function friend_add($username)
{
if (isset($_SESSION["user_id"])) {
$mysqli = db_connect();
// fetch the ID of the friend
$sql = "SELECT * FROM Users WHERE Username='******'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
$user_row = $result->fetch_assoc();
$user_id = $user_row["Id"];
// delete the friendship if it exists
$sql = "DELETE FROM Friends WHERE UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND FriendId=" . $mysqli->real_escape_string($user_id);
$result = $mysqli->query($sql);
// insert a new record
$sql = "INSERT INTO Friends (UserId,FriendId,Created,IPCreated) VALUES (" . $mysqli->real_escape_string($_SESSION["user_id"]) . "," . $mysqli->real_escape_string($user_id) . ",NOW(),'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "')";
$result = $mysqli->query($sql);
// next find out if the user we are adding as a friend wishes to be informed
if ($user_row["NotifyNewFriends"] == 1 and $user_row["Status"] == USER_STATUS_VALIDATED) {
$mail_to = $user_row["Email"];
$mail_subject = SITE_NAME . " - " . $_SESSION["user_name"] . " added you as a friend!";
$mail_message = $_SESSION["user_name"] . " added you as a friend!\n\n" . "http://wetheusers.net/" . $_SESSION["user_name"] . "\n\n";
send_email($mail_to, $mail_subject, $mail_message);
}
SendSystemMessage($mysqli, $user_id, $_SESSION["user_name"] . " added you as a friend!", "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") has added you as a friend", 4);
return true;
} else {
return false;
}
} else {
header("Location: /401");
}
}
function comment_add()
{
if (isset($_SESSION["user_id"])) {
$post_id = isset($_POST["post_id"]) ? $_POST["post_id"] : "";
$body = isset($_POST["body"]) ? $_POST["body"] : "";
if ($post_id != "" && $body != "") {
$mysqli = db_connect();
$sql = "SELECT Posts.Id,Posts.Title,Users.NotifyComments,Users.Username,Users.Email,Posts.UserId FROM Posts" . " INNER JOIN Users ON Users.Id=Posts.UserId" . " WHERE Posts.Id=" . $mysqli->real_escape_string($post_id);
$post_result = $mysqli->query($sql);
if ($post_result->num_rows > 0) {
$post_row = $post_result->fetch_assoc();
$link_title = $post_row["Title"] != "" ? $post_row["Title"] : "Untitled";
// Add the comment to the comments table
$sql = "INSERT INTO Comments (" . "PostId,UserId,Body,Created,IPCreated" . ") VALUES (" . $mysqli->real_escape_string($post_id) . "," . $mysqli->real_escape_string($_SESSION["user_id"]) . ",'" . $mysqli->real_escape_string($body) . "'" . ",Now()" . ",'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "'" . ")";
$mysqli->query($sql);
$new_comment_id = $mysqli->insert_id;
// Update the number of comments on the post
$count_sql = "SELECT COUNT(*) AS NumComments FROM Comments WHERE PostId=" . $mysqli->real_escape_string($post_id);
$count_result = $mysqli->query($count_sql);
$count_row = $count_result->fetch_assoc();
$update_sql = "UPDATE Posts SET Comments=" . $mysqli->real_escape_string($count_row["NumComments"]) . " WHERE Id=" . $mysqli->real_escape_string($post_id);
$update_result = $mysqli->query($update_sql);
// do an email notification if required
if ($post_row["UserId"] != $_SESSION["user_id"]) {
if ($post_row["NotifyComments"] == 1) {
$mail_to = $post_row["Email"];
$mail_subject = SITE_NAME . " - " . $_SESSION["user_name"] . " commented on '" . $post_row["Title"] . "'";
$mail_message = "You have received a new comment on your post '" . $link_title . "' by " . $_SESSION["user_name"] . "...\n---\n" . $body . "\n - " . $_SESSION["user_name"] . " (http://wetheusers.net/" . $_SESSION["user_name"] . ")\n---\n" . "http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($link_title) . "\n\n";
send_email($mail_to, $mail_subject, $mail_message);
}
SendSystemMessage($mysqli, $post_row["UserId"], $_SESSION["user_name"] . " commented on your post '" . $link_title . "'", "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") commented on your post [" . $link_title . "](http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($link_title) . ")\n\n" . $body, 1);
}
// find out people who have commented previously that have NotifyOtherComments switched on
$sql = "SELECT DISTINCT Users.Id AS UserId, Users.Email AS Email,Users.NotifyOtherComments" . " FROM Users" . " INNER JOIN Comments ON Comments.UserId=Users.Id AND Comments.PostId=" . $post_row["Id"] . " INNER JOIN Posts ON Posts.Id=" . $post_row["Id"] . " WHERE Comments.UserId<>" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.UserId<>Comments.UserId";
