*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
define('BLOB_WEB_PAGE_TO_ROOT', '../');
require_once BLOB_WEB_PAGE_TO_ROOT . 'blob/includes/blobPage.inc.php';
blobPageStartup(array('authenticated'));
$page = blobPageNewGrab();
blobDatabaseConnect();
$user = blobCurrentUser();
$user_id = blobGetUserID($user);
if (isset($_GET['user'])) {
$page['title'] .= $page['title_separator'] . 'Follow User';
$page['page_id'] = 'followuser';
$user = $_GET['user'];
$user = mysql_real_escape_string($user);
// Check if the user exists
if (!blobExistUser($user)) {
blobMessagePush("'" . $user . "' does not exist!");
blobRedirect('follow.php');
}
$fullName = blobGetUserFullName($user);
$avatar = getAvatar($user);
$followHTML = blobFollowUser($user);
$profilepage = BLOB_WEB_PAGE_TO_ROOT . 'profile/view.php?user='******'body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>Following User: {$user}</h2>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0;\">\r\n\t\t\t<img src=\"{$avatar}\" width=\"100\" />\r\n\t\t</div>\r\n\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t" . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t\t\t<br /><br />\r\n\t\t\t{$followHTML}\r\n\t\t\t<br /><br />\r\n\t\t</div>\r\n\t</div>\r\n\r\n\t<br />\r\n\t<b>View user's profile:</b> " . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t<br /><br /><br />\r\n\r\n</div>\r\n";
function blobShowUserStatus($user)
{
$user_id = blobGetUserID($user);
$query = "SELECT status, date_set, status_id FROM status where user_id = '{$user_id}' ORDER BY date_set DESC";
$result = mysql_query($query);
$status = '';
if ($result && mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_row($result)) {
$statusMsg = $row[0];
$time = date("g:i a F j, Y ", strtotime($row[1]));
$statusId = $row[2];
$deleteLink = BLOB_WEB_PAGE_TO_ROOT . "index.php?delete={$statusId}";
$delete = "<div style=\"float: right;\"><a href=\"{$deleteLink}\" style=\"text-decoration: none;\">X</a></div>";
$deleteHTML = blobCurrentUser() == $user ? "{$delete}" : "";
$status .= "<div id=\"comments_main\"><div id=\"comments\">{$deleteHTML}<pre width=\"77\"><b>{$user}</b> {$statusMsg}</pre> <br />" . "</div> <span style=\"float: right; font-weight: bold; font-style: italic; font-size: 10px;\">@ {$time} IST</span></div> <br />";
}
} else {
$thisUser = blobCurrentUser() == $user ? "you have" : "this user has";
$status = "<div id=\"comments_main\"><div id=\"comments\"><pre width=\"77\">Oops! \nLooks like {$thisUser} not yet updated any status! :(</pre> </div></div>";
}
return $status;
}
