Location: PHPKode > projects > Chirp: The Microblog > chirp.v.1.1/index.php
<?php

	session_start();

	header ("Cache-control: private");

	error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);

	

	include("includes/config.inc.php");

	include("includes/db.inc.php");

	include("language/language.".$language.".php");

	include("includes/functions.inc.php");

	include("includes/messages.inc.php");

	include("includes/followxxx.inc.php");

	

	$loc 	= htmlspecialchars(@$_GET['loc'],ENT_QUOTES);

	$hdr 	= file_get_contents('themes/'.$theme.'/header.theme.html');

	$lpanel = file_get_contents('themes/'.$theme.'/left_panel.theme.html');

	$cpanel = file_get_contents('themes/'.$theme.'/center_panel.theme.html');

	$rpanel = file_get_contents('themes/'.$theme.'/right_panel.theme.html');

	$ftr 	= file_get_contents('themes/'.$theme.'/footer.theme.html');

	$messagestream = '';

	$statmsg = '';

	$act = '';

	$actmsgtype = 0;

	$badmsg = false;

	$msgpage = 0;



	if ($_SERVER['REQUEST_METHOD'] == 'GET'){

		if(strpos($loc,"@") !== false){

			$profname = substr($loc,1);

			header("Location: ".$url."@/".$profname);

			exit();

		}

	}

	

	if ($loc == 'login'){

		if ($_SERVER['REQUEST_METHOD'] == 'POST'){

			if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['pw']) && !empty($_POST['pw'])){

				$username = htmlspecialchars($_POST['username']);

				$pw = htmlspecialchars($_POST['pw']);	

				if (FUNCT_GET_LOGIN($username, $pw)){

					header("Location: ".$url."main");

					exit();

				}else{

					$statmsg = $msgblock9;

				}

			}

		}

	}

	

	if (isset($_SESSION['loggedon']) && ($_SESSION['loggedon'] == true)){

		if ($_SERVER['REQUEST_METHOD'] == 'POST'){

			if(isset($_POST['message1']) && !empty($_POST['message1']) && (strlen($_POST['message1']) > 1)){

				$message1 = htmlspecialchars(substr($_POST['message1'],0,$max_msg_size-1),ENT_QUOTES);

				$message1 = mysql_real_escape_string($message1);

				

				if ($use_bad_word_filer == 1){

					$message1 = FUNCT_WORD_FILTER($message1);

				}

				

				if ($use_keyword_spam_filter == 1){

					if (keywords_funct($message1) == 'GOOD') {

						mysql_query('INSERT INTO chirpmsg (ID,USERID,USERMSG,ENTRYDATE) VALUES ("'.microtime().'",'.$_SESSION['USERID'].',"'.substr($message1,0,$max_msg_size).'",NOW())');

						if(mysql_errno()){

							echo mysql_errno() . ': ' . mysql_error() . "\n";

							die();

						}else{

							header("Location: ".$url.$_SESSION['loc']);

							exit();

						}	

					}elseif(keywords_funct($message1) == 'BAD'){

						$statmsg = $msgblock8;

					}

				}else{

					mysql_query('INSERT INTO chirpmsg (ID,USERID,USERMSG,ENTRYDATE) VALUES ("'.microtime().'",'.$_SESSION['USERID'].',"'.substr($message1,0,$max_msg_size).'",NOW())');

					if(mysql_errno()){

						echo mysql_errno() . ': ' . mysql_error() . "\n";

						die();

					}else{

						header("Location: ".$url.$_SESSION['loc']);

						exit();

					}

				}

			}

		}

		if ($_SERVER['REQUEST_METHOD'] == 'GET'){

			if(strpos($loc,"@") !== false){

				$profname = substr($log,1);

				header("Location: ".$url."@/".$profname);

				exit();

			}

			if(isset($_GET['page']) && !empty($_GET['page']) && is_numeric($_GET['page'])){

				$msgpage = htmlspecialchars($_GET['page'],ENT_QUOTES);

			}else{

				$msgpage = 0;	

			}

			

			if(strpos($loc,"/") !== false){

				$locarray = explode("/",$loc);

				if (count($locarray) == 3){

					$act = addslashes(mysql_real_escape_string(htmlspecialchars($locarray[1],ENT_QUOTES)));