// not if you wrote the comment
// not if you wrote the post
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
while ($comment_row = @$result->fetch_assoc()) {
if ($comment_row["NotifyOtherComments"] == 1 && $post_row["UserId"] != $_SESSION["user_id"]) {
$mail_to = $comment_row["Email"];
$mail_subject = $_SESSION["user_name"] . " commented on '" . $post_row["Title"] . "' too";
$mail_message = "A new comment has been posted by " . $_SESSION["user_name"] . " on '" . $link_title . "' by " . $post_row["Username"] . ".\n---\n" . $body . "\n - " . $_SESSION["user_name"] . " (http://wetheusers.net/" . $_SESSION["user_name"] . ")\n---\n" . "http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "\n\n";
send_email($mail_to, $mail_subject, $mail_message);
}
SendSystemMessage($mysqli, $comment_row["UserId"], "'" . $_SESSION["user_name"] . "' posted a new comment on '" . $link_title . "' by " . $post_row["Username"], "A new comment has been posted by [" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") on [" . $link_title . "](http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($link_title) . ") by [" . $post_row["Username"] . "](http://wetheusers.net/" . $post_row["Username"] . ") (you have also commented on this post)\n\n" . $body, 2);
}
}
return "success";
} else {
header("Location: /404");
}
} else {
header("Location: " . $_SERVER["HTTP_REFERER"] . "/failure");
}
} else {
header("Location: /401");
}
}
function post_add()
{
if (isset($_SESSION["user_id"])) {
$post_title = isset($_POST["title"]) ? $_POST["title"] : "";
$post_body = isset($_POST["body"]) ? $_POST["body"] : "";
$post_tags = isset($_POST["tags"]) ? $_POST["tags"] : "";
$post_privacy = isset($_POST["privacy"]) ? $_POST["privacy"] : "";
$post_status = isset($_POST["status"]) ? $_POST["status"] : "";
$link_title = $post_title != "" ? $post_title : "Untitled";
if ($post_privacy != "" && $post_status != "") {
$new_post_id = 0;
$mysqli = db_connect();
$mysqli->query("INSERT INTO Posts (UserId,Title,Body,Privacy,Status,Created,IPCreated) VALUES (" . "'" . $mysqli->real_escape_string($_SESSION["user_id"]) . "'," . "'" . $mysqli->real_escape_string($post_title) . "'," . "'" . $mysqli->real_escape_string($post_body) . "'," . "'" . $mysqli->real_escape_string($post_privacy) . "'," . "'" . $mysqli->real_escape_string($post_status) . "'," . "NOW()," . "'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "'" . ")");
$new_post_id = $mysqli->insert_id;
// do we have a photo ?
upload_photo($new_post_id, $mysqli);
// break the tags up into individual terms
$tags = explode(",", $post_tags);
if (count($tags) > 0) {
// trim all tags
$tags = array_map("trim", $tags);
foreach ($tags as $tag) {
if ($tag != "") {
$tag = strtolower($tag);
$tag_id = 0;
// find out if the tag exists
$sql = "SELECT * FROM Tags WHERE Name='" . $mysqli->real_escape_string($tag) . "'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
// if it does exist, get it's ID
$row = @$result->fetch_assoc();
$tag_id = $row["Id"];
} else {
// if it does not exist, add it, and get the ID
$sql = "INSERT INTO Tags (Name) VALUES ('" . $mysqli->real_escape_string($tag) . "')";
$mysqli->query($sql);
$tag_id = $mysqli->insert_id;
}
// add the tag to the PostTags list
$mysqli->query("INSERT INTO PostTags (PostId,TagId,Created) VALUES (" . $mysqli->real_escape_string($new_post_id) . "," . $mysqli->real_escape_string($tag_id) . ",Now())");
}
}
}
if ($post_status == POST_STATUS_PUBLISHED) {
// check if we have any users to notify
if ($post_privacy == POST_PRIVACY_FRIENDS_ONLY) {
// fetch people that the writer calls a friend AND where the people call the writer a friend
$sql = "SELECT DISTINCT Users.Id,Users.Email,Users.NotifyFriendsPosts FROM Users" . " LEFT OUTER JOIN Friends FriendsOfMe ON FriendsOfMe.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND FriendsOfMe.FriendId=Users.Id" . " LEFT OUTER JOIN Friends FriendsOfAuthor ON Users.Id=FriendsOfAuthor.UserId AND FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE (FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND FriendsOfMe.FriendId=Users.Id)";
} else {
if ($post_privacy != POST_PRIVACY_PRIVATE) {
// fetch everybody that calls the author a friend
$sql = "SELECT Users.Id,Users.Email,Users.NotifyFriendsPosts FROM Users" . " INNER JOIN Friends ON Friends.UserId=Users.Id" . " WHERE Friends.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]);
