. * * File Name: profile.inc * Description: Display a member's profile * $Date: 2010-02-21 23:16:57 +0000 (Sun, 21 Feb 2010) $ * $Revision: 12 $ */ global $db,$sitepath,$loggedIn,$templateimagepath ; if (isset($_GET['user'])) { $db->query("SELECT * FROM member WHERE username = '".$_GET['user']."'") ; $idres = $db->fetch() ; $profileid = $idres['id'] ; $avatarname = $idres['avatar'] ; $avatargender = $idres['gender'] > 0 ? 'female' : 'male' ; } $db->query("SELECT * FROM member WHERE username = '".$_SESSION['username']."'") ; $userres = $db->fetch() ; $userid = $userres['id'] ; $fromID = $userid ; $toID = $profileid ; $avatarpath = $templateimagepath."default_".$avatargender."_avatar.jpg" ; if (@file_exists("uploads/avatars/".$avatarname) && ($avatarname != "")) { $avatarpath = "uploads/avatars/".$avatarname ; $avatarpath = $sitepath.str_replace(" ", "%20", $avatarpath) ; } $userandavatar = ''.$_GET['user'].' ' ; //send message if (isset($_POST['submit']) && ($_POST['type'] == 'sendmessage') && (canMessage() == '') && ($loggedIn)) { $messagebody = quote_smart($_POST['msgbody']) ; $messagebody = apply_word_censor($messagebody) ; $db->query("INSERT INTO message (fromid, toid, body, sentdate, msgread) VALUES (".quote_smart($_POST['from']).",".quote_smart($_POST['to']).",'".$messagebody."',".time().",0)") ; $message = "Thank you, your message has been sent to ".$_GET['user']."" ; } if (($loggedIn) && ($profileid != 0) && ($userid != 0)) { $action = $_GET['act'] ; //arr - Accept request from profile member if ($action == 'arr') { //update friend record where userid = loggedinuser and friendid = profileuser to approved = 0, removed = 0 $db->query('UPDATE friend SET friend_approved = 1 WHERE userid='.$userid.' AND friendid='.$profileid) ; $db->query('UPDATE friend SET friend_removed = 0 WHERE userid='.$userid.' AND friendid='.$profileid) ; } //rfa - Profile member removed you - click here to ask again if ($action == 'rfa') { //delete old friend record where userid = loggedinuser and friendid = profileuser $db->query('DELETE FROM friend WHERE userid='.$userid.' AND friendid='.$profileid) ; //insert new friend record with userid = profileuser, friendid = loggedinuser, approved = 0, removed = 0 $db->query('INSERT INTO friend (userid,friendid,friend_approved,friend_removed) VALUES ('.$profileid.','.$userid.',0,0)') ; } //csr - Your sent request is pending - cancel the request if ($action == 'csr') { //delete friend record where userid = profileuser and friendid = loggedinuser $db->query('DELETE FROM friend WHERE userid='.$profileid.' AND friendid='.$userid) ; } //rmaf - You have removed this friend request - this just removes the remove! Makes it a live request again if ($action == 'rmaf') { //update where userid = profileuser and friendid = loggedinuser set removed = 0 $db->query('UPDATE friend SET friend_removed = 0 WHERE userid='.$profileid.' AND friendid='.$userid) ; } //af - Send a request to profile user if ($action == 'af') { //check there isn't already a record $db->query('SELECT * FROM friend WHERE userid='.$profileid.' AND friendid='.$userid) ; if ($db->numRows() < 1) { $db->query('INSERT INTO friend (userid,friendid,friend_approved,friend_removed) VALUES ('.$profileid.','.$userid.',0,0)') ; } else { //if already sent, just update it $db->query('UPDATE friend SET friend_removed = 0 WHERE userid='.$profileid.' AND friendid='.$userid) ; } } //afr - Remove approved friend if ($action == 'afr') { //Remove: check if i am the original requester $db->query('SELECT * FROM friend WHERE userid='.$profileid.' AND friendid='.$userid) ; if ($db->numRows() > 0) { //if i am, just make it 'removed = 1 approved = 0' goes back to a request, but removed $db->query('UPDATE friend SET friend_removed = 1 WHERE userid='.$profileid.' AND friendid='.$userid) ; $db->query('UPDATE friend SET friend_approved = 0 WHERE userid='.$profileid.' AND friendid='.$userid) ; } else { //if i'm not, need to reverse (delete and insert) the request, removed =1 approved = 0 $db->query('DELETE FROM friend WHERE userid='.$userid.' AND friendid='.$profileid) ; $db->query('INSERT INTO friend (userid,friendid,friend_approved,friend_removed) VALUES ('.$profileid.','.$userid.',0,1)') ; } } if ($action == 'bl') { $db->query('SELECT * FROM blocked WHERE blocker_id='.$userid.' AND blockee_id='.$profileid) ; if ($db->numRows() < 1) { $db->query('INSERT INTO blocked (blocker_id,blockee_id) VALUES ('.$userid.','.$profileid.')') ; } } if ($action == 'sb') { $db->query('SELECT * FROM subscription WHERE userid='.$userid.' AND subscribedtoid='.$profileid) ; if ($db->numRows() < 1) { $db->query('INSERT INTO subscription (userid,subscribedtoid) VALUES ('.$userid.','.$profileid.')') ; } } if ($action == 'ub') { $db->query('DELETE FROM blocked WHERE blocker_id='.$userid.' AND blockee_id='.$profileid) ; } if ($action == 'us') { $db->query('DELETE FROM subscription WHERE userid='.$userid.' AND subscribedtoid='.$profileid) ; } } function subscriptionsList($res, $page, $url) { global $db,$sitepath,$templateimagepath ; $perpage = getSetting("profsubspp", $db) ; $size = sizeof($res) ; $pages = ceil(sizeof($res) / $perpage) ; $pageLinks = "
