Exemplo n.º 1
0
$page['title'] .= $page['title_separator'] . 'View Profile';
$page['page_id'] = 'viewprofile';
blobDatabaseConnect();
$user = blobCurrentUser();
if (isset($_GET['user']) && $_GET['user'] != $user) {
    $user = $_GET['user'];
    //$user = mysql_real_escape_string($user);
    // Check if the user exists
    if (!blobExistUser($user)) {
        blobMessagePush("'" . $user . "' does not exist!");
        blobRedirect('view.php');
    }
    $fullName = blobGetUserFullName($user);
    $avatar = getAvatar($user);
    $followHTML = blobCanFollowHTML($user);
    if (blobCanFollow($user)) {
        $showStatusHTML = "<div id=\"comments_main\"><div id=\"comments\"><pre width=\"77\">You will be able to see his updates only if you follow the user!</pre> </div></div>";
    } else {
        $showStatusHTML = blobShowUserStatus($user);
    }
    $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>User Profile: {$user}</h2>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0;\">\r\n\t\t\t<img src=\"{$avatar}\" width=\"100\" />\r\n\t\t</div>\r\n\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t{$fullName}\r\n\t\t\t<br /><br />\r\n\t\t\t{$followHTML}\r\n\t\t</div>\r\n\t</div>\r\n\r\n\t<div class=\"clear\"></div>\r\n\t<pre>User's status updates:</pre>\r\n\t{$showStatusHTML}\r\n\t<br /><br /><br />\r\n\r\n</div>\r\n";
} else {
    $user_id = blobGetUserID($user);
    $fullName = blobGetUserFullName($user);
    $avatar = getAvatar($user);
    $showStatusHTML = blobShowUserStatus($user);
    $profileUrl = BLOB_WEB_PAGE_TO_ROOT;
    $user = $user . " (that's me!)";
    $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>User Profile: {$user}</h2>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0;\">\r\n\t\t\t<img src=\"{$avatar}\" width=\"100\" />\r\n\t\t</div>\r\n\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t{$fullName}\r\n\t\t\t<br /><br />\r\n\t\t\t<input class=\"button\" name=\"btnUpdate\" type=\"submit\" value=\"Update your status\" onclick=\"window.location='{$profileUrl}'\">\r\n\t\t</div>\r\n\t</div>\r\n\r\n\t<div class=\"clear\"></div>\r\n\t<pre>Your previous status updates:</pre>\r\n\t{$showStatusHTML}\r\n\t<br /><br /><br />\r\n\r\n</div>\r\n";
}
blobHtmlEcho($page);
Exemplo n.º 2
0
require_once BLOB_WEB_PAGE_TO_ROOT . 'blob/includes/blobPage.inc.php';
blobPageStartup(array('authenticated'));
$page = blobPageNewGrab();
$page['title'] .= $page['title_separator'] . 'What\'s on your mind?';
$page['page_id'] = 'home';
$page['onload'] = "onLoad=\"document.statusupdate.statusMsg.focus()\"";
blobDatabaseConnect();
$user = blobCurrentUser();
$user_id = blobGetUserID($user);
if (isset($_POST['btnUpdate'])) {
    if ($_POST['statusMsg'] == "") {
        blobMessagePush("Status cannot be empty!");
        blobRedirect('index.php');
    }
    $message = trim($_POST['statusMsg']);
    // Sanitize message input
    $message = stripslashes($message);
    $message = mysql_real_escape_string($message);
    // Sanitize name input
    $name = mysql_real_escape_string($name);
    $query = "INSERT INTO status (user_id, status, date_set) VALUES ('{$user_id}','{$message}', NOW());";
    $result = mysql_query($query) or die('<pre>' . mysql_error() . '</pre>');
}
if (isset($_GET['delete'])) {
    $status_id = $_GET['delete'];
    $status = blobDeleteStatus($status_id);
    blobMessagePush($status);
    blobRedirect('index.php');
}
$page['body'] .= "\r\n\t<div class=\"body_padded\">\r\n\t\t<h2>What's on your mind?</h2>\r\n\t\t<div class=\"vulnerable_code_area\">\r\n\t\t\t<form method=\"post\" name=\"statusupdate\">\r\n\t\t\t\t<input type=\"hidden\" name=\"index.php\" value=\"index.php\" />\r\n\t\t\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\r\n\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t<td><textarea style=\"padding: 5px;\" name=\"statusMsg\" cols=\"60\" rows=\"3\" maxlength=\"140\"></textarea></td>\r\n\t\t\t\t\t</tr>\r\n\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t<td><input class=\"button\" name=\"btnUpdate\" type=\"submit\" value=\"Update Status\" > ( Max 140 characters )</td>\r\n\t\t\t\t\t</tr>\r\n\t\t\t\t</table>\r\n\t\t\t</form>\r\n\t\t</div>\r\n\t\t<div class=\"clear\"></div>\r\n\t\t<pre>Your previous status updates:</pre>\r\n\t\t" . blobShowUserStatus($user) . "\r\n\t\t<br />\r\n\t</div>";
blobHtmlEcho($page);