function blobUserList() { $query = "SELECT first_name,last_name,user,avatar comment FROM users"; $result = mysql_query($query); $userList = ''; while ($row = mysql_fetch_row($result)) { $fullName = $row[0] . ' ' . $row[1]; $profilepage = BLOB_WEB_PAGE_TO_ROOT . 'profile/view.php?user=' . $row[2]; $profileUrl = blobInternalLinkUrlGet($profilepage, $fullName); $avatar = getAvatar($row[2]); $avatarImage = "<img src=\"{$avatar}\" width=\"100\" />"; $followHTML = blobCanFollowHTML($row[2]); $userList .= "\r\n\t\t<div class=\"user-list\">\r\n\t\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0; height: 100px;\">\r\n\t\t\t\t{$avatarImage}\r\n\t\t\t</div>\r\n\t\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t\t{$profileUrl}\r\n\t\t\t\t<br /><br />\r\n\t\t\t\t{$followHTML}\r\n\t\t\t</div>\r\n\t\t</div>"; } return $userList; }
$page = blobPageNewGrab(); $page['title'] .= $page['title_separator'] . 'View Profile'; $page['page_id'] = 'viewprofile'; blobDatabaseConnect(); $user = blobCurrentUser(); if (isset($_GET['user']) && $_GET['user'] != $user) { $user = $_GET['user']; //$user = mysql_real_escape_string($user); // Check if the user exists if (!blobExistUser($user)) { blobMessagePush("'" . $user . "' does not exist!"); blobRedirect('view.php'); } $fullName = blobGetUserFullName($user); $avatar = getAvatar($user); $followHTML = blobCanFollowHTML($user); if (blobCanFollow($user)) { $showStatusHTML = "<div id=\"comments_main\"><div id=\"comments\"><pre width=\"77\">You will be able to see his updates only if you follow the user!</pre> </div></div>"; } else { $showStatusHTML = blobShowUserStatus($user); } $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>User Profile: {$user}</h2>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0;\">\r\n\t\t\t<img src=\"{$avatar}\" width=\"100\" />\r\n\t\t</div>\r\n\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t{$fullName}\r\n\t\t\t<br /><br />\r\n\t\t\t{$followHTML}\r\n\t\t</div>\r\n\t</div>\r\n\r\n\t<div class=\"clear\"></div>\r\n\t<pre>User's status updates:</pre>\r\n\t{$showStatusHTML}\r\n\t<br /><br /><br />\r\n\r\n</div>\r\n"; } else { $user_id = blobGetUserID($user); $fullName = blobGetUserFullName($user); $avatar = getAvatar($user); $showStatusHTML = blobShowUserStatus($user); $profileUrl = BLOB_WEB_PAGE_TO_ROOT; $user = $user . " (that's me!)"; $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>User Profile: {$user}</h2>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0;\">\r\n\t\t\t<img src=\"{$avatar}\" width=\"100\" />\r\n\t\t</div>\r\n\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t{$fullName}\r\n\t\t\t<br /><br />\r\n\t\t\t<input class=\"button\" name=\"btnUpdate\" type=\"submit\" value=\"Update your status\" onclick=\"window.location='{$profileUrl}'\">\r\n\t\t</div>\r\n\t</div>\r\n\r\n\t<div class=\"clear\"></div>\r\n\t<pre>Your previous status updates:</pre>\r\n\t{$showStatusHTML}\r\n\t<br /><br /><br />\r\n\r\n</div>\r\n"; }