示例#1
0
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
define('BLOB_WEB_PAGE_TO_ROOT', '../');
require_once BLOB_WEB_PAGE_TO_ROOT . 'blob/includes/blobPage.inc.php';
blobPageStartup(array('authenticated'));
$page = blobPageNewGrab();
blobDatabaseConnect();
$user = blobCurrentUser();
$user_id = blobGetUserID($user);
if (isset($_GET['user'])) {
    $page['title'] .= $page['title_separator'] . 'Follow User';
    $page['page_id'] = 'followuser';
    $user = $_GET['user'];
    $user = mysql_real_escape_string($user);
    // Check if the user exists
    if (!blobExistUser($user)) {
        blobMessagePush("'" . $user . "' does not exist!");
        blobRedirect('follow.php');
    }
    $fullName = blobGetUserFullName($user);
    $avatar = getAvatar($user);
    $followHTML = blobFollowUser($user);
    $profilepage = BLOB_WEB_PAGE_TO_ROOT . 'profile/view.php?user='******'body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>Following User: {$user}</h2>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<div style=\"float: left; padding-right: 10px; border-right: 2px solid #C0C0C0;\">\r\n\t\t\t<img src=\"{$avatar}\" width=\"100\" />\r\n\t\t</div>\r\n\t\t<div style=\"margin-left: 120px;\">\r\n\t\t\t" . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t\t\t<br /><br />\r\n\t\t\t{$followHTML}\r\n\t\t\t<br /><br />\r\n\t\t</div>\r\n\t</div>\r\n\r\n\t<br />\r\n\t<b>View user's profile:</b> " . blobInternalLinkUrlGet($profilepage, $fullName) . "\r\n\t<br /><br /><br />\r\n\r\n</div>\r\n";
} else {
    $page['title'] .= $page['title_separator'] . 'User List';
    $page['page_id'] = 'othersprofile';
    $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>User List</h2>\r\n\r\n\t" . blobUserList() . "\r\n\t<br /> <br />\r\n\r\n</div>\r\n";
}
blobHtmlEcho($page);
示例#2
0
                $level = $ln == "1" ? "Admin" : "Normal User";
                blobMessagePush("User '{$un}' is now '{$level}'");
                blobRedirect('.');
            }
        }
    }
}
if (isset($_POST['deleteUser'])) {
    $un = $_POST['username'];
    $un = stripslashes($un);
    $un = mysql_real_escape_string($un);
    if ($un == "") {
        blobMessagePush("Please enter a User name!");
        blobRedirect(".");
    } else {
        if (!blobExistUser($un)) {
            blobMessagePush("This username does not exist!");
            blobRedirect(".");
        } else {
            if ($un == $user) {
                blobMessagePush("That's You!");
                blobRedirect(".");
            } else {
                $qry = "DELETE FROM `users` WHERE user='******';";
                $result = @mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>');
                blobMessagePush("User '{$un}' deleted!");
                blobRedirect('.');
            }
        }
    }
}