					$actval = addslashes(mysql_real_escape_string(htmlspecialchars($locarray[2],ENT_QUOTES)));

				}

			}

			

			if(isset($_GET['act']) && !empty($_GET['act'])){

				if($_GET['act'] == 'friend'){

					if(isset($_GET['actval']) && !empty($_GET['actval'])){

						if(is_numeric($_GET['actval'])){

							$act = addslashes(mysql_real_escape_string(htmlspecialchars($_GET['act'],ENT_QUOTES)));

							$actval = addslashes(mysql_real_escape_string(htmlspecialchars($_GET['actval'],ENT_QUOTES)));

						}

					}

				}

			}

		

			switch($act){

				case "del":

					mysql_query('DELETE FROM chirpmsg WHERE ID = "'.$actval.'" AND USERID = '.$_SESSION['USERID'].' LIMIT 1');

					if(mysql_errno()){

						echo mysql_errno() . ': ' . mysql_error() . "\n";

						die();

					}else{

						header("Location: ".$url.$_SESSION['loc']);

						exit();

					}

					break;

				case "fav":

					if (!empty($actval)){

						$result = mysql_query('SELECT * FROM favorites WHERE MSGID = "'.$actval.'" AND USERID = '.$_SESSION['USERID'].' LIMIT 1');

						$cnt = mysql_num_rows($result);

						if($cnt > 0){

							$sqltxt = 'DELETE FROM favorites WHERE MSGID = "'.$actval.'" AND USERID = '.$_SESSION['USERID'].' LIMIT 1';

						}else{

							$sqltxt = 'INSERT INTO favorites (USERID,MSGID) VALUES ('.$_SESSION['USERID'].',"'.$actval.'")';

						}

						mysql_query($sqltxt);

						if(mysql_errno()){

							echo mysql_errno() . ': ' . mysql_error() . "\n";

							die();

						}else{

							header("Location: ".$url.$_SESSION['loc']);

							exit();

						}

					}

					break;

				case "friend":

					if (!empty($actval) && is_numeric($actval)){

						$result = mysql_query('SELECT * FROM friends WHERE FRIENDID = "'.$actval.'" AND USERID = '.$_SESSION['USERID'].' LIMIT 1');

						$cnt = mysql_num_rows($result);

						if($cnt > 0){

							$sqltxt = 'DELETE FROM friends WHERE FRIENDID = "'.$actval.'" AND USERID = '.$_SESSION['USERID'].' LIMIT 1';

						}else{

							$sqltxt = 'INSERT INTO friends (USERID,FRIENDID) VALUES ('.$_SESSION['USERID'].',"'.$actval.'")';

						}

						mysql_query($sqltxt);

						if(mysql_errno()){

							echo mysql_errno() . ': ' . mysql_error() . "\n";

							die();

						}else{

							if($_SESSION['loc'] == 'search'){

								header("Location: ".$url."index.php?loc=".$_SESSION['loc']."&name=".$_GET['name']."&page=".$msgpage);

							}else{

								header("Location: ".$url.$_SESSION['loc']);

							}

							exit();

						}

					}

					break;

			}

		}

					

		switch($loc){

			case "search":

				if((isset($_POST['name']) && !empty($_POST['name'])) || (isset($_GET['name']) && !empty($_GET['name']))){

					$actmsgtype = 4;

					if($_SERVER['REQUEST_METHOD'] == 'GET'){

						$searchqry = addslashes(mysql_real_escape_string(htmlspecialchars($_GET['name'],ENT_QUOTES)));

					}elseif ($_SERVER['REQUEST_METHOD'] == 'POST'){

						$searchqry = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['name'],ENT_QUOTES)));

					}

					$chirp_query = FUNCT_USER_SEARCH($searchqry);

					$_SESSION['loc'] = $loc;

				}else{

					$chirp_query = "SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE users.USERID = ". $_SESSION["USERID"] ." UNION SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE users.USERID IN (SELECT FRIENDID FROM friends WHERE USERID = ". $_SESSION["USERID"] .")";

					$_SESSION['loc'] = "main";

