if ($_GET['action'] == 'remove' & ($user_id == $_SESSION['login']['id'] || is_privilegied('remove_diary_post'))) {
$query = 'UPDATE blog SET is_removed = 1 WHERE id = "' . $_GET['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
jscript_alert('Dagboksinlägg borttaget');
jscript_location('?user_id=' . $user_id . '');
}
if (login_checklogin() && isset($_POST['title'])) {
$insertquery = 'INSERT INTO blog (user, date, title, text) VALUES("' . $_SESSION['login']['id'] . '", "' . date('Y-m-d') . '", "' . $_POST['title'] . '", "' . $_POST['text'] . '")';
$updatequery = 'UPDATE blog SET title = "' . $_POST['title'] . '", text = "' . $_POST['text'] . '" WHERE user = "******" AND date = "' . date('Y-m-d') . '" LIMIT 1';
if (mysql_query($insertquery)) {
$ualquery = 'INSERT INTO user_action_log (timestamp, user, action, url, label)';
$ualquery .= ' VALUES("' . time() . '", "' . $_SESSION['login']['id'] . '", "diary", "/traffa/diary.php?user='******'login']['id'] . '&entry=' . mysql_insert_id() . '", "' . $_POST['title'] . '")';
$options['url'] = '/traffa/diary.php?user='******'login']['id'] . '&entry=' . mysql_insert_id();
$options['action'] = 'diary';
$options['label'] = $_POST['title'];
friends_actions_insert($options);
mysql_query($ualquery) or report_sql_error($ualquery, __FILE__, __LINE__);
} else {
mysql_query($updatequery);
}
}
$params['user_id'] = $user_id;
$profile = profile_fetch($params);
$ui_options['stylesheets'][] = 'profile_themes/' . $profile['profile_theme'] . '.css';
$output .= profile_mini_page($profile);
/* Fetch and render an entry */
if (isset($_GET['entry'])) {
$query = 'SELECT * FROM blog WHERE id = "' . $_GET['entry'] . '" AND is_removed = 0';
} else {
$query = 'SELECT * FROM blog WHERE user = "******" AND is_removed = 0 ORDER BY id DESC LIMIT 1';
}
}
$params['user_id'] = $user_id;
$profile = profile_fetch($params);
$ui_options['stylesheets'][] = 'profile_themes/' . $profile['profile_theme'] . '.css';
$output .= profile_mini_page($profile);
$query = 'SELECT username FROM login WHERE id ="' . $user_id . '" LIMIT 1';
$result = mysql_query($query);
$user = mysql_fetch_assoc($result);
/* If the users adds/removes friendship */
if (login_checklogin() && $_GET['action'] == 'addfriend' && $_GET['user_id'] != $_SESSION['login']['id']) {
$query = 'INSERT INTO friendslist (user_id, friend_id) VALUES("' . $_SESSION['login']['id'] . '", "' . $_GET['id'] . '")';
mysql_query($query);
$query = 'INSERT INTO user_action_log (timestamp, user, action, url, label)';
$query .= ' VALUES("' . time() . '", "' . $_SESSION['login']['id'] . '", "friendship", "/traffa/profile.php?id=' . $_GET['id'] . '", "' . $user['username'] . '")';
mysql_query($query);
friends_actions_insert(array('action' => 'friendship', 'url' => '/traffa/profile.php?user_id=' . $_GET['id'], 'label' => $user['username']));
$output .= '<form action="/traffa/guestbook.php?action=send_new_message&userid=' . $_GET['user_id'] . '" method="post">' . "\n";
$output .= '<p>Vi tänkte att du kanske vill tala om för ' . $user['username'] . ' att du lagt till henne/honom som vän. Här har du ett gästboksformulär</p>' . "\n";
$output .= '<textarea name="message" class="textbox" rows="3" cols="75">Hej, jag har lagt till dig som vän nu :)</textarea>' . "\n";
$output .= '<input name="recipient" type="hidden" value="' . $_GET['id'] . '" />' . "\n";
$output .= '<input type="submit" value="Skicka" class="button_60" />' . "\n";
$output .= '</form>' . "\n";
}
if (login_checklogin() && $_GET['action'] == 'removefriend' && $_GET['user_id'] != $_SESSION['login']['id']) {
$query = 'DELETE FROM friendslist WHERE user_id = "' . $_SESSION['login']['id'] . '" AND friend_id = "' . $_GET['user_id'] . '" LIMIT 1';
mysql_query($query);
}
/* Fetch everyone that the user has marked as a friend */
$query = 'SELECT f.friend_id AS user_id, l.username, l.lastaction, u.image, u.gender, u.birthday FROM friendslist AS f, login AS l, userinfo AS u WHERE f.user_id = "' . $user_id . '" AND l.id = f.friend_id AND u.userid = l.id AND l.username NOT LIKE "Borttagen" ORDER BY l.username ASC';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
while ($data = mysql_fetch_assoc($result)) {
if (is_uploaded_file($_FILES['photo_' . $i]['tmp_name'])) {
$options['file'] = $_FILES['photo_' . $i]['tmp_name'];
$options['user'] = $_SESSION['login']['id'];
$options['description'] = $_POST['description_' . $i];
$options['category'] = $_POST['category_' . $i];
$photo_id = photos_upload($options);
$query = 'SELECT id FROM user_action_log WHERE user = "******" AND timestamp > "' . strtotime(date('Y-m-d')) . '" AND action= "photos" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
$query = 'UPDATE user_action_log SET url = "/traffa/photos.php?id=' . $photo_id . '", label = "' . $options['description'] . '", timestamp = "' . time() . '" WHERE id = "' . $data['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
} else {
$query = 'INSERT INTO user_action_log (action, timestamp, user, url, label) VALUES("photos", "' . time() . '", "' . $_SESSION['login']['id'] . '", "/traffa/photos.php?id=' . $photo_id . '", "' . $options['description'] . '")';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
friends_actions_insert(array('action' => 'photos', 'url' => '/traffa/photos.php?id=' . $photo_id . '#photo', 'label' => $options['description']));
}
$display_successful_message = true;
}
}
if ($display_successful_message) {
$upload_form .= rounded_corners_top(array('color' => 'blue_deluxe'), true);
$upload_form .= 'Bilderna är uppladdade!';
$upload_form .= rounded_corners_bottom(array('color' => 'blue_deluxe'), true);
}
$upload_form .= photos_upload_form(array('user' => $_SESSION['login']['id']));
}
if ($_SESSION['login']['id'] == $user_id && !isset($_GET['id']) && !isset($_GET['category'])) {
$photos = photos_fetch(array('user' => $user_id, 'force_unread_comments' => true));
if (count($photos) > 0) {
$output .= '<h1>Foton med nya kommentarer</h1>';
