function friend_add($username) { if (isset($_SESSION["user_id"])) { $mysqli = db_connect(); // fetch the ID of the friend $sql = "SELECT * FROM Users WHERE Username='******'"; $result = $mysqli->query($sql); if ($result->num_rows > 0) { $user_row = $result->fetch_assoc(); $user_id = $user_row["Id"]; // delete the friendship if it exists $sql = "DELETE FROM Friends WHERE UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND FriendId=" . $mysqli->real_escape_string($user_id); $result = $mysqli->query($sql); // insert a new record $sql = "INSERT INTO Friends (UserId,FriendId,Created,IPCreated) VALUES (" . $mysqli->real_escape_string($_SESSION["user_id"]) . "," . $mysqli->real_escape_string($user_id) . ",NOW(),'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "')"; $result = $mysqli->query($sql); // next find out if the user we are adding as a friend wishes to be informed if ($user_row["NotifyNewFriends"] == 1 and $user_row["Status"] == USER_STATUS_VALIDATED) { $mail_to = $user_row["Email"]; $mail_subject = SITE_NAME . " - " . $_SESSION["user_name"] . " added you as a friend!"; $mail_message = $_SESSION["user_name"] . " added you as a friend!\n\n" . "http://wetheusers.net/" . $_SESSION["user_name"] . "\n\n"; send_email($mail_to, $mail_subject, $mail_message); } SendSystemMessage($mysqli, $user_id, $_SESSION["user_name"] . " added you as a friend!", "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") has added you as a friend", 4); return true; } else { return false; } } else { header("Location: /401"); } }
function comment_add() { if (isset($_SESSION["user_id"])) { $post_id = isset($_POST["post_id"]) ? $_POST["post_id"] : ""; $body = isset($_POST["body"]) ? $_POST["body"] : ""; if ($post_id != "" && $body != "") { $mysqli = db_connect(); $sql = "SELECT Posts.Id,Posts.Title,Users.NotifyComments,Users.Username,Users.Email,Posts.UserId FROM Posts" . " INNER JOIN Users ON Users.Id=Posts.UserId" . " WHERE Posts.Id=" . $mysqli->real_escape_string($post_id); $post_result = $mysqli->query($sql); if ($post_result->num_rows > 0) { $post_row = $post_result->fetch_assoc(); $link_title = $post_row["Title"] != "" ? $post_row["Title"] : "Untitled"; // Add the comment to the comments table $sql = "INSERT INTO Comments (" . "PostId,UserId,Body,Created,IPCreated" . ") VALUES (" . $mysqli->real_escape_string($post_id) . "," . $mysqli->real_escape_string($_SESSION["user_id"]) . ",'" . $mysqli->real_escape_string($body) . "'" . ",Now()" . ",'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "'" . ")"; $mysqli->query($sql); $new_comment_id = $mysqli->insert_id; // Update the number of comments on the post $count_sql = "SELECT COUNT(*) AS NumComments FROM Comments WHERE PostId=" . $mysqli->real_escape_string($post_id); $count_result = $mysqli->query($count_sql); $count_row = $count_result->fetch_assoc(); $update_sql = "UPDATE Posts SET Comments=" . $mysqli->real_escape_string($count_row["NumComments"]) . " WHERE Id=" . $mysqli->real_escape_string($post_id); $update_result = $mysqli->query($update_sql); // do an email notification if required if ($post_row["UserId"] != $_SESSION["user_id"]) { if ($post_row["NotifyComments"] == 1) { $mail_to = $post_row["Email"]; $mail_subject = SITE_NAME . " - " . $_SESSION["user_name"] . " commented on '" . $post_row["Title"] . "'"; $mail_message = "You have received a new comment on your post '" . $link_title . "' by " . $_SESSION["user_name"] . "...\n---\n" . $body . "\n - " . $_SESSION["user_name"] . " (http://wetheusers.net/" . $_SESSION["user_name"] . ")\n---\n" . "http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($link_title) . "\n\n"; send_email($mail_to, $mail_subject, $mail_message); } SendSystemMessage($mysqli, $post_row["UserId"], $_SESSION["user_name"] . " commented on your post '" . $link_title . "'", "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") commented on your post [" . $link_title . "](http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($link_title) . ")\n\n" . $body, 1); } // find out people who have commented previously that have NotifyOtherComments switched on $sql = "SELECT DISTINCT Users.Id AS UserId, Users.Email AS Email,Users.NotifyOtherComments" . " FROM Users" . " INNER JOIN Comments ON Comments.UserId=Users.Id AND Comments.PostId=" . $post_row["Id"] . " INNER JOIN Posts ON Posts.Id=" . $post_row["Id"] . " WHERE Comments.UserId<>" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.UserId<>Comments.UserId"; // not if you wrote the comment // not if you wrote the post $result = $mysqli->query($sql); if ($result->num_rows > 0) { while ($comment_row = @$result->fetch_assoc()) { if ($comment_row["NotifyOtherComments"] == 1 && $post_row["UserId"] != $_SESSION["user_id"]) { $mail_to = $comment_row["Email"]; $mail_subject = $_SESSION["user_name"] . " commented on '" . $post_row["Title"] . "' too"; $mail_message = "A new comment has been posted by " . $_SESSION["user_name"] . " on '" . $link_title . "' by " . $post_row["Username"] . ".