Pages: " ; $pp = $page - 1 ; if ($pp >= 1) { $pageLinks .= 'Previous Page ' ; } if ($pages > 10 && $page > 6) { if (!$nomr) { $pageLinks .= '1 ... ' ; } else { $pageLinks .= '1 ... ' ; } } $p = 1 ; $stopat = ($pages <= 10) ? $pages : 10 ; if ($pages > 10 && $page > 5) { $p = $page - 5 ; $stopat = $page + 5 ; if ($stopat > $pages) $stopat = $pages ; } for ($p; $p <= $stopat; $p++) { if (!$nomr) { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } else { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } } if ($pages > 10) { if (!$nomr) { $pageLinks .= '... '.$pages.'' ; } else { $pageLinks .= '... '.$pages.'' ; } } $np = $page + 1 ; if ($np <= $pages) { $pageLinks .= ' Next Page' ; } $pageLinks .= "
" ; $output = '
" ; if ($pages > 0) $output .= $pageLinks ; return $output ; } function favoritesList($res, $page, $url) { global $db,$sitepath,$loggedIn,$templateimagepath ; if ($loggedIn) { $db->query("SELECT id FROM member WHERE username = '".$_SESSION['username']."'") ; $ures = $db->fetch() ; $memberid = $ures['id'] ; $db->query("SELECT * FROM group_member WHERE member_id = ".$memberid." AND approved = 1") ; $groupmembership = $db->fetchAll() ; } $vidcount = 0 ; foreach ($res as $key=>$value) { if ($value['added'] < time()) { $groupid = $value['groupid'] ; $groupprivate = $value['privacy'] ; $visible = true ; if (($groupid > 0) && ($groupprivate == 1) && ($value['owner_id'] != $memberid)) { if ($loggedIn) { $approvedmember = false ; foreach ($groupmembership as $gmkey=>$groupmember) { if ($groupmember['group_id_g'] == $groupid) { $approvedmember = true ; break ; } } if (!$approvedmember) { $visible = false ; } } else { $visible = false ; } } if ($visible) { $vidcount++ ; } } } $perpage = getSetting("proffavpp", $db) ; $size = sizeof($res) ; $pages = ceil($vidcount / $perpage) ; $pageLinks = "
Pages: " ; $pp = $page - 1 ; if ($pp >= 1) { $pageLinks .= 'Previous Page ' ; } if ($pages > 10 && $page > 6) { if (!$nomr) { $pageLinks .= '1 ... ' ; } else { $pageLinks .= '1 ... ' ; } } $p = 1 ; $stopat = ($pages <= 10) ? $pages : 10 ; if ($pages > 10 && $page > 5) { $p = $page - 5 ; $stopat = $page + 5 ; if ($stopat > $pages) $stopat = $pages ; } for ($p; $p <= $stopat; $p++) { if (!$nomr) { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } else { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } } if ($pages > 10) { if (!$nomr) { $pageLinks .= '... '.$pages.'' ; } else { $pageLinks .= '... '.$pages.'' ; } } $np = $page + 1 ; if ($np <= $pages) { $pageLinks .= ' Next Page' ; } $pageLinks .= "
" ; $output = '
" ; if ($pages != 0) $output .= $pageLinks ; return $output ; } function mediaList($res, $page, $url) { global $db,$sitepath,$loggedIn,$templateimagepath ; if ($loggedIn) { $db->query("SELECT id FROM member WHERE username = '".$_SESSION['username']."'") ; $ures = $db->fetch() ; $memberid = $ures['id'] ; $db->query("SELECT * FROM group_member WHERE member_id = ".$memberid." AND approved = 1") ; $groupmembership = $db->fetchAll() ; } $vidcount = 0 ; foreach ($res as $key=>$value) { if ($value['added'] < time()) { $groupid = $value['groupid'] ; $groupprivate = $value['privacy'] ; $visible = true ; if (($groupid > 0) && ($groupprivate == 1) && ($value['owner_id'] != $memberid)) { if ($loggedIn) { $approvedmember = false ; foreach ($groupmembership as $gmkey=>$groupmember) { if ($groupmember['group_id_g'] == $groupid) { $approvedmember = true ; break ; } } if (!$approvedmember) { $visible = false ; } } else { $visible = false ; } } if ($visible) { $vidcount++ ; } } } $perpage = getSetting("profmedpp", $db) ; $size = sizeof($res) ; $pages = ceil($vidcount / $perpage) ; $pageLinks = "
Pages: " ; $pp = $page - 1 ; if ($pp >= 1) { $pageLinks .= 'Previous Page ' ; } if ($pages > 10 && $page > 6) { if (!$nomr) { $pageLinks .= '1 ... ' ; } else { $pageLinks .= '1 ... ' ; } } $p = 1 ; $stopat = ($pages <= 10) ? $pages : 10 ; if ($pages > 10 && $page > 5) { $p = $page - 5 ; $stopat = $page + 5 ; if ($stopat > $pages) $stopat = $pages ; } for ($p; $p <= $stopat; $p++) { if (!$nomr) { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } else { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } } if ($pages > 10) { if (!$nomr) { $pageLinks .= '... '.$pages.'' ; } else { $pageLinks .= '... '.$pages.'' ; } } $np = $page + 1 ; if ($np <= $pages) { $pageLinks .= ' Next Page' ; } $pageLinks .= "
" ; $output = '
" ; if ($pages > 0) $output .= $pageLinks ; return $output ; } function groupList($res, $page, $url, $type) { global $db,$sitepath,$loggedIn,$templateimagepath ; $perpage = getSetting("profgrppp", $db) ; $size = sizeof($res) ; $pages = ceil($size / $perpage) ; $pageLinks = "
