if ($db->query("INSERT INTO " . table_prefix . "likes SET like_update_id='{$_GET['lid']}', like_user_id='{$current_user->user_id}'")) { $db->query("UPDATE " . table_prefix . "updates SET update_likes=update_likes+1 WHERE update_id='{$_GET['lid']}'"); } else { $db->query("DELETE FROM " . table_prefix . "likes WHERE like_update_id='{$_GET['lid']}' AND like_user_id='{$current_user->user_id}'"); $db->query("UPDATE " . table_prefix . "updates SET update_likes=update_likes-1 WHERE update_id='{$_GET['lid']}'"); } $count = $db->get_var("SELECT COUNT(*) FROM " . table_prefix . "likes WHERE like_update_id='{$_GET['lid']}'"); print $count; exit; } elseif (is_numeric($_GET['hid'])) { $db->query("UPDATE " . table_users . " SET status_excludes=IF(status_excludes!='',CONCAT(status_excludes,'" . ',' . $_GET['hid'] . "'),'" . $_GET['hid'] . "') WHERE user_id='{$current_user->user_id}'"); } elseif (is_numeric($_GET['id'])) { $sql = "SELECT SQL_CALC_FOUND_ROWS * FROM " . table_prefix . "updates a\r\n\t\t\tLEFT JOIN " . table_prefix . "likes ON like_user_id={$current_user->user_id} AND like_update_id=update_id\r\n\t\t\tLEFT JOIN " . table_friends . " b ON a.update_user_id=b.friend_to\r\n\t\t\tLEFT JOIN " . table_users . " c ON a.update_user_id=c.user_id\r\n\t\t\tWHERE update_id={$_GET['id']}"; $update = $db->get_row($sql); if ($update->update_id) { $main_smarty->assign('posttitle', 'Status Update #' . $_GET['id']); $main_smarty->assign('update', get_object_vars($update)); $main_smarty->assign('settings', get_status_settings()); $main_smarty->assign('current_user', get_object_vars($current_user)); $main_smarty->assign('current_username', '@' . $current_user->user_login); $main_smarty->assign('tpl_center', '../modules/status/templates/status_permalink'); $main_smarty->display($the_template . '/pligg.tpl'); exit; } } } if ($_SERVER['HTTP_REFERER']) { header("Location: " . $_SERVER['HTTP_REFERER']); } else { header("Location: " . getmyurl('user2', $current_user->user_login, 'profile')); }
function status_showpage() { global $db, $main_smarty, $the_template; include_once 'config.php'; include_once mnminclude . 'html1.php'; include_once mnminclude . 'link.php'; include_once mnminclude . 'tags.php'; include_once mnminclude . 'smartyvariables.php'; $main_smarty = do_sidebar($main_smarty); force_authentication(); $canIhaveAccess = 0; $canIhaveAccess = $canIhaveAccess + checklevel('admin'); if ($canIhaveAccess == 1) { if ($_POST['submit']) { if ($_REQUEST['status_level']) { $level = join(',', $_REQUEST['status_level']); } if ($_REQUEST['status_profile_level']) { $level1 = join(',', $_REQUEST['status_profile_level']); } $_REQUEST = str_replace('"', "'", $_REQUEST); misc_data_update('status_level', mysql_real_escape_string($level)); misc_data_update('status_profile_level', mysql_real_escape_string($level1)); misc_data_update('status_switch', mysql_real_escape_string($_REQUEST['status_switch'])); misc_data_update('status_allowsearch', mysql_real_escape_string($_REQUEST['status_allowsearch'])); misc_data_update('status_place', mysql_real_escape_string($_REQUEST['status_place'])); misc_data_update('status_pre_format', mysql_real_escape_string($_REQUEST['status_pre_format'])); misc_data_update('status_post_format', mysql_real_escape_string($_REQUEST['status_post_format'])); misc_data_update('status_pre_comment', mysql_real_escape_string($_REQUEST['status_pre_comment'])); misc_data_update('status_post_comment', mysql_real_escape_string($_REQUEST['status_post_comment'])); misc_data_update('status_pre_story', mysql_real_escape_string($_REQUEST['status_pre_story'])); misc_data_update('status_post_story