<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"> <?php //VidiScript - All Coding And Design ?VidiScript.com 2009 // //File: profile.inc //Description: Display a member's profile //Version 0.33 BETA //Release Date: 08/16/08 // error_reporting(E_ALL ^ E_NOTICE); global $db,$sitepath,$loggedIn,$templateimagepath; if (isset($_GET['user'])) { $db->query("SELECT * FROM member WHERE username = '".quote_smart($_GET['user'])."'"); $idres = $db->fetch(); $profileid = $idres['id']; $avatarname = $idres['avatar']; $avatargender = $idres['gender']>0 ? 'female' : 'male'; } $db->query("SELECT * FROM member WHERE username = '".quote_smart($_SESSION['username'])."'"); $userres = $db->fetch(); $userid = $userres['id']; $fromID = $userid; $toID = $profileid; $avatarpath = $templateimagepath."default_".$avatargender."_avatar.jpg"; if(@file_exists("uploads/avatars/".$avatarname)&&($avatarname!="")) { $avatarpath = "uploads/avatars/".$avatarname; $avatarpath = $sitepath.str_replace(" ","%20", $avatarpath); } $userandavatar = '<a href="'.$sitepath.'profile/'.$_GET['user'].'"><img src="'.$avatarpath.'" border=0 height=22px width=22px>'.$_GET['user'].' </a>'; //send message if(isset($_POST['submit'])&&($_POST['type']=='sendmessage')&&(canMessage()=='')&&($loggedIn)) { $messagebody = quote_smart($_POST['msgbody']); $messagebody = apply_word_censor($messagebody); $db->query("INSERT INTO message (fromid, toid, body, sentdate, msgread) VALUES (".quote_smart($_POST['from']).",".quote_smart($_POST['to']).",'".$messagebody."',".time().",0)"); $message = "Thank you, your message has been sent to <a href=\"".$sitepath."profile/".$_GET['user']."\">".$_GET['user']."</a>"; } if (($loggedIn)&&($profileid!=0)&&($userid!=0)) { $action = $_GET['act']; //arr - Accept request from profile member if ($action=='arr') { //update friend record where userid = loggedinuser and friendid = profileuser to approved = 0, removed = 0 $db->query('UPDATE friend SET friend_approved = 1 WHERE userid='.$userid.' AND friendid='.$profileid); $db->query('UPDATE friend SET friend_removed = 0 WHERE userid='.$userid.' AND friendid='.$profileid); } //rfa - Profile member removed you - click here to ask again if ($action=='rfa') { //delete old friend record where userid = loggedinuser and friendid = profileuser $db->query('DELETE FROM friend WHERE userid='.$userid.' AND friendid='.$profileid); //insert new friend record with userid = profileuser, friendid = loggedinuser, approved = 0, removed = 0 $db->query('INSERT INTO friend (userid,friendid,friend_approved,friend_removed) VALUES ('.$profileid.','.$userid.',0,0)'); } //csr - Your sent request is pending - cancel the request if ($action=='csr') { //delete friend record where userid = profileuser and friendid = loggedinuser $db->query('DELETE FROM friend WHERE userid='.$profileid.' AND friendid='.$userid); } //rmaf - You have removed this friend request - this just removes the remove! Makes it a live request again if ($action=='rmaf') { //update where userid = profileuser and friendid = loggedinuser set removed = 0 $db->query('UPDATE friend SET friend_removed = 0 WHERE userid='.$profileid.' AND friendid='.$userid); } //af - Send a request to profile user if ($action=='af') { //check there isn't already a record $db->query('SELECT * FROM friend WHERE userid='.$profileid.' AND friendid='.$userid); if($db->numRows() <1 ){ $db->query('INSERT INTO friend (userid,friendid,friend_approved,friend_removed) VALUES ('.$profileid.','.$userid.',0,0)'); } else { //if already sent, just update it $db->query('UPDATE friend SET friend_removed = 0 WHERE userid='.$profileid.' AND friendid='.$userid); } } //afr - Remove approved friend if ($action=='afr') { //Remove: check if i am the original requester $db->query('SELECT * FROM friend WHERE userid='.$profileid.' AND friendid='.$userid); if ($db->numRows()>0) { //if i am, just make it 'removed = 1 approved = 0' goes back to a request, but removed $db->query('UPDATE friend SET friend_removed = 1 WHERE userid='.$profileid.' AND friendid='.$userid); $db->query('UPDATE friend SET friend_approved = 0 WHERE userid='.$profileid.' AND friendid='.$userid); } else { //if i'm not, need to reverse (delete and insert) the request, removed =1 approved = 0 $db->query('DELETE FROM friend WHERE userid='.$userid.' AND friendid='.$profileid); $db->query('INSERT INTO friend (userid,friendid,friend_approved,friend_removed) VALUES ('.$profileid.','.$userid.',0,1)'); } } /* if ($action=='cf') { $db->query('DELETE FROM friend WHERE userid='.$profileid.' AND friendid='.$userid); }*/ if ($action=='bl') { $db->query('SELECT * FROM blocked WHERE blocker_id='.$userid.' AND blockee_id='.$profileid); if($db->numRows() <1 ){ $db->query('INSERT INTO blocked (blocker_id,blockee_id) VALUES ('.$userid.','.$profileid.')'); } } if ($action=='sb') { $db->query('SELECT * FROM subscription WHERE userid='.$userid.' AND subscribedtoid='.$profileid); if($db->numRows() <1 ){ $db->query('INSERT INTO subscription (userid,subscribedtoid) VALUES ('.$userid.','.$profileid.')'); } } if ($action=='ub') { $db->query('DELETE FROM blocked WHERE blocker_id='.$userid.' AND blockee_id='.$profileid); } if ($action=='us') { $db->query('DELETE FROM subscription WHERE userid='.$userid.' AND subscribedtoid='.$profileid); } if ($action=='dc') { $rowid = quote_smart($_GET['page']); if ($rowid>0) { $db->query('DELETE FROM profile_comment WHERE id='.$rowid); } } } function subscriptionsList($res, $page = 1,$url) { global $db,$sitepath,$templateimagepath; $site_template = getSetting("sitetemplate",$db); $template_file = "templates/" . $site_template . "/modules/profile_content.php"; if ((getSetting("new_template",$db)==1)&&(file_exists($template_file))) { include_once ($template_file); $output = subscriptionsList_new($res,$page,$url); return $output; } else { $perpage =getSetting("profsubspp",$db); $size = sizeof($res); $pages = ceil(sizeof($res)/$perpage); $pageLinks = "<div align=right>Pages: "; $pp = $page - 1; if ($pp >=1) { $pageLinks .= "<a class=\"prevp\" href='".$url."/".$pp."'>Previous Page</a>"; } if($pages > 10 && $page > 6){ if(!$nomr){ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; }else{ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; } } $p = 1; $stopat = ($pages <= 10) ? $pages : 10; if($pages > 10 && $page > 5){ $p = $page - 5; $stopat = $page + 5; if($stopat > $pages) $stopat = $pages; } for($p; $p <= $stopat; $p++){ if(!$nomr){ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; }else{ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; } } if($pages > 10){ if(!$nomr){ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; }else{ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; } } $np = $page + 1; if ($np <= $pages) { $pageLinks .= "<a class=\"nextp\" href='".$url."/".$np."'>Next Page</a>"; } $pageLinks .= "</div>"; $output = '<div class="tab-cont"><ul class="no-format vert-list">'; $count = 0; $page--; //Clear previous page results for($i = 0; $i < $perpage * $page; $i++) unset($res[$i]); $colcount = 0; foreach($res as $key => $value){ if($value['activationkey']==0){ $count++; $avatargender = $value['gender']>0 ? 'female' : 'male'; $avatar = $templateimagepath."default_".