Pages: " ; $pp = $page - 1 ; if ($pp >= 1) { $pageLinks .= 'Previous Page ' ; } if ($pages > 10 && $page > 6) { if (!$nomr) { $pageLinks .= '1 ... ' ; } else { $pageLinks .= '1 ... ' ; } } $p = 1 ; $stopat = ($pages <= 10) ? $pages : 10 ; if ($pages > 10 && $page > 5) { $p = $page - 5 ; $stopat = $page + 5 ; if ($stopat > $pages) $stopat = $pages ; } for ($p; $p <= $stopat; $p++) { if (!$nomr) { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } else { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } } if ($pages > 10) { if (!$nomr) { $pageLinks .= '... '.$pages.'' ; } else { $pageLinks .= '... '.$pages.'' ; } } $np = $page + 1 ; if ($np <= $pages) { $pageLinks .= ' Next Page' ; } $pageLinks .= "
" ; $output = '
" ; if ($pages > 0) $output .= $pageLinks ; return $output ; } function friendsList($res, $page, $url) { global $db,$sitepath,$templateimagepath ; $perpage = getSetting("proffrdpp", $db) ; $size = sizeof($res) ; $pages = ceil(sizeof($res) / $perpage) ; $pageLinks = "
Pages: " ; $pp = $page - 1 ; if ($pp >= 1) { $pageLinks .= 'Previous Page' ; } if ($pages > 10 && $page > 6) { if (!$nomr) { $pageLinks .= '1 ... ' ; } else { $pageLinks .= '1 ... ' ; } } $p = 1 ; $stopat = ($pages <= 10) ? $pages : 10 ; if ($pages > 10 && $page > 5) { $p = $page - 5 ; $stopat = $page + 5 ; if ($stopat > $pages) $stopat = $pages ; } for ($p; $p <= $stopat; $p++) { if (!$nomr) { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } else { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.' ' ; } } if ($pages > 10) { if (!$nomr) { $pageLinks .= '... '.$pages.'' ; } else { $pageLinks .= '... '.$pages.'' ; } } $np = $page + 1 ; if ($np <= $pages) { $pageLinks .= ' Next Page' ; } $pageLinks .= "
" ; $output = '
" ; if ($pages > 0) $output .= $pageLinks ; return $output ; } function getFriends($page) { global $db ; $sitefolder = getSetting("sitefolder", $db) ; $path = "http://".$_SERVER['SERVER_NAME'].$sitefolder."profile/".$_GET['user']."/frd" ; $db->query("SELECT * FROM member WHERE username = '".$_GET['user']."'") ; $idres = $db->fetch() ; $userid = $idres['id'] ; $db->query("SELECT * FROM member LEFT JOIN friend ON (member.id = friend.friendid OR member.id = friend.userid) WHERE (friend.userid =".$userid." OR friend.friendid =".$userid.") AND (username!='".$_GET['user']."') AND friend.friend_removed=0 AND friend.friend_approved=1 GROUP BY member.id") ; $resLV = $db->fetchAll() ; if (sizeof($resLV) > 0) { $output = "
".$_GET['user']."'s friends
" ; if (isset($page)) $output .= friendsList($resLV, $page, $path) ; else $output .= friendsList($resLV, $page, $path) ; } else { $output .= "
".$_GET['user']." has no friends
" ; } return $output ; } function getFavorites($page) { global $db,$sitepath ; if (checkHideMedia() == 1) { $hide = " AND (`requires_agreement` = 0)" ; } else { $hide = "" ; } $db->query("SELECT * FROM member WHERE username = '".$_GET['user']."'") ; $idres = $db->fetch() ; $userid = $idres['id'] ; $query = "SELECT * FROM `media` LEFT JOIN `group` ON (`media`.`groupid` = `group`.`group_id`) LEFT JOIN favorite ON favorite.vidid = media.id WHERE (`status` ='true') AND (favorite.userid = ".$userid.")".$hide."AND (`suspended`!=1 OR `suspended` IS NULL) ORDER BY `added` DESC" ; $db->query($query) ; $resLV = $db->fetchAll() ; if (sizeof($resLV) > 0) { $output = "
".$_GET['user']."'s favorite media
" ; if (isset($page)) $output .= favoritesList($resLV, $page, $sitepath) ; else $output .= favoritesList($resLV, $page, $path) ; } else { $output = "
".$_GET['user']." has no favorites
" ; } return $output ; } function getMedia($page) { global $db,$sitepath ; if (checkHideMedia() == 1) { $hide = " AND (`requires_agreement` = 0)" ; } else { $hide = "" ; } $path = $sitepath."profile/".$_GET['user']."/med" ; $query = "SELECT * FROM `media` LEFT JOIN `group` ON (`media`.`groupid` = `group`.`group_id`) WHERE (`status` ='true') AND (poster ='".$_GET['user']."')".$hide."AND (`suspended`!=1 OR `suspended` IS NULL) ORDER BY `added` DESC" ; $db->query($query) ; $resLV = $db->fetchAll() ; if (sizeof($resLV) > 0) { $output = "
".$_GET['user']."'s uploaded media
" ; if (isset($page) && ($_GET['act'] == 'med')) $output .= mediaList($resLV, $page, $path) ; else $output .= mediaList($resLV, $page, $path) ; } else { $output = "
".$_GET['user']." has not uploaded any media yet
" ; } return $output ; } function getGroups($page, $joinedcreated) { global $db,$sitepath ; if (($joinedcreated != "joined") && ($joinedcreated != "created")) { $joinedcreated = "joined" ; } $path = $sitepath."profile/".$_GET['user']."/grp/_".$joinedcreated ; $db->query("SELECT * FROM member WHERE username = '".$_GET['user']."'") ; $idres = $db->fetch() ; $userid = $idres['id'] ; if ($joinedcreated == "created") { $db->query("SELECT * FROM `group` WHERE `owner_id`=".$userid." ORDER BY created DESC") ; $tabtitle = "
".$_GET['user']."'s groups
" ; $action = "created" ; $links = 'joined | created' ; $type = "created" ; } else if ($joinedcreated == "joined") { $db->query("SELECT * FROM `group` LEFT JOIN `group_member` ON group_id=`group_id_g` WHERE (`member_id`=".$userid.") AND (approved=1) ORDER BY joined DESC") ; $tabtitle = "
groups ".$_GET['user']." has joined
" ; $action = "joined" ; $links = ' joined | created' ; $type = "joined" ; } $resLV = $db->fetchAll() ; $output = "
".$links."

