<?php
$id;
if (isset($_GET['id'])) {
$id = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
echo "Welcome to " . find_name($id, $mysqli) . "'s posts! You can view all of them from here.";
} else {
$id = $_SESSION['user_id'];
echo "Welcome to your posts, <b>" . find_name($id, $mysqli) . "</b>! You can edit any post you created.";
}
//echo $id."<br>";
if ($stmt = $shopsv->prepare("SELECT * \n\tFROM posted_lists WHERE user_id = ?")) {
$stmt->bind_param('i', $id);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// Get matching name from secure_login
$usern = find_name($row["user_id"], $mysqli);
echo '<table border="1" style="width:100%">';
if ($id == $_SESSION['user_id']) {
echo '<tr><td colspan="2"><a href="edit.php?post_id=' . $row['post_id'] . '">' . 'Edit' . '</a></td></tr>';
} else {
echo '<tr><th scope="col" colspan="2">' . $usern . ' says... </th></tr>';
}
echo '<tr><td colspan="2">' . nl2br(htmlspecialchars($row["header"])) . '</td></tr>';
echo '<tr><td colspan="2">' . nl2br(htmlspecialchars($row["text"])) . '</td></tr>';
echo '<tr><td>Drop off: ' . htmlspecialchars($row['drop_off']) . '</td><td>Fee: $' . $row['fee'] . '</td><tr>';
echo "</table><br>";
}
}
?>
</html>
function create_rights($data)
{
global $db;
$person_id = 0;
$group_id = 0;
$person_name = $data['person']['name'];
if ($person_name) {
$id_name = find_name('person', $person_name, false, 'exact');
if (count($id_name) == 1) {
list($person_id, $person_name) = each($id_name);
}
}
$group_name = $data['group']['name'];
if ($group_name) {
$id_name = find_name('group', $group_name, false, 'exact');
if (count($id_name) == 1) {
list($group_id, $group_name) = each($id_name);
}
}
if ($person_id) {
$query = 'filesystem_rights_person (
fs_id,
person_id,
rights
)
values (
"' . $this->data['id'] . '",
"' . $person_id . '",
"' . implode_rights($data['person']) . '"
)';
$db->insert($query);
}
if ($group_id) {
$query = 'filesystem_rights_group (
fs_id,
group_id,
rights
)
values (
"' . $this->data['id'] . '",
"' . $group_id . '",
"' . implode_rights($data['group']) . '"
)';
$db->insert($query);
}
}
function list_names(&$data, $type)
{
$data[$type] = array();
$string = '';
$ids = array();
if (isset($_POST[$type])) {
$string = $_POST[$type];
if ($string) {
$ids = find_name($type, $string);
}
foreach ($ids as $id => $name) {
$data[$type][$id] = array('id' => $id, 'name' => $name);
}
}
$data[$type . '_name'] = stripslashes(mask_html($string));
$data[$type . '_count'] = count($ids);
}
