if ($_GET['action'] == 'remove' & ($user_id == $_SESSION['login']['id'] || is_privilegied('remove_diary_post'))) { $query = 'UPDATE blog SET is_removed = 1 WHERE id = "' . $_GET['id'] . '" LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); jscript_alert('Dagboksinlägg borttaget'); jscript_location('?user_id=' . $user_id . ''); } if (login_checklogin() && isset($_POST['title'])) { $insertquery = 'INSERT INTO blog (user, date, title, text) VALUES("' . $_SESSION['login']['id'] . '", "' . date('Y-m-d') . '", "' . $_POST['title'] . '", "' . $_POST['text'] . '")'; $updatequery = 'UPDATE blog SET title = "' . $_POST['title'] . '", text = "' . $_POST['text'] . '" WHERE user = "******" AND date = "' . date('Y-m-d') . '" LIMIT 1'; if (mysql_query($insertquery)) { $ualquery = 'INSERT INTO user_action_log (timestamp, user, action, url, label)'; $ualquery .= ' VALUES("' . time() . '", "' . $_SESSION['login']['id'] . '", "diary", "/traffa/diary.php?user='******'login']['id'] . '&entry=' . mysql_insert_id() . '", "' . $_POST['title'] . '")'; $options['url'] = '/traffa/diary.php?user='******'login']['id'] . '&entry=' . mysql_insert_id(); $options['action'] = 'diary'; $options['label'] = $_POST['title']; friends_actions_insert($options); mysql_query($ualquery) or report_sql_error($ualquery, __FILE__, __LINE__); } else { mysql_query($updatequery); } } $params['user_id'] = $user_id; $profile = profile_fetch($params); $ui_options['stylesheets'][] = 'profile_themes/' . $profile['profile_theme'] . '.css'; $output .= profile_mini_page($profile); /* Fetch and render an entry */ if (isset($_GET['entry'])) { $query = 'SELECT * FROM blog WHERE id = "' . $_GET['entry'] . '" AND is_removed = 0'; } else { $query = 'SELECT * FROM blog WHERE user = "******" AND is_removed = 0 ORDER BY id DESC LIMIT 1'; }
} $params['user_id'] = $user_id; $profile = profile_fetch($params); $ui_options['stylesheets'][] = 'profile_themes/' . $profile['profile_theme'] . '.css'; $output .= profile_mini_page($profile); $query = 'SELECT username FROM login WHERE id ="' . $user_id . '" LIMIT 1'; $result = mysql_query($query); $user = mysql_fetch_assoc($result); /* If the users adds/removes friendship */ if (login_checklogin() && $_GET['action'] == 'addfriend' && $_GET['user_id'] != $_SESSION['login']['id']) { $query = 'INSERT INTO friendslist (user_id, friend_id) VALUES("' . $_SESSION['login']['id'] . '", "' . $_GET['id'] . '")'; mysql_query($query); $query = 'INSERT INTO user_action_log (timestamp, user, action, url, label)'; $query .= ' VALUES("' . time() . '", "' . $_SESSION['login']['id'] . '", "friendship", "/traffa/profile.php?id=' . $_GET['id'] . '", "' . $user['username'] . '")'; mysql_query($query); friends_actions_insert(array('action' => 'friendship', 'url' => '/traffa/profile.php?user_id=' . $_GET['id'], 'label' => $user['username'])); $output .= '<form action="/traffa/guestbook.php?action=send_new_message&userid=' . $_GET['user_id'] . '" method="post">' . "\n"; $output .= '<p>Vi tänkte att du kanske vill tala om för ' . $user['username'] . ' att du lagt till henne/honom som vän. Här har du ett gästboksformulär</p>' . "\n"; $output .= '<textarea name="message" class="textbox" rows="3" cols="75">Hej, jag har lagt till dig som vän nu :)</textarea>' . "\n"; $output .= '<input name="recipient" type="hidden" value="' . $_GET['id'] . '" />' . "\n"; $output .= '<input type="submit" value="Skicka" class="button_60" />' . "\n"; $output .= '</form>' . "\n"; } if (login_checklogin() && $_GET['action'] == 'removefriend' && $_GET['user_id'] != $_SESSION['login']['id']) { $query = 'DELETE FROM friendslist WHERE user_id = "' . $_SESSION['login']['id'] . '" AND friend_id = "' . $_GET['user_id'] . '" LIMIT 1'; mysql_query($query); } /* Fetch everyone that the user has marked as a friend */ $query = 'SELECT f.friend_id AS user_id, l.username, l.lastaction, u.image, u.gender, u.birthday FROM friendslist AS f, login AS l, userinfo AS u WHERE f.user_id = "' . $user_id . '" AND l.id = f.friend_id AND u.userid = l.id AND l.username NOT LIKE "Borttagen" ORDER BY l.username ASC'; $result = mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); while ($data = mysql_fetch_assoc($result)) {
if (is_uploaded_file($_FILES['photo_' . $i]['tmp_name'])) { $options['file'] = $_FILES['photo_' . $i]['tmp_name']; $options['user'] = $_SESSION['login']['id']; $options['description'] = $_POST['description_' . $i]; $options['category'] = $_POST['category_' . $i]; $photo_id = photos_upload($options); $query = 'SELECT id FROM user_action_log WHERE user = "******" AND timestamp > "' . strtotime(date('Y-m-d')) . '" AND action= "photos" LIMIT 1'; $result = mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); if (mysql_num_rows($result) == 1) { $data = mysql_fetch_assoc($result); $query = 'UPDATE user_action_log SET url = "/traffa/photos.php?id=' . $photo_id . '", label = "' . $options['description'] . '", timestamp = "' . time() . '" WHERE id = "' . $data['id'] . '" LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); } else { $query = 'INSERT INTO user_action_log (action, timestamp, user, url, label) VALUES("photos", "' . time() . '", "' . $_SESSION['login']['id'] . '", "/traffa/photos.php?id=' . $photo_id . '", "' . $options['description'] . '")'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); friends_actions_insert(array('action' => 'photos', 'url' => '/traffa/photos.php?id=' . $photo_id . '#photo', 'label' => $options['description'])); } $display_successful_message = true; } } if ($display_successful_message) { $upload_form .= rounded_corners_top(array('color' => 'blue_deluxe'), true); $upload_form .= 'Bilderna är uppladdade!'; $upload_form .= rounded_corners_bottom(array('color' => 'blue_deluxe'), true); } $upload_form .= photos_upload_form(array('user' => $_SESSION['login']['id'])); } if ($_SESSION['login']['id'] == $user_id && !isset($_GET['id']) && !isset($_GET['category'])) { $photos = photos_fetch(array('user' => $user_id, 'force_unread_comments' => true)); if (count($photos) > 0) { $output .= '<h1>Foton med nya kommentarer</h1>';