profile.php | searchcode

/Quản lý website mạng xã hội giống twitter PHP/upload/profile.php

https://gitlab.com/phamngsinh/baitaplon_sinhvien
PHP | 310 lines | 271 code | 19 blank | 20 comment | 48 complexity | 50695ddecdf5f7919cb6fe9eb16cf7fc MD5 | raw file

<?php
/**************************************************************************************************
| Scritter Script
| http://www.scritterscript.com
| webmaster@scritterscript.com
|
|**************************************************************************************************
|
| By using this software you agree that you have read and acknowledged our End-User License 
| Agreement available at http://www.scritterscript.com/eula.html and to be bound by it.
|
| Copyright (c) 2011 ScritterScript.com. All rights reserved.
|**************************************************************************************************/

include("include/config.php");
include("include/functions/import.php");
$thebaseurl = $config['baseurl'];
$theimgurl = $config['imageurl'];

$uname = cleanit($_REQUEST['uname']);
$uname = preg_replace('/[^a-z0-9-_* ]/i', '', $uname);
if($uname != "")
{
	$query="SELECT USERID FROM members WHERE username='".mysql_real_escape_string($uname)."'";
	$executequery=$conn->execute($query);
	$USERID = $executequery->fields['USERID'];	
}

if($USERID > 0)
{	
	update_viewcount_profile($USERID);
	STemplate::assign('USERID',$USERID);
	$query = "SELECT * FROM members WHERE USERID='".mysql_real_escape_string($USERID)."' AND status='1'";
	$executequery = $conn->execute($query);
	$profilearray = $executequery->getarray();
	STemplate::assign('p',$profilearray[0]);
	$username = $profilearray[0]['username'];
	$saying = $profilearray[0]['saying'];
	$public = $profilearray[0]['public'];
	
	if($public == "0")
	{
		$ME = intval($_SESSION['USERID']);
		if($ME > 0)
		{
			if($USERID == $ME)
			{
				$display = "1";
			}
			else
			{
				$is_fr = check_friend($ME, $USERID);
				if($is_fr == "1")
				{
					$display = "1";
				}
				else
				{
					$display = "2";
				}
			}
		}
		else
		{
			$display = "3";
		}
	}
	else
	{
		$ME = intval($_SESSION['USERID']);
		if($ME > 0)
		{
			$query="SELECT count(*) as total FROM block WHERE USERID='".mysql_real_escape_string($USERID)."' AND BID='".mysql_real_escape_string($ME)."'";
			$executequery=$conn->execute($query);
			$block_count = $executequery->fields[total];
			if($block_count > 0)
			{
				$display = "4";
			}
			else
			{
				$display = "1";
			}
		}
		else
		{
			$display = "1";
		}
	}
	
	
	if($display == "1")
	{
		$page = "1";
		$currentpage = $page;
		
		if ($page >=2)
		{
			$pagingstart = ($page-1)*$config['max_posts_userupdates'];
		}
		else
		{
			$pagingstart = "0";
		}
		
		$query1 = "SELECT DISTINCT A.ID FROM posts A, members B WHERE (A.USERID='".mysql_real_escape_string($USERID)."' AND A.USERID=B.USERID AND A.type='update')";	
		
		$query2 = "SELECT DISTINCT A.*, B.username FROM posts A, members B WHERE (A.USERID='".mysql_real_escape_string($USERID)."' AND A.USERID=B.USERID AND A.type='update') order by A.ID desc limit $pagingstart, $config[max_posts_userupdates]";
				
		$executequery1 = $conn->Execute($query1);
		
		$totalposts = count($executequery1->getrows());
		if ($totalposts > 0)
		{
			if($totalposts<=$config['maximum_results'])
			{
				$total = $totalposts;
			}
			else
			{
				$total = $config[maximum_results];
			}
			
			$executequery2 = $conn->Execute($query2);
			$posts = $executequery2->getrows();
		}
		STemplate::assign('posts',$posts);
		
		if($_REQUEST['subfollow'] == "1")
		{
			$FID = intval($_SESSION['USERID']);
			if($FID > 0)
			{
				$fquery="INSERT into follow SET FID='".mysql_real_escape_string($USERID)."', USERID='".mysql_real_escape_string($FID)."'";
				$conn->execute($fquery);
				
				//e-mail
				$equery="SELECT username, email, alert_fol FROM members WHERE USERID='".mysql_real_escape_string($USERID)."' AND status='1'";
				$executequerye=$conn->execute($equery);
				$eusername = $executequerye->fields['username'];
				$sendto = $executequerye->fields['email'];
				$alert_fol = $executequerye->fields['alert_fol'];
				if($alert_fol == "1")
				{
					$sendername = $config['site_name'];
					$from = $config['site_email'];
					$subject = $lang['280'];
					$link = $thebaseurl."/".stripslashes($_SESSION['USERNAME']);
					$sendmailbody = stripslashes($eusername).",<br><br><a href=\"$link\" target=\"_blank\">".stripslashes($_SESSION['USERNAME'])."</a> ".$lang['281']."<br><br>".$lang['69'].",<br>".$sendername;
					mailme($sendto,$sendername,$from,$subject,$sendmailbody,$bcc="");
				}
				//end email
			}
		}
		elseif($_REQUEST['subufollow'] == "1")
		{
			$FID = intval($_SESSION['USERID']);
			if($FID > 0)
			{
				$fquery="DELETE FROM follow WHERE FID='".mysql_real_escape_string($USERID)."' AND USERID='".mysql_real_escape_string($FID)."'";
				$conn->execute($fquery);
			}
		}
		elseif($_REQUEST['saddfr'] == "1")
		{
			$FID = intval($_SESSION['USERID']);
			if($FID > 0)
			{
				$fquery="INSERT INTO messages_inbox SET MSGTO='".mysql_real_escape_string($USERID)."', MSGFROM='".mysql_real_escape_string($FID)."', type='fr', time='".time()."'";
				$conn->execute($fquery);
				$msg = $lang['216'];
				
