function find_user_with_ip($ip)
{
global $dbh;
$query = "SELECT ip FROM users WHERE ip=?";
return $result = prepared_query($dbh, $query, array(inet_pton($ip)));
}
</div>
<div class="container">
<div class="blog-header">
<?php
echo "<h1 class='blog-title'>{$user}'s Profile</h1>";
?>
</div>
<br>
<?php
//Get the user's current profile and
// print a form pre-filled with the current profile
$preparedquery = "SELECT * from profile where user = ?";
$resultset = prepared_query($dbh, $preparedquery, $user);
while ($row = $resultset->fetchRow(MDB2_FETCHMODE_ASSOC)) {
$fullname = $row['fullname'];
$birthdate = $row['birthdate'];
$city = $row['city'];
$state = $row['state'];
$country = $row['country'];
$interests = $row['interests'];
$aboutme = $row['profile'];
}
print <<<EOT
\t\t\t\t<form class="form-horizontal" method="post" enctype = "multipart/form-data" action = "myprofile.php">
\t\t\t\t\t<div class="row">
\t\t\t\t\t\t<div class="col-md-3"><h4><strong>Full Name</strong></h4></div>
\t \t\t\t\t\t\t<input type='text' name = 'fullname' value = {$fullname}>
\t\t\t\t\t\t</div>
$resultset4 = prepared_query($dbh, $preparedquery4, array($entry_id, $liking_user));
$resultset4check = $resultset4->numRows();
// only allow a post to be liked once by each user
if ($resultset4check == 0) {
$insert = "insert into likes(entry_id, liking_user) values(?,?)";
$rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user));
}
}
header("Location: toBlog.php?user={$posting_user}");
} else {
if (isset($_POST['blogComment'])) {
$insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)";
// the current user should remain on the blog page of the user who created the post, which must be determined
$rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $loggedInUser, $_POST['blogComment']));
$preparedquery = "SELECT user FROM blog_entry where entry_id = ?";
$resultset = prepared_query($dbh, $preparedquery, $_POST['entryId']);
$row = $resultset->fetchRow(MDB2_FETCHMODE_ASSOC);
$posting_user = $row['user'];
header("Location: toBlog.php?user={$posting_user}");
} else {
$user = $_GET['user'];
$result = $user == $loggedInUser;
if ($result == 1) {
printBlog($dbh, $user);
} else {
showBlog($dbh, $user, $loggedInUser);
}
}
}
}
}
function add_pi1_row($userResponse)
{
global $dbh;
$query = "INSERT INTO privacy_index1 VALUES (DEFAULT,?,?,?,?,?,?,?,?)";
return $result = prepared_query($dbh, $query, $userResponse);
}
function add_vis_row($userResponse)
{
global $dbh;
$query = "INSERT INTO visQ VALUES (DEFAULT,?,?,?,?,?,?)";
return $result = prepared_query($dbh, $query, $userResponse);
}
if (isset($_POST['blogComment'])) {
// insert comment into the database
$insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)";
$rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, $_POST['blogComment']));
}
// if a user is liking a post
if (isset($_GET['entry_id'])) {
$entry_id = $_GET['entry_id'];
// id of the entry that was liked
$liking_user = $poster;
// the user who liked the post
$posting_user = $_GET['posting_user'];
// the suthor of the post
// do not allow a user to like their own post
if (strcmp($liking_user, $posting_user)) {
$preparedquery4 = "select * from likes where entry_id = ? and liking_user = ?";
$resultset4 = prepared_query($dbh, $preparedquery4, array($entry_id, $liking_user));
$resultset4check = $resultset4->numRows();
// only allow a post to be liked once by each user
if ($resultset4check == 0) {
$insert = "insert into likes(entry_id, liking_user) values(?,?)";
$rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user));
}
}
header("Location: viewAllPage.php");
}
printAllPosts($dbh);
?>
</body>
</html>
$insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)";
$rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, htmlspecialchars($_POST['blogComment'])));
header("Location: blog-ex-comment-user.php");
} else {
if (isset($_GET['entry_id'])) {
$entry_id = $_GET['entry_id'];
//id of the entry that was liked
$posting_user = $_GET['posting_user'];
// the author of the post
// delete the post, as well as any comments and likes that have been made on that post
// to make sure that no one can alter the GET values to delete someone else's post,
// make sure that the supposed author of the post matches the logged-in user
if (!strcmp($posting_user, $poster)) {
$preparedquery = "delete from likes where entry_id = ?";
$resultset = prepared_query($dbh, $preparedquery, array($entry_id));
$preparedquery2 = "delete from comments where entry_id = ?";
$resultset2 = prepared_query($dbh, $preparedquery2, array($entry_id));
$preparedquery3 = "delete from blog_entry where entry_id = ?";
$resultset3 = prepared_query($dbh, $preparedquery3, array($entry_id));
}
header("Location: blog-ex-comment-user.php");
}
}
printBlog($dbh, $poster);
?>
</body>
</html>
function add_efficacy_row($userResponse)
{
global $dbh;
$query = "INSERT INTO efficacy_scale VALUES (DEFAULT,?,?,?,?,?,?,?,?,?,?,?,?)";
return $result = prepared_query($dbh, $query, $userResponse);
}
function saveInfo($dbh, $user)
{
if (isset($_POST['birthdate'])) {
$fullname = htmlspecialchars($_POST['fullname']);
$birthdate = htmlspecialchars($_POST['birthdate']);
$city = htmlspecialchars($_POST['city']);
$state = htmlspecialchars($_POST['state']);
$country = htmlspecialchars($_POST['country']);
$interests = htmlspecialchars($_POST['interests']);
$profile = htmlspecialchars($_POST['aboutme']);
// update the database
prepared_query($dbh, "UPDATE profile SET fullname=? WHERE user= ?", array($fullname, $user));
prepared_query($dbh, "UPDATE profile SET birthdate=? WHERE user= ?", array($birthdate, $user));
prepared_query($dbh, "UPDATE profile SET city=? WHERE user= ?", array($city, $user));
prepared_query($dbh, "UPDATE profile SET state=? WHERE user= ?", array($state, $user));
prepared_query($dbh, "UPDATE profile SET country=? WHERE user= ?", array($country, $user));
prepared_query($dbh, "UPDATE profile SET interests=? WHERE user= ?", array($interests, $user));
prepared_query($dbh, "UPDATE profile SET profile=? WHERE user= ?", array($profile, $user));
}
}
