* Created by PhpStorm.
* User: hze
* Date: 12/24/15
* Time: 2:31 PM
*/
session_start();
error_reporting(0);
include "connection.php";
include "DataRetrieval.php";
include "getuseraddress.php";
if ($_GET["friendid"]) {
insertFriendWaitingList($link, $_SESSION['id'], $_GET["friendid"]);
}
if (isset($_POST['submit']) && $_POST['submit'] == 'Send') {
$_POST['sendto'];
insertThread($link, $_POST['sendcontent'], "friend", $_POST['sendto']);
replyThread($link, $_SESSION['id'], getMaxThread($link), $_POST['sendtitle'], $_POST['sendsubject'], $_POST['sendcontent'], null, null);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<title>Neighbor</title>
<!-- Bootstrap -->
function formProcess_bb($option, $thread, $threadID)
{
$errorText = '';
if (!check_csrf_token()) {
zamgerlog("csrf token nije dobar", 3);
zamgerlog2("csrf token nije dobar");
return "Poslani podaci nisu ispravni. Vratite se nazad, ponovo popunite formu i kliknite na dugme Pošalji";
}
if (!in_array($option, array('add', 'edit'))) {
$errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
return $errorText;
}
$id = intval($_REQUEST['id']);
if ($option == 'edit' && $id <= 0) {
$errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
zamgerlog("pokusao urediti nepostojeci post {$id}, projekat {$projekat} (pp{$predmet})", 3);
zamgerlog2("pokusao urediti nepostojeci post", $id, $projekat);
return $errorText;
}
if ($thread == true && $threadID <= 0) {
$errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
zamgerlog("pokusao urediti nepostojeci post {$id}, projekat {$projekat} (pp{$predmet})", 3);
zamgerlog2("pokusao urediti nepostojeci post", $id, $projekat);
return $errorText;
}
//get variables
$naslov = $_REQUEST['naslov'];
$tekst = $_REQUEST['tekst'];
$projekat = intval($_REQUEST['projekat']);
$predmet = intval($_REQUEST['predmet']);
global $userid;
if (empty($naslov) || empty($tekst)) {
$errorText = 'Unesite sva obavezna polja.';
return $errorText;
}
$naslov = trim($naslov);
$tekst = trim($tekst);
if ($option == 'edit') {
$entry = getPost($id);
}
$data = array('naslov' => $naslov, 'tekst' => $tekst, 'osoba' => $userid, 'projekat' => $projekat, 'threadID' => $threadID);
if ($option == 'add') {
if ($thread == false) {
//new thread inserting
if (!insertThread($data)) {
$errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
return $errorText;
}
} else {
//inserting post in thread
if (!insertReplyForThread($threadID, $data)) {
$errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
return $errorText;
}
}
} else {
if (!updatePost($data, $id)) {
$errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
return $errorText;
}
}
//option == edit
return $errorText;
}
$getallmessagesearch = "SELECT MessageId, Subject, Title, Name, PostTime, PostId, Data FROM Message,User WHERE User.UserId=Message.PostId and ( Title LIKE '%" . $_POST['search'] . "%' OR Subject LIKE '%" . $_POST['search'] . "%' OR Data LIKE '%" . $_POST['search'] . "%')";
$result = mysqli_query($link, $getallmessagesearch);
}
if (isset($_POST['submit']) && $_POST['submit'] == "Post") {
date_default_timezone_set("America/New_York");
$timenow = date("Y-m-d H:i:s");
//
// $newmessage="INSERT INTO `Message`(`Subject`, `Title`,
// `Data`,`PostTime`,`PostId`) VALUES ('".$_POST['newsubject']."',
// '".$_POST['newtitle']."','".$_POST['newcontent']."','".$timenow."',
// '".$_SESSION['id']."')";
// $newmessage="INSERT INTO `ProjectTest`.`Message` (`Subject`, `Title`, `PostId`, `PostTime`) VALUES ('ww', 'ww', '1', '2015-12-11 23:34:20')";
if ($_POST['sendto'] == 'hood') {
insertThread($link, $_POST['newcontent'], 'hood', getHoodId($link, $_SESSION['blockid']));
replyThread($link, $_SESSION['id'], getMaxThread($link), $_POST['newtitle'], $_POST['newsubject'], $_POST['newcontent'], null, null);
}
if ($_POST['sendto'] == 'block') {
insertThread($link, $_POST['newcontent'], 'block', $_SESSION['blockid']);
replyThread($link, $_SESSION['id'], getMaxThread($link), $_POST['newtitle'], $_POST['newsubject'], $_POST['newcontent'], null, null);
}
}
if (isset($_POST['submit']) && $_POST['submit'] == "Reply") {
date_default_timezone_set("America/New_York");
$timenow = date("Y-m-d H:i:s");
$replymessage = "INSERT INTO `Message`(`Subject`, `Title`,\n `Data`,`PostTime`,`PostId`,`ReplyId`) VALUES ('" . $_POST['replysubject'] . "',\n '" . $_POST['replytitle'] . "','" . $_POST['replycontent'] . "','" . $timenow . "',\n '" . $_SESSION['id'] . "'," . $_POST['sendto'] . ")";
if (mysqli_query($link, $replymessage)) {
$success = "Success";
} else {
$error = "Failed";
}
}
require_once $path . '.class.php';
}
session_start();
$tinM = array_key_exists('tinM', $_POST) ? $_POST['tinM'] : null;
$tinT = array_key_exists('tinT', $_POST) ? $_POST['tinT'] : null;
$cinM = array_key_exists('cinM', $_POST) ? $_POST['cinM'] : null;
$cinT = array_key_exists('cinT', $_POST) ? $_POST['cinT'] : null;
if ($tinM != null) {
$tinM = nl2br($tinM);
$cinM = nl2br($cinM);
insertThread($tinM, $cinM, true);
} else {
if ($tinT != null) {
$tinT = nl2br($tinT);
$cinT = nl2br($cinT);
insertThread($tinT, $cinT, false);
}
}
$tinM = null;
$cinM = null;
$cinT = null;
$tinT = null;
function insertThread($title, $content, $isMovieTopic)
{
$dao = new DAO();
if ($isMovieTopic == true) {
$mID = $_REQUEST['mselect'];
$tID = null;
} else {
$tID = $_REQUEST['tselect'];
$mID = null;