$avatargender."_avatar.jpg"; if(@file_exists("uploads/avatars/".$value['avatar'])&&($value['avatar']!="")) { $avatar = $sitepath."uploads/avatars/".$value['avatar']; } $avatar = str_replace(" ","%20", $avatar); $id = $value['id']; $user_name = $value['username']; $db->query("SELECT id FROM media WHERE status='true' AND poster ='".$user_name."'".$hide." ORDER BY allviews DESC"); $mediacount = $db->numRows(); $rres=$db->fetch(); $db->query("SELECT * FROM member LEFT JOIN friend ON (member.id = friend.friendid OR member.id = friend.userid) WHERE (friend.userid =".$id." OR friend.friendid =".$id.") AND (username!='".$user_name."') AND friend.friend_removed=0 AND friend.friend_approved=1 GROUP BY member.id"); $friendcount = $db->numRows(); $output .= "<li>"; $output .= "<a href=\"".$sitepath."profile/$user_name\"><img class='thumb' width=".getSetting("avatar_w",$db)."px height=".getSetting("avatar_h",$db)."px class='thumb' src='".$avatar."' /></a>\n"; $value['username'] = force_length($value['username'], 25); $output .= "<h3> <b><a href=\"".$sitepath."profile/$user_name\">".$value['username']."</a></b></h3>\n"; $output .= "<h4><b>"; if ($value['location']!='') { $output .= " location: ".$value['location']."<br>"; } $output .= " friends: ".$friendcount."<br> media: ".$mediacount."</b></h4>"; $output .= "</li>\n"; $colcount++; if($count == $perpage) break; } } $output .= "</ul></div>"; if($pages > 0) $output .= $pageLinks; return $output; } } function favoritesList($res, $page = 1,$url) { global $db,$sitepath,$loggedIn,$templateimagepath; $site_template = getSetting("sitetemplate",$db); $template_file = "templates/" . $site_template . "/modules/profile_content.php"; if ((getSetting("new_template",$db)==1)&&(file_exists($template_file))) { include_once ($template_file); $output = favoritesList_new($res,$page,$url); return $output; } else { if ($loggedIn) { $db->query("SELECT id FROM member WHERE username = '".quote_smart($_SESSION['username'])."'"); $ures = $db->fetch(); $memberid = $ures['id']; $db->query("SELECT * FROM group_member WHERE member_id = ".$memberid." AND approved = 1"); $groupmembership = $db->fetchAll(); } $vidcount = 0; foreach($res as $key => $value) { if($value['added'] < time()) { $groupid = $value['groupid']; $groupprivate = $value['privacy']; $visible = true; if (($groupid>0)&&($groupprivate==1)&&($value['owner_id']!=$memberid)) { if ($loggedIn) { $approvedmember = false; foreach($groupmembership as $gmkey => $groupmember){ if ($groupmember['group_id_g']==$groupid) { $approvedmember = true; break; } } if (!$approvedmember) { $visible = false; } } else { $visible = false; } } if ($visible) { $vidcount++; } } } $perpage =getSetting("proffavpp",$db); $size = sizeof($res); $pages = ceil($vidcount/$perpage); $pageLinks = "<div align=right>Pages: "; $pp = $page - 1; if ($pp >=1) { $pageLinks .= "<a class=\"prevp\" href='".$url."/".$pp."'>Previous Page</a>"; } if($pages > 10 && $page > 6){ if(!$nomr){ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; }else{ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; } } $p = 1; $stopat = ($pages <= 10) ? $pages : 10; if($pages > 10 && $page > 5){ $p = $page - 5; $stopat = $page + 5; if($stopat > $pages) $stopat = $pages; } for($p; $p <= $stopat; $p++){ if(!$nomr){ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; }else{ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; } } if($pages > 10){ if(!$nomr){ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; }else{ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; } } $np = $page + 1; if ($np <= $pages) { $pageLinks .= "<a class=\"nextp\" href='".$url."/".$np."'>Next Page</a>"; } $pageLinks .= "</div>"; $output = '<div class="tab-cont"><ul class="no-format vert-list">'; $count = 0; $page--; //Clear previous page results for($i = 0; $i < $perpage * $page; $i++) unset($res[$i]); foreach($res as $key => $value){ if($value['added'] < time()){ $groupid = $value['groupid']; $groupprivate = $value['privacy']; $visible = true; if (($groupid>0)&&($groupprivate==1)&&($value['owner_id']!=$memberid)) { if ($loggedIn) { $approvedmember = false; foreach($groupmembership as $gmkey => $groupmember){ if ($groupmember['group_id_g']==$groupid) { $approvedmember = true; break; } } if (!$approvedmember) { $visible = false; } } else { $visible = false; } } if ($visible) { $count++; if($count == getSetting("adsense_pos1",$db) || $count == getSetting("adsense_pos2",$db)) $output .= getAdmedia(); $thumbpath = $sitepath.'uploads/thumbs/'; if (checkHideThumbnails()&&($value['requires_agreement']==1)) { $thumb = $templateimagepath."default_mature_thumb.jpg"; } else { if(@file_exists($thumbpath.$value['thumb'].".small.jpg")) $thumb = $thumbpath.$value['thumb'].".small.jpg"; elseif(@file_exists($thumbpath.$value['mediaurl'].".small.jpg")) $thumb = $thumbpath.$value['mediaurl'].".small.jpg"; elseif(@file_exists(str_replace("[SIZE]",".small","uploads/thumbs/".$value['thumb']))) $thumb = str_replace("[SIZE]",".small","uploads/thumbs/".$value['thumb']); elseif(findThumb($value['thumb'],true)){ $thumb = findThumb($value['thumb'],true); $thumb = $thumbpath.$thumb[0]; }else $thumb = $sitepath."images/default_small_thumb.jpg"; if ($value['thumb']=='') { $thumb = $templateimagepath.getDefaultThumb($value['mediatype']); } $thumb = str_replace(" ","%20", $thumb); } $cat = getCategoryPath($value['category']); $db->query("SELECT * FROM rating WHERE id = ".$value['id']); $resR = $db->fetch(); $title = url_encode($value['title']); $output .= "<li>"; $output .= "<a href=\"".$sitepath."play$cat/$title\"><img class='thumb' src='$thumb' /></a>\n"; $value['title'] = force_length($value['title'], 55); $output .= "<h4><b> <a href=\"".$sitepath."play$cat/$title\">".str_replace("_"," ",$title)."</a></b></h4>\n"; $value['description'] = force_length($value['description'],130); $output .= "<p><b>".$value['description']."</b></p>"; $output .= "<p><b>Views: ".$value['allviews']." <br><span class=\"rating\">".show_rating($value['id'])."</span></b></p>"; $output .= "</li>\n"; if($count == $perpage) break; } } } if($pages != 0) $output .= $pageLinks; return $output; } } function mediaList($res, $page = 1,$url) { global $db,$sitepath,$loggedIn,$templateimagepath; $site_template = getSetting("sitetemplate",$db); $template_file = "templates/" . $site_template . "/modules/profile_content.php"; if ((getSetting("new_template",$db)==1)&&(file_exists($template_file))) { include_once ($template_file); $output = mediaList_new($res,$page,$url); return $output; } else { if ($loggedIn) { $db->query("SELECT id FROM member WHERE username = '".quote_smart($_SESSION['username'])."'"); $ures = $db->fetch(); $memberid = $ures['id']; $db->query("SELECT * FROM group_member WHERE member_id = ".$memberid." AND approved = 1"); $groupmembership = $db->fetchAll(); } $vidcount = 0; foreach($res as $key => $value) { if($value['added'] < time()) { $groupid = $value['groupid']; $groupprivate = $value['privacy']; $visible = true; if (($groupid>0)&&($groupprivate==1)&&($value['owner_id']!=$memberid)) { if ($loggedIn) { $approvedmember = false; foreach($groupmembership as $gmkey => $groupmember){ if ($groupmember['group_id_g']==$groupid) { $approvedmember = true; break; } } if (!