				//e-mail
				$equery="SELECT username, email, alert_fr FROM members WHERE USERID='".mysql_real_escape_string($USERID)."' AND status='1'";
				$executequerye=$conn->execute($equery);
				$eusername = $executequerye->fields['username'];
				$sendto = $executequerye->fields['email'];
				$alert_fr = $executequerye->fields['alert_fr'];
				if($alert_fr == "1")
				{
					$sendername = $config['site_name'];
					$from = $config['site_email'];
					$subject = $lang['277'];
					$link = $thebaseurl."/inbox.php";
					$sendmailbody = stripslashes($eusername).",<br><br>".stripslashes($_SESSION['USERNAME'])." ".$lang['278']."<br><br>".$lang['279']."<br><a href=\"$link\" target=\"_blank\">$link</a><br><br>".$lang['69'].",<br>".$sendername;
					mailme($sendto,$sendername,$from,$subject,$sendmailbody,$bcc="");
				}
				//end email
			}
		}
		elseif($_REQUEST['sremfr'] == "1")
		{
			$FID = intval($_SESSION['USERID']);
			if($FID > 0)
			{
				$fquery="UPDATE follow SET friend='0' WHERE USERID='".mysql_real_escape_string($USERID)."' AND FID='".mysql_real_escape_string($FID)."'";
				$conn->execute($fquery);
				$msg = $lang['243'];
			}
		}
		elseif($_REQUEST['ssendmsg'] == "1")
		{
			$mysub = cleanit($_REQUEST['mysub']);
			$mymsg = cleanit($_REQUEST['mymsg']);
			if($mysub == "")
			{
				$mserr = $lang['240'];
			}
			elseif($mymsg == "")
			{
				$mserr = $lang['241'];
			}
			
			if($mserr == "")
			{
				$FID = intval($_SESSION['USERID']);
				if($FID > 0)
				{
					$fquery="INSERT INTO messages_inbox SET MSGTO='".mysql_real_escape_string($USERID)."', MSGFROM='".mysql_real_escape_string($FID)."', subject='".mysql_real_escape_string($mysub)."', message='".mysql_real_escape_string($mymsg)."', time='".time()."'";
					$conn->execute($fquery);
					
					//e-mail
					$equery="SELECT username, email, alert_msg FROM members WHERE USERID='".mysql_real_escape_string($USERID)."' AND status='1'";
					$executequerye=$conn->execute($equery);
					$eusername = $executequerye->fields['username'];
					$sendto = $executequerye->fields['email'];
					$alert_msg = $executequerye->fields['alert_msg'];
					if($alert_msg == "1")
					{
						$sendername = $config['site_name'];
						$from = $config['site_email'];
						$subject = $lang['282'];
						$link = $thebaseurl."/inbox.php";
						$sendmailbody = stripslashes($eusername).",<br><br>".stripslashes($_SESSION['USERNAME'])." ".$lang['283']."<br><br>".$lang['284']."<br><a href=\"$link\" target=\"_blank\">$link</a><br><br>".$lang['69'].",<br>".$sendername;
						mailme($sendto,$sendername,$from,$subject,$sendmailbody,$bcc="");
					}
					//end email
				}
				$mserr = $lang['229'];
			}
			else
			{
				STemplate::assign('mysub',$mysub);
				STemplate::assign('mymsg',$mymsg);
			}
			STemplate::assign('mserr',$mserr);
		}
		get_bg($USERID);
		$templateselect = "profile.tpl";
	}
	else
	{
		if($display == "2")
		{
			if($_REQUEST['saddprifr'] == "1")
			{
				$FID = intval($_SESSION['USERID']);
				if($FID > 0)
				{
					$fquery="INSERT INTO messages_inbox SET MSGTO='".mysql_real_escape_string($USERID)."', MSGFROM='".mysql_real_escape_string($FID)."', type='fr', time='".time()."'";
					$conn->execute($fquery);
					$msg = $lang['216'];
					
					//e-mail
					$equery="SELECT username, email, alert_fr FROM members WHERE USERID='".mysql_real_escape_string($USERID)."' AND status='1'";
					$executequerye=$conn->execute($equery);
					$eusername = $executequerye->fields['username'];
					$sendto = $executequerye->fields['email'];
					$alert_fr = $executequerye->fields['alert_fr'];
					if($alert_fr == "1")
					{
						$sendername = $config['site_name'];
						$from = $config['site_email'];
						$subject = $lang['277'];
						$link = $thebaseurl."/index.php";
						$sendmailbody = stripslashes($eusername).",<br><br>".stripslashes($_SESSION['USERNAME']).$lang['278']."<br><br>".$lang['279']."<br><a href=\"$link\" target=\"_blank\">$link</a><br><br>".$lang['69'].",<br>".$sendername;
						mailme($sendto,$sendername,$from,$subject,$sendmailbody,$bcc="");
					}
					//end email
				}
			}
		}
		STemplate::assign('display',$display);
		$templateselect = "profile_private.tpl";
	}
}
else
{
	header("Location:$config[baseurl]");exit;
}

if($username != "")
{
	$pagetitle = $username."'s ";
	$pagetitle .= $config['short_name'];
	if($saying != "")
	{
		$pagetitle .= " - ".$saying;
	}
}

STemplate::assign('pagetitle',$pagetitle);
//TEMPLATES BEGIN
STemplate::assign('total',$total);
STemplate::assign('msg',$msg);
STemplate::display('header.tpl');
STemplate::display($templateselect);
STemplate::display('footer.tpl');
//TEMPLATES END
?>