* You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ define('BLOB_WEB_PAGE_TO_ROOT', '../'); require_once BLOB_WEB_PAGE_TO_ROOT . 'blob/includes/blobPage.inc.php'; blobPageStartup(array('authenticated')); $page = blobPageNewGrab(); blobDatabaseConnect(); $user = blobCurrentUser(); $user_id = blobGetUserID($user); if (isset($_GET['user'])) { $page['title'] .= $page['title_separator'] . 'Follow User'; $page['page_id'] = 'followuser'; $user = $_GET['user']; $user = mysql_real_escape_string($user); // Check if the user exists if (!blobExistUser($user)) { blobMessagePush("'" . $user . "' does not exist!"); blobRedirect('follow.php'); } $fullName = blobGetUserFullName($user); $avatar = getAvatar($user); $followHTML = blobFollowUser($user); $profilepage = BLOB_WEB_PAGE_TO_ROOT . 'profile/view.php?user='******'body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>Following User: {$user}</h2>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0;\">\r\n\t\t\t<img src=\"{$avatar}\" width=\"100\" />\r\n\t\t</div>\r\n\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t" . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t\t\t<br /><br />\r\n\t\t\t{$followHTML}\r\n\t\t\t<br /><br />\r\n\t\t</div>\r\n\t</div>\r\n\r\n\t<br />\r\n\t<b>View user's profile:</b> " . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t<br /><br /><br />\r\n\r\n</div>\r\n"; } else { $page['title'] .= $page['title_separator'] . 'User List'; $page['page_id'] = 'othersprofile'; $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>User List</h2>\r\n\r\n\t" . blobUserList() . "\r\n\t<br /> <br />\r\n\r\n</div>\r\n"; } blobHtmlEcho($page);
$level = $ln == "1" ? "Admin" : "Normal User"; blobMessagePush("User '{$un}' is now '{$level}'"); blobRedirect('.'); } } } } if (isset($_POST['deleteUser'])) { $un = $_POST['username']; $un = stripslashes($un); $un = mysql_real_escape_string($un); if ($un == "") { blobMessagePush("Please enter a User name!"); blobRedirect("."); } else { if (!blobExistUser($un)) { blobMessagePush("This username does not exist!"); blobRedirect("."); } else { if ($un == $user) { blobMessagePush("That's You!"); blobRedirect("."); } else { $qry = "DELETE FROM `users` WHERE user='******';"; $result = @mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>'); blobMessagePush("User '{$un}' deleted!"); blobRedirect('.'); } } } }