" ; if (sizeof($resLV) > 0) { $output .= $tabtitle ; if (isset($page)) $output .= groupList($resLV, $page, $path, $type) ; else $output .= groupList($resLV, $page, $path, $type) ; } else { $output .= "

".$_GET['user']." has not ".$action." any groups yet

" ; } return $output ; } function getSubscriptions($page) { global $db,$sitepath ; $path = $sitepath."profile/".$_GET['user']."/sub" ; $db->query("SELECT * FROM member WHERE username = '".$_GET['user']."'") ; $idres = $db->fetch() ; $userid = $idres['id'] ; $db->query("SELECT * FROM member LEFT JOIN subscription ON member.id = subscription.subscribedtoid WHERE subscription.userid = ".$userid) ; $resLV = $db->fetchAll() ; if (sizeof($resLV) > 0) { $output = "
".$_GET['user']."'s subscriptions
" ; if (isset($page)) $output .= subscriptionsList($resLV, $page, $path) ; else $output .= subscriptionsList($resLV, $page, $path) ; } else { $output = "
".$_GET['user']." has no subscriptions
" ; } return $output ; } function addCommentLink() { global $db ; $sitefolder = getSetting("sitefolder", $db) ; $sitetemplate = getSetting("sitetemplate", $db) ; $rootpath = $_SERVER['DOCUMENT_ROOT'].$sitefolder ; $path = "http://".$_SERVER['SERVER_NAME'].$sitefolder ; $link = $path."profile/".$_GET['user'].'?action=addcomment' ; return $link ; } function commentCount() { global $db ; $username = mysql_real_escape_string($_GET['user']) ; $db->query("SELECT * FROM member WHERE username = '".$_SESSION['username']."'") ; $res = $db->fetch() ; $loggedInid = $res['id'] ; $db->query("SELECT * FROM profile_comment WHERE userid = ".$loggedInid) ; $count = $db->numRows() ; return $count ; } function profileComments($userIDz, $prouser, $page, $loggedInz, $show) { global $db,$loggedIn,$sitepath,$templateimagepath ; $sitefolder = getSetting("sitefolder", $db) ; $sitepath = "http://".$_SERVER['SERVER_NAME'].$sitefolder ; $comments = "" ; $username = $prouser ; $db->query("SELECT * FROM member WHERE username = '".$prouser."'") ; $res = $db->fetch() ; $userID = $res['id'] ; /* Comments */ $db->query("SELECT * FROM profile_comment WHERE userid = ".$userIDz." ORDER BY date DESC") ; $result = $db->fetchAll() ; $comments = "" ; $perpage = 4 ; $size = sizeof($result) ; $pages = ceil(sizeof($result) / $perpage) ; $url = $sitepath.'profile/'.$prouser ; if ((isset($_GET['page'])) && (!isset($_GET['act']))) $page = $_GET['page'] ; else $page = 1 ; if ($page < 1) $page = 1 ; $pageLinks = "
" ; $pp = $page - 1 ; if ($pp >= 1) { $pageLinks .= 'Previous Page' ; } if ($pages > 10 && $page > 6) { if (!$nomr) { $pageLinks .= '1 ... ' ; } else { $pageLinks .= '1 ... ' ; } } $p = 1 ; $stopat = ($pages <= 10) ? $pages : 10 ; if ($pages > 10 && $page > 5) { $p = $page - 5 ; $stopat = $page + 5 ; if ($stopat > $pages) $stopat = $pages ; } for ($p; $p <= $stopat; $p++) { if (!$nomr) { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.'' ; } else { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= ''.$p.'' ; } } if ($pages > 10) { if (!$nomr) { $pageLinks .= ''.$pages.'' ; } else { $pageLinks .= ''.$pages.'' ; } } $np = $page + 1 ; if ($np <= $pages) { $pageLinks .= ' Next Page' ; } $pageLinks .= "
" ; $count = 0 ; $comments .= '

Comments

' ; $page-- ; //Clear previous page results for ($i = 0; $i < $perpage * $page; $i++) unset($result[$i]) ; $colcount = 0 ; foreach ($result as $key=>$row) { if ($row['regdposter'] == 1) { $posterString = ''.htmlentities($row['leftbyname']).'' ; $db->query("SELECT * FROM `member` WHERE `username` = '".quote_smart($row['leftbyname'])."'") ; $user = $db->fetch() ; if (($user['avatar'] == '') || ($db->numRows() < 1)) { $avatargender = $value['gender'] > 0 ? 'female' : 'male' ; $avatar_tag = $templateimagepath."default_".$avatargender."_avatar.jpg" ; } else { $avatar_tag = $sitepath.'uploads/avatars/'.$user['avatar'] ; } } else { $posterString = htmlentities($row['leftbyname'])." (visitor)" ; $avatar_tag = $templateimagepath."default_male_avatar.jpg" ; } if (($loggedInz) && (isset($_SESSION['privs']) && $_SESSION['privs'] == 7) || ($username == $_SESSION['username'])) { $del = '
Delete This Comment
' ; } else { $del = '' ; } $str_today = date("Y-m-d H:i:s") ; $comments .= '
'.$posterString.'
' ; $comments .= '

'.nl2br(($row['comment'])).$del.'

'.date_diff(date("Y-m-d H:i:s", $row["date"]), $str_today).'


' ; $count++ ; if ($count == $perpage) break ; } if ($pages > 1) { $comments .= $pageLinks ; } $privacy = $res['privacy'] ; $postmessage = canComment() ; if (($postmessage == "") && ($show == 1)) { $comments .= '' ; if ((getSetting("restrictpc", $db) == 1) && (!$loggedInz)) { $comments .= '

Please log in to comment

' ; } else { //***CHECK PRIVACY LEVEL OF PROFILE HERE AND DECIDE IF COMMENT POSTING IS ALLOWED*** $comments .= '

Add comment

' ; if ($loggedInz == 1) { $comments .= '' ; } else { $comments .= '
    • ' ; } $comments .= '
    ' ; if ((!$loggedInz) || (getSetting("captchaformembers", $db) == 1)) { $comments .= '


    Enter code above

    ' ; } $comments .= '

