$tabla2sql = "CREATE TABLE IF NOT EXISTS `mt_group` (\n `id_group` int(6) unsigned NOT NULL auto_increment,\n `group_name` varchar(150) default NULL,\n `group_desc` varchar(255) default NULL,\n `admin_id` int(6) NOT NULL,\n `members` tinytext,\n `members_twitter` text,\n PRIMARY KEY (`id_group`)\n) ENGINE=MyISAM DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC AUTO_INCREMENT=1;";
$tabla2 = mysql_query($tabla2sql);
if ($tabla2) {
echo "<li>Hemos creado las tabla <strong>mt_group</strong> en la base de datos...</li>";
}
$tabla3sql = "CREATE TABLE IF NOT EXISTS `mt_statuses` (\n `status_id` mediumint(10) unsigned NOT NULL auto_increment,\n `user_id` smallint(5) NOT NULL,\n `status` varchar(150) collate utf8_spanish_ci NOT NULL,\n `date_set` datetime NOT NULL,\n PRIMARY KEY (`status_id`)\n) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_spanish_ci AUTO_INCREMENT=1;";
$tabla3 = mysql_query($tabla3sql);
if ($tabla3) {
echo "<li>Hemos creado las tabla <strong>mt_statuses</strong> en la base de datos...</li>";
}
$tabla4sql = "CREATE TABLE IF NOT EXISTS `mt_users` (\n `id_usr` int(6) unsigned NOT NULL auto_increment,\n `nombre` char(255) character set utf8 collate utf8_unicode_ci default NULL,\n `apellidos` char(255) character set utf8 collate utf8_unicode_ci default NULL,\n `nick` char(255) character set utf8 collate utf8_unicode_ci default NULL,\n `password` char(55) character set utf8 collate utf8_unicode_ci default NULL,\n `correo` char(255) character set utf8 collate utf8_unicode_ci default NULL,\n `dia` int(2) NOT NULL,\n `mes` int(2) NOT NULL,\n `anio` int(4) NOT NULL,\n `country` varchar(255) collate utf8_bin NOT NULL,\n `state` varchar(255) collate utf8_bin NOT NULL,\n `sex` varchar(15) collate utf8_bin NOT NULL,\n `bio` varchar(255) collate utf8_bin NOT NULL,\n `gravatar` varchar(3) character set utf8 collate utf8_unicode_ci NOT NULL,\n `timeline` varchar(3) collate utf8_bin NOT NULL,\n `twitter` varchar(3) collate utf8_bin NOT NULL,\n `accounts` varchar(255) collate utf8_bin NOT NULL,\n `follow` text collate utf8_bin NOT NULL,\n `showing` varchar(160) collate utf8_bin NOT NULL,\n `rol` varchar(1) NOT NULL,\n `admin` int(1) NOT NULL,\n PRIMARY KEY (`id_usr`),\n UNIQUE KEY `nick` (`nick`),\n UNIQUE KEY `correo` (`correo`)\n) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1;";
$tabla4 = mysql_query($tabla4sql);
if ($tabla4) {
echo "<li>Hemos creado las tabla <strong>mt_users</strong> en la base de datos...</li>";
}
$insert_admin = "INSERT INTO mt_users (id_usr, nick, password,correo,admin) VALUES ('1','" . avoid_injection($nick) . "','" . avoid_injection(md5($adminpass)) . "','" . avoid_injection($adminemail) . "','1')";
$ok = mysql_query($insert_admin);
if ($ok) {
echo "<li>Hemos insertado el primer registro en la base de datos.</li>";
} else {
echo "<li>Ups, parece que hubo un error al insertar los datos del administrador.</li>";
}
$configdata = '<?php
/*mysql data connect*/
$host = "' . $host . '";
$user = "******";
$pass = "******";
$db = "' . $dbname . '";
/*Url MT folder*/
$pth = "' . $installpth . '";
if ($group_name == "") {
echo $indexphp_crg3;
} else {
$tmemberus = "";
