<?php
session_start();
require_once "new_connection.php";
if (isset($_POST['action']) && $_POST['action'] == 'messaging') {
insert_message($_POST);
}
if (isset($_POST['action']) && $_POST['action'] == 'comments') {
insert_comment($_POST);
}
function insert_message($post)
{
// Making sure that the message is not blank, not gonna allow people to post blank messages. That would be annoying.
if (trim($post['message']) == "") {
$_SESSION['blank'] = "Your message cannot be blank!";
header('Location: wall.php');
exit;
}
if (!trim($post['message']) == "") {
$query = "INSERT INTO messages (user_id, message, created_at, updated_at) VALUES ('{$_SESSION['user_id']}', '{$post['message']}', NOW(), NOW())";
run_mysql_query($query);
header('Location: wall.php');
exit;
}
}
function insert_comment($post)
{
// Making sure that comment is not empty, don't want any empty comments clogging up my database
if (empty($post['comment'])) {
$_SESSION['blank'] = "Your comment cannot be blank!";
header('Location: wall.php');
<?php
include "../model/msgdb.php";
if ($_POST['method'] == "insert") {
insert_message();
}
if ($_POST['method'] == "getall") {
get_messages();
}
<?php
if ($REQUEST_METHOD == 'POST' and (authorized($USERNAME, 'postcomment') or JOURNAL_ANONYMOUSPOSTS)) {
if ($un = is_logged_in() or JOURNAL_ANONYMOUSPOSTS) {
if (JOURNAL_ANONYMOUSPOSTS) {
$un = "Anonymous ({$poster})";
}
$id = insert_message($un, $subject, $body);
if ($id) {
$q = "insert into entrymessages (entrydate, entryuser, messageid) values\n\t\t\t\t('{$date} {$time}', '" . JOURNAL_USERNAME . "', '{$id}');";
if (mysql_query($q)) {
print 'Posted.';
} else {
print 'Error: ' . mysql_error();
}
} else {
print 'Error: ' . mysql_error();
}
} else {
print "You must be logged in. <a href='{$SCRIPT_URI}/Login'>Go here</a>.";
}
} else {
// Show Form
print "<form action='{$PHP_SELF}' method='POST'>" . ((JOURNAL_ANONYMOUSPOSTS and !is_logged_in()) ? "Your name: " . field('poster') : "") . ($journal ? hidden('journal', $journal) : "") . ($replyto ? hidden('replyto', $replyto) : "") . "<table>" . "<tr><td>Subject:</td><td><input type='text' name='subject' size='40' /></td></tr>" . "<tr><td>Message:</td><td><textarea name='body' cols='40' rows='10'></textarea></td></tr>" . "<tr><td><input type='submit' value='Post'></td></tr>" . "</table>" . "</form>";
}
break;
case 'profile':
if (empty($user)) {
header('Location:' . sprintf('%s?action=login', SITE_URL));
}
if (isset($_POST['style'])) {
setcookie('style', $_POST['style'], 0, '/');
$style = style($_POST['style']);
}
$response = template('../templates/profile.php', ['site_url' => SITE_URL, 'style' => $style]);
break;
case 'save':
if (empty($user)) {
header('Location:' . sprintf('%s?action=login', SITE_URL));
}
$message_id = empty($_POST['message_id']) ? null : (int) $_POST['message_id'];
$message = empty($_POST['message']) ? null : $_POST['message'];
if (!empty($message) && valid_token($_POST['token'])) {
isset($message_id) ? update_message($connection, $message, $message_id) : insert_message($connection, $message, $user['id']);
}
header('Location:' . sprintf('%s?action=home&message_id=%d', SITE_URL, $message_id));
break;
default:
if (empty($user)) {
header('Location:' . sprintf('%s?action=login', SITE_URL));
}
$message_id = empty($_GET['message_id']) ? null : (int) $_GET['message_id'];
$messages = load_messages($connection, $message_id);
$response = template('../templates/home.php', ['messages' => $messages, 'token' => token(), 'style' => $style, 'site_url' => SITE_URL, 'message_id' => $message_id]);
}
echo empty($response) ? template('404.php') : $response;
}
// Insert message in queue - no need to stripslashes or mysql_real_escape_string
$message_id = insert_message($relay_subject,$message,$curr_timestamp,$queue_timestamp,$sent_count,$texthtml);
// Add subscribers to queue
$address_result = get_confirmed_members();
while ($address_row = mysql_fetch_assoc($address_result))
{
insert_recipients_into_queue($message_id,$address_row[address],$queue_timestamp);
}
}
else
{
// Insert message in queue - no need to stripslashes or mysql_real_escape_string
insert_message($relay_subject,$message,$curr_timestamp,$curr_timestamp,$sent_count,$texthtml);
// not using the queue. send immediately
// build list of confirmed recipients to bcc to (send to owner)
$bcc = array();
while ($row = mysql_fetch_assoc($result))
{
$bcc[] = "$row[address],";
}
$subscribers = implode(",",$bcc);
$noqueue = new SMLmailer;
$noqueue->mail_to = $config['owner_email'];
$noqueue->mail_from = $config['owner_email'];
$noqueue->mail_bcc = $subscribers;
$noqueue->subject = $relay_subject;
}else{
$address_result = 0;
}
while ( $address_row = mysql_fetch_assoc($address_result) )
{
insert_recipients_into_queue($message_id,$address_row[address],$send_time);
}
echo "<p><b><font color=Green>Your message has been queued for delivery and archived.</font></b> ";
echo "You can view the delivery progress in the <a href=archives.php>Archives</a>. To send another message, ";
echo "<a href=\"send.php\">click here</a></p>";
}
else // No queue - send immediately
{
$message_id = insert_message($subject,$message,time(),$send_time,$sent_count,$texthtml);
// Build list of members and combine addresses to be used in the Bcc field
$bcc = "";
while ($row = mysql_fetch_assoc($result))
{
$bcc .= "$row[address],";
}
$subscribers = substr($bcc, 0, -1);
$to = $config['owner_email'];
$noqueue = new SMLmailer;
$noqueue->mail_to = $to;
$noqueue->mail_from = $config['owner_email'];
$noqueue->mail_bcc = $subscribers;
$noqueue->subject = $subject;
$noqueue->message = stripslashes($message);
} else {
//Quelque chose a été envoyé ?