$approvedmember) { $visible = false; } } else { $visible = false; } } if ($visible) { $vidcount++; } } } $perpage =getSetting("profmedpp",$db); $size = sizeof($res); $pages = ceil($vidcount/$perpage); $pageLinks = "<div align=right>Pages: "; $pp = $page - 1; if ($pp >=1) { $pageLinks .= "<a class=\"prevp\" href='".$url."/".$pp."'>Previous Page</a>"; } if($pages > 10 && $page > 6){ if(!$nomr){ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; }else{ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; } } $p = 1; $stopat = ($pages <= 10) ? $pages : 10; if($pages > 10 && $page > 5){ $p = $page - 5; $stopat = $page + 5; if($stopat > $pages) $stopat = $pages; } for($p; $p <= $stopat; $p++){ if(!$nomr){ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; }else{ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; } } if($pages > 10){ if(!$nomr){ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; }else{ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; } } $np = $page + 1; if ($np <= $pages) { $pageLinks .= "<a class=\"nextp\" href='".$url."/".$np."'>Next Page</a>"; } $pageLinks .= "</div>"; $output = '<div class="tab-cont"><ul class="no-format vert-list">'; $count = 0; $page--; //Clear previous page results for($i = 0; $i < $perpage * $page; $i++) unset($res[$i]); foreach($res as $key => $value){ if($value['added'] < time()){ $groupid = $value['groupid']; $groupprivate = $value['privacy']; $visible = true; if (($groupid>0)&&($groupprivate==1)&&($value['owner_id']!=$memberid)) { if ($loggedIn) { $approvedmember = false; foreach($groupmembership as $gmkey => $groupmember){ if ($groupmember['group_id_g']==$groupid) { $approvedmember = true; break; } } if (!$approvedmember) { $visible = false; } } else { $visible = false; } } if ($visible) { $count++; if($count == getSetting("adsense_pos1",$db) || $count == getSetting("adsense_pos2",$db)) $output .= getAdmedia(); $thumbpath = $sitepath.'uploads/thumbs/'; if (checkHideThumbnails()&&($value['requires_agreement']==1)) { $thumb = $templateimagepath."default_mature_thumb.jpg"; } else { if(@file_exists($thumbpath.$value['thumb'].".small.jpg")) $thumb = $thumbpath.$value['thumb'].".small.jpg"; elseif(@file_exists($thumbpath.$value['mediaurl'].".small.jpg")) $thumb = $thumbpath.$value['mediaurl'].".small.jpg"; elseif(@file_exists(str_replace("[SIZE]",".small","uploads/thumbs/".$value['thumb']))) $thumb = str_replace("[SIZE]",".small","uploads/thumbs/".$value['thumb']); elseif(findThumb($value['thumb'],true)){ $thumb = findThumb($value['thumb'],true); $thumb = $thumbpath.$thumb[0]; }else $thumb = $sitepath."images/default_small_thumb.jpg"; if ($value['thumb']=='') { $thumb = $templateimagepath.getDefaultThumb($value['mediatype']); } $thumb = str_replace(" ","%20", $thumb); } $cat = getCategoryPath($value['category']); $db->query("SELECT * FROM rating WHERE id = ".$value['id']); $resR = $db->fetch(); $title = url_encode($value['title']); $output .= "<li>"; $output .= "<a href=\"".$sitepath."play$cat/$title\"><img class='thumb' src='$thumb' /></a>\n"; $value['title'] = force_length($value['title'], 55); $output .= "<h4><b> <a href=\"".$sitepath."play$cat/$title\">".str_replace("_"," ",$title)."</a></b></h4>\n"; $value['description'] = force_length($value['description'],130); $output .= "<p><b>".$value['description']."</b></p>"; $output .= "<p><b>Views: ".$value['allviews']." <br><span class=\"rating\">".show_rating($value['id'])."</span></b></p>"; $output .= "</li>\n"; if($count == $perpage) break; } } } $output .= "</ul></div>"; if($pages >0) $output .= $pageLinks; return $output; } } function groupList($res, $page = 1,$url,$type) { global $db,$sitepath,$loggedIn,$templateimagepath; $site_template = getSetting("sitetemplate",$db); $template_file = "templates/" . $site_template . "/modules/profile_content.php"; if ((getSetting("new_template",$db)==1)&&(file_exists($template_file))) { include_once ($template_file); $output = groupList_new($res,$page,$url,$type); return $output; } else { $perpage =getSetting("profgrppp",$db); $size = sizeof($res); $pages = ceil($size/$perpage); $pageLinks = "<div align=right>Pages: "; $pp = $page - 1; if ($pp >=1) { $pageLinks .= "<a class=\"prevp\" href='".$url."/".$pp."'>Previous Page</a>"; } if($pages > 10 && $page > 6){ if(!$nomr){ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; }else{ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; } } $p = 1; $stopat = ($pages <= 10) ? $pages : 10; if($pages > 10 && $page > 5){ $p = $page - 5; $stopat = $page + 5; if($stopat > $pages) $stopat = $pages; } for($p; $p <= $stopat; $p++){ if(!$nomr){ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; }else{ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; } } if($pages > 10){ if(!$nomr){ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; }else{ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; } } $np = $page + 1; if ($np <= $pages) { $pageLinks .= "<a class=\"nextp\" href='".$url."/".$np."'>Next Page</a>"; } $pageLinks .= "</div>"; $output = '<div class="tab-cont"><ul class="no-format vert-list">'; $count = 0; $page--; //Clear previous page results for($i = 0; $i < $perpage * $page; $i++) unset($res[$i]); foreach($res as $key => $value){ $count++; $iconfile = ""; if(@file_exists("uploads/groupicons/".$value['icon'])&&($value['icon']!="")) { $iconfile = $sitepath."uploads/groupicons/".$value['icon']; } else { $iconfile = $templateimagepath."default_group_thumb.jpg"; } $groupid = $value['group_id']; $groupname = force_length(stripslashes($value['name']),64); $groupdesc =force_length(stripslashes($value['group_description']),100); $grouppriv = $value['privacy']; $groupowner = $value['owner_id']; $db->query("SELECT username FROM member WHERE id = ".$groupowner); $userres=$db->fetch(); $ownername=$userres['username']; $ownerlink=$sitepath.'profile/'.$ownername; $privacy = '(public group)'; if ($grouppriv==1) { $privacy = '(private group)'; } if ($loggedIn) { $db->query("SELECT id FROM member WHERE username = '".quote_smart($_SESSION['username'])."'"); $ures = $db->fetch(); $memberid = $ures['id']; $db->query("SELECT * FROM group_member WHERE group_id_g=".$groupid." AND member_id=".$memberid." AND approved=1"); $isMember=$db->numRows()>0; } else { $isMember=false; } $db->query("SELECT * FROM group_member WHERE group_id_g=".$groupid." AND approved=1"); $members = $db->numRows(); if ($members!=1) { $s='s'; } else { $s=''; } $viewlink = $sitepath.'showgroup/'.url_encode($groupname); if ($iconfile!="") { $iconurl = '<img class="thumb" src="'.$iconfile.'">'; } else { $iconurl = ''; } $memStatus=''; if ($loggedIn) { if ($groupowner==$loggedInid) { $memStatus = '<h4><b> - you own this group</b></h4>'; } else { if ($isMember) { $memStatus='<h4><b> - you are a member <a href="'.$viewlink.'/leave">click here to leave</a></b></h4>'; } else { $memStatus='<h4><b><a href="'.$viewlink.'/join">click here to join</a></b></h4>'; } } } if ($type=='joined') { $ownermembers='<h4> <b>('.$members.' member'.$s.') created by <a href="'.$ownerlink.'">'.$ownername.'</a></b></h4>'; } else { $ownermembers='<h4> <b>('.$members.' member'.$s.') </b></h4>'; } $output .