$grup = "INSERT INTO mt_group (id_group, group_name, group_desc,admin_id,members, members_twitter) VALUES ('','" . avoid_injection($group_name) . "','" . avoid_injection($group_desc) . "','" . avoid_injection($id_usr) . "','" . avoid_injection($memberus) . "','" . avoid_injection($tmemberus) . "')";
mysql_query($grup, $connuni) or die(mysql_error());
echo $indexphp_crg4 . " <b>{$group_name}</b> " . $indexphp_crg5 . "<br>\n\t<br>";
}
echo "<br><a id=\"nuevo\" href=\"index.php\">" . $indexphp_goback2 . "</a><br><br>";
echo "</div><br>";
//DELETE INTERNAL GROUP
} elseif ($_POST["delete_group_id"]) {
echo "<div class=\"contenidonormalb\">";
echo "<div class=\"bri\">";
$grup_id = $_POST["delete_group_id"];
$grup = "DELETE FROM mt_group WHERE id_group='" . avoid_injection($grup_id) . "'";
mysql_query($grup, $connuni) or die(mysql_error());
echo "<h3>" . $indexphp_crg11 . " " . $grup_id . " " . $indexphp_crg12 . "</h3>\n";
echo "<br><br><a id=\"nuevo\" href=\"index.php\">" . $indexphp_goback2 . "</a><br><br>";
echo "</div><br>";
} else {
displayLogin();
#######################
## SIDEBAR PEOPLE ##
#######################
?>
<!-- People sidebar -->
<?php
if (!$logged_in) {
?>
include "./inc/functions.php";
?>
<?php
//header('Content-Type: text/xml; charset=UTF-8');
?>
<?php
echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";
?>
<rss version="0.92">
<?php
$user = idfromnick($_GET["user"]);
if ($_GET["user"]) {
$sql2 = "SELECT status_id,user_id,status, DATE_FORMAT(date_set,'%M %e, %Y @ %l:%i:%s %p') AS ds FROM mt_statuses WHERE user_id='" . avoid_injection($user) . "' ORDER BY date_set DESC limit 15";
} else {
$sql2 = "SELECT status_id,user_id,status, DATE_FORMAT(date_set,'%M %e, %Y @ %l:%i:%s %p') AS ds FROM mt_statuses ORDER BY date_set DESC limit 15";
}
$resultado2 = mysql_query($sql2, $connuni);
if ($_GET["user"]) {
echo " <channel>\n <title>miniTwitter / " . name_hide($user) . "</title>\n <link>" . $pth . "index.php?user="******"</link>\n <description>miniTwitter updates from " . name_hide($user) . "</description>\n <language>en-us</language>\n <ttl>15</ttl>";
} else {
echo " <channel>\n <title>miniTwitter / Public Timeline</title>\n <link>" . $pth . "index.php</link>\n <description>miniTwitter updates from Public Timeline</description>\n <language>en-us</language>\n <ttl>15</ttl>";
}
while ($row2 = mysql_fetch_array($resultado2)) {
echo "<item>\n <title>" . name_hide($row2["user_id"]) . ": " . $row2["status"] . "</title>\n <description>" . name_hide($row2["user_id"]) . ": " . $row2["status"] . "</description>\n <pubDate>" . $row2["ds"] . "</pubDate>\n </item>";
}
echo "</channel>";
echo "</rss>";
?>
<?php
if ($logged_in) {
//Query to Know id login
$queryv = "SELECT id_usr, correo, gravatar, timeline, follow, showing, rol FROM mt_users WHERE nick='" . avoid_injection($_SESSION[usernameuniversal]) . "' LIMIT 1";
$resultv = mysql_query($queryv, $connuni) or die(mysql_error() . ': ' . $queryv);
while ($rowv = mysql_fetch_assoc($resultv)) {
$id_usr = $rowv['id_usr'];
$grav = $rowv['gravatar'];
$correo_gra = $rowv['correo'];
$timeline = $rowv['timeline'];
$twitter = $rowv['twitter'];
$follow = $rowv['follow'];
$show = $rowv['showing'];
$rol = $rowv['rol'];
}
//Set user session id = $id_usr
$_SESSION['user_id'] = $id_usr;