\n---\n" . $body . "\n - " . $_SESSION["user_name"] . " (http://wetheusers.net/" . $_SESSION["user_name"] . ")\n---\n" . "http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "\n\n"; send_email($mail_to, $mail_subject, $mail_message); } SendSystemMessage($mysqli, $comment_row["UserId"], "'" . $_SESSION["user_name"] . "' posted a new comment on '" . $link_title . "' by " . $post_row["Username"], "A new comment has been posted by [" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") on [" . $link_title . "](http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($link_title) . ") by [" . $post_row["Username"] . "](http://wetheusers.net/" . $post_row["Username"] . ") (you have also commented on this post)\n\n" . $body, 2); } } return "success"; } else { header("Location: /404"); } } else { header("Location: " . $_SERVER["HTTP_REFERER"] . "/failure"); } } else { header("Location: /401"); } }
function post_add() { if (isset($_SESSION["user_id"])) { $post_title = isset($_POST["title"]) ? $_POST["title"] : ""; $post_body = isset($_POST["body"]) ? $_POST["body"] : ""; $post_tags = isset($_POST["tags"]) ? $_POST["tags"] : ""; $post_privacy = isset($_POST["privacy"]) ? $_POST["privacy"] : ""; $post_status = isset($_POST["status"]) ? $_POST["status"] : ""; $link_title = $post_title != "" ? $post_title : "Untitled"; if ($post_privacy != "" && $post_status != "") { $new_post_id = 0; $mysqli = db_connect(); $mysqli->query("INSERT INTO Posts (UserId,Title,Body,Privacy,Status,Created,IPCreated) VALUES (" . "'" . $mysqli->real_escape_string($_SESSION["user_id"]) . "'," . "'" . $mysqli->real_escape_string($post_title) . "'," . "'" . $mysqli->real_escape_string($post_body) . "'," . "'" . $mysqli->real_escape_string($post_privacy) . "'," . "'" . $mysqli->real_escape_string($post_status) . "'," . "NOW()," . "'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "'" . ")"); $new_post_id = $mysqli->insert_id; // do we have a photo ? upload_photo($new_post_id, $mysqli); // break the tags up into individual terms $tags = explode(",", $post_tags); if (count($tags) > 0) { // trim all tags $tags = array_map("trim", $tags); foreach ($tags as $tag) { if ($tag != "") { $tag = strtolower($tag); $tag_id = 0; // find out if the tag exists $sql = "SELECT * FROM Tags WHERE Name='" . $mysqli->real_escape_string($tag) . "'"; $result = $mysqli->query($sql); if ($result->num_rows > 0) { // if it does exist, get it's ID $row = @$result->fetch_assoc(); $tag_id = $row["Id"]; } else { // if it does not exist, add it, and get the ID $sql = "INSERT INTO Tags (Name) VALUES ('" . $mysqli->real_escape_string($tag) . "')"; $mysqli->query($sql); $tag_id = $mysqli->insert_id; } // add the tag to the PostTags list $mysqli->query("INSERT INTO PostTags (PostId,TagId,Created) VALUES (" . $mysqli->real_escape_string($new_post_id) . "," . $mysqli->real_escape_string($tag_id) . ",Now())"); } } } if ($post_status == POST_STATUS_PUBLISHED) { // check if we have any users to notify if ($post_privacy == POST_PRIVACY_FRIENDS_ONLY) { // fetch people that the writer calls a friend AND where the people call the writer a friend $sql = "SELECT DISTINCT Users.Id,Users.Email,Users.NotifyFriendsPosts FROM Users" . " LEFT OUTER JOIN Friends FriendsOfMe ON FriendsOfMe.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND FriendsOfMe.FriendId=Users.Id" . " LEFT OUTER JOIN Friends FriendsOfAuthor ON Users.Id=FriendsOfAuthor.UserId AND FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE (FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND FriendsOfMe.FriendId=Users.Id)"; } else { if ($post_privacy != POST_PRIVACY_PRIVATE) { // fetch everybody that calls the author a friend $sql = "SELECT Users.Id,Users.Email,Users.NotifyFriendsPosts FROM Users" . " INNER JOIN Friends ON Friends.UserId=Users.Id" . " WHERE Friends.