function profile_fetch($options) { $options['viewer'] = isset($options['viewer']) ? $options['viewer'] : (login_checklogin() ? $_SESSION['login']['id'] : 0); //preint_r(array('viewer' => $options['viewer'], 'userblock_check' => userblock_check($options['user_id'], $options['viewer'])), 'Joel är en testare!'); if ($options['viewer'] > 0 && userblock_check($options['user_id'], $options['viewer']) == 1) { $options['error_message'] = 'Användaren har blockerat dig.'; } else { $query = 'SELECT l.username, l.lastaction, l.lastlogon, u.gender, u.birthday, u.image, u.user_status, u.profile_theme, u.gb_entries, z.spot, z.zip_code, z.x_rt90, z.y_rt90, u.presentation_text, p.gb_anti_p12'; $query .= ' FROM login AS l, userinfo AS u, zip_codes AS z, preferences AS p'; $query .= ' WHERE l.id = "' . $options['user_id'] . '" AND u.userid = l.id AND z.zip_code = u.zip_code AND p.userid = l.id'; if (!isset($options['show_removed_users']) || isset($options['show_removed_users']) && $options['show_removed_users'] == false) { $query .= ' AND l.is_removed = 0'; } $query .= ' LIMIT 1'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); if (mysql_num_rows($result) > 0) { $data = mysql_fetch_assoc($result); if (strlen($data['presentation_text']) == 0) { $old_presentation_query = 'SELECT freetext AS presentation_text FROM traffa_freetext WHERE userid = "' . $options['user_id'] . '" LIMIT 1'; $result = mysql_query($old_presentation_query) or report_sql_error($old_presentation_query); if (mysql_num_rows($old_presentation_result) > 0) { $old_presentation = mysql_fetch_assoc($old_presentation_result); $options['presentation_text'] = $old_presentation['presentation_text']; profile_presentation_save($options); } else { $options['presentation_text'] = 'Användaren har inte skapat någon presentation ännu.'; } } $options = array_merge($options, $data); } else { $options['error_message'] = 'Den användaren hittade vi tyvärr inte.'; } } return $options; }
function messages_can_send($sender, $recipient, $title, $message) { $return = null; if ($recipient == 2348) { $return .= 'Webmaster är ett administrationskonto som inte används av någon människa.'; $return .= 'Använd forumet eller hamsterpaj -> Support för att ställa en fråga om siten.' . "\n"; } if (strlen($title) < MESSAGES_MIN_TITLE_STRLEN) { $return .= 'Titeln måste vara minst ' . MESSAGES_MIN_TITLE_STRLEN . ' tecken lång.' . "\n"; } if (strlen($title) > MESSAGES_MAX_TITLE_STRLEN) { $return .= 'Titeln får inte vara mer än ' . MESSAGES_MAX_TITLE_STRLEN . ' tecken lång.' . "\n"; } if (trim($title) == '') { $return .= 'Titeln måste vara minst ' . MESSAGES_MIN_TITLE_STRLEN . ' tecken lång.' . "\n"; } if (!is_numeric($recipient)) { $return .= 'Det verkar som om mottagare har angivits felaktigt. Detta är ett internt serverfel och bör aldrig kunna inträffa. Kontakta administratör.' . "\n"; } if (strlen($message) < MESSAGES_MIN_MESSAGE_STRLEN) { $return .= 'Du måste skriva minst ' . MESSAGES_MIN_MESSAGE_STRLEN . ' tecken i ditt meddelande.' . "\n"; } $message_check = content_check($message); if ($message_check != 1) { $return .= $message_check . "\n"; } $title_check = content_check($title); if ($title_check != 1) { $return .= $title_check . "\n"; } if (userblock_check($recipient, $sender) == 1) { $return .= 'Mottagaren har blockerat dig och meddelandet kan därför inte levereras.' . "\n"; } if (strlen($return) > 1) { return $return; } return true; }
echo '<html><head><title>Svara</title>'; echo '<link href="/stylesheets/ui.css.php" rel="stylesheet" type="text/css">'; echo '<link href="/stylesheets/buttons.css" rel="stylesheet" type="text/css">'; echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'; echo '</head>'; if ($_GET['action'] == 'reply') { echo '<body onload="document.forms[0].message.focus()">'; } else { echo '<body>'; } echo '<div id="main" style="padding: 5px; width: 215px; height: 170px; margin-top: 10px;">'; if (login_checklogin()) { if ($_GET['action'] == 'reply') { draw_reply_form(htmlspecialchars($_GET['username']), $_GET['userid'], $_GET['answereid']); } elseif ($_GET['action'] == 'send_reply') { if (userblock_check($_GET['userid'], $_SESSION['login']['id']) == 1) { jscript_alert('Den användare som du har angivit som mottagare har blockerat dig, och ditt meddelande kan därför inte skickas!'); echo '<script language="javascript">history.go(-1);</script>'; die; } /* if(644314 == $_SESSION['login']['id']) log_to_file('henrik', LOGLEVEL_DEBUG, __FILE__, __LINE__, $_POST['message']); */ $spamval = spamcheck($_SESSION['login']['id'], $_POST['message']); if ($spamval == 1) { echo '<script language="javascript">setTimeout(\'window.close();\',500);</script>'; new_entry($_GET['userid'], $_SESSION['login']['id'], $_POST['message'], $_POST['is_private'], $_GET['answereid']); echo '<h1>Inlägget skickat!</h1>'; } else { echo '<script language="javascript">alert("' . $spamval . '");</script>';
<?php session_start(); require '../include/core/common.php'; if ($_GET['action'] == 'comment' && $_SESSION['login']['id'] > 0) { if ($_SESSION['photoalbum']['comments'][$_POST['photo_id']] > time() - PHOTOALBUM_COMMENT_TIME) { jscript_alert('Hey, du kommenterade ju detta fotot nyss!'); } elseif (strlen($_POST['text']) < 4) { jscript_alert('Lite väl kort kommentar det där va?'); } else { /* Check if user is blocked */ $query = 'SELECT owner FROM photos WHERE id ="' . $_POST['photo_id'] . '"'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $data = mysql_fetch_assoc($result); if (userblock_check($data['owner'], $_SESSION['login']['id']) == 1) { jscript_alert('Den gubben gick inte, du är blockerad :('); exit; } $query = 'INSERT INTO comments(type, item_id, user, timestamp, text) VALUES("photos", "' . $_POST['photo_id'] . '", ' . $_SESSION['login']['id'] . ', UNIX_TIMESTAMP(), "' . htmlspecialchars($_POST['text']) . '")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); echo '<script>' . "\n"; echo 'window.location = "iframe.php?id=' . $_POST['photo_id'] . '";'; echo '</script>'; $_SESSION['photoalbum']['comments'][$_POST['photo_id']] = time(); } } elseif ($_GET['action'] == 'delete' && $_SESSION['login']['id'] > 0 && is_numeric($_GET['photo_id']) && is_numeric($_GET['comment_id'])) { $query = 'SELECT owner FROM photos WHERE id = "' . $_GET['photo_id'] . '" LIMIT 1'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $data = mysql_fetch_assoc($result); if ($data['owner'] == $_SESSION['login']['id']) { $query = 'DELETE FROM comments WHERE item_id = "' . $_GET['photo_id'] . '" AND id = "' . $_GET['comment_id'] . '" LIMIT 1';