    ' ; $comments .= '
    '.$message ; } $comments .= '' ; } else { $comments .= $postmessage ; } return $comments ; } function profileTabs() { global $db ; $sitefolder = getSetting("sitefolder", $db) ; $sitetemplate = getSetting("sitetemplate", $db) ; $rootpath = $_SERVER['DOCUMENT_ROOT'].$sitefolder ; $path = "http://".$_SERVER['SERVER_NAME'].$sitefolder ; $link = $path.'profile/'.$_GET['user'].'/' ; $activetab = $_GET['act'] ; $medtab = "" ; $favtab = "" ; $subtab = "" ; $frdtab = "" ; $grptab = "" ; $tabs = ' ' ; return $tabs ; } function tabContent() { $content = '' ; $activetab = $_GET['act'] ; if (!isset($_GET['act'])) { $activetab = 'med' ; } if (($activetab != "med") && ($activetab != "fav") && ($activetab != "sub") && ($activetab != "frd") && ($activetab != "grp")) { $activetab = 'med' ; } if ($activetab == "med") { $content .= getMedia() ; } elseif ($activetab == "fav") { $content .= getFavorites() ; } elseif ($activetab == "sub") { $content .= getSubscriptions() ; } elseif ($activetab == "frd") { $content .= getFriends() ; } elseif ($activetab == "grp") { $content .= getGroups() ; } $content .= '' ; echo $content ; } function checkMemberExists() { global $db,$loggedIn ; $path = getSetting('sitefolder', $db) ; $sitepath = 'http://'.$_SERVER['SERVER_NAME'].$path ; $message = "" ; if (!isset($_GET['user'])) { // NO USER IN URL $message = "Sorry - this user does not exist or is no longer registered" ; } else { $username = mysql_real_escape_string($_GET['user']) ; $db->query("SELECT * FROM member WHERE username = '".$username."'") ; $registeredUser = false ; if ($db->numRows() < 1) { $message = "Sorry - this user does not exist or is no longer registered" ; } } return $message ; } function canMessage() { global $db,$loggedIn ; $path = getSetting('sitefolder', $db) ; $sitepath = 'http://'.$_SERVER['SERVER_NAME'].$path ; $message = "" ; if (!isset($_GET['user'])) { // NO USER IN URL $message = "Sorry - this user does not exist or is no longer registered" ; } else { $username = mysql_real_escape_string($_GET['user']) ; //Check it's a registered user $db->query("SELECT * FROM member WHERE username = '".$username."'") ; $registeredUser = false ; if ($db->numRows() >= 1) { $registeredUser = true ; $res = $db->fetch() ; $profileid = $res['id'] ; $profileprivacylevel = $res['profile_privacy'] ; // NOW CHECK THAT THIS USER IS ALLOWED TO VIEW THE PROFILE // IF USER IS LOGGED IN CHECK IF USER IS BLOCKED $blocked = false ; $userisfriend = false ; $userisowner = false ; $useridadmin = false ; if ($loggedIn) { $db->query("SELECT * FROM member WHERE username = '".$_SESSION['username']."'") ; $res = $db->fetch() ; $loggedInid = $res['id'] ; $privs = $res['privs'] ; $db->query("SELECT * FROM blocked WHERE blocker_id = ".$profileid." AND blockee_id = ".$loggedInid) ; $blocked = ($db->numRows() >= 1) ; // CHECK IF USER IS THE OWNER OF THIS PROFILE $userisowner = ($profileid == $loggedInid) ; // CHECK IF USER IS ON THE OWNER'S FRIENDS LIST AND IS APPROVED $db->query("SELECT * from friend WHERE ((userid = ".$profileid." AND friendid = ".$loggedInid.") OR (friendid = ".$profileid." AND userid = ".$loggedInid.")) AND friend_approved = 1") ; $userisfriend = ($db->numRows() > 0) ; $userisadmin = ($privs > 6) ; } if (!$userisadmin) // IF USER IS ADMIN THEN NO NEED T0 CHECK FRIENDS/BLOCKED ETC. { if ($blocked) { //USER IS BLOCKED $message = "

    Sorry, this member has chosen not to let you see their profile

    " ; } else // USER IS NOT BLOCKED { // NOW CHECK IF THE PROFILE IS VISIBLE - IT WILL BE SHOWN IN ANY OF THESE 3 CASES: // 1 - PROFILE IS PUBLIC // 2 - PROFILE IS REGISTERED ONLY AND USER IS LOGGED IN // 3 - PROFILE IS PRIVATE AND USER IS LOGGED IN AND (USER IS A FRIEND OR THE OWNER OF THIS PROFILE) $profileispublic = ($profileprivacylevel == 0) ; $registeredonlyandloggedin = (($profileprivacylevel == 1) && ($loggedIn)) ; $privateandloggedinandfriendorowner = (($profileprivacylevel == 2) && ($loggedIn) && (($userisfriend) OR ($userisowner))) ; $showprofile = $profileispublic || $registeredonlyandloggedin || $privateandloggedinandfriendorowner ; if (!$showprofile) { if (!$loggedIn) { $message = "

    You must log in to send messages to ".$username."

    " ; } else { if ($_GET['act'] == 'af') { $message = "

    Thank you! Your request to be added to ".$_GET['user']."'s friends list has been submitted

    " ; } else { $message = '

    You must be on '.$_GET['user'].'\'s friends list to send messages - ask '.$_GET['user'].' to add you here