}
<br>
<div style="clear: both;"></div>
<input type="submit" name="groupform" value="Group it!">
</form>
</small>
</div>
<!-- fin de formulario-->
<div style="clear: both;"></div>
<?php
$following = explode(",", $row["follow"]);
$i = 0;
$p = 0;
while ($following[$i] == true) {
//Mis seguidos
$queryw = "SELECT id_usr,nick,correo, gravatar FROM mt_users Where id_usr = '******' LIMIT 1";
$resultw = mysql_query($queryw, $connuni) or die(mysql_error() . ': ' . $queryw);
while ($ruw = mysql_fetch_assoc($resultw)) {
$array_names_minitwitter = name_hide($following[$i]);
$compare_w_t .= $array_names_minitwitter . "|";
if ($p <= 11) {
if ($ruw["gravatar"] == "yes") {
echo "<a href=\"index.php?user="******"id_usr"] . "\" title=\"" . $ruw["nick"] . "\" onmouseover=\"Tip('";
echo "<b>" . $ruw["nick"] . ": </b>";
echo last($ruw["id_usr"]);
echo "', BALLOON, true, ABOVE, true, OFFSETX, -17, PADDING, 8)\" onmouseout=\"UnTip()\">";
echo "<img width=\"48\" border=\"1\" align=\"left\" style=\"margin: 3px;\" src=\"";
$grav_correow = $ruw["correo"];
echo getGravatarUrl($grav_correow, $defImg, "80", "G");
echo "\" alt=\"Gravatar\"></a>";
} else {
function loop($id_usr, $type, $userloop, $follow, $tabnumber, $id_group)
{
include './inc/config.php';
$connuni = @mysql_connect($host, $user, $pass);
@mysql_select_db($db, $connuni);
echo "<!-- START TAB " . $tabnumber . " -->";
echo "<div id=\"country" . $tabnumber . "\" class=\"tabcontent\">\n\t<div id=\"statuses\">";
//Choose type!
if ($type == "Public timeline") {
$sql0 = "SELECT status_id,user_id,status, DATE_FORMAT(date_set,'%M %e, %Y @ %l:%i:%s %p') AS ds FROM mt_statuses ORDER BY date_set DESC";
} elseif ($type == "Following") {
$long = strlen($follow);
//echo $long;
$long_m = $long - 1;
//echo $long_m;
$follow_m = substr($follow, -$long, $long_m);
//echo $follow_m;
$sql0 = "SELECT status_id,user_id,status, DATE_FORMAT(date_set,'%M %e, %Y @ %l:%i:%s %p') AS ds FROM mt_statuses WHERE user_id IN (" . avoid_injection($follow_m) . ") ORDER BY date_set DESC";
//This is to show user updates with following option to show OR user_id='$id_usr'
} elseif ($type == "User") {
$usern = name_hide($userloop);
$sql0 = "SELECT status_id,user_id,status, DATE_FORMAT(date_set,'%M %e, %Y @ %l:%i:%s %p') AS ds FROM mt_statuses WHERE user_id='" . avoid_injection($userloop) . "' OR status LIKE '%@" . avoid_injection($usern) . "%' ORDER BY date_set DESC";
}
/*For all*/
/*get page*/
$registros = 15;
$pagina = $_GET["pagina"];
if (!$pagina) {
$inicio = 0;
$pagina = 1;
} else {
$inicio = ($pagina - 1) * $registros;
}
/*end get page*/
$r0 = mysql_query($sql0, $connuni) or die('La consulta falló:' . mysql_error($enlace));
$total_registros = mysql_num_rows($r0);
if ($type == "User") {
$usern = name_hide($userloop);
$query = "SELECT status_id,user_id,status, DATE_FORMAT(date_set,'%M %e, %Y @ %l:%i:%s %p') AS ds FROM mt_statuses WHERE user_id='" . avoid_injection($userloop) . "' OR status LIKE '%@" . avoid_injection($usern) . "%' ORDER BY date_set DESC LIMIT {$inicio}, {$registros}";
} elseif ($type == "Following") {
$long = strlen($follow);
//echo $long;
$long_m = $long - 1;
//echo $long_m;
$follow_m = substr($follow, -$long, $long_m);
//echo $follow_m;