= '<li><a href="'.$viewlink.'">'.$iconurl.'</a> <h3><b> <a href="'.$viewlink.'">'.$groupname.'</a></b></h3><h4> '.$privacy.'</h4> <h4> <b>'.$groupdesc.'</b></h4><h4>'.$ownermembers.'</h4></li>'; $colcount++; if($count == $perpage) break; } $output .= "</ul></div>"; if($pages > 0) $output .= $pageLinks; return $output; } } function friendsList($res, $page = 1,$url) { global $db,$sitepath,$templateimagepath; $site_template = getSetting("sitetemplate",$db); $template_file = "templates/" . $site_template . "/modules/profile_content.php"; if ((getSetting("new_template",$db)==1)&&(file_exists($template_file))) { include_once ($template_file); $output = friendsList_new($res,$page,$url); return $output; } else { $perpage =getSetting("proffrdpp",$db); $size = sizeof($res); $pages = ceil(sizeof($res)/$perpage); $pageLinks = "<div align=right>Pages: "; $pp = $page - 1; if ($pp >=1) { $pageLinks .= "<a class=\"prevp\" href='".$url."/".$pp."'>Previous Page</a>"; } if($pages > 10 && $page > 6){ if(!$nomr){ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; }else{ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; } } $p = 1; $stopat = ($pages <= 10) ? $pages : 10; if($pages > 10 && $page > 5){ $p = $page - 5; $stopat = $page + 5; if($stopat > $pages) $stopat = $pages; } for($p; $p <= $stopat; $p++){ if(!$nomr){ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; }else{ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; } } if($pages > 10){ if(!$nomr){ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; }else{ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; } } $np = $page + 1; if ($np <= $pages) { $pageLinks .= "<a class=\"nextp\" href='".$url."/".$np."'>Next Page</a>"; } $pageLinks .= "</div>"; $output = '<div class="tab-cont"><ul class="no-format vert-list">'; $count = 0; $page--; //Clear previous page results for($i = 0; $i < $perpage * $page; $i++) unset($res[$i]); $colcount = 0; foreach($res as $key => $value){ if($value['activationkey']==0){ $count++; $avatargender = $value['gender']>0 ? 'female' : 'male'; $avatar = $templateimagepath."default_".$avatargender."_avatar.jpg"; if(@file_exists("uploads/avatars/".$value['avatar'])&&($value['avatar']!="")) { $avatar = $sitepath."uploads/avatars/".$value['avatar']; } $avatar = str_replace(" ","%20", $avatar); $id = $value['id']; $user_name = $value['username']; $db->query("SELECT id FROM media WHERE status='true' AND poster ='".$user_name."'".$hide." ORDER BY allviews DESC"); $mediacount = $db->numRows(); $rres=$db->fetch(); $db->query("SELECT * FROM member LEFT JOIN friend ON (member.id = friend.friendid OR member.id = friend.userid) WHERE (friend.userid =".$id." OR friend.friendid =".$id.") AND (username!='".$user_name."') AND friend.friend_removed=0 AND friend.friend_approved=1 GROUP BY member.id"); $friendcount = $db->numRows(); $output .= "<li>"; $output .= "<a href=\"".$sitepath."profile/$user_name\"><img class='thumb' width=".getSetting("avatar_w",$db)."px height=".getSetting("avatar_h",$db)."px class='thumb' src='".$avatar."' /></a>\n"; $value['username'] = force_length($value['username'], 25); $output .= "<h3><b> <a href=\"".$sitepath."profile/$user_name\">".$value['username']."</a></b></h3>\n"; $output .= "<h4> <b>friends: ".$friendcount."<br> media: ".$mediacount."</b></h4>"; $output .= "</li>\n"; $colcount++; if($count == $perpage) break; } } $output .= "</ul></div>"; if($pages > 0) $output .= $pageLinks; return $output; } } function getFriends(){ global $db; $sitefolder = getSetting("sitefolder",$db); $path = "http://" . $_SERVER['SERVER_NAME'].$sitefolder."profile/".$_GET['user']."/frd"; $db->query("SELECT * FROM member WHERE username = '".quote_smart($_GET['user'])."'"); $idres = $db->fetch(); $userid = $idres['id']; $db->query("SELECT * FROM member LEFT JOIN friend ON (member.id = friend.friendid OR member.id = friend.userid) WHERE (friend.userid =".$userid." OR friend.friendid =".$userid.") AND (username!='".quote_smart($_GET['user'])."') AND friend.friend_removed=0 AND friend.friend_approved=1 GROUP BY member.id"); $resLV = $db->fetchAll(); if (sizeof($resLV) > 0) { $output = "<div align=center><h5>".$_GET['user']."'s friends</h5></div>"; if(isset($_GET['page'])) $output .= friendsList($resLV,quote_smart($_GET['page']),$path); else $output .= friendsList($resLV,1,$path); } else { $output .= "<div align=center><h5>".$_GET['user']." has no friends</h5></div>"; } return $output; } function getFavorites(){ global $db,$sitepath; if (checkHideMedia()==1) { $hide=" AND (`requires_agreement` = 0)"; } else { $hide=""; } $db->query("SELECT * FROM member WHERE username = '".quote_smart($_GET['user'])."'"); $idres = $db->fetch(); $userid = $idres['id']; $query="SELECT * FROM `media` LEFT JOIN `group` ON (`media`.`groupid` = `group`.`group_id`) LEFT JOIN favorite ON favorite.vidid = media.id WHERE (`status` ='true') AND (favorite.userid = ".$userid.")".$hide."AND (`suspended`!=1 OR `suspended` IS NULL) ORDER BY `added` DESC"; $db->query($query); $resLV = $db->fetchAll(); if (sizeof($resLV) > 0) { $output = "<div align=center><h5>".$_GET['user']."'s favorite media</h5></div>"; if(isset($_GET['page'])) $output .= favoritesList($resLV,quote_smart($_GET['page']),$sitepath); else $output .= favoritesList($resLV,1,$path); } else { $output = "<div align=center><h5>".$_GET['user']." has no favorites</h5></div>"; } return $output; } function getMedia(){ global $db,$sitepath; if (checkHideMedia()==1) { $hide=" AND (`requires_agreement` = 0)"; } else { $hide=""; } $path =$sitepath."profile/".$_GET['user']."/med"; $query="SELECT * FROM `media` LEFT JOIN `group` ON (`media`.`groupid` = `group`.`group_id`) WHERE (`status` ='true') AND (poster ='".quote_smart($_GET['user'])."')".$hide."AND (`suspended`!=1 OR `suspended` IS NULL) ORDER BY `added` DESC"; $db->query($query); $resLV = $db->fetchAll(); if (sizeof($resLV) > 0) { $output = "<div align=center><h5>".$_GET['user']."'s uploaded media</h5></div>"; if(isset($_GET['page'])&&($_GET['act']=='med')) $output .= mediaList($resLV,quote_smart($_GET['page']),$path); else $output .=mediaList($resLV,1,$path); } else { $output = "<div align=center><h5>".$_GET['user']." has not uploaded any media yet</h5></div>"; } return $output; } function getGroups(){ global $db,$sitepath; $joinedcreated = $_GET['opt']; if (($joinedcreated!="joined")&&($joinedcreated!="created")) { $joinedcreated="joined"; } $path =$sitepath."profile/".$_GET['user']."/grp/_".$joinedcreated; $db->query("SELECT * FROM member WHERE username = '".quote_smart($_GET['user'])."'"); $idres = $db->fetch(); $userid = $idres['id']; if ($joinedcreated=="created") { $db->query("SELECT * FROM `group` WHERE `owner_id`=".$userid." ORDER BY created DESC"); $tabtitle="<div align=center><h5>".$_GET['user']."'s groups</h5></div>"; $action="created"; $links="<a href=\"".$sitepath."profile/".$_GET['user']."/grp/_joined\">joined</a> | <b>created</b>"; $type="created"; } else if ($joinedcreated=="joined") { $db->query("SELECT * FROM `group` LEFT JOIN `group_member` ON group_id=`group_id_g` WHERE (`member_id`=".$userid.") AND (approved=1) ORDER BY joined DESC"); $tabtitle="<div align=center><h5>groups ".