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]); } else { $sql = "SELECT * FROM Friends WHERE 1=2"; } } $user_result = $mysqli->query($sql); if ($user_result->num_rows > 0) { while ($user_row = @$user_result->fetch_assoc()) { if ($user_row["NotifyFriendsPosts"] == 1) { $mail_to = $user_row["Email"]; $mail_subject = SITE_NAME . " - '" . $_SESSION["user_name"] . "' has a new post!"; $mail_message = "Your friend '" . $_SESSION["user_name"] . "' has just posted the following...\n\n" . $post_title . "\n" . "http://wetheusers.net/post/" . $new_post_id . "/" . toAscii($link_title) . "\n\n"; send_email($mail_to, $mail_subject, $mail_message); } // send the system message SendSystemMessage($mysqli, $user_row["Id"], $_SESSION["user_name"] . " has written a new post - " . $post_title, "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") has written a new post - [" . $link_title . "](http://wetheusers.net/post/" . $new_post_id . "/" . toAscii($link_title) . ")", 3); } } } return $new_post_id; } else { return -1; } } else { header("Location: /401"); } }
function comment_like($post_id, $comment_id) { if (isset($_SESSION["user_id"])) { // open database connection $mysqli = db_connect(); // get the post $sql = "SELECT Posts.*,Users.Username,Users.Avatar,Users.NotifyLikes AS NotifyLikes,Users.Email AS Email FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " LEFT OUTER JOIN Friends FriendsA ON Posts.UserId=FriendsA.UserId AND FriendsA.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE" . " ((FriendsA.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.Privacy=" . POST_PRIVACY_FRIENDS_ONLY . ")" . " OR" . " (Posts.Privacy=" . POST_PRIVACY_PUBLIC . ")" . " OR" . " (Posts.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . "))" . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Posts.Id='" . $mysqli->real_escape_string($post_id) . "'"; $post_result = $mysqli->query($sql); $sql = "SELECT * FROM Comments" . " INNER JOIN Users ON Comments.UserId=Users.Id" . " WHERE Comments.Id='" . $mysqli->real_escape_string($comment_id) . "'"; $comment_result = $mysqli->query($sql); if ($post_result->num_rows > 0 && $comment_result->num_rows > 0) { $post_row = $post_result->fetch_assoc(); $comment_row = $comment_result->fetch_assoc(); // remove previous likes (to prevent repeated calls) $sql = "DELETE FROM CommentLikes WHERE UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND PostId=" . $mysqli->real_escape_string($post_id) . " AND CommentId=" . $mysqli->real_escape_string($comment_id); $mysqli->query($sql); // add a new like $sql = "INSERT INTO CommentLikes (UserId,PostId,CommentId,Created,IPCreated) VALUES (" . $mysqli->real_escape_string($_SESSION["user_id"]) . "," . $mysqli->real_escape_string($post_id) . "," . $mysqli->real_escape_string($comment_id) . ",NOW(),'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "')"; $mysqli->query($sql); // find out how many likes the comment now has $sql = "SELECT COUNT(Id) AS NumLikes FROM CommentLikes WHERE PostId=" . $mysqli->real_escape_string($post_id) . " AND CommentId=" . $mysqli->real_escape_string($comment_id); $likes_result = $mysqli->query($sql); $likes_row = $likes_result->fetch_assoc(); // update the like count on the post $sql = "UPDATE Comments SET Likes=" . $mysqli->real_escape_string($likes_row["NumLikes"]) . " WHERE Id=" . $mysqli->real_escape_string($comment_id); $mysqli->query($sql); // find out if the User wants a notification if ($comment_row["NotifyLikes"] == 1) { $mail_to = $comment_row["Email"]; $mail_subject = SITE_NAME . " - " . $_SESSION["user_name"] . " liked your comment to the post '" . $post_row["Title"] . "'"; $mail_message = $_SESSION["user_name"] . " liked your comment to the post '" . $post_row["Title"] . "'. The comment now has " . $likes_row["NumLikes"] . " likes.\n\n" . "http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "\n\n"; send_email($mail_to, $mail_subject, $mail_message); } SendSystemMessage($mysqli, $comment_row["UserId"], $_SESSION["user_name"] . " liked your comment to the post '" . $post_row["Title"] . "'", "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") liked your comment to the post [" . $post_row["Title"] . "](http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "). The comment now has " . $likes_row["NumLikes"] . " likes.", 6); return $likes_row["NumLikes"]; } else { return -1; } } else { return -1; } }