Scribd Logo
Upload

Welcome to Scribd!

  • 13 views

    Message

    Uploaded by

    Đăng Khoa

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Message

    Uploaded by

    Đăng Khoa
    13 views4 pages

    Original Title

    message

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    13 views4 pages

    Message

    Uploaded by

    Đăng Khoa

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 4

    <?

    php

    $link = mysqli_connect('localhost','root','','users');
    $error = "";
    if (isset($_POST['submit'])){
    if (!$_POST['username']){
    $error.="Username can not be empty<br>";
    }
    if (!$_POST['password']){
    $error.="Password can not be empty<br>";
    }
    if ($error == ""){
    if ($_GET['page']=='login'){
    $query = "SELECT * FROM `users` WHERE
    `username`='".mysqli_real_escape_string($link,$_POST['username'])."' AND
    `password`='".mysqli_real_escape_string($link,$_POST['password'])."'";

    $result = mysqli_query($link,$query);
    $row = mysqli_num_rows($result);
    // echo $row1;
    // echo $row;
    $_SESSION['id']=$row['id'];
    $_SESSION['username']=$row['username'];
    header("Location: http://localhost/dangkhoa/");
    echo $_SESSION['username'];
    if ($row>0){

    // if ($row = mysqli_fetch_array($result)){
    // session_start();

    // }
    // $_SESSION['id']=$row['id'];
    // $_SESSION['username']=$row['username'];
    // header("Location: http://localhost/dangkhoa/");
    // exit();
    // $_SESSION['id']=$row['id'];
    // $_SESSION['username']=$row['username'];
    // header("Location: http://localhost/dangkhoa/");
    // $query = "SELECT * FROM `users` WHERE
    `username`='".mysqli_real_escape_string($link,$_POST['username'])."' ";
    // $result = mysqli_query($link,$query);
    // if ($row = mysqli_fetch_array($result)){

    // }
    }
    else $error ="Login fail";
    }
    else
    if ($_GET['page']=='signup'){
    $query = "SELECT * FROM `users` WHERE
    `username`='".mysqli_real_escape_string($link,$_POST['username'])."' ";
    $query1 = "SELECT * FROM `users` WHERE
    `password`='".mysqli_real_escape_string($link,$_POST['password'])."' ";
    $result = mysqli_query($link,$query);
    $result1 = mysqli_query($link,$query);
    $row = mysqli_num_rows($result);
    $row1 = mysqli_num_rows($result1);
    if ($row>0 || $row1>0){
    $error = "Sign up fail";
    }
    else {
    $query = "INSERT INTO `users` (`username`,`password`) VALUE
    ('".mysqli_real_escape_string($link,
    $_POST['username'])."','".mysqli_real_escape_string($link,$_POST['password'])."')";
    $result = mysqli_query($link,$query);
    $query = "SELECT * FROM `users` WHERE
    `username`='".mysqli_real_escape_string($link,$_POST['username'])."' ";
    $result = mysqli_query($link,$query);

    if ($row = mysqli_fetch_array($result)){
    // session_start();
    $_SESSION['id']=$row['id'];
    $_SESSION['username']=$row['username'];
    header("Location: http://localhost/dangkhoa/");
    }
    // header("Location: http://localhost/dangkhoa/");
    }
    }
    }
    }

    if (isset($_POST['button-uptweet'])){
    $query = "SELECT * FROM `users` WHERE
    `username`='".mysqli_real_escape_string($link,$_SESSION['username'])."'";
    $result = mysqli_query($link,$query);
    if ($row = mysqli_fetch_array($result)){
    date_default_timezone_set('asia/ho_chi_minh');
    $t= date('Y/m/d')." ".date('H:i:s');
    $query = "INSERT INTO `tweet` (`userID`,`heading`,`content`,`date`)
    VALUE ('".mysqli_real_escape_string($link,
    $_SESSION['id'])."','".mysqli_real_escape_string($link,$_POST['heading-
    uptweet'])."','".mysqli_real_escape_string($link,$_POST['content-
    uptweet'])."','".mysqli_real_escape_string($link,$t)."')";
    $result = mysqli_query($link,$query);
    }

    if (isset($_POST['logoutsubmit'])){
    unset($_SESSION['id']);
    session_destroy();
    }

