-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuser.php
147 lines (137 loc) · 4.62 KB
/
user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<?php
// Import util functions
require("util.php");
checkSession();
dbConnect();
// Get username from url
$username = null;
if (isset($_GET["id"])) {
$username = htmlspecialchars($_GET["id"]);
}
// Get user from given username
if (!empty($username)) {
$result = userFromUsername($username);
if (!empty($result)) {
$userid = $result["id"];
// Remove contact if needed
if (isset($_POST["removeContact"])) {
$stmt = $conn->prepare("UPDATE contacts SET status = 0 WHERE (user1 = :id AND user2 = :userid) OR (user1 = :userid AND user2 = :id)");
$stmt->bindParam(":id", $id);
$stmt->bindParam(":userid", $userid);
$stmt->execute();
}
// Accept contact request if needed
if (isset($_POST["acceptContactRequest"])) {
$stmt = $conn->prepare("UPDATE contacts SET status = 2 WHERE user1 = :userid AND user2 = :id");
$stmt->bindParam(":id", $id);
$stmt->bindParam(":userid", $userid);
$stmt->execute();
}
// Decline contact request if needed
if (isset($_POST["declineContactRequest"])) {
$stmt = $conn->prepare("UPDATE contacts SET status = 0 WHERE user1 = :userid AND user2 = :id");
$stmt->bindParam(":id", $id);
$stmt->bindParam(":userid", $userid);
$stmt->execute();
}
// Revoke contact request if needed
if (isset($_POST["revokeContactRequest"])) {
$stmt = $conn->prepare("UPDATE contacts SET status = 0 WHERE user1 = :id AND user2 = :userid");
$stmt->bindParam(":id", $id);
$stmt->bindParam(":userid", $userid);
$stmt->execute();
}
// Add contact if needed
if (isset($_POST["addContact"])) {
$stmt = $conn->prepare("SELECT * FROM contacts WHERE user1 = :id AND user2 = :userid");
$stmt->bindParam(":id", $id);
$stmt->bindParam(":userid", $userid);
$stmt->execute();
$result = $stmt->fetchAll();
// Create contact request
if (empty($result)) {
$stmt = $conn->prepare("INSERT INTO contacts(user1, user2, status) VALUES (:id, :userid, 1)");
$stmt->bindParam(":id", $id);
$stmt->bindParam(":userid", $userid);
$stmt->execute();
}
else {
$stmt = $conn->prepare("UPDATE contacts SET status = 1 WHERE user1 = :id AND user2 = :userid");
$stmt->bindParam(":id", $id);
$stmt->bindParam(":userid", $userid);
$stmt->execute();
}
}
}
}
prg();
echoHeader(1);
?>
<div id="content">
<div id="profile">
<?php
$result = userFromUsername($username);
if (empty($username) || empty($result)) {
echo("<p id=\"error\">User not found.</p>");
}
else {
$userid = $result["id"];
$firstname = $result["firstname"];
$lastname = $result["lastname"];
$bio = $result["bio"];
echo("<h2>" . $firstname . " " . $lastname . "</h2>");
$contacts = getContacts($id);
$sent = getSentRequests($id);
$received = getReceivedRequests($id);
if (in_array($userid, $contacts)) {
?>
<form style="float:left" method="post" action=<?php echo("user.php?id=" . $username); ?>>
<p id="label"><input type="submit" name="removeContact" value="Remove Contact" /></p>
</form>
<form style="float:right" method="post" action=<?php echo("messaging.php?id=" . $username); ?>>
<p id="label"><input type="submit" name="sendMessage" value="Send Message" /></p>
</form>
<?php
}
else if (in_array($userid, $sent)) {
?>
<form method="post" action=<?php echo("user.php?id=" . $username); ?>>
<p id="label"><input type="submit" name="revokeContactRequest" value="Revoke Contact Request" /></p>
</form>
<?php
}
else if (in_array($userid, $received)) {
?>
<form method="post" action=<?php echo("user.php?id=" . $username); ?>>
<p id="label"><input type="submit" name="acceptContactRequest" value="Accept Contact Request" /></p>
</form>
<form method="post" action=<?php echo("user.php?id=" . $username); ?>>
<p id="label"><input type="submit" name="declineContactRequest" value="Decline Contact Request" /></p>
</form>
<?php
}
else if ($userid != $id) {
?>
<form method="post" action=<?php echo("user.php?id=" . $username); ?>>
<p id="label"><input type="submit" name="addContact" value="Add Contact" /></p>
</form>
<?php
}
if (!empty($bio) && empty($_POST["editBio"])) {
?>
<div id="bio">
<?php echo($bio); ?>
</div>
<?php
}
else if (!empty($_POST["editBio"])) {
?>
<!-- Edit bio. -->
<?php
}
}
?>
</div>
</div>
</body>
</html>