Пример #1
0
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
define('BLOB_WEB_PAGE_TO_ROOT', '../');
require_once BLOB_WEB_PAGE_TO_ROOT . 'blob/includes/blobPage.inc.php';
blobPageStartup(array('authenticated'));
$page = blobPageNewGrab();
blobDatabaseConnect();
$user = blobCurrentUser();
$user_id = blobGetUserID($user);
if (isset($_GET['user'])) {
    $page['title'] .= $page['title_separator'] . 'Follow User';
    $page['page_id'] = 'followuser';
    $user = $_GET['user'];
    $user = mysql_real_escape_string($user);
    // Check if the user exists
    if (!blobExistUser($user)) {
        blobMessagePush("'" . $user . "' does not exist!");
        blobRedirect('follow.php');
    }
    $fullName = blobGetUserFullName($user);
    $avatar = getAvatar($user);
    $followHTML = blobFollowUser($user);
    $profilepage = BLOB_WEB_PAGE_TO_ROOT . 'profile/view.php?user='******'body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>Following User: {$user}</h2>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0;\">\r\n\t\t\t<img src=\"{$avatar}\" width=\"100\" />\r\n\t\t</div>\r\n\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t" . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t\t\t<br /><br />\r\n\t\t\t{$followHTML}\r\n\t\t\t<br /><br />\r\n\t\t</div>\r\n\t</div>\r\n\r\n\t<br />\r\n\t<b>View user's profile:</b> " . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t<br /><br /><br />\r\n\r\n</div>\r\n";
} else {
    $page['title'] .= $page['title_separator'] . 'User List';
    $page['page_id'] = 'othersprofile';
    $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>User List</h2>\r\n\r\n\t" . blobUserList() . "\r\n\t<br /> <br />\r\n\r\n</div>\r\n";
}
blobHtmlEcho($page);
Пример #2
0
function blobHtmlEcho($pPage)
{
    $menuBlocks = array();
    $menuBlocks['profile'] = array();
    $menuBlocks['profile'][] = array('id' => 'viewprofile', 'name' => 'View Profile', 'url' => 'profile/view.php');
    $menuBlocks['profile'][] = array('id' => 'editprofile', 'name' => 'Edit Profile', 'url' => 'profile/edit.php');
    $menuBlocks['profile'][] = array('id' => 'othersprofile', 'name' => 'View Users', 'url' => 'profile/follow.php');
    $menuBlocks['admin'] = array();
    $menuBlocks['admin'][] = array('id' => 'setup', 'name' => 'Setup', 'url' => 'setup.php');
    $menuHtml = '';
    foreach ($menuBlocks as $menuBlock) {
        $menuBlockHtml = '';
        foreach ($menuBlock as $menuItem) {
            $selectedClass = $menuItem['id'] == $pPage['page_id'] ? 'selected' : '';
            $fixedUrl = BLOB_WEB_PAGE_TO_ROOT . $menuItem['url'];
            $menuBlockHtml .= "<li onclick=\"window.location='{$fixedUrl}'\" class=\"{$selectedClass}\"><a href=\"{$fixedUrl}\">{$menuItem['name']}</a></li>";
        }
        $menuHtml .= "<ul>{$menuBlockHtml}</ul>";
    }
    $adminLink = "";
    //Primary Menu
    $pmenuBlocks = array();
    $pmenuBlocks[] = array('id' => 'home', 'name' => 'Home', 'url' => '.');
    if (blobIsAdmin()) {
        $adminLink = BLOB_WEB_PAGE_TO_ROOT . 'admin';
        $adminLink = blobInternalLinkUrlGet($adminLink, "Admin");
        $pmenuBlocks[] = array('id' => 'admin', 'name' => 'Admin', 'url' => 'admin');
    }
    $pmenuBlocks[] = array('id' => 'about', 'name' => 'About', 'url' => 'about.php');
    $pmenuBlocks[] = array('id' => 'logout', 'name' => 'Logout', 'url' => 'logout.php');
    $primaryMenuHtml = '';
    $pmenuBlockHtml = '';
    foreach ($pmenuBlocks as $pmenuItem) {
        $selectedClass = $pmenuItem['id'] == $pPage['page_id'] ? 'selected' : '';
        $fixedUrl = BLOB_WEB_PAGE_TO_ROOT . $pmenuItem['url'];
        $pmenuBlockHtml .= "<li onclick=\"window.location='{$fixedUrl}'\" class=\"{$selectedClass}\"><a href=\"{$fixedUrl}\">{$pmenuItem['name']}</a></li>";