} else {
$sql = "SELECT * FROM Friends WHERE 1=2";
}
}
$user_result = $mysqli->query($sql);
if ($user_result->num_rows > 0) {
while ($user_row = @$user_result->fetch_assoc()) {
if ($user_row["NotifyFriendsPosts"] == 1) {
$mail_to = $user_row["Email"];
$mail_subject = SITE_NAME . " - '" . $_SESSION["user_name"] . "' has a new post!";
$mail_message = "Your friend '" . $_SESSION["user_name"] . "' has just posted the following...\n\n" . $post_title . "\n" . "http://wetheusers.net/post/" . $new_post_id . "/" . toAscii($link_title) . "\n\n";
send_email($mail_to, $mail_subject, $mail_message);
}
// send the system message
SendSystemMessage($mysqli, $user_row["Id"], $_SESSION["user_name"] . " has written a new post - " . $post_title, "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") has written a new post - [" . $link_title . "](http://wetheusers.net/post/" . $new_post_id . "/" . toAscii($link_title) . ")", 3);
}
}
}
return $new_post_id;
} else {
return -1;
}
} else {
header("Location: /401");
}
}
function comment_like($post_id, $comment_id)
{
if (isset($_SESSION["user_id"])) {
// open database connection
$mysqli = db_connect();
// get the post
$sql = "SELECT Posts.*,Users.Username,Users.Avatar,Users.NotifyLikes AS NotifyLikes,Users.Email AS Email FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " LEFT OUTER JOIN Friends FriendsA ON Posts.UserId=FriendsA.UserId AND FriendsA.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE" . " ((FriendsA.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.Privacy=" . POST_PRIVACY_FRIENDS_ONLY . ")" . " OR" . " (Posts.Privacy=" . POST_PRIVACY_PUBLIC . ")" . " OR" . " (Posts.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . "))" . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Posts.Id='" . $mysqli->real_escape_string($post_id) . "'";
$post_result = $mysqli->query($sql);
$sql = "SELECT * FROM Comments" . " INNER JOIN Users ON Comments.UserId=Users.Id" . " WHERE Comments.Id='" . $mysqli->real_escape_string($comment_id) . "'";
$comment_result = $mysqli->query($sql);
if ($post_result->num_rows > 0 && $comment_result->num_rows > 0) {
$post_row = $post_result->fetch_assoc();
$comment_row = $comment_result->fetch_assoc();
// remove previous likes (to prevent repeated calls)
$sql = "DELETE FROM CommentLikes WHERE UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND PostId=" . $mysqli->real_escape_string($post_id) . " AND CommentId=" . $mysqli->real_escape_string($comment_id);
$mysqli->query($sql);
// add a new like
$sql = "INSERT INTO CommentLikes (UserId,PostId,CommentId,Created,IPCreated) VALUES (" . $mysqli->real_escape_string($_SESSION["user_id"]) . "," . $mysqli->real_escape_string($post_id) . "," . $mysqli->real_escape_string($comment_id) . ",NOW(),'" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "')";
$mysqli->query($sql);
// find out how many likes the comment now has
$sql = "SELECT COUNT(Id) AS NumLikes FROM CommentLikes WHERE PostId=" . $mysqli->real_escape_string($post_id) . " AND CommentId=" . $mysqli->real_escape_string($comment_id);
$likes_result = $mysqli->query($sql);
$likes_row = $likes_result->fetch_assoc();
// update the like count on the post
$sql = "UPDATE Comments SET Likes=" . $mysqli->real_escape_string($likes_row["NumLikes"]) . " WHERE Id=" . $mysqli->real_escape_string($comment_id);
$mysqli->query($sql);
// find out if the User wants a notification
if ($comment_row["NotifyLikes"] == 1) {
$mail_to = $comment_row["Email"];
$mail_subject = SITE_NAME . " - " . $_SESSION["user_name"] . " liked your comment to the post '" . $post_row["Title"] . "'";
$mail_message = $_SESSION["user_name"] . " liked your comment to the post '" . $post_row["Title"] . "'. The comment now has " . $likes_row["NumLikes"] . " likes.\n\n" . "http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "\n\n";
send_email($mail_to, $mail_subject, $mail_message);
}
SendSystemMessage($mysqli, $comment_row["UserId"], $_SESSION["user_name"] . " liked your comment to the post '" . $post_row["Title"] . "'", "[" . $_SESSION["user_name"] . "](http://wetheusers.net/" . $_SESSION["user_name"] . ") liked your comment to the post [" . $post_row["Title"] . "](http://wetheusers.net/post/" . $post_row["Id"] . "/" . toAscii($post_row["Title"]) . "). The comment now has " . $likes_row["NumLikes"] . " likes.", 6);
return $likes_row["NumLikes"];
} else {
return -1;
}
} else {
return -1;
}
}