$_GET['user']." has joined</h5></div>"; $action="joined"; $links=" <b>joined</b> | <a href=\"".$sitepath."profile/".$_GET['user']."/grp/_created\">created</a>"; $type="joined"; } $resLV = $db->fetchAll(); $output = "<div align=center>".$links."</div><br>"; if (sizeof($resLV) > 0) { $output .= $tabtitle; if(isset($_GET['page'])) $output .= groupList($resLV,quote_smart($_GET['page']),$path,$type); else $output .=groupList($resLV,1,$path,$type); } else { $output .= "<div align=center><h2>".$_GET['user']." has not ".$action." any groups yet</h2></div>"; } return $output; } function getSubscriptions(){ global $db,$sitepath; $path = $sitepath."profile/".$_GET['user']."/sub"; $db->query("SELECT * FROM member WHERE username = '".quote_smart($_GET['user'])."'"); $idres = $db->fetch(); $userid = $idres['id']; $db->query("SELECT * FROM member LEFT JOIN subscription ON member.id = subscription.subscribedtoid WHERE subscription.userid = ".$userid); $resLV = $db->fetchAll(); if (sizeof($resLV) > 0) { $output = "<div align=center><h5>".$_GET['user']."'s subscriptions</h5></div>"; if(isset($_GET['page'])) $output .= subscriptionsList($resLV,quote_smart($_GET['page']),$path); else $output .= subscriptionsList($resLV,1,$path); } else { $output = "<div align=center><h5>".$_GET['user']." has no subscriptions</h5></div>"; } return $output; } function addCommentLink(){ global $db; $sitefolder = getSetting("sitefolder",$db); $sitetemplate =getSetting("sitetemplate",$db); $rootpath = $_SERVER['DOCUMENT_ROOT'].$sitefolder; $path = "http://" . $_SERVER['SERVER_NAME'].$sitefolder; $link = $path."profile/".$_GET['user'].'?action=addcomment'; return $link; } function commentCount(){ global $db; $user_name = quote_smart($_GET['user']); $db->query("SELECT * FROM member WHERE username = '".quote_smart($_SESSION['username'])."'"); $res = $db->fetch(); $loggedInid = $res['id']; $db->query("SELECT * FROM profile_comment WHERE userid = ".$loggedInid); $count = $db->numRows(); return $count; } function profileComments(){ global $db,$loggedIn,$sitepath,$templateimagepath; $site_template = getSetting("sitetemplate",$db); $template_file = "templates/" . $site_template . "/modules/profile_content.php"; if ((getSetting("new_template",$db)==1)&&(file_exists($template_file))) { include_once ($template_file); $profileoutput = profileComments_new(); return $profileoutput; } else { $sitefolder = getSetting("sitefolder",$db); $sitepath = "http://" . $_SERVER['SERVER_NAME'].$sitefolder; $comments = ""; $user_name = quote_smart($_GET['user']); $db->query("SELECT * FROM member WHERE username = '".$user_name."'"); $res = $db->fetch(); $userID = $res['id']; /* Comments */ $db->query("SELECT * FROM profile_comment WHERE userid = ".$userID." ORDER BY date DESC"); $result = $db->fetchAll(); $comments = ""; $perpage =4; $size = sizeof($result); $pages = ceil(sizeof($result)/$perpage); $url = $sitepath.'profile/'.$user_name; if((isset($_GET['page']))&&(!isset($_GET['act']))) $page = quote_smart($_GET['page']); else $page = 1; if ($page<1) $page = 1; $pageLinks = "<div align=right>"; $pp = $page - 1; if ($pp >=1) { $pageLinks .= "<a class=\"prevp\" href='".$url."/".$pp."'>Previous Page</a>"; } if($pages > 10 && $page > 6){ if(!$nomr){ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; }else{ $pageLinks .= "<a href='".$url."/1'>1</a> ... "; } } $p = 1; $stopat = ($pages <= 10) ? $pages : 10; if($pages > 10 && $page > 5){ $p = $page - 5; $stopat = $page + 5; if($stopat > $pages) $stopat = $pages; } for($p; $p <= $stopat; $p++){ if(!$nomr){ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; }else{ if($p == $page) $pageLinks .= "$p "; else $pageLinks .= "<a href='".$url."/".$p."'>$p</a> "; } } if($pages > 10){ if(!$nomr){ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; }else{ $pageLinks .= "... <a href='".$url."/".$pages."'>$pages</a>"; } } $np = $page + 1; if ($np <= $pages) { $pageLinks .= "<a class=\"nextp\" href='".$url."/".$np."'>Next Page</a>"; } $pageLinks .= "</div>"; $count = 0; $comments .= '<h2>Comments</h2>'; $page--; //Clear previous page results for($i = 0; $i < $perpage * $page; $i++) unset($result[$i]); $colcount = 0; foreach($result as $key => $row){ if ($row['regdposter']==1) { $posterString = '<a href="'.$sitepath.'profile/'.htmlentities($row['leftbyname']).'">'.htmlentities($row['leftbyname']).'</a>'; $db->query("SELECT * FROM `member` WHERE `username` = '" . quote_smart($row['leftbyname']) . "'"); $user = $db->fetch(); if (($user['avatar'] == '')||($db->numRows()<1)) { $avatargender = $value['gender']>0 ? 'female' : 'male'; $avatar_tag = $templateimagepath."default_".$avatargender."_avatar.jpg"; } else { $avatar_tag = $sitepath.'uploads/avatars/'.$user['avatar']; } } else { $posterString = htmlentities($row['leftbyname'])." (visitor)"; $avatar_tag = $templateimagepath."default_male_avatar.jpg"; } if (($loggedIn)&&(isset($_SESSION['privs']) && $_SESSION['privs'] == 7)||($user_name==$_SESSION['username'])) { $del = '<div align=right><a href="'.$sitepath.'profile/'.$_GET['user']. '/dc/'.$row['id'].'">delete this comment</a></div>'; } else { $del = ''; } $str_today = date("Y-m-d H:i:s"); $comments .= '<dl class="no-format full-com2"><dt><a href="'.$sitepath.'profile/'.htmlentities($row['leftbyname']).'"><img width=30px height=30px class="thumb" src="'.$avatar_tag.'" alt="" /></a><b>'.$posterString.' </b></dt>'; $comments .= '<dd><p><h3 class="message">'.nl2br(bbCode($row['comment'])).$del.'</h3></p></dd><h4>'.date_diff(date("Y-m-d H:i:s",$row["date"]),$str_today).'</h4></dl><br>'; $count++; if($count == $perpage) break; } if ($pages>1) { $comments .= $pageLinks; } $privacy = $res['privacy']; $postmessage = canComment(); if ($postmessage == "") { $comments .= ''; if(getSetting("restrictpc",$db)==1 && !$loggedIn) { $comments .= '<h2>Please log in to comment</h2>'; } else { //***CHECK PRIVACY LEVEL OF PROFILE HERE AND DECIDE IF COMMENT POSTING IS ALLOWED*** $comments .= '<h2>Add comment</h2><form action="" method="post"><input type="hidden" name="type" value="addcomment">'; if($loggedIn){ $comments .= '<input type="hidden" id="name" name="name" value="'.$_SESSION['username'].'"/>'; } else { $comments .= '<li> <label for="name" class="comment">name</label> <input type="hidden" id="visitor" name="visitor" value="visitorposting"> <input id="name" name="name" /> </li>'; } $comments .= '<div id="message"> <textarea name="text"></textarea></div>'; if ((!$loggedIn)||(getSetting("captchaformembers",$db)==1)) { $comments .= '<p><img src="'.$sitepath.'includes/CaptchaSecurityImages.php" /><br>Enter code above<br> <input id="security_code" name="security_code" type="text" size="6"/></p>'; } $comments .= '<p><input class="biggerbutton" type="submit" name="submit" value="Post comment" style="margin-right: 30px;"/></p></form>'; $comments .= '<br />'.$message; } $comments .= ''; } else { $comments .= $postmessage; } return $comments; } } function profileTabs(){ global $db; $site_template = getSetting("sitetemplate",$db); $template_file = "templates/" . $site_template . "/modules/profile_content.php"; if ((getSetting("new_template",$db)==1)&&(file_exists($template_file))) { include_once ($template_file); $tabs = profileTabs_new(); return $tabs; } else { $sitefolder = getSetting("sitefolder",$db); $sitetemplate =getSetting("sitetemplate",$db); $rootpath = $_SERVER['DOCUMENT_ROOT'].