<?php if (isset($selected_user)) { unset($selected_user); } if ($logged_in && isset($_GET["user_id"])) { $dao = new DAO(false); $user_request = $dao->escape($_GET["user_id"]); $properties = array("user_id", "user_name", "user_picture", "course_name", "university_name"); $dao->myquery("SELECT " . implode(",", $properties) . " FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON course.university_id=university.university_id WHERE user_id=\"{$user_request}\";"); if ($dao->fetch_num_rows() > 0) { //User exists $selected_user = $dao->fetch_one_obj_part($properties); $friends_query = "SELECT * FROM connection WHERE (user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\") OR " . "(user_id2=\"{$user->user_id}\" AND user_id1=\"{$selected_user->user_id}\");"; $dao->myquery($friends_query); $is_friend = $dao->fetch_num_rows() != 0 || $selected_user->user_id == $user->user_id || $selected_user->user_id == 1; // I am friends with myself $selected_user->is_friend = $is_friend; $dao->myquery("SELECT * FROM friend_request WHERE user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\";"); $selected_user->request_sent = $dao->fetch_num_rows() != 0; $_SESSION["selected_user"] = $selected_user; unset($_SESSION["selected_cohort"]); } }
<?php include "../util/session.php"; include_once "../util/mysql.php"; include "../util/redirect.php"; $f = "../img/dp1.jpg"; if (isset($_GET["user_id1"])) { $dao = new DAO(false); $user_id1 = $dao->escape($_GET["user_id1"]); $dao->myquery("SELECT user_picture FROM user WHERE user_id=\"{$user_id1}\";"); $user1 = $dao->fetch_one_obj_part(array("user_picture")); $f = "../profile_pictures/" . $user1->user_picture; if (!$user1->user_picture || !file_exists($f)) { $f = "../img/dp1.jpg"; } header('Content-Type: image/jpeg'); header("Content-Disposition: inline; filename=\"{$user1->user_picture}\""); readfile($f); }
<?php include "../util/session.php"; include "../util/redirect.php"; include "../util/pwd.php"; include_once "../util/mysql.php"; $redirect = "/"; if (isset($_POST["r"]) && $_POST["r"] != "") { $redirect = htmlspecialchars($_POST["r"]); } if (isset($_POST["user_email"]) && isset($_POST["user_password"]) && $_POST["user_email"] != "" && $_POST["user_password"] != "") { $dao = new DAO(); $user_email = $dao->escape($_POST["user_email"]); $user_password = $dao->escape(salt($_POST["user_password"])); $user_query = "SELECT user_id,user_name,user_email,cohort_id,user_picture FROM user WHERE user_email=\"{$user_email}\" AND user_password=\"{$user_password}\";"; $dao->myquery($user_query); if ($dao->fetch_num_rows() == 1) { $_SESSION["user"] = $dao->fetch_one_obj_part(array("user_id", "user_name", "user_email", "cohort_id", "user_picture")); unset($_SESSION["selected_user"]); redirect($redirect); //Go to the redirect link } else { redirect("../../welcome/?&m=2&r=" . $redirect . "&user_email=" . htmlspecialchars($user_email)); } } else { redirect("../../welcome/?m=3" . (isset($_POST["user_email"]) ? "&user_email=" . $_POST["user_email"] : "") . "&r=" . $redirect); }