function render_post_page($post_id)
{
$mysqli = db_connect();
$sql = "";
if (isset($_SESSION["user_id"])) {
$sql = "SELECT DISTINCT Posts.*,Users.Username,Users.Avatar,Likes.Id AS LikeId, Users.CSS" . " FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " LEFT OUTER JOIN Likes ON Likes.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Likes.PostId=Posts.Id" . " LEFT OUTER JOIN Friends FriendsOfAuthor ON Posts.UserId=FriendsOfAuthor.UserId AND FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE" . " ((FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.Privacy=" . POST_PRIVACY_FRIENDS_ONLY . " AND Posts.Status=" . POST_STATUS_PUBLISHED . ")" . " OR" . " (Posts.Privacy=" . POST_PRIVACY_PUBLIC . " AND Posts.Status=" . POST_STATUS_PUBLISHED . ")" . " OR" . " (Posts.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . "))" . " AND Posts.Id='" . $mysqli->real_escape_string($post_id) . "'";
} else {
$sql = "SELECT Posts.*,Users.Username,Users.Avatar, Users.CSS FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " WHERE" . " Posts.Privacy=" . POST_PRIVACY_PUBLIC . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Posts.Id='" . $mysqli->real_escape_string($post_id) . "'";
}
$post_result = $mysqli->query($sql);
// print "<br /><br /><code>".$sql."</code>";
if ($post_result->num_rows > 0) {
$post_row = @$post_result->fetch_assoc();
$body_excerpt = htmlspecialchars(strlen($post_row["Body"]) > 140 ? substr($post_row["Body"], 0, 140) : $post_row["Body"]);
$html = render_header($post_row["Title"], $body_excerpt);
$html .= "<div class='posts'>\n";
$html .= render_post($mysqli, $post_row, true);
$html .= "</div> <!-- .posts -->\n";
$html .= render_footer();
return $html;
} else {
header("Location: /404/" . $post_id);
}
}
<?php
defined("IN_FUSION") or die;
if (isset($_GET['id']) && isnum($_GET['id'])) {
$result = dbquery("SELECT p.*,pc.*,u.user_name,u.user_avatar FROM " . DB_AL_BLOG_POSTS . " p LEFT JOIN " . DB_AL_BLOG_CATEGORIES . " pc ON pc.alb_cat_id=p.alb_post_cat LEFT JOIN " . DB_USERS . " u ON u.user_id=p.alb_post_user WHERE alb_post_status='1' AND alb_post_id='" . $_GET['id'] . "'");
if (dbrows($result)) {
$data = dbarray($result);
$data['comments'] = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $data['alb_post_id'] . "' AND comment_type='BL'");
render_post($data);
} else {
redirect(FUSION_SELF);
}
} else {
redirect(FUSION_SELF);
}