$sitefolder; $path = "http://" . $_SERVER['SERVER_NAME'].$sitefolder; $link = $path.'profile/'.$_GET['user'].'/'; $activetab = $_GET['act']; $medtab = ""; $favtab = ""; $subtab = ""; $frdtab = ""; $grptab = ""; if ($activetab=="med") {$medtab=' class="crt"';} if ($activetab=="fav") {$favtab=' class="crt"';} if ($activetab=="sub") {$subtab=' class="crt"';} if ($activetab=="frd") {$frdtab=' class="crt"';} if ($activetab=="grp") {$grptab=' class="crt"';} if (!isset($_GET['act'])) {$medtab=' class="crt"';} if (($medtab=="")&&($favtab=="")&&($subtab=="")&&($frdtab=="")&&($grptab=="")) {$medtab=' class="crt"';} $tabs = '<!-- s:TABS --> <ul class="no-format c-tabs"> <li'.$medtab.'><span><a href="'.$link.'med" title="Media">Media</a></span></li> <li'.$favtab.'><span><a href="'.$link.'fav" title="Favorites">Favorites</a></span></li> <li'.$subtab.'><span><a href="'.$link.'sub" title="Subscriptions">Subscriptions</a></span></li> <li'.$frdtab.'><span><a href="'.$link.'frd" title="Friends">Friends</a></span></li> <li'.$grptab.'><span><a href="'.$link.'grp" title="Groups">Groups</a></span></li> </ul> <!-- e:TABS -->'; return $tabs; } } function tabContent(){ $content = ''; $activetab = $_GET['act']; if (!isset($_GET['act'])) {$activetab='med';} if (($activetab!="med")&&($activetab!="fav")&&($activetab!="sub")&&($activetab!="frd")&&($activetab!="grp")) {$activetab ='med';} if ($activetab=="med") { $content .= getMedia(); } elseif ($activetab=="fav") { $content .= getFavorites(); } elseif ($activetab=="sub") { $content .= getSubscriptions(); } elseif ($activetab=="frd") { $content .= getFriends(); } elseif ($activetab=="grp") { $content .= getGroups(); } $content .= ''; return $content; } function checkMemberExists(){ global $db,$loggedIn; $path = getSetting('sitefolder',$db); $sitepath = 'http://' . $_SERVER['SERVER_NAME'].$path; $message = ""; if(!isset($_GET['user'])){ // NO USER IN URL $message = "Sorry - this user does not exist or is no longer registered"; } else { $user_name = quote_smart($_GET['user']); $db->query("SELECT * FROM member WHERE username = '".$user_name."'"); $registeredUser = false; if($db->numRows() < 1) { $message = "Sorry - this user does not exist or is no longer registered"; } } return $message; } function canMessage(){ global $db,$loggedIn; $path = getSetting('sitefolder',$db); $sitepath = 'http://' . $_SERVER['SERVER_NAME'].$path; $message = ""; if(!isset($_GET['user'])){ // NO USER IN URL $message = "Sorry - this user does not exist or is no longer registered"; }else{ $user_name = quote_smart($_GET['user']); //Check it's a registered user $db->query("SELECT * FROM member WHERE username = '".$user_name."'"); $registeredUser = false; if($db->numRows() >= 1) { $registeredUser = true; $res = $db->fetch(); $profileid = $res['id']; $profileprivacylevel = $res['profile_privacy']; // NOW CHECK THAT THIS USER IS ALLOWED TO VIEW THE PROFILE // IF USER IS LOGGED IN CHECK IF USER IS BLOCKED $blocked = false; $userisfriend = false; $userisowner = false; $useridadmin = false; if ($loggedIn) { $db->query("SELECT * FROM member WHERE username = '".quote_smart($_SESSION['username'])."'"); $res = $db->fetch(); $loggedInid = $res['id']; $privs = $res['privs']; $db->query("SELECT * FROM blocked WHERE blocker_id = ".$profileid." AND blockee_id = ".$loggedInid); $blocked = ($db->numRows() >= 1); // CHECK IF USER IS THE OWNER OF THIS PROFILE $userisowner = ($profileid == $loggedInid); // CHECK IF USER IS ON THE OWNER'S FRIENDS LIST AND IS APPROVED $db->query("SELECT * from friend WHERE ((userid = ".$profileid." AND friendid = ".$loggedInid.") OR (friendid = ".$profileid." AND userid = ".$loggedInid.")) AND friend_approved = 1"); $userisfriend = ($db->numRows() >0); $userisadmin = ($privs > 6); } if (!$userisadmin) // IF USER IS ADMIN THEN NO NEED T0 CHECK FRIENDS/BLOCKED ETC. { if ($blocked) { //USER IS BLOCKED $message = "<h3>Sorry, this member has chosen not to let you see their profile</h3>"; } else // USER IS NOT BLOCKED { // NOW CHECK IF THE PROFILE IS VISIBLE - IT WILL BE SHOWN IN ANY OF THESE 3 CASES: // 1 - PROFILE IS PUBLIC // 2 - PROFILE IS REGISTERED ONLY AND USER IS LOGGED IN // 3 - PROFILE IS PRIVATE AND USER IS LOGGED IN AND (USER IS A FRIEND OR THE OWNER OF THIS PROFILE) $profileispublic = ($profileprivacylevel==0); $registeredonlyandloggedin = (($profileprivacylevel == 1)&&($loggedIn)); $privateandloggedinandfriendorowner = (($profileprivacylevel == 2)&&($loggedIn)&&(($userisfriend)OR($userisowner))); $showprofile = $profileispublic || $registeredonlyandloggedin || $privateandloggedinandfriendorowner; if (!$showprofile) { if (!$loggedIn) { $message = "<h3>You must log in to send messages to ".$user_name."</h3>"; } else { if ($_GET['act']=='af') { $message = "<h3>Thank you! Your request to be added to ".$_GET['user']."'s friends list has been submitted</h3>"; } else { $message = '<h3>You must be on '.$_GET['user'].'\'s friends list to send messages - <a href="'.$sitepath.'profile/'.$_GET['user'].'/af">ask '.$_GET['user'].' to add you here</a></h3>'; } } } } } } else { // USER NAME IS NOT IN THE DATABASE if (!$registeredUser) {$message = "Sorry - this user does not exist or is no longer registered";} } } return $message; } function canMessageForMenu(){ global $db,$loggedIn; $path = getSetting('sitefolder',$db); $sitepath = 'http://' . $_SERVER['SERVER_NAME'].$path; $message = ""; if(!isset($_GET['user'])){ // NO USER IN URL $message = "Sorry - this user does not exist or is no longer registered"; }else{ $user_name = quote_smart($_GET['user']); //Check it's a registered user $db->query("SELECT * FROM member WHERE username = '".$user_name."'"); $registeredUser = false; if($db->numRows() >= 1) { $registeredUser = true; $res = $db->fetch(); $profileid = $res['id']; $profileprivacylevel = $res['profile_privacy']; // NOW CHECK THAT THIS USER IS ALLOWED TO VIEW THE PROFILE // IF USER IS LOGGED IN CHECK IF USER IS BLOCKED $blocked = false; $userisfriend = false; $userisowner = false; $useridadmin = false; if ($loggedIn) { $db->query("SELECT * FROM member WHERE username = '".quote_smart($_SESSION['username'])."'"); $res = $db->fetch(); $loggedInid = $res['id']; $privs = $res['privs']; $db->query("SELECT * FROM blocked WHERE blocker_id = ".$profileid." AND blockee_id = ".$loggedInid); $blocked = ($db->numRows() >= 1); // CHECK IF USER IS THE OWNER OF THIS PROFILE $userisowner = ($profileid == $loggedInid); // CHECK IF USER IS ON THE OWNER'S FRIENDS LIST AND IS APPROVED $db->query("SELECT * from friend WHERE ((userid = ".$profileid." AND friendid = ".$loggedInid.") OR (friendid = ".$profileid." AND userid = ".$loggedInid.")) AND friend_approved = 1"); $userisfriend = ($db->numRows() >0); $userisadmin = ($privs > 6); } if (!