$query = "SELECT status_id,user_id,status, DATE_FORMAT(date_set,'%M %e, %Y @ %l:%i:%s %p') AS ds FROM mt_statuses WHERE user_id IN (" . avoid_injection($follow_m) . ") ORDER BY date_set DESC LIMIT {$inicio}, {$registros}";
//This is to show user updates with following option to show OR user_id='$id_usr'
} elseif ($type == "Public timeline") {
$query = "SELECT status_id,user_id,status, DATE_FORMAT(date_set,'%M %e, %Y @ %l:%i:%s %p') AS ds FROM mt_statuses ORDER BY date_set DESC LIMIT {$inicio}, {$registros}";
}
$result = mysql_query($query, $connuni) or die(mysql_error() . ': ' . $query);
$total_paginas = ceil($total_registros / $registros);
//This table was for pagination but I changed it for another one without js
//Page links an title
echo "<table width=\"445\"><thead>\n\t\n\t<tr>\n\t<td>";
if ($id_group != "") {
echo "<form style=\"float: right;margin-top: 3px; margin-right: 3px; position: absolute;\" action=\"\" name=\"delete_group\" method=\"post\">";
echo "<input type=\"image\" src=\"" . $pth . "inc/icons/gr_dl.png\" name=\"delete_group_id\" value=\"" . $id_group . "\">";
echo "</form>";
$des = "SELECT group_desc, members FROM mt_group WHERE id_group='" . avoid_injection($id_group) . "'";
$resultdes = mysql_query($des, $connuni) or die(mysql_error() . ': ' . $query);
while ($row = mysql_fetch_assoc($resultdes)) {
echo "<div style=\"margin-left: 25px;\">";
echo $row["group_desc"];
$members_message = explode(",", $row["members"]);
$b = 0;
while ($members_message[$b]) {
$namem = name_hide($members_message[$b]);
$group_replie .= "@" . $namem . " ";
$b = $b + 1;
}
echo " <a href=\"#\" style=\"border: 0px;float: right;\" onclick=\"insertAtCaret('status','" . $group_replie . "');\"><img border=0 src=\"./inc/icons/group_go.png\"></a>";
echo "</div>";
}
}
echo "</td></tr></thead><tbody>";
//loop
while ($row = mysql_fetch_assoc($result)) {
echo '<tr><td>
<div class="status-box">
<div style="float: left; width: 430px;">';
echo "<form style=\"float: right;\" action=\"\" method=\"post\">";
if ($id_usr == $row['user_id']) {
echo "<input type=\"image\" src=\"" . $pth . "inc/icons/dl.png\" name=\"status_id\" value=\"" . $row["status_id"] . "\">";
}
echo "</form>";
echo "<form style=\"float: right;\" action=\"\" method=\"post\">";
if ($id_usr != $row['user_id']) {
if (strstr($follow, $row['user_id']) == true) {
} else {
echo "<input type=\"image\" src=\"" . $pth . "inc/icons/+.png\" name=\"status_id_mas\" value=\"" . $row["user_id"] . "\">";
}
}
echo "</form>";
echo "<form style=\"float: right; ";
if (strstr($follow, $row['user_id']) == true) {
} else {
echo "margin-top: 12px; margin-right: -9px;";
}
echo "\" action=\"\" method=\"post\">";
if ($id_usr != $row['user_id']) {
if (strstr($follow, $row['user_id']) == true) {
echo "<input type=\"image\" src=\"" . $pth . "inc/icons/-.png\" name=\"status_id_menos\" value=\"" . $row["user_id"] . "\">";
} else {
}
}
echo "</form>";
//avatar
if (gravatar($row['user_id']) == "yes") {
$grav_correo = correo($row["user_id"]);
echo "<a class=\"avatar\" href=\"index.php?user="******"user_id"] . "\">";
echo "<img width=\"48\" height=\"48\" align=\"left\" style=\"margin-right: 5px;\" border=\"1\" src=\"";
echo getGravatarUrl($grav_correo, $defImg, "80", "G");
echo "\" alt=\"Gravatar\"></a>";
} else {
if (file_exists("./avatar/" . $row['user_id'] . ".jpg") == true) {
echo "<a class=\"avatar\" href=\"index.php?user="******"user_id"] . "\">";
echo '<img align="left" width="48" height="48" style="margin-right: 5px;" border=\\"1\\"
src="' . $pth . 'avatar/', $row['user_id'], '.jpg"></a>';
} else {
echo "<a class=\"avatar\" href=\"index.php?user="******"user_id"] . "\">";
echo '<img align="left" width="48" height="48" style="margin-right: 5px;" border=\\"1\\"
src="' . $defImg . '"></a>';
}
}
//user
echo "<b>";
echo "<a href=\"#\" onclick=\"insertAtCaret('status','@";
name($row['user_id']);
echo " ');\">";
name($row['user_id']);
echo "</a>";
echo " </b>";
//sms
//echo replies(emoticons(replace_urls(stripslashes($row['status']))))
$status = replace_urls(stripslashes($row['status']));
$status = replace_unu($status);
$status = emoticons($status);
$status = channels($status);
echo replies($status);
echo '</div><span class="time">', $row['ds'], '</span>';
echo " <a href=\"index.php?user="******"\" style=\"border: 0px;\">\n\t<img style=\"border: 0px;\" src=\"" . $pth . "inc/icons/u.png\" alt=\"u\"/></a> \n\t<a href=\"#\" style=\"border: 0px;\" onclick=\"insertAtCaret('status','@";
name($row['user_id']);
echo " ');\">\n\t<img style=\"border: 0px;\" src=\"" . $pth . "inc/icons/r.png\" alt=\"r\"/></a>";
//echo "<img src=\"inc/icons/d.png\" alt=\"d\"/>
//<img src=\"inc/icons/f.png\" alt=\"f\"/> ";
echo "</div></td></tr>";
}
?>
<!-- foot table with link pages buttoms-->
</tbody>
<tfoot>
<td>
<center>
<?php
if ($pagina - 1 > 0) {
if ($type == "User") {
echo "<a id=\"nuevo\" href=\"index.php?user="******"&pagina=" . ($pagina - 1) . "\"> Newer </a>";
} else {
echo "<a id=\"nuevo\" href=\"index.php?pagina=" . ($pagina - 1) . "\"> Newer </a>";
}
} else {
if ($type == "User") {
echo "<a id=\"nuevorss\" href=\"rss.php?user="******"\"> Rss </a>";
} else {
echo "<a id=\"nuevorss\" href=\"rss.php\"> Rss </a>";
}
}
if ($pagina + 1 <= $total_paginas) {
if ($type == "User") {
echo "<a id=\"viejo\" href=\"index.php?user="******"&pagina=" . ($pagina + 1) . "\"> Older </a>";
} else {
echo "<a id=\"viejo\" href=\"index.php?pagina=" . ($pagina + 1) . "\"> Older </a>";
}
} else {
}
?>
</center>
</td>
</tfoot>
</table>
</div>
<br><br>
<div style="clear: both;"></div>
<!-- END TAB <?php
echo $tabnumber;
?>
-->
</div>
<?php
}
<?php
if (!defined('MiniTwitter_ON')) {
die('Hacking attempt');
}
if ($_POST["enviado"] == "yes") {
if ($logged_in && $id_usr == "1") {
$grup = "INSERT INTO mt_users (nick, password, correo) VALUES ('" . avoid_injection($_POST["nick"]) . "', '" . avoid_injection(md5($_POST["pass"])) . "', '" . avoid_injection($_POST["email"]) . "')";
mysql_query($grup, $connuni) or die(mysql_error());
echo "El usuario se ha insertado <b>correctamente</b><br>";
echo "<br><a id=\"nuevo\" href=\"index.php\">" . $indexphp_goback2 . "</a><br><br>";
}
}
?>
<h1>Register a new User</h1>
<form method="post" action="" name="register">
<br>
<b>Nick</b><br>
<input name="nick" type="text" class="inputbig"><br>
<b>Password</b><br>
<input type="text" name="pass" class="inputbig"><br>
<b>email</b><br>
