />";
    }
    $result = QueryMysql("SELECT * FROM profiles WHERE user='******'");
    if (mysql_num_rows($result)) {
        $row = mysql_fetch_row($result);
        echo stripslashes($row[1]) . "<br clear=left /> <br/>";
    }
}
<?php

/**
 * Created by PhpStorm.
 * User: keilc
 * Date: 24/08/2015
 * Time: 3:29 PM
 */
include_once 'functions.php';
if (isset($_POST['user'])) {
    $user = sanitizeString($_POST['user']);
    //Check if 'user' exists
    if (isset($_POST['user'])) {
        $user = sanitizeString($_POST['user']);
        if (mysql_num_rows(QueryMysql("SELECT * FROM members WHERE user='******'"))) {
            echo "<span class='taken'>&nbsp;&#x2718; " . "Sorry, this username is taken</span>";
        } else {
            echo "<span class='available'>&nbsp;&#x2714; " . "This username is available</span>";
        }
    }
}
Beispiel #3
0
_END;
$error = $user = $pass = "";
if (isset($_SESSION['user'])) {
    destroySession();
}
//Il a current user is logged in, log out
if (isset($_POST['user'])) {
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);
    if ($user == "" || $pass == "") {
        $error = "Not all fields were entered<br /><br />";
    } else {
        if (mysql_num_rows(queryMysql("SELECT * FROM members WHERE user='******'"))) {
            $error = "That username already exists<br /><br />";
        } else {
            QueryMysql("INSERT INTO members VALUES('{$user}', '{$pass}')");
            die("<h4>Account created</h4>Please Log in.<br /><br />");
        }
    }
}
echo <<<_END
<form method='post' action='signup.php'>{$error}
<span class='fieldname'>Username</span>
<input type='text' maxlength='16' name='user' value='{$user}'
onBlur='checkUser(this)'/><span id='info'></span><br />
<span class='fieldname'>Password</span>
<input type='text' maxlength='16' name='pass'
value='{$pass}' /><br />
_END;
?>
<span class='fieldname'>&nbsp;</span>
    $view = $user;
}
if ($view == $user) {
    $name1 = $name2 = "Your";
    $name3 = "You are";
} else {
    $name1 = "<a href='members.php?view={$view}'>{$view}</a>a>'s";
    $name2 = "{$view}'s";
    $name3 = "{$view} is";
}
echo "<div class='main'>";
//Put followers and following in their own array
$followers = array();
$following = array();
//Get the users followers
$result = QueryMysql("SELECT * FROM friends WHERE user = '******'");
$num = mysql_num_rows($result);
for ($j = 0; $j < $num; ++$j) {
    $row = mysql_fetch_row($result);
    //Get one row from the result set
    $followers[$j] = $row[1];
    //Get the next follower
}
//Get the users that the current user is following
$result = queryMysql("SELECT * FROM friends WHERE friend='{$view}'");
$num = mysql_num_rows($result);
for ($j = 0; $j < $num; ++$j) {
    $row = mysql_fetch_row($result);
    $following[$j] = $row[0];
}
$mutual = array_intersect($followers, $following);
if (!$loggedin) {
    die;
}
echo "<div class='main'><h3>Your Profile</h3>";
//Check if text was entered
if (isset($_POST['text'])) {
    $text = SanitizeString($_POST['text']);
    $text = preg_replace('/\\s\\s+/', '', $text);
    //Security check if user actually exists to prevent hacking. Update text if text exists or insert if it does not
    if (mysql_num_rows(QueryMysql("SELECT * FROM profiles WHERE user ='******'"))) {
        QueryMysql("UPDATE profiles SET text='{$text}' WHERE user='******'");
    } else {
        QueryMysql("INSERT INTO profile VALUES('{$user}','{$text}')");
    }
} else {
    $result = QueryMysql("SELECT * FROM profiles WHERE user='******'");
    if (mysql_num_rows($result)) {
        $row = mysql_fetch_row($result);
        $text = stripslashes($row[1]);
    } else {
        $text = "";
    }
}
$text = stripslashes(preg_replace('/\\s\\s+/', ' ', $text));
if (isset($_FILES['image']['name'])) {
    $saveto = "{$user}.jpg";
    move_uploaded_file($_FILES['image']['tmp_name'], $saveto);
    $typeok = TRUE;
    switch ($_FILES['image']['type']) {
        case "image/gif":
            $src = imagecreatefromgif($saveto);
Beispiel #6
0
 * User: keilc
 * Date: 24/08/2015
 * Time: 3:33 PM
 */
include_once 'header.php';
echo "<div class='main'><>Please enter your details to login</h3>";
$error = $user = $pass = "";
if (isset($_POST['user'])) {
    $user = SanitizeString($_POST['user']);
    $pass = SanitizeString($_POST['pass']);
    if ($user == "" || $pass == "") {
        $error = "Not all fields entered<br />";
    } else {
        $query = "SELECT user, pass FROM members WHERE user = '******' AND pass = '******'";
        //If the username or password do not exist
        if (mysql_num_rows(QueryMysql($query)) == 0) {
            $error = "<span class = 'error'>Username/Passowrd invalid</span>span><br /><br />";
        } else {
            $_SESSION['user'] = $user;
            $_SESSION['pass'] = $pass;
            die("You are now logged in. Please <a href='members.php?view={$user}'>" . "click here</a> to continue.<br /><br />");
        }
    }
}
echo <<<_END
<form method='post' action='login.php'>{$error}
<span class='fieldname'>Username</span><input type='text'
maxlength='16' name='user' value='{$user}' /><br />
<span class='fieldname'>Password</span><input type='password'
maxlength='16' name='pass' value='{$pass}' />
_END;