<?php
session_start();
require_once("./backend/mysqli.php");
$friendname = strip_tags($_POST['friendname']);
$friendid = strip_tags($_POST['friendid']);
$username = strip_tags($_SESSION['username']);
$userid = intval($_SESSION['userid']);
$value = strip_tags($_POST['message']);
/* addiou add's a debt FROM the User, TO the Friend (User owes Friend)
* adddebt add's a debt TO the User, FROM the Friend (Friend owes User)
*/
try {
$db = new dbWrapper();
if ($friendid==0 || $friendid=="0") {
$possibleuser = $db->q("SELECT IF(`from`=?,`from_id`,IF(`to`=?,`to_id`,?)) AS possibleid FROM debts WHERE `from`=? OR `to`=? LIMIT 1","sssss",$friendname,$friendname,$friendname,$friendname,$friendname);
if (sizeof($possibleuser)>0) {
$friendid = $possibleuser[0]['possibleid'];
} else {
$friendid = $username;
}
}
$value_type = (is_numeric($value)) ? "value_money" : "value_item";
$bindstr = (is_numeric($value)) ? "dssss" : "sssss";
$db->q("INSERT INTO debts SET `$value_type`=?,`from_id`=?,`from`=?,`to_id`=?,`to`=?",$bindstr,$value,$userid,$username,$friendid,$friendname);
echo $db->handle()->insert_id;
} catch (Exception $e) {
echo "Sorry, there was an error.".$e->getMessage();
exit();
}
} catch (Exception $e) {
echo "Sorry, there was an error.<br/>".$e->getMessage();
exit();
}
?>
</span><span id="rightcolumn"></span></span></section>
<div class="devider"></div>
<section class="feed">
<header id="feed">Feed</header>
<span id="row"><span id="leftcolumn"></span><span id="centercolumn">
<section>
<?php
try {
$db = new dbWrapper();
$debts = $db->q("SELECT debts.*, IF(value_item='',CONCAT('$',value_money),value_item) AS value FROM debts WHERE from_id=? OR to_id=? ORDER BY made DESC","ss",$_SESSION['userid'],$_SESSION['userid']);
if (sizeof($debts)==0) {
echo "<section class='record'><header>You owe no one anything, and no one owes you!</header></section>";
}
foreach ($debts as $debt) {
echo "<section class='record";
if ($debt['paid']!='0000-00-00') {
echo " recorddone'>";
} else {
echo "'>";
}
echo "<header><a href='http://socialiou.com/viewcomment.php?id=".intval($debt['id'])."'><strong>".stripcslashes(strip_tags($debt['from']))."</strong> owes <strong>".stripcslashes(strip_tags($debt['value']))."</strong> to <strong>".stripcslashes(strip_tags($debt['to']))."</strong>.</a></header>";
$comments = $db->q("SELECT * FROM comments WHERE debtid=?","i",$debt['id']);
<?php require_once("minihtml/header.html"); ?>
<div id="dashboard">
<?php
if (isset($_SESSION['token']) && !empty($_SESSION['token'])) {
echo "<div id='profile'>";
echo "<img class='profilepicture' onerror=\"alert('Sorry, you need to log in again.');window.location.href = './?expired=true&redirect_to='+escape(window.location.href);\" src='https://graph.facebook.com/me/picture?access_token=".$_SESSION['token']."' />";
echo "<h1 class='profileusername'>Hi, ".$_SESSION['username']."</h1>";
echo "</div>";
}
?>
<section><header>
<?php
$found = true;
try {
$db = new dbWrapper();
$debt = $db->q("SELECT debts.*,IF(value_item='',CONCAT('$',value_money),value_item) AS value FROM debts WHERE id=?","i",$viewid);
if (sizeof($debt)>0) {
$debt = $debt[0];
echo "<strong>".$debt['from']."</strong> owes <strong>".$debt['value']."</strong> to <strong>".$debt['to']."</strong>";
} else {
echo "Sorry, we could not find that IOU.";
$found = false;
}
} catch (Exception $e) {
echo "Sorry, there was an error.<br/>";
exit();
}
?>
</header><span id="row"><span id="leftcolumn"></span><span id="centercolumn" class='record
<?php
require_once("backend/mysqli.php");
try {
$db = new dbWrapper();
$page = isset($_GET['p']) ? $_GET['p'] : "Unknown";
$db->q("INSERT INTO visitorlog SET ip=?,xforwarded=?,page=?, useragent=?", "ssss", $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_X_FORWARDED_FOR'], $page, $_SERVER['HTTP_USER_AGENT']);
} catch(Exception $e) {
//meh
}
?>
<?php
session_start();
require_once("backend/mysqli.php");
try {
$db = new dbWrapper();
if (isset($_SESSION['token']) && isset($_POST['id'])) {
$debt = $db->q("SELECT * FROM debts WHERE id=? AND (from_id=? OR to_id=?)","iss",$_POST['id'],$_SESSION['userid'],$_SESSION['userid']);
if (sizeof($debt)) {
$db->q("UPDATE debts SET paid='0000-00-00' WHERE id=?","i",$_POST['id']);
echo "done";
} else {
header("HTTP/1.0 401 Unauthorised");
}
}
} catch (Exception $e) {
echo "Sorry, there was an error.";
exit();
}
?>
<?php
session_start();
require_once("backend/mysqli.php");
try {
$db = new dbWrapper();
if (isset($_SESSION['token']) && isset($_POST['comment']) && isset($_POST['id'])) {
$author = strip_tags($_SESSION['username']);
$authorid = strip_tags($_SESSION['userid']);
$comment = strip_tags($_POST['comment']);
$debtid = intval($_POST['id']);
$db->q("INSERT INTO comments SET author=?, author_id=?, comment=?, debtid=?","sssi",$author,$authorid, $comment, $debtid);
}
} catch (Exception $e) {
echo "Sorry, there was an error.<br/>";
exit();
}
?>