if (isset($_POST['sent'])) {
//initialisations
$receiver = htmlspecialchars($_POST['receiver']);
$title = htmlspecialchars($_POST['title']);
$message = htmlspecialchars($_POST['message']);
$everything_entered = verify_everything_entered($receiver, $title, $message);
//Si tout a bien été entré, on commence les vérifications
if ($everything_entered) {
$everything_verified = verify($receiver, $title, $message);
//Si tout est vérifié
if ($everything_verified) {
//On peut rajouter le message
include_once 'model/messagerie/insert_message.php';
insert_message($_SESSION['pseudo'], $receiver, $title, $message);
header('Location: ../');
}
} else {
$_SESSION['sending_errors'][] = 'Il manque des informations.';
}
}
//Si ça ne s'est pas bien passé ou que l'utilisateur n'a rien fait
//On affiche le formulaire
include_once 'model/user/get_users.php';
$users = get_users();
include 'view/messagerie/envoyer/index.php';
}
//Vérification que les infos sont bien entrées
function verify_everything_entered($receiver, $title, $message)
{
function get_message()
{
$error = NULL;
// Set success to false as the default success status
$success = false;
/**
* Get the phone number that sent the SMS.
*/
if (isset($_POST['from'])) {
$from = $_POST['from'];
} else {
$error = 'The from variable was not set';
}
/**
* Get the SMS aka the message sent.
*/
if (isset($_POST['message'])) {
$message = $_POST['message'];
} else {
$error = 'The message variable was not set';
}
/**
* Get the secret key set on SMSsync side
* for matching on the server side.
*/
if (isset($_POST['secret'])) {
$secret = $_POST['secret'];
}
/**
* Get the timestamp of the SMS
*/
if (isset($_POST['sent_timestamp'])) {
$sent_timestamp = $_POST['sent_timestamp'];
}
/**
* Get the phone number of the device SMSsync is
* installed on.
*/
if (isset($_POST['sent_to'])) {
$sent_to = $_POST['sent_to'];
}
/**
* Get the unique message id
*/
if (isset($_POST['message_id'])) {
$message_id = $_POST['message_id'];
}
/**
* Get device ID
*/
if (isset($_POST['device_id'])) {
$device_id = $_POST['device_id'];
}
/**
* Now we have retrieved the data sent over by SMSsync
* via HTTP. Next thing to do is to do something with
* the data. Either echo it or write it to a file or even
* store it in a database. This is entirely up to you.
* After, return a JSON string back to SMSsync to know
* if the web service received the message successfully or not.
*
* In this demo, we are just going to save the data
* received into a text file.
*
*/
if (strlen($from) > 0 and strlen($message) > 0 and strlen($sent_timestamp) > 0 and strlen($message_id) > 0) {
/* The screte key set here is 123456. Make sure you enter
* that on SMSsync.
*/
if ($secret == '123456') {
$success = true;
} else {
$error = "The secret value sent from the device does not match the one on the server";
}
// now let's write the info sent by SMSsync
//to a file called test.txt
insert_message($from, $message, $sent_timestamp, $message_id, $sent_to, $device_id);
// $string = "From: ".$from."\n";
// $string .= "Message: ".$message."\n";
// $string .= "Timestamp: ".$sent_timestamp."\n";
// $string .= "Messages Id:" .$message_id."\n";
// $string .= "Sent to: ".$sent_to."\n";
// $string .= "Device ID: ".$device_id."\n\n\n";
// write_message_to_file($string);
}
/**
* Comment the code below out if you want to send an instant
* reply as SMS to the user.