    ' ; } } } } } } else { // USER NAME IS NOT IN THE DATABASE if (!$registeredUser) { $message = "Sorry - this user does not exist or is no longer registered" ; } } } return $message ; } function canMessageForMenu() { global $db,$loggedIn ; $path = getSetting('sitefolder', $db) ; $sitepath = 'http://'.$_SERVER['SERVER_NAME'].$path ; $message = "" ; if (!isset($_GET['user'])) { // NO USER IN URL $message = "Sorry - this user does not exist or is no longer registered" ; } else { $username = mysql_real_escape_string($_GET['user']) ; //Check it's a registered user $db->query("SELECT * FROM member WHERE username = '".$username."'") ; $registeredUser = false ; if ($db->numRows() >= 1) { $registeredUser = true ; $res = $db->fetch() ; $profileid = $res['id'] ; $profileprivacylevel = $res['profile_privacy'] ; // NOW CHECK THAT THIS USER IS ALLOWED TO VIEW THE PROFILE // IF USER IS LOGGED IN CHECK IF USER IS BLOCKED $blocked = false ; $userisfriend = false ; $userisowner = false ; $useridadmin = false ; if ($loggedIn) { $db->query("SELECT * FROM member WHERE username = '".$_SESSION['username']."'") ; $res = $db->fetch() ; $loggedInid = $res['id'] ; $privs = $res['privs'] ; $db->query("SELECT * FROM blocked WHERE blocker_id = ".$profileid." AND blockee_id = ".$loggedInid) ; $blocked = ($db->numRows() >= 1) ; // CHECK IF USER IS THE OWNER OF THIS PROFILE $userisowner = ($profileid == $loggedInid) ; // CHECK IF USER IS ON THE OWNER'S FRIENDS LIST AND IS APPROVED $db->query("SELECT * from friend WHERE ((userid = ".$profileid." AND friendid = ".$loggedInid.") OR (friendid = ".$profileid." AND userid = ".$loggedInid.")) AND friend_approved = 1") ; $userisfriend = ($db->numRows() > 0) ; $userisadmin = ($privs > 6) ; } if (!$userisadmin) // IF USER IS ADMIN THEN NO NEED T0 CHECK FRIENDS/BLOCKED ETC. { if ($blocked) { //USER IS BLOCKED $message = "

    $username has chosen not to let you send messages

    " ; } else // USER IS NOT BLOCKED { // NOW CHECK IF THE PROFILE IS VISIBLE - IT WILL BE SHOWN IN ANY OF THESE 3 CASES: // 1 - PROFILE IS PUBLIC // 2 - PROFILE IS REGISTERED ONLY AND USER IS LOGGED IN // 3 - PROFILE IS PRIVATE AND USER IS LOGGED IN AND (USER IS A FRIEND OR THE OWNER OF THIS PROFILE) $profileispublic = ($profileprivacylevel == 0) ; $registeredonlyandloggedin = (($profileprivacylevel == 1) && ($loggedIn)) ; $privateandloggedinandfriendorowner = (($profileprivacylevel == 2) && ($loggedIn) && (($userisfriend) OR ($userisowner))) ; $showprofile = $profileispublic || $registeredonlyandloggedin || $privateandloggedinandfriendorowner ; if (!$showprofile) { if (!$loggedIn) { $message = "Log in to send a message to ".$username ; } else { if ($_GET['act'] == 'af') { $message = "You will be able to send a message to ".$username." when your friend request is approved" ; } else { $message = 'Become '.$username.'\'s friend to send a message' ; } } } } } } else { // USER NAME IS NOT IN THE DATABASE if (!$registeredUser) { $message = "Sorry - this user does not exist or is no longer registered" ; } } } return $message ; } function canComment() { global $db,$loggedIn ; $path = getSetting('sitefolder', $db) ; $sitepath = 'http://'.$_SERVER['SERVER_NAME'].$path ; $message = "" ; if (!isset($_GET['user'])) { // NO USER IN URL $message = "Sorry - this user does not exist or is no longer registered" ; } else { $username = mysql_real_escape_string($_GET['user']) ; //Check it's a registered user $db->query("SELECT * FROM member WHERE username = '".$username."'") ; $registeredUser = false ; if ($db->numRows() >= 1) { $registeredUser = true ; $res = $db->fetch() ; $profileid = $res['id'] ; $profileprivacylevel = $res['profile_privacy'] ; // NOW CHECK THAT THIS USER IS ALLOWED TO VIEW THE PROFILE // IF USER IS LOGGED IN CHECK IF USER IS BLOCKED $blocked = false ; $userisfriend = false ; $userisowner = false ; $useridadmin = false ; if ($loggedIn) { $db->query("SELECT * FROM member WHERE username = '".$_SESSION['username']."'") ; $res = $db->fetch() ; $loggedInid = $res['id'] ; $privs = $res['privs'] ; $db->query("SELECT * FROM blocked WHERE blocker_id = ".$profileid." AND blockee_id = ".$loggedInid) ; $blocked = ($db->numRows() >= 1) ; // CHECK IF USER IS THE OWNER OF THIS PROFILE $userisowner = ($profileid == $loggedInid) ; // CHECK IF USER IS ON THE OWNER'S FRIENDS LIST AND IS APPROVED $db->query("SELECT * from friend WHERE ((userid = ".$profileid." AND friendid = ".$loggedInid.") OR (friendid = ".$profileid." AND userid = ".$loggedInid.")) AND friend_approved = 1") ; $userisfriend = ($db->numRows() > 0) ; $userisadmin = ($privs > 6) ; } if (!$userisadmin) // IF USER IS ADMIN THEN NO NEED T0 CHECK FRIENDS/BLOCKED ETC. { if ($blocked) { //USER IS BLOCKED $message = "

    Sorry, this member has chosen not to let you see their profile

    " ; } else // USER IS NOT BLOCKED { // NOW CHECK IF THE PROFILE IS VISIBLE - IT WILL BE SHOWN IN ANY OF THESE 3 CASES: // 1 - PROFILE IS PUBLIC // 2 - PROFILE IS REGISTERED ONLY AND USER IS LOGGED IN // 3 - PROFILE IS PRIVATE AND USER IS LOGGED IN AND (USER IS A FRIEND OR THE OWNER OF THIS PROFILE) $profileispublic = ($profileprivacylevel == 0) ; $registeredonlyandloggedin = (($profileprivacylevel == 1) && ($loggedIn)) ; $privateandloggedinandfriendorowner = (($profileprivacylevel == 2) && ($loggedIn) && (($userisfriend) OR ($userisowner))) ; $showprofile = $profileispublic || $registeredonlyandloggedin || $privateandloggedinandfriendorowner ; if (!$showprofile) { if ((!$loggedIn) && (!$profileispublic)) { $message = "