    }
    $primaryMenuHtml .= "<ul>{$pmenuBlockHtml}</ul>";
    blobDatabaseConnect();
    $blob_loggedin_user = blobCurrentUser() ? blobCurrentUser() : "Open User!";
    $user_fullname = blobGetUserFullName($blob_loggedin_user);
    $userInfoHtml = '<b>Username:</b> ' . $blob_loggedin_user;
    $userInfoHtml .= '<br><b>Full Name:</b> ' . $user_fullname;
    $avatarURL = getAvatar($blob_loggedin_user);
    $quote = getQuote();
    $homepage = BLOB_WEB_PAGE_TO_ROOT . 'index.php';
    $profilepage = BLOB_WEB_PAGE_TO_ROOT . 'profile';
    $messagesHtml = messagesPopAllToHtml();
    if ($messagesHtml) {
        $messagesHtml = "<div class=\"body_padded\">{$messagesHtml}</div>";
    }
    $systemInfoHtml = "<div align=\"left\">{$userInfoHtml}</div>";
    if ($pPage['source_button']) {
        $systemInfoHtml = blobButtonSourceHtmlGet($pPage['source_button']) . " {$systemInfoHtml}";
    }
    if ($pPage['help_button']) {
        $systemInfoHtml = blobButtonHelpHtmlGet($pPage['help_button']) . " {$systemInfoHtml}";
    }
    // Send Headers + main HTML code
    Header('Cache-Control: no-cache, must-revalidate');
    // HTTP/1.1
    Header('Content-Type: text/html;charset=utf-8');
    // TODO- proper XHTML headers...
    Header("Expires: Tue, 23 Jun 2009 12:00:00 GMT");
    // Date in the past
    echo "\r\n\t<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n\t<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n\t\t<head>\r\n\t\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\r\n\t\t\t<title>{$pPage['title']}</title>\r\n\t\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . BLOB_WEB_PAGE_TO_ROOT . "blob/css/login.css\" />\r\n\t\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . BLOB_WEB_PAGE_TO_ROOT . "blob/css/main.css\" />\r\n\t\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . BLOB_WEB_PAGE_TO_ROOT . "blob/css/table.css\" />\r\n\t\t\t<link rel=\"icon\" type=\"\\image/ico\" href=\"" . BLOB_WEB_PAGE_TO_ROOT . "favicon.ico\" />\r\n\t\t\t<script type=\"text/javascript\" src=\"" . BLOB_WEB_PAGE_TO_ROOT . "blob/js/blobPage.js\"></script>\r\n\t\t\t<script type=\"text/javascript\" src=\"http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js\"></script>\r\n\t\t\t{$pPage['script']}\r\n\t\t</head>\r\n\r\n\t\t<body {$pPage['onload']} class=\"home\">\r\n\t\t\t<div id=\"header\">\r\n\t\t\t\t<a href=\"{$homepage}\"><img class=\"header_img\" src=\"" . BLOB_WEB_PAGE_TO_ROOT . "blob/images/logo.\" alt=\"blob\" /></a>\r\n\t\t\t\t<div id=\"quote\">\r\n\t\t\t\t\t{$quote}\r\n\t\t\t\t</div>\r\n\r\n\t\t\t\t<div id=\"primary_menu\">\r\n\t\t\t\t\t{$primaryMenuHtml}\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t\t<div id=\"wrapper\">\r\n\t\t\t\t<div id=\"container\" class=\"rounded-corners\">\r\n\t\t\t\t\t<div id=\"main_menu\">\r\n\t\t\t\t\t\t<div id=\"profile_info\">\r\n\t\t\t\t\t\t\t<a href=\"{$profilepage}\"><img class=\"rounded-corners\" width=\"100\" src=\"{$avatarURL}\" /></a>\r\n\t\t\t\t\t\t\t<div>{$user_fullname}</div>\r\n\t\t\t\t\t\t\t<div>{$adminLink}</div>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div id=\"main_menu_padded\">\r\n\t\t\t\t\t\t\t{$menuHtml}\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t\t<div id=\"main_body\" class=\"rounded-corners\">\r\n\t\t\t\t\t\t{$pPage['body']}\r\n\t\t\t\t\t\t<br />\r\n\t\t\t\t\t\t<center>\r\n\t\t\t\t\t\t{$messagesHtml}\r\n\t\t\t\t\t\t</center>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t\t<div class=\"clear\">\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</div>\r\n\t\t\t\t<div id=\"footer\" class=\"rounded-corners\">\r\n\t\t\t\t\t<p>Greenify " . blobVersionGet() . " is a Free and OpenSource Microblogging client</p>\r\n\t\t\t\t</div>\r\n\t\t\t</body>\r\n\t\t</html>";
}