*
* This feature requires the "Get reply from server" checked on SMSsync.
*/
send_instant_message($from);
/**
* Now send a JSON formatted string to SMSsync to
* acknowledge that the web service received the message
*/
$response = json_encode(["payload" => ["success" => $success, "error" => $error]]);
//send_response($response);
}
function insert_urls_from_pool($dbh, $network_id, $channel_id, $nick_id, $message, $urls)
{
if (!$network_id) {
return FALSE;
}
if (!$channel_id) {
return FALSE;
}
if (!$nick_id) {
return FALSE;
}
if (!$message) {
return FALSE;
}
if (!$urls) {
return FALSE;
}
if (!is_numeric($network_id)) {
return FALSE;
}
if (!is_numeric($channel_id)) {
return FALSE;
}
if (!is_numeric($nick_id)) {
return FALSE;
}
$complete_urls = array();
foreach ($urls as $url) {
$url_id = get_url_id($dbh, $url);
if ($url_id === FALSE) {
continue;
}
// get information about the new url
if (!$url_id) {
echo "url={$url}\n";
// information gathering...
$http_meta = get_empty_http_meta();
if (substr($url, 0, 5) == 'http:') {
$http_meta = get_http_meta($url, 0);
// todo: we could choose to skip the url and the message if the state is not 1 here
// or we record it (as we do now) and handle it someway later
}
// handle redirects
// we store the original url but with the details of the destination
// we will also keep a copy of the destination as a seperate record
// we could probably handle this cleaner (e.g. redirecting url doesn't have text of destination), but maybe not much need
$redirects_to_id = 0;
if (array_key_exists('redirect', $http_meta) and array_key_exists('location', $http_meta)) {
$redirects_to_url = $http_meta['location'];
$redirects_to_id = get_url_id($dbh, $redirects_to_url);
if ($redirects_to_id === FALSE) {
continue;
}
if (!$redirects_to_id) {
echo "Saving redirects_to record ";
$redirects_to_id = insert_url($dbh, $redirects_to_url, $http_meta['state'], $http_meta['content_length'], $http_meta['content_type'], 0, $http_meta['html_title']);
if ($redirects_to_id === FALSE) {
continue;
}
// todo: do we need to do this as well for redirects?
//$rv = insert_url_to_message($dbh, $dst_url_id, $message_id);
//if (!$rv) { continue; }
}
}
// store the new url
print_r($http_meta);
$url_id = insert_url($dbh, $url, $http_meta['state'], $http_meta['content_length'], $http_meta['content_type'], $redirects_to_id, $http_meta['html_title']);
if ($url_id === FALSE) {
continue;
}
}
$complete_urls[$url] = $url_id;
}
if (count($complete_urls) != count($urls)) {
// one or more of the urls failed to insert
// abandon this message
echo "\n\n<strong>complete_urls != urls - this message will be ignored but some urls may already have been inserted</strong>\n\n";
return 0;
}
$message = merge_url_ids_to_message($message, $complete_urls);
// finally record the message
$message_id = insert_message($dbh, $channel_id, $nick_id, $message);
if (!$message_id) {
return 0;
}
foreach ($complete_urls as $url_id) {
#print "urlid=$url_id\n";
$rv = insert_url_to_message($dbh, $url_id, $message_id);
if (!$rv) {
continue;
}
}
if (count($complete_urls)) {
return $message_id;
} else {
return 0;
}
}
<?php
session_start();
ini_set('display_errors', 1);
error_reporting(E_ALL);
require '../blog.php';
define('SITE_URL', 'http://epic-blog/lesson%207/src/public/index.php');
$connection = connection(['host' => 'localhost', 'dbname' => 'blog', 'user' => 'root', 'password' => 'vagrant', 'encoding' => 'utf8']);
$login = empty($_REQUEST['login']) ? null : $_REQUEST['login'];
$password = empty($_REQUEST['password']) ? null : $_REQUEST['password'];
$user = user();
if (!empty($_REQUEST['action']) && $_REQUEST['action'] === 'login' && valid_token($_REQUEST['token'])) {
$user = user($connection, $login, $password);
}
if (empty($user)) {
echo template('templates/authorization.php', ['token' => token(), 'login' => $login, 'site_url' => SITE_URL]);
exit;
}
$message_id = empty($_REQUEST['message_id']) ? null : (int) $_REQUEST['message_id'];
$message = empty($_REQUEST['message']) ? null : $_REQUEST['message'];
if (!empty($message) && valid_token($_REQUEST['token'])) {
isset($message_id) ? update_message($connection, $message, $message_id) : insert_message($connection, $message, 0);
header('Location:' . SITE_URL);
}
$messages = load_messages($connection, $message_id);
$style = style($_COOKIE['style']);
echo template('templates/home.php', ['messages' => $messages, 'token' => token(), 'style' => $style, 'site_url' => SITE_URL, 'message_id' => $message_id]);