Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- diff --git a/results.php b/results.php
- index 28e78d7..a3d71a2 100644
- --- a/results.php
- +++ b/results.php
- @@ -195,7 +195,6 @@ echo '<strong>ID</strong>: ' .$id.'<br></div>';
- <div class="box_inside">
- <form method="POST">
- <input type="hidden" name="sid" value="<?= htmlspecialchars(session_id(), ENT_QUOTES) ?>" />
- -<table>
- <?php
- /**
- * Save comment?
- @@ -234,12 +233,32 @@ if (isset($_SESSION['user'], $_POST['sid'], $_POST['text'])) {
- /**
- * Load comments and display them
- */
- -$q = mysql_query("SELECT text, timestamp, setname, avatar FROM members_comments LEFT JOIN members ON members.id = commenter WHERE subject = {$name10['id']}");
- -if (!$q) {
- +$page = isset($_GET['page']) ? intval($_GET['page']) * 10: 0;
- +
- +$c = mysql_query("SELECT COUNT(*) AS count FROM members_comments WHERE subject = {$name10['id']}");
- +if (!$c) {
- die(mysql_error());
- }
- +$c = mysql_fetch_object($c);
- +$c = floor($c->count / 10);
- +$pagination = array();
- +for ($i = 0; $i <= $c; $i++) {
- + $pagination[] = '<a href="/results.php?setname=' . urlencode($_GET['setname']) . '&page=' . $i . '">'. ($i+1) . '</a>';
- +}
- +$pagination = join($pagination, ' | ');
- +$q = mysql_query("SELECT text, timestamp, UNIX_TIMESTAMP(timestamp) AS unixtime, setname, avatar FROM members_comments LEFT JOIN members ON members.id = commenter WHERE subject = {$name10['id']} ORDER BY timestamp DESC LIMIT $page, 10");
- +if (!$q) {
- + die(mysql_error());
- +}
- +?>
- +<center><?= $pagination ?></center>
- +<table>
- +<?php
- while ($row = mysql_fetch_assoc($q)) {
- + if ($row['unixtime'] > $_SESSION['last_comment_seen']) {
- + $_SESSION['last_comment_seen'] = $row['unixtime'];
- + }
- ?>
- <tr style="border-bottom: 1px solid black">
- <td><a href="results.php?setname=<?= urlencode($row['setname']) ?>"><?= htmlspecialchars($row['setname']) ?></a><br /><i><?= htmlspecialchars($row['timestamp']) ?></i><br /><img src="<?= htmlspecialchars($row['avatar']) ?>" /></td>
- @@ -366,4 +385,4 @@ if (isset($_SESSION['user'])) {
- </div>
- </body>
- -</html>
- \ No newline at end of file
- +</html>
- diff --git a/validate.php b/validate.php
- index f0a12af..3cae1b3 100644
- --- a/validate.php
- +++ b/validate.php
- @@ -72,7 +72,7 @@ $ban = $name30[ban];
- if($ban == 0){
- -$query = "Select password FROM members WHERE setname = '".$user."' AND activationcode IS NULL";
- +$query = "Select id, password FROM members WHERE setname = '".mysql_real_escape_string($user)."' AND activationcode IS NULL";
- $result = mysql_query($query) or die(mysql_error());
- $name = mysql_fetch_array($result);
- $pass1 = $name[password];
- @@ -82,6 +82,18 @@ $_SESSION['user'] = $user; //creates the session variable $_SESSION['user']
- $_SESSION['pass'] = $pass; //creates the session variable $_SESSION['pass']
- echo "<center>Congratulations " .$user. " You are successfully <a href='index.php'>logged in.</a></center>";
- echo "<br /><br />";
- +
- +// Check for new comments
- +$last_comment_seen = intval($_SESSION['last_comment_seen']);
- +$q = mysql_query("SELECT COUNT(*) AS count FROM members_comments WHERE subject = {$name['id']} AND UNIX_TIMESTAMP(timestamp) > $last_comment_seen");
- +if (!$q) {
- + die(mysql_error());
- +}
- +$comments = mysql_fetch_object($q);
- +if ($comments->count) {
- + print '<p><strong>New comments on your <a href="/results.php?setname=' . urlencode($_POST['user']) . '">profile page</a>: ' . $comments->count . '</strong></p>';
- +}
- +
- }
- else{
- @@ -205,4 +217,4 @@ echo 'You are banned';
- </div>
- </body>
- -</html>
- \ No newline at end of file
- +</html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement