function profile_fetch($options)
{
$options['viewer'] = isset($options['viewer']) ? $options['viewer'] : (login_checklogin() ? $_SESSION['login']['id'] : 0);
//preint_r(array('viewer' => $options['viewer'], 'userblock_check' => userblock_check($options['user_id'], $options['viewer'])), 'Joel är en testare!');
if ($options['viewer'] > 0 && userblock_check($options['user_id'], $options['viewer']) == 1) {
$options['error_message'] = 'Användaren har blockerat dig.';
} else {
$query = 'SELECT l.username, l.lastaction, l.lastlogon, u.gender, u.birthday, u.image, u.user_status, u.profile_theme, u.gb_entries, z.spot, z.zip_code, z.x_rt90, z.y_rt90, u.presentation_text, p.gb_anti_p12';
$query .= ' FROM login AS l, userinfo AS u, zip_codes AS z, preferences AS p';
$query .= ' WHERE l.id = "' . $options['user_id'] . '" AND u.userid = l.id AND z.zip_code = u.zip_code AND p.userid = l.id';
if (!isset($options['show_removed_users']) || isset($options['show_removed_users']) && $options['show_removed_users'] == false) {
$query .= ' AND l.is_removed = 0';
}
$query .= ' LIMIT 1';
$result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if (mysql_num_rows($result) > 0) {
$data = mysql_fetch_assoc($result);
if (strlen($data['presentation_text']) == 0) {
$old_presentation_query = 'SELECT freetext AS presentation_text FROM traffa_freetext WHERE userid = "' . $options['user_id'] . '" LIMIT 1';
$result = mysql_query($old_presentation_query) or report_sql_error($old_presentation_query);
if (mysql_num_rows($old_presentation_result) > 0) {
$old_presentation = mysql_fetch_assoc($old_presentation_result);
$options['presentation_text'] = $old_presentation['presentation_text'];
profile_presentation_save($options);
} else {
$options['presentation_text'] = 'Användaren har inte skapat någon presentation ännu.';
}
}
$options = array_merge($options, $data);
} else {
$options['error_message'] = 'Den användaren hittade vi tyvärr inte.';
}
}
return $options;
}
function messages_can_send($sender, $recipient, $title, $message)
{
$return = null;
if ($recipient == 2348) {
$return .= 'Webmaster är ett administrationskonto som inte används av någon människa.';
$return .= 'Använd forumet eller hamsterpaj -> Support för att ställa en fråga om siten.' . "\n";
}
if (strlen($title) < MESSAGES_MIN_TITLE_STRLEN) {
$return .= 'Titeln måste vara minst ' . MESSAGES_MIN_TITLE_STRLEN . ' tecken lång.' . "\n";
}
if (strlen($title) > MESSAGES_MAX_TITLE_STRLEN) {
$return .= 'Titeln får inte vara mer än ' . MESSAGES_MAX_TITLE_STRLEN . ' tecken lång.' . "\n";
}
if (trim($title) == '') {
$return .= 'Titeln måste vara minst ' . MESSAGES_MIN_TITLE_STRLEN . ' tecken lång.' . "\n";
}
if (!is_numeric($recipient)) {
$return .= 'Det verkar som om mottagare har angivits felaktigt. Detta är ett internt serverfel och bör aldrig kunna inträffa. Kontakta administratör.' . "\n";
}
if (strlen($message) < MESSAGES_MIN_MESSAGE_STRLEN) {
$return .= 'Du måste skriva minst ' . MESSAGES_MIN_MESSAGE_STRLEN . ' tecken i ditt meddelande.' . "\n";
}
$message_check = content_check($message);
if ($message_check != 1) {
$return .= $message_check . "\n";
}
$title_check = content_check($title);
if ($title_check != 1) {
$return .= $title_check . "\n";
}
if (userblock_check($recipient, $sender) == 1) {
$return .= 'Mottagaren har blockerat dig och meddelandet kan därför inte levereras.' . "\n";
}
if (strlen($return) > 1) {
return $return;
}
return true;
}
echo '<html><head><title>Svara</title>';
echo '<link href="/stylesheets/ui.css.php" rel="stylesheet" type="text/css">';
echo '<link href="/stylesheets/buttons.css" rel="stylesheet" type="text/css">';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
echo '</head>';
if ($_GET['action'] == 'reply') {
echo '<body onload="document.forms[0].message.focus()">';
} else {
echo '<body>';
}
echo '<div id="main" style="padding: 5px; width: 215px; height: 170px; margin-top: 10px;">';
if (login_checklogin()) {
if ($_GET['action'] == 'reply') {
draw_reply_form(htmlspecialchars($_GET['username']), $_GET['userid'], $_GET['answereid']);
} elseif ($_GET['action'] == 'send_reply') {
if (userblock_check($_GET['userid'], $_SESSION['login']['id']) == 1) {
jscript_alert('Den användare som du har angivit som mottagare har blockerat dig, och ditt meddelande kan därför inte skickas!');
echo '<script language="javascript">history.go(-1);</script>';
die;
}
/*
if(644314 == $_SESSION['login']['id'])
log_to_file('henrik', LOGLEVEL_DEBUG, __FILE__, __LINE__, $_POST['message']);
*/
$spamval = spamcheck($_SESSION['login']['id'], $_POST['message']);
if ($spamval == 1) {
echo '<script language="javascript">setTimeout(\'window.close();\',500);</script>';
new_entry($_GET['userid'], $_SESSION['login']['id'], $_POST['message'], $_POST['is_private'], $_GET['answereid']);
echo '<h1>Inlägget skickat!</h1>';
} else {
echo '<script language="javascript">alert("' . $spamval . '");</script>';
<?php
session_start();
require '../include/core/common.php';
if ($_GET['action'] == 'comment' && $_SESSION['login']['id'] > 0) {
if ($_SESSION['photoalbum']['comments'][$_POST['photo_id']] > time() - PHOTOALBUM_COMMENT_TIME) {
jscript_alert('Hey, du kommenterade ju detta fotot nyss!');
} elseif (strlen($_POST['text']) < 4) {
jscript_alert('Lite väl kort kommentar det där va?');
} else {
/* Check if user is blocked */
$query = 'SELECT owner FROM photos WHERE id ="' . $_POST['photo_id'] . '"';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$data = mysql_fetch_assoc($result);
if (userblock_check($data['owner'], $_SESSION['login']['id']) == 1) {
jscript_alert('Den gubben gick inte, du är blockerad :(');
exit;
}
$query = 'INSERT INTO comments(type, item_id, user, timestamp, text) VALUES("photos", "' . $_POST['photo_id'] . '", ' . $_SESSION['login']['id'] . ', UNIX_TIMESTAMP(), "' . htmlspecialchars($_POST['text']) . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
echo '<script>' . "\n";
echo 'window.location = "iframe.php?id=' . $_POST['photo_id'] . '";';
echo '</script>';
$_SESSION['photoalbum']['comments'][$_POST['photo_id']] = time();
}
} elseif ($_GET['action'] == 'delete' && $_SESSION['login']['id'] > 0 && is_numeric($_GET['photo_id']) && is_numeric($_GET['comment_id'])) {
$query = 'SELECT owner FROM photos WHERE id = "' . $_GET['photo_id'] . '" LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$data = mysql_fetch_assoc($result);
if ($data['owner'] == $_SESSION['login']['id']) {
$query = 'DELETE FROM comments WHERE item_id = "' . $_GET['photo_id'] . '" AND id = "' . $_GET['comment_id'] . '" LIMIT 1';
