-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathusers.php
More file actions
106 lines (100 loc) · 4.18 KB
/
users.php
File metadata and controls
106 lines (100 loc) · 4.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
session_set_cookie_params([
'secure' => true,
'httponly' => true,
'samesite' => 'None'
]);
ini_set('session.cookie_domain', '.mateishome.page');
session_start();
include_once __DIR__ . "/account/checkAccountIsModerated.php";
$mysqli = require __DIR__ . "/db.php";
if (isset($_SESSION["user_id"])) {
$sql = "SELECT username FROM users WHERE id = {$_SESSION["user_id"]}";
$result = $mysqli->query($sql);
$user = $result->fetch_assoc();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<?php
require_once __DIR__ . "/applets/createHeadSection.php";
createHeadSection('"Real" People!', '"Real" People!', 'Here you can find all of the users who have made the mistake of signing up to my awesome website.');
?>
</head>
<body>
<script>
if ( window !== window.parent )
{
window.location.replace("https://mateishome.page/dontputmeinaniframe!.html"); // The page is in an iframe
//window.location.replace("about:inducebrowsercrashforrealz"); // EVIL The page is in an iframe
}
</script>
<div class="page">
<?php
include_once __DIR__ . "/applets/navigation_bar.php"; // :3
?>
<br>
<div class="appletContainer">
<a href="users.php?offset=<?php if($_GET['offset'] < 6) { echo '0';} else { echo $_GET['offset'] - 6;} ?>&search=<?php echo $_GET['search'] ?>" style="margin-top: auto; margin-bottom: auto;"><button style="margin: 0px;" class="navigationButton">Previous</button></a> <!--stolen from guestbook.php... mwahahaha-->
<div class="mediumApplet" style="text-align: center; margin: auto;">
<h1>Users</h1>
<form method="get">
<label for="search">Search by username:</label><br>
<input type="text" id="search" name="search" placeholder="admin" value="<?php echo $_GET['search']; ?>">
<input type="submit">
</form>
</div>
<a href="users.php?offset=<?php echo $_GET['offset'] + 6; ?>&search=<?php echo $_GET['search'] ?>" style="margin-top: auto; margin-bottom: auto;"><button style="margin: 0px;" class="navigationButton">Next</button></a>
</div>
<?php //i stole half of this code from guestbook.php and i dont care
$offset = (int) $_GET['offset']; //integer :P
$search = $_GET['search'];
$searchParameter = "%$search%"; // why not searchParakilometer??!?
require '/var/www/html/db.php';
if ($offset) {
if($search) {
$sql = "SELECT * FROM users WHERE username LIKE ? ORDER BY CHAR_LENGTH(`username`) LIMIT 6 OFFSET ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('si', $searchParameter, $offset);
$stmt->execute();
$result = $stmt->get_result();
} else {
$sql = "SELECT * FROM users ORDER BY id DESC LIMIT 6 OFFSET ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('i', $offset);
$stmt->execute();
$result = $stmt->get_result();
}
} else {
if($search) {
$sql = "SELECT * FROM users WHERE username LIKE ? ORDER BY CHAR_LENGTH(`username`) LIMIT 6";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('s', $searchParameter);
$stmt->execute();
$result = $stmt->get_result();
} else {
$sql = "SELECT * FROM users ORDER BY id DESC LIMIT 6";
$result = $mysqli->query($sql);
}
}
require_once '/var/www/html/api/internalFunctions.php';
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
echo '<br>';
echo '<div class="largeApplet" style="display: flex;">';
echo '<img onerror="this.onerror=null; this.src=\'/files/images/pfps/error.png\'" src="' . getPfpFromUsername($row['username']) . '" class="pfpLarge" alt="profile" style="height: 120px; width: 120px;">';
echo '<div style="margin-left: 10px; display: flex; flex-direction: column; position: relative;">';
echo '<div style="display: flex; justify-content: space-between; width: 910px;">';
echo '<span class="username" style="overflow: visible;">' . htmlspecialchars($row['username']) . '</span>';
echo '<oblique>#' . htmlspecialchars($row['id']) . '</oblique>';
echo '</div>';
echo '<span>' . htmlspecialchars($row['shortbio']) . '</span>';
echo '<span style="position: absolute; bottom: 0; width: 750px;">' . htmlspecialchars($row['username']) . ' signed up on ' . htmlspecialchars($row['date_created']) . '</span>';
echo '</div></div>';
}
}
?>
</div>
</body>
</html>