function ShowProfile($user)
{
if (file_exists("{$user}.jpg")) {
echo "<img src='{$user}.jpg' align ='left' />";
}
$result = QueryMysql("SELECT * FROM profiles WHERE user='******'");
if (mysql_num_rows($result)) {
$row = mysql_fetch_row($result);
echo stripslashes($row[1]) . "<br clear=left /> <br/>";
}
}
<?php
/**
* Created by PhpStorm.
* User: keilc
* Date: 24/08/2015
* Time: 3:29 PM
*/
include_once 'functions.php';
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
//Check if 'user' exists
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
if (mysql_num_rows(QueryMysql("SELECT * FROM members WHERE user='******'"))) {
echo "<span class='taken'> ✘ " . "Sorry, this username is taken</span>";
} else {
echo "<span class='available'> ✔ " . "This username is available</span>";
}
}
}
_END;
$error = $user = $pass = "";
if (isset($_SESSION['user'])) {
destroySession();
}
//Il a current user is logged in, log out
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br /><br />";
} else {
if (mysql_num_rows(queryMysql("SELECT * FROM members WHERE user='******'"))) {
$error = "That username already exists<br /><br />";
} else {
QueryMysql("INSERT INTO members VALUES('{$user}', '{$pass}')");
die("<h4>Account created</h4>Please Log in.<br /><br />");
}
}
}
echo <<<_END
<form method='post' action='signup.php'>{$error}
<span class='fieldname'>Username</span>
<input type='text' maxlength='16' name='user' value='{$user}'
onBlur='checkUser(this)'/><span id='info'></span><br />
<span class='fieldname'>Password</span>
<input type='text' maxlength='16' name='pass'
value='{$pass}' /><br />
_END;
?>
<span class='fieldname'> </span>
$view = $user;
}
if ($view == $user) {
$name1 = $name2 = "Your";
$name3 = "You are";
} else {
$name1 = "<a href='members.php?view={$view}'>{$view}</a>a>'s";
$name2 = "{$view}'s";
$name3 = "{$view} is";
}
echo "<div class='main'>";
//Put followers and following in their own array
$followers = array();
$following = array();
//Get the users followers
$result = QueryMysql("SELECT * FROM friends WHERE user = '******'");
$num = mysql_num_rows($result);
for ($j = 0; $j < $num; ++$j) {
$row = mysql_fetch_row($result);
//Get one row from the result set
$followers[$j] = $row[1];
//Get the next follower
}
//Get the users that the current user is following
$result = queryMysql("SELECT * FROM friends WHERE friend='{$view}'");
$num = mysql_num_rows($result);
for ($j = 0; $j < $num; ++$j) {
$row = mysql_fetch_row($result);
$following[$j] = $row[0];
}
$mutual = array_intersect($followers, $following);
if (!$loggedin) {
die;
}
echo "<div class='main'><h3>Your Profile</h3>";
//Check if text was entered
if (isset($_POST['text'])) {
$text = SanitizeString($_POST['text']);
$text = preg_replace('/\\s\\s+/', '', $text);
//Security check if user actually exists to prevent hacking. Update text if text exists or insert if it does not
if (mysql_num_rows(QueryMysql("SELECT * FROM profiles WHERE user ='******'"))) {
QueryMysql("UPDATE profiles SET text='{$text}' WHERE user='******'");
} else {
QueryMysql("INSERT INTO profile VALUES('{$user}','{$text}')");
}
} else {
$result = QueryMysql("SELECT * FROM profiles WHERE user='******'");
if (mysql_num_rows($result)) {
$row = mysql_fetch_row($result);
$text = stripslashes($row[1]);
} else {
$text = "";
}
}
$text = stripslashes(preg_replace('/\\s\\s+/', ' ', $text));
if (isset($_FILES['image']['name'])) {
$saveto = "{$user}.jpg";
move_uploaded_file($_FILES['image']['tmp_name'], $saveto);
$typeok = TRUE;
switch ($_FILES['image']['type']) {
case "image/gif":
$src = imagecreatefromgif($saveto);
* User: keilc
* Date: 24/08/2015
* Time: 3:33 PM
*/
include_once 'header.php';
echo "<div class='main'><>Please enter your details to login</h3>";
$error = $user = $pass = "";
if (isset($_POST['user'])) {
$user = SanitizeString($_POST['user']);
$pass = SanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields entered<br />";
} else {
$query = "SELECT user, pass FROM members WHERE user = '******' AND pass = '******'";
//If the username or password do not exist
if (mysql_num_rows(QueryMysql($query)) == 0) {
$error = "<span class = 'error'>Username/Passowrd invalid</span>span><br /><br />";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='members.php?view={$user}'>" . "click here</a> to continue.<br /><br />");
}
}
}
echo <<<_END
<form method='post' action='login.php'>{$error}
<span class='fieldname'>Username</span><input type='text'
maxlength='16' name='user' value='{$user}' /><br />
<span class='fieldname'>Password</span><input type='password'
maxlength='16' name='pass' value='{$pass}' />
_END;