$insert = "insert into likes(entry_id, liking_user) values(?,?)";
$rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user));
}
}
header("Location: toBlog.php?user={$posting_user}");
} else {
if (isset($_POST['blogComment'])) {
$insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)";
// the current user should remain on the blog page of the user who created the post, which must be determined
$rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $loggedInUser, $_POST['blogComment']));
$preparedquery = "SELECT user FROM blog_entry where entry_id = ?";
$resultset = prepared_query($dbh, $preparedquery, $_POST['entryId']);
$row = $resultset->fetchRow(MDB2_FETCHMODE_ASSOC);
$posting_user = $row['user'];
header("Location: toBlog.php?user={$posting_user}");
} else {
$user = $_GET['user'];
$result = $user == $loggedInUser;
if ($result == 1) {
printBlog($dbh, $user);
} else {
showBlog($dbh, $user, $loggedInUser);
}
}
}
}
}
?>
</body>
</html>
<meta name="Author" content="phpMyHome Team" /> <meta name="Description" content="" /> <meta name="Identifier-URL" content="http://" /> <meta name="Reply-to" content="" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="" /> <title>phpMyHome</title> <link rel="stylesheet" type="text/css" href="../styles/default.css" /> </head> <body> <div class="InFrmDiv"> <?php printBlog(10); ?> <form action="../include/savBlog.php" method="post" class="mainForm"> <div class="blogDivTextarea"> <textarea class="blogTextarea" name="blog"></textarea> </div> <div class="blogDivSave"> <input type="submit" class="blogSave" value="<?php print libBLOG; ?> "> </div> </form> </div> </body> </html>
$insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)";
$rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, htmlspecialchars($_POST['blogComment'])));
header("Location: blog-ex-comment-user.php");
} else {
if (isset($_GET['entry_id'])) {
$entry_id = $_GET['entry_id'];
//id of the entry that was liked
$posting_user = $_GET['posting_user'];
// the author of the post
// delete the post, as well as any comments and likes that have been made on that post
// to make sure that no one can alter the GET values to delete someone else's post,
// make sure that the supposed author of the post matches the logged-in user
if (!strcmp($posting_user, $poster)) {
$preparedquery = "delete from likes where entry_id = ?";
$resultset = prepared_query($dbh, $preparedquery, array($entry_id));
$preparedquery2 = "delete from comments where entry_id = ?";
$resultset2 = prepared_query($dbh, $preparedquery2, array($entry_id));
$preparedquery3 = "delete from blog_entry where entry_id = ?";
$resultset3 = prepared_query($dbh, $preparedquery3, array($entry_id));
}
header("Location: blog-ex-comment-user.php");
}
}
printBlog($dbh, $poster);
?>
</body>
</html>
?> <?php include_once 'nodes/headerimg.php'; ?> </head> <body class="page_homepage"> <?php include 'nodes/header.php'; ?> <div id="frame" class="frame"> <section class="content"> <?php printBlog(); ?> <footer> <?php buildPageNav(); ?> </footer> </section> <?php include 'nodes/sidebar.php'; ?> </div>
