* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ define('BLOB_WEB_PAGE_TO_ROOT', '../'); require_once BLOB_WEB_PAGE_TO_ROOT . 'blob/includes/blobPage.inc.php'; blobPageStartup(array('authenticated')); $page = blobPageNewGrab(); blobDatabaseConnect(); $user = blobCurrentUser(); $user_id = blobGetUserID($user); if (isset($_GET['user'])) { $page['title'] .= $page['title_separator'] . 'Follow User'; $page['page_id'] = 'followuser'; $user = $_GET['user']; $user = mysql_real_escape_string($user); // Check if the user exists if (!blobExistUser($user)) { blobMessagePush("'" . $user . "' does not exist!"); blobRedirect('follow.php'); } $fullName = blobGetUserFullName($user); $avatar = getAvatar($user); $followHTML = blobFollowUser($user); $profilepage = BLOB_WEB_PAGE_TO_ROOT . 'profile/view.php?user='******'body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>Following User: {$user}</h2>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0;\">\r\n\t\t\t<img src=\"{$avatar}\" width=\"100\" />\r\n\t\t</div>\r\n\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t" . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t\t\t<br /><br />\r\n\t\t\t{$followHTML}\r\n\t\t\t<br /><br />\r\n\t\t</div>\r\n\t</div>\r\n\r\n\t<br />\r\n\t<b>View user's profile:</b> " . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t<br /><br /><br />\r\n\r\n</div>\r\n";
function blobShowUserStatus($user) { $user_id = blobGetUserID($user); $query = "SELECT status, date_set, status_id FROM status where user_id = '{$user_id}' ORDER BY date_set DESC"; $result = mysql_query($query); $status = ''; if ($result && mysql_num_rows($result) > 0) { while ($row = mysql_fetch_row($result)) { $statusMsg = $row[0]; $time = date("g:i a F j, Y ", strtotime($row[1])); $statusId = $row[2]; $deleteLink = BLOB_WEB_PAGE_TO_ROOT . "index.php?delete={$statusId}"; $delete = "<div style=\"float: right;\"><a href=\"{$deleteLink}\" style=\"text-decoration: none;\">X</a></div>"; $deleteHTML = blobCurrentUser() == $user ? "{$delete}" : ""; $status .= "<div id=\"comments_main\"><div id=\"comments\">{$deleteHTML}<pre width=\"77\"><b>{$user}</b> {$statusMsg}</pre> <br />" . "</div> <span style=\"float: right; font-weight: bold; font-style: italic; font-size: 10px;\">@ {$time} IST</span></div> <br />"; } } else { $thisUser = blobCurrentUser() == $user ? "you have" : "this user has"; $status = "<div id=\"comments_main\"><div id=\"comments\"><pre width=\"77\">Oops! \nLooks like {$thisUser} not yet updated any status! :(</pre> </div></div>"; } return $status; }