$userisadmin) // IF USER IS ADMIN THEN NO NEED T0 CHECK FRIENDS/BLOCKED ETC. { if ($blocked) { //USER IS BLOCKED $message = "<h4>$user_name has chosen not to let you send messages</h4>"; } else // USER IS NOT BLOCKED { // NOW CHECK IF THE PROFILE IS VISIBLE - IT WILL BE SHOWN IN ANY OF THESE 3 CASES: // 1 - PROFILE IS PUBLIC // 2 - PROFILE IS REGISTERED ONLY AND USER IS LOGGED IN // 3 - PROFILE IS PRIVATE AND USER IS LOGGED IN AND (USER IS A FRIEND OR THE OWNER OF THIS PROFILE) $profileispublic = ($profileprivacylevel==0); $registeredonlyandloggedin = (($profileprivacylevel == 1)&&($loggedIn)); $privateandloggedinandfriendorowner = (($profileprivacylevel == 2)&&($loggedIn)&&(($userisfriend)OR($userisowner))); $showprofile = $profileispublic || $registeredonlyandloggedin || $privateandloggedinandfriendorowner; if (!$showprofile) { if (!$loggedIn) { $message = "Log in to send a message to ".$user_name; } else { if ($_GET['act']=='af') { $message = "You will be able to send a message to ".$user_name." when your friend request is approved"; } else { $message = '<a href="'.$sitepath.'profile/'.$_GET['user'].'/af">Become '.$user_name.'\'s friend</a> to send a message'; } } } } } } else { // USER NAME IS NOT IN THE DATABASE if (!$registeredUser) {$message = "Sorry - this user does not exist or is no longer registered";} } } return $message; } function canComment(){ global $db,$loggedIn; $path = getSetting('sitefolder',$db); $sitepath = 'http://' . $_SERVER['SERVER_NAME'].$path; $message = ""; if(!isset($_GET['user'])){ // NO USER IN URL $message = "Sorry - this user does not exist or is no longer registered"; }else{ $user_name = quote_smart($_GET['user']); //Check it's a registered user $db->query("SELECT * FROM member WHERE username = '".$user_name."'"); $registeredUser = false; if($db->numRows() >= 1) { $registeredUser = true; $res = $db->fetch(); $profileid = $res['id']; $profileprivacylevel = $res['profile_privacy']; // NOW CHECK THAT THIS USER IS ALLOWED TO VIEW THE PROFILE // IF USER IS LOGGED IN CHECK IF USER IS BLOCKED $blocked = false; $userisfriend = false; $userisowner = false; $useridadmin = false; if ($loggedIn) { $db->query("SELECT * FROM member WHERE username = '".quote_smart($_SESSION['username'])."'"); $res = $db->fetch(); $loggedInid = $res['id']; $privs = $res['privs']; $db->query("SELECT * FROM blocked WHERE blocker_id = ".$profileid." AND blockee_id = ".$loggedInid); $blocked = ($db->numRows() >= 1); // CHECK IF USER IS THE OWNER OF THIS PROFILE $userisowner = ($profileid == $loggedInid); // CHECK IF USER IS ON THE OWNER'S FRIENDS LIST AND IS APPROVED $db->query("SELECT * from friend WHERE ((userid = ".$profileid." AND friendid = ".$loggedInid.") OR (friendid = ".$profileid." AND userid = ".$loggedInid.")) AND friend_approved = 1"); $userisfriend = ($db->numRows() >0); $userisadmin = ($privs > 6); } if (!$userisadmin) // IF USER IS ADMIN THEN NO NEED T0 CHECK FRIENDS/BLOCKED ETC. { if ($blocked) { //USER IS BLOCKED $message = "<h3>Sorry, this member has chosen not to let you see their profile</h3>"; } else // USER IS NOT BLOCKED { // NOW CHECK IF THE PROFILE IS VISIBLE - IT WILL BE SHOWN IN ANY OF THESE 3 CASES: // 1 - PROFILE IS PUBLIC // 2 - PROFILE IS REGISTERED ONLY AND USER IS LOGGED IN // 3 - PROFILE IS PRIVATE AND USER IS LOGGED IN AND (USER IS A FRIEND OR THE OWNER OF THIS PROFILE) $profileispublic = ($profileprivacylevel==0); $registeredonlyandloggedin = (($profileprivacylevel == 1)&&($loggedIn)); $privateandloggedinandfriendorowner = (($profileprivacylevel == 2)&&($loggedIn)&&(($userisfriend)OR($userisowner))); $showprofile = $profileispublic || $registeredonlyandloggedin || $privateandloggedinandfriendorowner; if (!$showprofile) { if ((!$loggedIn)&&(!$profileispublic)) { $message = "<h3>You must log in to post comments on ".$user_name."'s profile</h3>"; } else { if ($_GET['act']=='af') { $message = "<h3>Thank you! Your request to be added to ".$_GET['user']."'s friends list has been submitted</h3>"; } else { $message = '<h3>You must be on '.$_GET['user'].'\'s friends list to post comments on '.$user_name.'\'s profile - <a href="'.$sitepath.'profile/'.$_GET['user'].'/af">ask '.$_GET['user'].' to add you here</a></h3>'; } } } } } } else { // USER NAME IS NOT IN THE DATABASE if (!$registeredUser) {$message = "Sorry - this user does not exist or is no longer registered";} } } return $message; } function remove_bad_words($text){ $content = GetResponseString("includes/badwords.inc"); $badwords = explode("\n",$content); foreach($badwords as $block){ $block = strtolower($block); $block = str_replace("\r","",$block); $block = str_replace("\n","",$block); $badSearch = ""; for($i = 0; $i < strlen($block); $i++){ $letter = substr($block,$i,1); if(strlen($letter) != 0 && $letter != " "){ $badSearch .= $letter; if(strlen($block) > $i) $badSearch .= "[^A-z]*"; } } if(strlen($badSearch) != 0){ $strReplace = substr($block,0,1); for($i = 1; $i < strlen($block); $i++) $strReplace .= "*"; $text = eregi_replace($badSearch,$strReplace,$text); } } return $text; } $str_today = date("Y-m-d H:i:s"); function date_diff($str_start, $str_end){ $defdate = $str_start; $str_start = strtotime($str_start); $str_end = strtotime($str_end); $nseconds = $str_end - $str_start; $ndays = floor($nseconds / 86400); $nseconds = $nseconds % 86400; $nhours = floor($nseconds / 3600); $nseconds = $nseconds % 3600; $nminutes = floor($nseconds / 60); $nseconds = $nseconds % 60; $retString = ""; if($ndays > 0){ $retString .= $defdate; return "at " . $retString; } if($nhours > 0){ $retString .= " " . $nhours . " hour"; if($nhours > 1) $retString .= "s"; } if($nminutes > 0){ $retString .= " " . $nminutes . " minute"; if($nminutes > 1) $retString .= "s"; } if(strcmp($retString,"") == 0) $retString = "< 1 minute"; return $retString . " ago"; } function profileBox(){ global $db,$loggedIn,$sitepath,$templateimagepath; $site_template = getSetting("sitetemplate",$db); $template_file = "templates/" . $site_template . "/modules/profile_content.php"; if ((getSetting("new_template",$db)==1)&&(file_exists($template_file))) { include_once ($template_file); $profileoutput = profileBox_new(); return $profileoutput; } else { $sitefolder = getSetting("sitefolder",$db); $sitetemplate =getSetting("sitetemplate",$db); $rootpath = $_SERVER['DOCUMENT_ROOT'].$sitefolder; $path = "http://" . $_SERVER['SERVER_NAME'].$sitefolder; // GET LOGGED IN USER'S ID $db->query("SELECT * FROM member WHERE username = '".quote_smart($_SESSION['username'])."'"); $res = $db->fetch(); $loggedInid = $res['id']; // GET PROFILE DETAILS $user_name = quote_smart($_GET['user']); $db->query("SELECT * FROM member WHERE username = '".$user_name."'"); $userrow = $db->fetch(); $aboutme = $userrow['aboutme']; $age = $userrow['age']; $gender = $userrow['gender']; $location = $userrow['location']; $profileid = $userrow['id']; if (($loggedInid!=$profileid)&&($loggedIn)) { $db->query("UPDATE member SET profileviews=profileviews+1 WHERE id=".$profileid); $db->query("SELECT viewerhistory FROM member WHERE id=".$profileid); $hres=$db->fetch(); $viewerhistory=$hres['viewerhistory']; $media = array(); $count = 0; if(strlen($viewerhistory) != 0){ $pastviewers = split(":",$viewerhistory); if ($pastviewers[count($pastviewers)-2]!="") { $lastviewer = $pastviewers[count($pastviewers)-2]; } else { $lastviewer = -1; } } if ($loggedInid!=$lastviewer) { $viewerhistory .= $loggedInid.":"; $db->query("UPDATE member SET viewerhistory = '".$viewerhistory."' WHERE id=".