', mysql_real_escape_string($_REQUEST['status_post_story'])); misc_data_update('status_pre_username', mysql_real_escape_string($_REQUEST['status_pre_username'])); misc_data_update('status_post_username', mysql_real_escape_string($_REQUEST['status_post_username'])); misc_data_update('status_pre_search', mysql_real_escape_string($_REQUEST['status_pre_search'])); misc_data_update('status_post_search', mysql_real_escape_string($_REQUEST['status_post_search'])); misc_data_update('status_pre_submit', mysql_real_escape_string($_REQUEST['status_pre_submit'])); misc_data_update('status_post_submit', mysql_real_escape_string($_REQUEST['status_post_submit'])); misc_data_update('status_email', mysql_real_escape_string($_REQUEST['status_email'])); misc_data_update('status_clock', mysql_real_escape_string($_REQUEST['status_clock'])); misc_data_update('status_permalinks', mysql_real_escape_string($_REQUEST['status_permalinks'])); misc_data_update('status_inputonother', mysql_real_escape_string($_REQUEST['status_inputonother'])); misc_data_update('status_show_permalin', mysql_real_escape_string($_REQUEST['status_show_permalinks'])); misc_data_update('status_results', mysql_real_escape_string($_REQUEST['status_results'])); misc_data_update('status_max_chars', mysql_real_escape_string($_REQUEST['status_max_chars'])); misc_data_update('status_avatar', mysql_real_escape_string($_REQUEST['status_avatar'])); misc_data_update('status_groups', mysql_real_escape_string($_REQUEST['status_groups'])); misc_data_update('status_users', mysql_real_escape_string($_REQUEST['status_users'])); misc_data_update('status_user_switch', mysql_real_escape_string($_REQUEST['status_user_switch'])); misc_data_update('status_user_friends', mysql_real_escape_string($_REQUEST['status_user_friends'])); misc_data_update('status_user_story', mysql_real_escape_string($_REQUEST['status_user_story'])); misc_data_update('status_user_comment', mysql_real_escape_string($_REQUEST['status_user_comment'])); misc_data_update('status_user_group', mysql_real_escape_string($_REQUEST['status_user_group'])); misc_data_update('status_user_email', mysql_real_escape_string($_REQUEST['status_user_email'])); $db->query("ALTER TABLE " . table_users . " \r\n\t\t\t\t\tCHANGE `status_switch` `status_switch` TINYINT(1) DEFAULT '" . ($_REQUEST['status_user_switch'] + 0) . "',\r\n\t\t\t\t\tCHANGE `status_friends` `status_friends` TINYINT(1) DEFAULT '" . ($_REQUEST['status_user_friends'] + 0) . "',\r\n\t\t\t\t\tCHANGE `status_story` `status_story` TINYINT(1) DEFAULT '" . ($_REQUEST['status_user_story'] + 0) . "',\r\n\t\t\t\t\tCHANGE `status_comment` `status_comment` TINYINT(1) DEFAULT '" . ($_REQUEST['status_user_comment'] + 0) . "',\r\n\t\t\t\t\tCHANGE `status_group` `status_group` TINYINT(1) DEFAULT '" . ($_REQUEST['status_user_group'] + 0) . "',\r\n\t\t\t\t\tCHANGE `status_email` `status_email` TINYINT(1) DEFAULT '" . ($_REQUEST['status_user_email'] + 0) . "'"); header("Location: " . my_pligg_base . "/module.php?module=status"); die; } // breadcrumbs $main_smarty->assign('navbar_where', $navwhere); $main_smarty->assign('posttitle', " / " . $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel')); // breadcrumbs define('modulename', 'status'); $main_smarty->assign('modulename', modulename); define('pagename', 'admin_modifystatus'); $main_smarty->assign('pagename', pagename); $main_smarty->assign('settings', get_status_settings()); $main_smarty->assign('tpl_center', status_tpl_path . 'status_main'); $main_smarty->display($template_dir . '/admin/admin.tpl'); } else { header("Location: " . getmyurl('login', $_SERVER['REQUEST_URI'])); } }