<input type="text" name="email" class="inputbig"><br>
<input type="hidden" name="enviado" value="yes">
<input type="submit" value="Send">
</form>
} elseif ($pass1 != "" or $pass2 != "" && $pass1 == $pass2) {
$password = md5($pass1);
$optquery = "UPDATE mt_users SET nombre = '" . avoid_injection(strip_tags($nombre)) . "', apellidos = '" . avoid_injection(strip_tags($apellidos)) . "', country = '" . avoid_injection(strip_tags($country)) . "', state='" . avoid_injection(strip_tags($state)) . "', sex='" . avoid_injection(strip_tags($sex)) . "', password = '******', correo = '" . avoid_injection(strip_tags($correo)) . "', dia = '" . avoid_injection(strip_tags($dia)) . "', mes = '" . avoid_injection(strip_tags($mes)) . "', anio = '" . avoid_injection(strip_tags($anio)) . "', bio = '" . avoid_injection(strip_tags($bio)) . "', gravatar = '" . avoid_injection(strip_tags($gravatar)) . "' , timeline = '" . avoid_injection(strip_tags($timeline)) . "', showing = '" . avoid_injection(strip_tags($show)) . "', twitter = '" . avoid_injection(strip_tags($twitter)) . "', accounts = '" . avoid_injection(strip_tags($twitteraccounts)) . "' WHERE id_usr = '******'";
mysql_query($optquery, $connuni) or die(mysql_error() . ': ' . $optquery);
echo "<b>Changes saved and password changed!</b>.";
} else {
$optquery = "UPDATE mt_users SET nombre = '" . avoid_injection(strip_tags($nombre)) . "', apellidos = '" . avoid_injection(strip_tags($apellidos)) . "', apellidos = '" . avoid_injection(strip_tags($apellidos)) . "', country = '" . avoid_injection(strip_tags($country)) . "', sex='" . avoid_injection(strip_tags($sex)) . "', state='" . avoid_injection(strip_tags($state)) . "', correo = '" . avoid_injection(strip_tags($correo)) . "', dia = '" . avoid_injection(strip_tags($dia)) . "', mes = '" . avoid_injection(strip_tags($mes)) . "', anio = '" . avoid_injection(strip_tags($anio)) . "' , bio = '" . avoid_injection(strip_tags($bio)) . "', gravatar = '" . avoid_injection(strip_tags($gravatar)) . "', showing = '" . avoid_injection(strip_tags($show)) . "', timeline = '" . avoid_injection(strip_tags($timeline)) . "', twitter = '" . avoid_injection(strip_tags($twitter)) . "', accounts = '" . avoid_injection(strip_tags($twitteraccounts)) . "' WHERE id_usr = '******'";
mysql_query($optquery, $connuni) or die(mysql_error() . ': ' . $optquery);
echo "<b>Changes has been saved correctly</b>.";
}
}
$nick = $_SESSION["usernameuniversal"];
/*include('./inc/config.php');
$connuni = @mysql_connect($host, $user, $pass);
@mysql_select_db($db, $connuni);*/
$optquery = "SELECT id_usr, nombre, apellidos, nick, password, country, state, correo, dia, mes, anio, sex, bio, gravatar, timeline, showing, twitter, accounts FROM mt_users WHERE nick='" . avoid_injection($nick) . "' LIMIT 1";
$optresult = mysql_query($optquery, $connuni) or die(mysql_error() . ': ' . $optquery);
while ($rowopt = mysql_fetch_assoc($optresult)) {
?>
<h3>User options</h3>
<table border="0" cellpadding="5" cellspacing="0">
<form method="post" enctype="multipart/form-data" name="usr_uni" action="index.php?go=opt">
<input type="hidden" name="id_usr" value="<?php
echo $rowopt["id_usr"];
?>
">
<tr>
<td><b>Name</b></td>
<td><input type="text" name="nombre" value="<?php