    You must log in to post comments on ".$username."'s profile

    " ; } else { if ($_GET['act'] == 'af') { $message = "

    Thank you! Your request to be added to ".$_GET['user']."'s friends list has been submitted

    " ; } else { $message = '

    You must be on '.$_GET['user'].'\'s friends list to post comments on '.$username.'\'s profile - ask '.$_GET['user'].' to add you here

    ' ; } } } } } } else { // USER NAME IS NOT IN THE DATABASE if (!$registeredUser) { $message = "Sorry - this user does not exist or is no longer registered" ; } } } return $message ; } function remove_bad_words($text) { $content = GetResponseString("includes/badwords.inc") ; $badwords = explode("\n", $content) ; foreach ($badwords as $block) { $block = strtolower($block) ; $block = str_replace("\r", "", $block) ; $block = str_replace("\n", "", $block) ; $badSearch = "" ; for ($i = 0; $i < strlen($block); $i++) { $letter = substr($block, $i, 1) ; if (strlen($letter) != 0 && $letter != " ") { $badSearch .= $letter ; if (strlen($block) > $i) $badSearch .= "[^A-z]*" ; } } if (strlen($badSearch) != 0) { $strReplace = substr($block, 0, 1) ; for ($i = 1; $i < strlen($block); $i++) $strReplace .= "*" ; $text = eregi_replace($badSearch, $strReplace, $text) ; } } return $text ; } $str_today = date("Y-m-d H:i:s") ; function date_diff($str_start, $str_end) { $defdate = $str_start ; $str_start = strtotime($str_start) ; $str_end = strtotime($str_end) ; $nseconds = $str_end - $str_start ; $ndays = floor($nseconds / 86400) ; $nseconds = $nseconds % 86400 ; $nhours = floor($nseconds / 3600) ; $nseconds = $nseconds % 3600 ; $nminutes = floor($nseconds / 60) ; $nseconds = $nseconds % 60 ; $retString = "" ; if ($ndays > 0) { $retString .= $defdate ; return "at ".$retString ; } if ($nhours > 0) { $retString .= " ".$nhours." hour" ; if ($nhours > 1) $retString .= "s" ; } if ($nminutes > 0) { $retString .= " ".$nminutes." minute" ; if ($nminutes > 1) $retString .= "s" ; } if (strcmp($retString, "") == 0) $retString = "< 1 minute" ; return $retString." ago" ; } function profileBox() { global $db,$loggedIn,$sitepath,$templateimagepath ; $sitefolder = getSetting("sitefolder", $db) ; $sitetemplate = getSetting("sitetemplate", $db) ; $rootpath = $_SERVER['DOCUMENT_ROOT'].$sitefolder ; $path = "http://".$_SERVER['SERVER_NAME'].$sitefolder ; // GET LOGGED IN USER'S ID $db->query("SELECT * FROM member WHERE username = '".$_SESSION['username']."'") ; $res = $db->fetch() ; $loggedInid = $res['id'] ; // GET PROFILE DETAILS $username = mysql_real_escape_string($_GET['user']) ; $db->query("SELECT * FROM member WHERE username = '".$username."'") ; $userrow = $db->fetch() ; $aboutme = $userrow['aboutme'] ; $age = $userrow['age'] ; $gender = $userrow['gender'] ; $location = $userrow['location'] ; $profileid = $userrow['id'] ; if (($loggedInid != $profileid) && ($loggedIn)) { $db->query("UPDATE member SET profileviews=profileviews+1 WHERE id=".$profileid) ; $db->query("SELECT viewerhistory FROM member WHERE id=".$profileid) ; $hres = $db->fetch() ; $viewerhistory = $hres['viewerhistory'] ; $media = array() ; $count = 0 ; if (strlen($viewerhistory) != 0) { $pastviewers = split(":", $viewerhistory) ; if ($pastviewers[count($pastviewers) - 2] != "") { $lastviewer = $pastviewers[count($pastviewers) - 2] ; } else { $lastviewer = -1 ; } } if ($loggedInid != $lastviewer) { $viewerhistory .= $loggedInid.":" ; $db->query("UPDATE member SET viewerhistory = '".$viewerhistory."' WHERE id=".$profileid) ; } } $avatargender = $userrow['gender'] > 0 ? 'female' : 'male' ; $avatar = $templateimagepath."default_".$avatargender."_avatar.jpg" ; if (@file_exists("uploads/avatars/".$userrow['avatar']) && ($userrow['avatar'] != "")) { $avatar = $sitepath."uploads/avatars/".$userrow['avatar'] ; } $avatar = str_replace(" ", "%20", $avatar) ; $profileoutput = '

    About '.$username.'

    '.$aboutme.'

    ' ; if (($age != "") || ($gender != "")) { $profileoutput .= '

    ' ; if ($age != "") { $profileoutput .= 'age '.$age.' ' ; } if ($gender != "") { $profileoutput .= ' - ' ; if ($gender == 1) { $profileoutput .= "female" ; } else { $profileoutput .= "male" ; } } $username = mysql_real_escape_string($_GET['user']) ; } if ($location != '') { $profileoutput .= '

    location: '.$location.'

