<?php
if (isset($selected_user)) {
unset($selected_user);
}
if ($logged_in && isset($_GET["user_id"])) {
$dao = new DAO(false);
$user_request = $dao->escape($_GET["user_id"]);
$properties = array("user_id", "user_name", "user_picture", "course_name", "university_name");
$dao->myquery("SELECT " . implode(",", $properties) . " FROM user " . "JOIN cohort ON user.cohort_id=cohort.cohort_id " . "JOIN course ON cohort.course_id=course.course_id " . "JOIN university ON course.university_id=university.university_id WHERE user_id=\"{$user_request}\";");
if ($dao->fetch_num_rows() > 0) {
//User exists
$selected_user = $dao->fetch_one_obj_part($properties);
$friends_query = "SELECT * FROM connection WHERE (user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\") OR " . "(user_id2=\"{$user->user_id}\" AND user_id1=\"{$selected_user->user_id}\");";
$dao->myquery($friends_query);
$is_friend = $dao->fetch_num_rows() != 0 || $selected_user->user_id == $user->user_id || $selected_user->user_id == 1;
// I am friends with myself
$selected_user->is_friend = $is_friend;
$dao->myquery("SELECT * FROM friend_request WHERE user_id1=\"{$user->user_id}\" AND user_id2=\"{$selected_user->user_id}\";");
$selected_user->request_sent = $dao->fetch_num_rows() != 0;
$_SESSION["selected_user"] = $selected_user;
unset($_SESSION["selected_cohort"]);
}
}
<?php
include "../util/session.php";
include_once "../util/mysql.php";
include "../util/redirect.php";
$f = "../img/dp1.jpg";
if (isset($_GET["user_id1"])) {
$dao = new DAO(false);
$user_id1 = $dao->escape($_GET["user_id1"]);
$dao->myquery("SELECT user_picture FROM user WHERE user_id=\"{$user_id1}\";");
$user1 = $dao->fetch_one_obj_part(array("user_picture"));
$f = "../profile_pictures/" . $user1->user_picture;
if (!$user1->user_picture || !file_exists($f)) {
$f = "../img/dp1.jpg";
}
header('Content-Type: image/jpeg');
header("Content-Disposition: inline; filename=\"{$user1->user_picture}\"");
readfile($f);
}
<?php
include "../util/session.php";
include "../util/redirect.php";
include "../util/pwd.php";
include_once "../util/mysql.php";
$redirect = "/";
if (isset($_POST["r"]) && $_POST["r"] != "") {
$redirect = htmlspecialchars($_POST["r"]);
}
if (isset($_POST["user_email"]) && isset($_POST["user_password"]) && $_POST["user_email"] != "" && $_POST["user_password"] != "") {
$dao = new DAO();
$user_email = $dao->escape($_POST["user_email"]);
$user_password = $dao->escape(salt($_POST["user_password"]));
$user_query = "SELECT user_id,user_name,user_email,cohort_id,user_picture FROM user WHERE user_email=\"{$user_email}\" AND user_password=\"{$user_password}\";";
$dao->myquery($user_query);
if ($dao->fetch_num_rows() == 1) {
$_SESSION["user"] = $dao->fetch_one_obj_part(array("user_id", "user_name", "user_email", "cohort_id", "user_picture"));
unset($_SESSION["selected_user"]);
redirect($redirect);
//Go to the redirect link
} else {
redirect("../../welcome/?&m=2&r=" . $redirect . "&user_email=" . htmlspecialchars($user_email));
}
} else {
redirect("../../welcome/?m=3" . (isset($_POST["user_email"]) ? "&user_email=" . $_POST["user_email"] : "") . "&r=" . $redirect);
}