$profileid); } } $avatargender = $userrow['gender']>0 ? 'female' : 'male'; $avatar = $templateimagepath."default_".$avatargender."_avatar.jpg"; if(@file_exists("uploads/avatars/".$userrow['avatar'])&&($userrow['avatar']!="")) { $avatar = $sitepath."uploads/avatars/".$userrow['avatar']; } $avatar = str_replace(" ","%20", $avatar); $profileoutput = ' <div id="profile"><img class="thumb" width='.getSetting("avatar_w",$db).'px height='.getSetting("avatar_h",$db).'px class="thumb" src="'.$avatar.'" /> <h3>About '.$user_name.'</h3> <p>'.$aboutme.'</p>'; if (($age!="")||($gender!="")) { $profileoutput .= '<p>'; if ($age!="") { $profileoutput .= 'age '.$age.' '; } if ($gender!="") { $profileoutput .= ' - '; if ($gender==1) { $profileoutput .= "female"; } else { $profileoutput .= "male"; } } $profileoutput .= '</p>'; } if ($location!='') { $profileoutput .= '<p>location: '.$location.'</p>'; } $iconpath = $path.'templates/'.$sitetemplate.'/layout/skin1/'; $userisfriend = false; $userisblocked = false; $userisapproved = false; $requestreceived = false; $requestsent = false; $receivedicanaccept = false; $receivedremovedme = false; $pendingcancancel = false; $iremovedmakerequest = false; $userisfriend = false; $notonlistcanrequest = false; if ($loggedIn) { $db->query("SELECT * from friend WHERE (userid = ".$profileid." AND friendid = ".$loggedInid.") OR (userid = ".$loggedInid." AND friendid = ".$profileid.")"); $friendres = $db->fetch(); $useronfriendslist = ($db->numRows() > 0); if (($useronfriendslist)&&($profileid!=$loggedInid)) //don't check friends if user owns profile { $requestapproved = ($friendres['friend_approved']) > 0; $requestremoved = ($friendres['friend_removed']) > 0; if (!$requestapproved) // user is not friend { //now check if the request was sent or received if ($friendres['userid']==$loggedInid) // Received request { $requestreceived=true; if (!$requestremoved) { $receivedicanaccept = true;//arr } else { $receivedremovedme = true;//rfa } } else // It's a sent request { $requestsent=true; if (!$requestremoved) { $pendingcancancel = true; //csr } else { $iremovedmakerequest = true; //rmaf } } } else //no friend record { $userisfriend = true; //afr } } else { $notonlistcanrequest = true; //af } $db->query("SELECT * from blocked WHERE blockee_id = ".$profileid." AND blocker_id = ".$loggedInid); $userisblocked = ($db->numRows() > 0); $db->query("SELECT * from subscription WHERE userid=".$loggedInid." AND subscribedtoid=".$profileid); $userissubscribed = ($db->numRows() > 0); } $proflink = $path.'profile/'.$_GET['user']; $friendaddlink = $proflink.'/af'; $receivedicanacceptlink = $proflink.'/arr'; $receivedremovedmelink = $proflink.'/rfa'; $pendingcancancellink = $proflink.'/csr'; $iremovedmakerequestlink = $proflink.'/rmaf'; $userisfriendlink = $proflink.'/afr'; $notonlistlink = $proflink.'/af'; $blocklink = $path.'profile/'.$_GET['user'].'/bl'; $sublink = $path.'profile/'.$_GET['user'].'/sb'; $unblocklink = $path.'profile/'.$_GET['user'].'/ub'; $unsublink = $path.'profile/'.$_GET['user'].'/us'; $sendmessagelink = $path.'profile/'.$_GET['user'].'/sm'; if ($loggedIn) { if ($profileid!=$loggedInid) //don't show the links if the user owns the profile { if ($receivedicanaccept) { $profileoutput .= '<p><b>'.$user_name.' has sent you a friend request: <a href="'.$receivedicanacceptlink.'">accept the request</a></b></p>'; } if ($receivedremovedme) { $profileoutput .= '<p><b>'.$user_name.' removed you from friends list: <a href="'.$receivedremovedmelink.'">request again</a></b></p>'; } if ($pendingcancancel) { $profileoutput .= '<p><b>'.$user_name.' has not accepted your request yet: <a href="'.$pendingcancancellink.'">cancel request</a></b></p>'; } if ($iremovedmakerequest) { $profileoutput .= '<p><b><a href="'.$iremovedmakerequestlink.'">send '.$user_name.' a friend request</a></b></p>'; } if ($userisfriend) { $profileoutput .= '<p><b>you are '.$user_name.'\'s friend <a href="'.$userisfriendlink.'">remove '.$user_name.' from your friends list</a></b></p>'; } if ($notonlistcanrequest) { $profileoutput .= '<p><b><a href="'.$notonlistlink.'">send '.$user_name.' a friend request</a></b></p>'; } if (canMessageForMenu()=='') { $profileoutput .= '<div class="lnk"><a href="'.$sendmessagelink.'"><img src="'.$iconpath.'icn_send_message.jpg" alt="" border=0/>send '.$user_name.' a message</a></div>'; } else { $profileoutput .= '<div class="lnk"><img src="'.$iconpath.'icn_send_message.jpg" alt="" border=0/>'.canMessageForMenu().'</div>'; } if (!$userisblocked) { $profileoutput .= '<div class="lnk"><a href="'.$blocklink.'"><img src="'.$iconpath.'icn_send_message.jpg" alt="" border=0/>block '.$user_name.' from commenting on my profile or sending messages</a></div>'; } else { $profileoutput .= '<div class="lnk"><a href="'.$unblocklink.'"><img src="'.$iconpath.'icn_send_message.jpg" alt="" border=0/>Remove block for '.$user_name.'</a></div>'; } if (!$userissubscribed) { $profileoutput .= '<div class="lnk"><a href="'.$sublink.'"><img src="'.$iconpath.'icn_send_message.jpg" alt="" border=0/>subscribe (receive emails when '.$user_name.' uploads new media)</a></div>'; } else { $profileoutput .= '<div class="lnk"><a href="'.$unsublink.'"><img src="'.$iconpath.'icn_send_message.jpg" alt="" border=0/>Unsubscribe from '.$user_name.'</a></div>'; } } } else { $profileoutput .= '<p><div class="lnk"><img src="'.$iconpath.'icn_send_message.jpg" alt="" border=0/>log in to send '.$user_name.' a message</div></p>'; } $profileoutput .= "</div>"; return $profileoutput; } } global $db,$loggedIn; $user_name = quote_smart($_GET['user']); $db->query("SELECT * FROM member WHERE username = '".quote_smart($_GET['user'])."'"); $res = $db->fetch(); $userID = $res['id']; $message = ""; if (canComment()=='') { if (isset($_POST['submit'])&&($_POST['type']=='addcomment')) { if((($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])))||((getSetting("captchaformembers",$db)==0) &&($loggedIn))) { if (!empty($_POST['name'])) { if (!empty($_POST['text'])) { if(strlen($_POST['text']) <= getSetting('comment_length', $db)) { $commenttext = quote_smart($_POST['text']); $commenttext = apply_word_censor($commenttext); if ($_POST['visitor']=='visitorposting') { if((getSetting("restrictpc",$db) == "0")||($loggedIn)) $db->query("INSERT INTO `profile_comment` (userid, leftbyname, date, comment,regdposter) VALUES ('".$userID."', '".quote_smart($_POST['name'])."', '".time()."', '".$commenttext."',0);"); } else { $db->query("INSERT INTO `profile_comment` (userid, leftbyname, date, comment,regdposter) VALUES ('".$userID."', '".quote_smart($_SESSION['username'])."', '".time()."', '".$commenttext."',1);"); } $message = '<b>Your comment was added successfully. Thank you.</b>'; } else { $message = '<blink><b>Your comment is too long, please make it less then ' . getSetting('comment_length', $db) . ' characters.</b></blink>'; } } else { $message = '<blink><b>You have to fill in something in the text box.</b></blink>'; } } else { $message = '<blink><b>You have to fill in your name.</b></blink>'; } } else { $message = '<blink><b>Please enter the security code on the form</b></blink>'; } } unset($_SESSION['security_code']); } ?>