    ' ; } $iconpath = $path.'templates/'.$sitetemplate.'/layout/skin1/' ; $userisfriend = false ; $userisblocked = false ; $userisapproved = false ; $requestreceived = false ; $requestsent = false ; $receivedicanaccept = false ; $receivedremovedme = false ; $pendingcancancel = false ; $iremovedmakerequest = false ; $userisfriend = false ; $notonlistcanrequest = false ; if ($loggedIn) { $db->query("SELECT * from friend WHERE (userid = ".$profileid." AND friendid = ".$loggedInid.") OR (userid = ".$loggedInid." AND friendid = ".$profileid.")") ; $friendres = $db->fetch() ; $useronfriendslist = ($db->numRows() > 0) ; if (($useronfriendslist) && ($profileid != $loggedInid)) //don't check friends if user owns profile { $requestapproved = ($friendres['friend_approved']) > 0 ; $requestremoved = ($friendres['friend_removed']) > 0 ; if (!$requestapproved) // user is not friend { //now check if the request was sent or received if ($friendres['userid'] == $loggedInid) // Received request { $requestreceived = true ; if (!$requestremoved) { $receivedicanaccept = true ;//arr } else { $receivedremovedme = true ;//rfa } } else // It's a sent request { $requestsent = true ; if (!$requestremoved) { $pendingcancancel = true ; //csr } else { $iremovedmakerequest = true ; //rmaf } } } else //no friend record { $userisfriend = true ; //afr } } else { $notonlistcanrequest = true ; //af } $db->query("SELECT * from blocked WHERE blockee_id = ".$profileid." AND blocker_id = ".$loggedInid) ; $userisblocked = ($db->numRows() > 0) ; $db->query("SELECT * from subscription WHERE userid=".$loggedInid." AND subscribedtoid=".$profileid) ; $userissubscribed = ($db->numRows() > 0) ; } $proflink = $path.'profile/'.$_GET['user'] ; $friendaddlink = $proflink.'/af' ; $receivedicanacceptlink = $proflink.'/arr' ; $receivedremovedmelink = $proflink.'/rfa' ; $pendingcancancellink = $proflink.'/csr' ; $iremovedmakerequestlink = $proflink.'/rmaf' ; $userisfriendlink = $proflink.'/afr' ; $notonlistlink = $proflink.'/af' ; $blocklink = $path.'profile/'.$_GET['user'].'/bl' ; $sublink = $path.'profile/'.$_GET['user'].'/sb' ; $unblocklink = $path.'profile/'.$_GET['user'].'/ub' ; $unsublink = $path.'profile/'.$_GET['user'].'/us' ; $sendmessagelink = $path.'profile/'.$_GET['user'].'/sm' ; if ($loggedIn) { if ($profileid != $loggedInid) //don't show the links if the user owns the profile { if ($receivedicanaccept) { $profileoutput .= '

    '.$username.' has sent you a friend request: accept the request

    ' ; } if ($receivedremovedme) { $profileoutput .= '

    '.$username.' removed you from friends list: request again

    ' ; } if ($pendingcancancel) { $profileoutput .= '

    '.$username.' has not accepted your request yet: cancel request

    ' ; } if ($iremovedmakerequest) { $profileoutput .= '

    send '.$username.' a friend request

    ' ; } if ($userisfriend) { $profileoutput .= '

    you are '.$username.'\'s friend remove '.$username.' from your friends list

    ' ; } if ($notonlistcanrequest) { $profileoutput .= '

    send '.$username.' a friend request

    ' ; } if (canMessageForMenu() == '') { $profileoutput .= '
    send '.$username.' a message
    ' ; } else { $profileoutput .= '
    '.canMessageForMenu().'
    ' ; } if (!$userisblocked) { $profileoutput .= '
    block '.$username.' from commenting on my profile or sending messages
    ' ; } else { $profileoutput .= '
    Remove block for '.$username.'
    ' ; } if (!$userissubscribed) { $profileoutput .= '
    subscribe (receive emails when '.$username.' uploads new media)
    ' ; } else { $profileoutput .= '
    Unsubscribe from '.$username.'
    ' ; } } } else { $profileoutput .= '

    log in to send '.$username.' a message

    ' ; } $profileoutput .= "
    " ; return $profileoutput ; } function SubmitComment($username, $loggedIn, $textz, $seccode, $name) { global $db,$sitepath ; if ($loggedIn == "") $loggedIn = 0 ; if (!$loggedIn) $loggedIn = 0 ; $db->query("SELECT * FROM member WHERE username = '".$username."'") ; $res = $db->fetch() ; $userID = $res['id'] ; $message = "" ; if (canComment() == '') { if ((($_SESSION['security_code'] == $seccode) && (! empty($_SESSION['security_code']))) || ((getSetting("captchaformembers", $db) == 0) && ($loggedIn == 1))) { if (! empty($name)) { if (! empty($textz)) { if (strlen($textz) <= getSetting('comment_length', $db)) { $commenttext = quote_smart($textz) ; $commenttext = apply_word_censor($commenttext) ; if ($loggedIn == 0) { if ((getSetting("restrictpc", $db) == "0") || ($loggedIn)) $db->query("INSERT INTO `profile_comment` (userid, leftbyname, date, comment,regdposter) VALUES ('".$userID."', '".$name."', '".time()."', '".$commenttext."',0);") ; } else { $db->query("INSERT INTO `profile_comment` (userid, leftbyname, date, comment,regdposter) VALUES ('".$userID."', '".$_SESSION['username']."', '".time()."', '".$commenttext."',1);") ; } $check = getSetting("Ronoroff", $db) ; if ($check == 1) { $PointAmount = getSetting("PRcommentP", $db) ; $db->query("UPDATE member SET points = points + $PointAmount WHERE username = '".$_SESSION['username']."'") ; } $message = 'Your comment was added successfully. Thank you.' ; ?> Your comment is too long, please make it less then '.getSetting('comment_length', $db).' characters.' ; } } else { $message = 'You have to fill in something in the text box.' ; } } else { $message = 'You have to fill in your name.' ; } } else { $message = 'Please enter the security code on the form Code is '.$_SESSION['security_code'].' : '.$seccode.'' ; } } return $message ; } function deleteComment($page, $userid, $loggedInz) { global $db,$sitepath ; $rowid = $page ; if ($rowid > 0) { $check = getSetting("Ronoroff", $db) ; if ($check == 1) { $PointAmount = getSetting("PRcommentP", $db) ; $db->query("SELECT leftbyname FROM profile_comment WHERE id='".$rowid."'") ; $res = $db->fetch() ; $db->query("UPDATE member SET points = points - $PointAmount WHERE username = '".$res['leftbyname']."'") ; } $db->query('SELECT userid FROM profile_comment WHERE id='.$rowid) ; $rew = $db->fetch() ; $uID = $rew['userid'] ; $db->query('DELETE FROM profile_comment WHERE id='.$rowid) ; } $uName = $_SESSION['username'] ; ?>