<?php session_start(); require_once("./backend/mysqli.php"); $friendname = strip_tags($_POST['friendname']); $friendid = strip_tags($_POST['friendid']); $username = strip_tags($_SESSION['username']); $userid = intval($_SESSION['userid']); $value = strip_tags($_POST['message']); /* addiou add's a debt FROM the User, TO the Friend (User owes Friend) * adddebt add's a debt TO the User, FROM the Friend (Friend owes User) */ try { $db = new dbWrapper(); if ($friendid==0 || $friendid=="0") { $possibleuser = $db->q("SELECT IF(`from`=?,`from_id`,IF(`to`=?,`to_id`,?)) AS possibleid FROM debts WHERE `from`=? OR `to`=? LIMIT 1","sssss",$friendname,$friendname,$friendname,$friendname,$friendname); if (sizeof($possibleuser)>0) { $friendid = $possibleuser[0]['possibleid']; } else { $friendid = $username; } } $value_type = (is_numeric($value)) ? "value_money" : "value_item"; $bindstr = (is_numeric($value)) ? "dssss" : "sssss"; $db->q("INSERT INTO debts SET `$value_type`=?,`from_id`=?,`from`=?,`to_id`=?,`to`=?",$bindstr,$value,$userid,$username,$friendid,$friendname); echo $db->handle()->insert_id; } catch (Exception $e) { echo "Sorry, there was an error.".$e->getMessage(); exit();
echo "Sorry, there was an error.<br/>".$e->getMessage(); exit(); } ?> </span><span id="rightcolumn"></span></span></section> <div class="devider"></div> <section class="feed"> <header id="feed">Feed</header> <span id="row"><span id="leftcolumn"></span><span id="centercolumn"> <section> <?php try { $db = new dbWrapper(); $debts = $db->q("SELECT debts.*, IF(value_item='',CONCAT('$',value_money),value_item) AS value FROM debts WHERE from_id=? OR to_id=? ORDER BY made DESC","ss",$_SESSION['userid'],$_SESSION['userid']); if (sizeof($debts)==0) { echo "<section class='record'><header>You owe no one anything, and no one owes you!</header></section>"; } foreach ($debts as $debt) { echo "<section class='record"; if ($debt['paid']!='0000-00-00') { echo " recorddone'>"; } else { echo "'>"; } echo "<header><a href='http://socialiou.com/viewcomment.php?id=".intval($debt['id'])."'><strong>".stripcslashes(strip_tags($debt['from']))."</strong> owes <strong>".stripcslashes(strip_tags($debt['value']))."</strong> to <strong>".stripcslashes(strip_tags($debt['to']))."</strong>.</a></header>"; $comments = $db->q("SELECT * FROM comments WHERE debtid=?","i",$debt['id']); foreach ($comments as $comment) { echo "<article><h1>".strip_tags(stripcslashes($comment['author']))."</h1>";
<?php if (isset($_SESSION['token']) && !empty($_SESSION['token'])) { echo "<div id='profile'>"; echo "<img class='profilepicture' onerror=\"alert('Sorry, you need to log in again.');window.location.href = './?expired=true&redirect_to='+escape(window.location.href);\" src='https://graph.facebook.com/me/picture?access_token=".$_SESSION['token']."' />"; echo "<h1 class='profileusername'>Hi, ".$_SESSION['username']."</h1>"; echo "</div>"; } ?> <section><header> <?php $found = true; try { $db = new dbWrapper(); $debt = $db->q("SELECT debts.*,IF(value_item='',CONCAT('$',value_money),value_item) AS value FROM debts WHERE id=?","i",$viewid); if (sizeof($debt)>0) { $debt = $debt[0]; echo "<strong>".$debt['from']."</strong> owes <strong>".$debt['value']."</strong> to <strong>".$debt['to']."</strong>"; } else { echo "Sorry, we could not find that IOU."; $found = false; } } catch (Exception $e) { echo "Sorry, there was an error.<br/>"; exit(); } ?> </header><span id="row"><span id="leftcolumn"></span><span id="centercolumn" class='record <?php if ($debt['paid']!='0000-00-00')
<?php require_once("backend/mysqli.php"); try { $db = new dbWrapper(); $page = isset($_GET['p']) ? $_GET['p'] : "Unknown"; $db->q("INSERT INTO visitorlog SET ip=?,xforwarded=?,page=?, useragent=?", "ssss", $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_X_FORWARDED_FOR'], $page, $_SERVER['HTTP_USER_AGENT']); } catch(Exception $e) { //meh } ?>
<?php session_start(); require_once("backend/mysqli.php"); try { $db = new dbWrapper(); if (isset($_SESSION['token']) && isset($_POST['id'])) { $debt = $db->q("SELECT * FROM debts WHERE id=? AND (from_id=? OR to_id=?)","iss",$_POST['id'],$_SESSION['userid'],$_SESSION['userid']); if (sizeof($debt)) { $db->q("UPDATE debts SET paid='0000-00-00' WHERE id=?","i",$_POST['id']); echo "done"; } else { header("HTTP/1.0 401 Unauthorised"); } } } catch (Exception $e) { echo "Sorry, there was an error."; exit(); } ?>
<?php session_start(); require_once("backend/mysqli.php"); try { $db = new dbWrapper(); if (isset($_SESSION['token']) && isset($_POST['comment']) && isset($_POST['id'])) { $author = strip_tags($_SESSION['username']); $authorid = strip_tags($_SESSION['userid']); $comment = strip_tags($_POST['comment']); $debtid = intval($_POST['id']); $db->q("INSERT INTO comments SET author=?, author_id=?, comment=?, debtid=?","sssi",$author,$authorid, $comment, $debtid); } } catch (Exception $e) { echo "Sorry, there was an error.<br/>"; exit(); } ?>