$insert = "insert into likes(entry_id, liking_user) values(?,?)"; $rows = prepared_statement($dbh, $insert, array($entry_id, $liking_user)); } } header("Location: toBlog.php?user={$posting_user}"); } else { if (isset($_POST['blogComment'])) { $insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)"; // the current user should remain on the blog page of the user who created the post, which must be determined $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $loggedInUser, $_POST['blogComment'])); $preparedquery = "SELECT user FROM blog_entry where entry_id = ?"; $resultset = prepared_query($dbh, $preparedquery, $_POST['entryId']); $row = $resultset->fetchRow(MDB2_FETCHMODE_ASSOC); $posting_user = $row['user']; header("Location: toBlog.php?user={$posting_user}"); } else { $user = $_GET['user']; $result = $user == $loggedInUser; if ($result == 1) { printBlog($dbh, $user); } else { showBlog($dbh, $user, $loggedInUser); } } } } } ?> </body> </html>
<meta name="Author" content="phpMyHome Team" /> <meta name="Description" content="" /> <meta name="Identifier-URL" content="http://" /> <meta name="Reply-to" content="" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="" /> <title>phpMyHome</title> <link rel="stylesheet" type="text/css" href="../styles/default.css" /> </head> <body> <div class="InFrmDiv"> <?php printBlog(10); ?> <form action="../include/savBlog.php" method="post" class="mainForm"> <div class="blogDivTextarea"> <textarea class="blogTextarea" name="blog"></textarea> </div> <div class="blogDivSave"> <input type="submit" class="blogSave" value="<?php print libBLOG; ?> "> </div> </form> </div> </body> </html>
$insert = "insert into comments(entry_id, commenting_user, comment_text) values(?, ?, ?)"; $rows = prepared_statement($dbh, $insert, array($_POST['entryId'], $poster, htmlspecialchars($_POST['blogComment']))); header("Location: blog-ex-comment-user.php"); } else { if (isset($_GET['entry_id'])) { $entry_id = $_GET['entry_id']; //id of the entry that was liked $posting_user = $_GET['posting_user']; // the author of the post // delete the post, as well as any comments and likes that have been made on that post // to make sure that no one can alter the GET values to delete someone else's post, // make sure that the supposed author of the post matches the logged-in user if (!strcmp($posting_user, $poster)) { $preparedquery = "delete from likes where entry_id = ?"; $resultset = prepared_query($dbh, $preparedquery, array($entry_id)); $preparedquery2 = "delete from comments where entry_id = ?"; $resultset2 = prepared_query($dbh, $preparedquery2, array($entry_id)); $preparedquery3 = "delete from blog_entry where entry_id = ?"; $resultset3 = prepared_query($dbh, $preparedquery3, array($entry_id)); } header("Location: blog-ex-comment-user.php"); } } printBlog($dbh, $poster); ?> </body> </html>
?> <?php include_once 'nodes/headerimg.php'; ?> </head> <body class="page_homepage"> <?php include 'nodes/header.php'; ?> <div id="frame" class="frame"> <section class="content"> <?php printBlog(); ?> <footer> <?php buildPageNav(); ?> </footer> </section> <?php include 'nodes/sidebar.php'; ?> </div>