/
index.php
66 lines (54 loc) · 1.97 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
define( 'BLOB_WEB_PAGE_TO_ROOT', '' );
require_once BLOB_WEB_PAGE_TO_ROOT.'blob/includes/blobPage.inc.php';
blobPageStartup( array( 'authenticated' ) );
$page = blobPageNewGrab();
$page[ 'title' ] .= $page[ 'title_separator' ].'What\'s on your mind?';
$page[ 'page_id' ] = 'home';
$page [ 'onload' ] = "onLoad=\"document.statusupdate.statusMsg.focus()\"";
blobDatabaseConnect();
$user = blobCurrentUser();
$user_id = blobGetUserID( $user );
if(isset($_POST['btnUpdate'])) {
if ( $_POST['statusMsg'] == "" ) {
blobMessagePush( "Status cannot be empty!" );
blobRedirect( 'index.php' );
}
$message = trim($_POST['statusMsg']);
// Sanitize message input
$message = stripslashes($message);
$message = mysql_real_escape_string($message);
// Sanitize name input
$name = mysql_real_escape_string($name);
$query = "INSERT INTO status (user_id, status, date_set) VALUES ('$user_id','$message', NOW());";
$result = mysql_query($query) or die('<pre>' . mysql_error() . '</pre>' );
}
if(isset($_GET['delete'])) {
$status_id = $_GET['delete'];
$status = blobDeleteStatus($status_id);
blobMessagePush( $status );
blobRedirect( 'index.php' );
}
$page[ 'body' ] .= "
<div class=\"body_padded\">
<h2>What's on your mind?</h2>
<div class=\"vulnerable_code_area\">
<form method=\"post\" name=\"statusupdate\">
<input type=\"hidden\" name=\"index.php\" value=\"index.php\" />
<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">
<tr>
<td><textarea style=\"padding: 5px;\" name=\"statusMsg\" cols=\"60\" rows=\"3\" maxlength=\"140\"></textarea></td>
</tr>
<tr>
<td><input class=\"button\" name=\"btnUpdate\" type=\"submit\" value=\"Update Status\" > ( Max 140 characters )</td>
</tr>
</table>
</form>
</div>
<div class=\"clear\"></div>
<pre>Your previous status updates:</pre>
".blobShowUserStatus($user)."
<br />
</div>";
blobHtmlEcho( $page );
?>