				}

				break;

			case "main":

				$chirp_query = "SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE users.USERID = ". $_SESSION["USERID"] ." UNION SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE users.USERID IN (SELECT FRIENDID FROM friends WHERE USERID = ". $_SESSION["USERID"] .")";

				$_SESSION['loc'] = $loc;

				break;

			case "everyone":

				$chirp_query = "SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE (chirpmsg.USERID = users.USERID)";

				$_SESSION['loc'] = $loc;

				break;

			case "mentions":

				$chirp_query = "SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE (chirpmsg.USERMSG LIKE '%@" . $_SESSION["USERNAME"] . "%')";

				$_SESSION['loc'] = $loc;

				break;

			case "favorites":

				$chirp_query = "SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE chirpmsg.ID IN (SELECT MSGID FROM favorites WHERE USERID = " . $_SESSION["USERID"] . ")";

				$_SESSION['loc'] = $loc;

				break;

			case "archive":

				$chirp_query = "SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE (chirpmsg.USERID = " . $_SESSION["USERID"] . ")";

				$_SESSION['loc'] = $loc;

				break;

			case "recent":

				$chirp_query = "SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE users.USERID = ". $_SESSION["USERID"] ." UNION SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE users.USERID IN (SELECT FRIENDID FROM friends WHERE USERID = ". $_SESSION["USERID"] .")";

				$_SESSION['loc'] = $loc;

				break;

			case "profile":

				header("Location: users/profile");

				exit();

				break;

			case "account":

				header("Location: users/account");

				exit();

				break;

			case "following":

				$actmsgtype = 1;

				$_SESSION['loc'] = $loc;

				break;

			case "followers":

				$actmsgtype = 2;

				$_SESSION['loc'] = $loc;

				break;

			case 'messages';

				$actmsgtype = 3;

				$grooner_query = 'SELECT directmessages.MSGID, directmessages.TO_USERNAME, directmessages.FROM_USERNAME, directmessages.ENTRYDATE, directmessages.MESSAGE, users.USERID AS USERID FROM directmessages INNER JOIN users ON directmessages.FROM_USERNAME = users.USERNAME WHERE directmessages.TO_USERNAME = "'.$_SESSION["USERNAME"].'"';

				break;

			case "logout":

				$_SESSION = array();

				session_destroy();

				header("Location: ".$url."#");

				exit();

				break;

			default:

				$chirp_query = "SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE users.USERID = ". $_SESSION["USERID"] ." UNION SELECT chirpmsg.ID, chirpmsg.USERID, chirpmsg.USERMSG, chirpmsg.ENTRYDATE, users.USERNAME FROM chirpmsg INNER JOIN users ON chirpmsg.USERID = users.USERID WHERE users.USERID IN (SELECT FRIENDID FROM friends WHERE USERID = ". $_SESSION["USERID"] .")";

				$_SESSION['loc'] = "main";

		}

		$messagestream = file_get_contents('themes/'.$theme.'/msg_list.theme.html');

		if(strpos($messagestream,"%MESSAGESTREAM%") !== false){

			if($actmsgtype == 1){

				$messagestream = str_replace('%MESSAGESTREAM%',List_Friends($_SESSION['USERID'],$msgpage),$messagestream);

			}elseif($actmsgtype == 2){

				$messagestream = str_replace('%MESSAGESTREAM%',List_Followers($_SESSION['USERID'],$msgpage),$messagestream);

			}elseif($actmsgtype == 3){

				$messagestream = str_replace('%MESSAGESTREAM%','',$messagestream);

			}elseif($actmsgtype == 4){

				$messagestream = str_replace('%MESSAGESTREAM%',List_People($chirp_query,$searchqry,$msgpage),$messagestream);

			}else{

				$messagestream = str_replace('%MESSAGESTREAM%',getDBNFO($_SESSION['USERID'], $chirp_query,$msgpage),$messagestream);

			}

		}

		

	}

	

	$ndx = $hdr.$lpanel.$cpanel.$rpanel.$ftr;

	echo PAGE_PROCESSING($ndx,$statmsg,$messagestream);

	

	mysql_close($connection);



?>
Return current item: Chirp: The Microblog