    if (isset($_POST['friendRequest'])){
    if (!isset($_SESSION['id']) || !isset($_SESSION)) {
    header("Location: ?page=signup");
    }else {
    if ($_POST['friendRequest']==1){
    $query = "INSERT INTO `friendrequest` (`userID`,`toID`) VALUE
    ('".mysqli_real_escape_string($link,
    $_SESSION['id'])."','".mysqli_real_escape_string($link,$_POST['userID'])."')";
    $result = mysqli_query($link,$query);
    } else if ($_POST['friendRequest']==0) {
    $query = "DELETE FROM `friendrequest` WHERE `userID` =
    '".mysqli_real_escape_string($link,$_SESSION['id'])."' AND `toID` =
    '".mysqli_real_escape_string($link,$_POST['userID'])."' ";
    $result = mysqli_query($link,$query);
    } else {
    $query = "DELETE FROM `friends` WHERE `userID` =
    '".mysqli_real_escape_string($link,$_SESSION['id'])."' AND `haveID` =
    '".mysqli_real_escape_string($link,$_POST['userID'])."' ";
    $result = mysqli_query($link,$query);
    }

    }
    }

    function display($type){
    global $link;
    if ($type=='public'){
    $where = "";
    }
    else if ($type=='search'){
    $where = "WHERE `content` LIKE "."'"."%".$_GET['search']."%"."'"." OR
    `heading` LIKE '"."%".$_GET['search']."%"."'" ;
    }
    $query = "SELECT * FROM `tweet` ".$where." ORDER BY `date` DESC";

    $result = mysqli_query($link,$query);
    while ($row = mysqli_fetch_array($result)){
    $query1 = "SELECT * FROM `users` WHERE `id` =
    '".mysqli_real_escape_string($link,$row['userID'])."' LIMIT 1 ";
    $result1 = mysqli_query($link,$query1);
    $row1 = mysqli_fetch_array($result1);
    $friend = "Kết bạn";
    $friendValue = 1;

    // echo $row1['username'];
    if (isset($_SESSION['id']) && $_SESSION['id'] && session_id() != '' &&
    session_status() !== PHP_SESSION_NONE){

    $query2 = "SELECT * FROM `friendrequest` WHERE `userid` =


    '".mysqli_real_escape_string($link,$_SESSION['id'])."' AND `toID` =
    '".mysqli_real_escape_string($link,$row['userID'])."' LIMIT 1 ";
    $result2 = mysqli_query($link,$query2);
    $query3 = "SELECT * FROM `friends` WHERE `userid` =
    '".mysqli_real_escape_string($link,$_SESSION['id'])."' AND `haveID` =
    '".mysqli_real_escape_string($link,$row['userID'])."' LIMIT 1 ";
    $result3 = mysqli_query($link,$query3);
    $query4 = "SELECT * FROM `friendrequest` WHERE `userid` =
    '".mysqli_real_escape_string($link,$row['userID'])."' AND `toID` =
    '".mysqli_real_escape_string($link,$_SESSION['id'])."' LIMIT 1 ";
    $result4 = mysqli_query($link,$query4);
    if (mysqli_num_rows($result2)==1){
    $friend = "Hủy kết bạn";
    $friendValue = 0;
    } else if (mysqli_num_rows($result3)==1){
    $friend = "Đã kết bạn";
    $friendValue = 2;
    }

    if (mysqli_num_rows($result4)==1){
    echo " <div class='box'><input type='hidden' name = 'userID'
    value='".$row1['id']."'><h2>".$row['heading']."</h2><span>By: ".
    $row1['username']."</span><form method='post'><button>Accept</button></form><form
    method='post'><button>Declipe</button></form><hr><div>".
    $row['content']."</div></div>" ;
    }
    else if ($_SESSION['id']==$row1['id'])
    echo " <div class='box'><h2>".$row['heading']."</h2><span>By:
    ".$row1['username']."</span><hr><div>".$row['content']."</div></div>" ;
    else
    echo " <div class='box'><form method='post'><input
    type='hidden' name = 'userID' value='".$row1['id']."'><h2>".
    $row['heading']."</h2><span>By: ".$row1['username']."</span><button
    name='friendRequest' value = '".$friendValue."'>".$friend."</button><hr><div>".
    $row['content']."</div></form></div>" ;
    }
    else echo " <div class='box'><form method='post'><input type='hidden'
    name = 'userID' value='".$row1['id']."'><h2>".$row['heading']."</h2><span>By: ".
    $row1['username']."</span><button name='friendRequest' value = '".
    $friendValue."'>".$friend."</button><hr><div>".
    $row['content']."</div></form></div>" ;
    }
    }

    You might also like