if (strcmp($liking_user, $posting_user)) { $preparedquery4 = "select * from likes where entry_id = ? and liking_user = ?"; $resultset4 = prepared_query($dbh, $preparedquery4, array($entry_id, $liking_user)); $resultset4check = $resultset4->numRows(); // only allow a post to be liked once by each user if ($resultset4check == 0) { $insert = "insert into likes(entry_id, liking_user) values(?,?)"; $rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user)); } } header("Location: toBlog.php?user={$posting_user}"); } else { if (isset($_POST['blogComment'])) { $insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)"; // the current user should remain on the blog page of the user who created the post, which must be determined $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $loggedInUser, $_POST['blogComment'])); $preparedquery = "SELECT user FROM blog_entry where entry_id = ?"; $resultset = prepared_query($dbh, $preparedquery, $_POST['entryId']); $row = $resultset->fetchRow(MDB2_FETCHMODE_ASSOC); $posting_user = $row['user']; header("Location: toBlog.php?user={$posting_user}"); } else { $user = $_GET['user']; $result = $user == $loggedInUser; if ($result == 1) { printBlog($dbh, $user); } else { showBlog($dbh, $user, $loggedInUser); } } }
*/ require_once "MDB2.php"; require_once "/home/cs304/public_html/php/MDB2-functions.php"; require_once "/students/cmatulis/public_html/project/blog-functions.php"; require_once "/students/cmatulis/public_html/cs304/cmatulis-dsn.inc"; $dbh = db_connect($cmatulis_dsn); session_start(); // if a user is not currently logged in, redirect them to the login page if (!isset($_SESSION['user'])) { header('Location: blog-login.php'); } $poster = $_SESSION['user']; // allow the user to comment on their own post if (isset($_POST['blogComment'])) { $insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)"; $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, htmlspecialchars($_POST['blogComment']))); header("Location: blog-ex-comment-user.php"); } else { if (isset($_GET['entry_id'])) { $entry_id = $_GET['entry_id']; //id of the entry that was liked $posting_user = $_GET['posting_user']; // the author of the post // delete the post, as well as any comments and likes that have been made on that post // to make sure that no one can alter the GET values to delete someone else's post, // make sure that the supposed author of the post matches the logged-in user if (!strcmp($posting_user, $poster)) { $preparedquery = "delete from likes where entry_id = ?"; $resultset = prepared_query($dbh, $preparedquery, array($entry_id)); $preparedquery2 = "delete from comments where entry_id = ?"; $resultset2 = prepared_query($dbh, $preparedquery2, array($entry_id));
if (isset($_POST['blogComment'])) { // insert comment into the database $insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)"; $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, $_POST['blogComment'])); } // if a user is liking a post if (isset($_GET['entry_id'])) { $entry_id = $_GET['entry_id']; // id of the entry that was liked $liking_user = $poster; // the user who liked the post $posting_user = $_GET['posting_user']; // the suthor of the post // do not allow a user to like their own post if (strcmp($liking_user, $posting_user)) { $preparedquery4 = "select * from likes where entry_id = ? and liking_user = ?"; $resultset4 = prepared_query($dbh, $preparedquery4, array($entry_id, $liking_user)); $resultset4check = $resultset4->numRows(); // only allow a post to be liked once by each user if ($resultset4check == 0) { $insert = "insert into likes(entry_id, liking_user) values(?,?)"; $rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user)); } } header("Location: viewAllPage.php"); } printAllPosts($dbh); ?> </body> </html>
function insertUpload($dbh, $poster, $upload, $title, $caption) { $insert = "INSERT INTO blog_entry(user, entry, title, caption) VALUES (?, ?, ?, ?)"; $rows = prepared_statement($dbh, $insert, array($poster, $upload, htmlspecialchars($title), htmlspecialchars($caption))); }