Ejemplo n.º 1
0
     if (strcmp($liking_user, $posting_user)) {
         $preparedquery4 = "select * from likes where entry_id = ? and liking_user = ?";
         $resultset4 = prepared_query($dbh, $preparedquery4, array($entry_id, $liking_user));
         $resultset4check = $resultset4->numRows();
         // only allow a post to be liked once by each user
         if ($resultset4check == 0) {
             $insert = "insert into likes(entry_id, liking_user) values(?,?)";
             $rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user));
         }
     }
     header("Location: toBlog.php?user={$posting_user}");
 } else {
     if (isset($_POST['blogComment'])) {
         $insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)";
         // the current user should remain on the blog page of the user who created the post, which must be determined
         $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $loggedInUser, $_POST['blogComment']));
         $preparedquery = "SELECT user FROM blog_entry where entry_id = ?";
         $resultset = prepared_query($dbh, $preparedquery, $_POST['entryId']);
         $row = $resultset->fetchRow(MDB2_FETCHMODE_ASSOC);
         $posting_user = $row['user'];
         header("Location: toBlog.php?user={$posting_user}");
     } else {
         $user = $_GET['user'];
         $result = $user == $loggedInUser;
         if ($result == 1) {
             printBlog($dbh, $user);
         } else {
             showBlog($dbh, $user, $loggedInUser);
         }
     }
 }
Ejemplo n.º 2
0
*/
require_once "MDB2.php";
require_once "/home/cs304/public_html/php/MDB2-functions.php";
require_once "/students/cmatulis/public_html/project/blog-functions.php";
require_once "/students/cmatulis/public_html/cs304/cmatulis-dsn.inc";
$dbh = db_connect($cmatulis_dsn);
session_start();
// if a user is not currently logged in, redirect them to the login page
if (!isset($_SESSION['user'])) {
    header('Location: blog-login.php');
}
$poster = $_SESSION['user'];
// allow the user to comment on their own post
if (isset($_POST['blogComment'])) {
    $insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)";
    $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, htmlspecialchars($_POST['blogComment'])));
    header("Location: blog-ex-comment-user.php");
} else {
    if (isset($_GET['entry_id'])) {
        $entry_id = $_GET['entry_id'];
        //id of the entry that was liked
        $posting_user = $_GET['posting_user'];
        // the author of the post
        // delete the post, as well as any comments and likes that have been made on that post
        // to make sure that no one can alter the GET values to delete someone else's post,
        // make sure that the supposed author of the post matches the logged-in user
        if (!strcmp($posting_user, $poster)) {
            $preparedquery = "delete from likes where entry_id = ?";
            $resultset = prepared_query($dbh, $preparedquery, array($entry_id));
            $preparedquery2 = "delete from comments where entry_id = ?";
            $resultset2 = prepared_query($dbh, $preparedquery2, array($entry_id));
Ejemplo n.º 3
0
if (isset($_POST['blogComment'])) {
    // insert comment into the database
    $insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)";
    $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, $_POST['blogComment']));
}
// if a user is liking a post
if (isset($_GET['entry_id'])) {
    $entry_id = $_GET['entry_id'];
    // id of the entry that was liked
    $liking_user = $poster;
    // the user who liked the post
    $posting_user = $_GET['posting_user'];
    // the suthor of the post
    // do not allow a user to like their own post
    if (strcmp($liking_user, $posting_user)) {
        $preparedquery4 = "select * from likes where entry_id = ? and liking_user = ?";
        $resultset4 = prepared_query($dbh, $preparedquery4, array($entry_id, $liking_user));
        $resultset4check = $resultset4->numRows();
        // only allow a post to be liked once by each user
        if ($resultset4check == 0) {
            $insert = "insert into likes(entry_id, liking_user) values(?,?)";
            $rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user));
        }
    }
    header("Location: viewAllPage.php");
}
printAllPosts($dbh);
?>

</body>
</html>
Ejemplo n.º 4
0
function insertUpload($dbh, $poster, $upload, $title, $caption)
{
    $insert = "INSERT INTO blog_entry(user, entry, title, caption) VALUES (?, ?, ?, ?)";
    $rows = prepared_statement($dbh, $insert, array($poster, $upload, htmlspecialchars($title), htmlspecialchars($caption)));
}