function render_post_page($post_id) { $mysqli = db_connect(); $sql = ""; if (isset($_SESSION["user_id"])) { $sql = "SELECT DISTINCT Posts.*,Users.Username,Users.Avatar,Likes.Id AS LikeId, Users.CSS" . " FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " LEFT OUTER JOIN Likes ON Likes.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Likes.PostId=Posts.Id" . " LEFT OUTER JOIN Friends FriendsOfAuthor ON Posts.UserId=FriendsOfAuthor.UserId AND FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE" . " ((FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.Privacy=" . POST_PRIVACY_FRIENDS_ONLY . " AND Posts.Status=" . POST_STATUS_PUBLISHED . ")" . " OR" . " (Posts.Privacy=" . POST_PRIVACY_PUBLIC . " AND Posts.Status=" . POST_STATUS_PUBLISHED . ")" . " OR" . " (Posts.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . "))" . " AND Posts.Id='" . $mysqli->real_escape_string($post_id) . "'"; } else { $sql = "SELECT Posts.*,Users.Username,Users.Avatar, Users.CSS FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " WHERE" . " Posts.Privacy=" . POST_PRIVACY_PUBLIC . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Posts.Id='" . $mysqli->real_escape_string($post_id) . "'"; } $post_result = $mysqli->query($sql); // print "<br /><br /><code>".$sql."</code>"; if ($post_result->num_rows > 0) { $post_row = @$post_result->fetch_assoc(); $body_excerpt = htmlspecialchars(strlen($post_row["Body"]) > 140 ? substr($post_row["Body"], 0, 140) : $post_row["Body"]); $html = render_header($post_row["Title"], $body_excerpt); $html .= "<div class='posts'>\n"; $html .= render_post($mysqli, $post_row, true); $html .= "</div> <!-- .posts -->\n"; $html .= render_footer(); return $html; } else { header("Location: /404/" . $post_id); } }
<?php defined("IN_FUSION") or die; if (isset($_GET['id']) && isnum($_GET['id'])) { $result = dbquery("SELECT p.*,pc.*,u.user_name,u.user_avatar FROM " . DB_AL_BLOG_POSTS . " p LEFT JOIN " . DB_AL_BLOG_CATEGORIES . " pc ON pc.alb_cat_id=p.alb_post_cat LEFT JOIN " . DB_USERS . " u ON u.user_id=p.alb_post_user WHERE alb_post_status='1' AND alb_post_id='" . $_GET['id'] . "'"); if (dbrows($result)) { $data = dbarray($result); $data['comments'] = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $data['alb_post_id'] . "' AND comment_type='BL'"); render_post($data); } else { redirect(FUSION_SELF); } } else { redirect(FUSION_SELF); }