SSB/minimum.php

<?php
//	SSB - Simple Social Board - Simple layout
//	(C) Chris Dorman, 2012 - 2020
//	License: CC-BY-NC-SA version 3.0
//	http://github.com/Pentium44/SSB

//error_reporting(E_ALL); 
//ini_set('display_errors', 1);

session_start();
include "config.php";
include "functions.php";
include "bbcode.php";

// check if flatfile database location is populated
if(!file_exists("ssb_db"))
{
	mkdir("ssb_db", 0777);
}

if(!file_exists("ssb_db/users"))
{
	mkdir("ssb_db/users", 0777);
}

if(!file_exists("ssb_db/posts"))
{
	mkdir("ssb_db/posts", 0777);
}

if(!file_exists("ssb_db/uploads"))
{
	mkdir("ssb_db/uploads", 0777);
}

if(!file_exists("ssb_db/friends"))
{
	mkdir("ssb_db/friends", 0777);
}

$username = $_SESSION['ssb-user'];
//$_SESSION['ssb-topic'] = $ssbtopic;



?>
<!DOCTYPE html>
<html lang="en-us">
<head>
<title><?php echo htmlentities(stripslashes($ssbtitle)); ?></title>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=.55, shrink-to-fit=yes"><meta name="description" content="<?php echo htmlentities($ssbtitle) . " - " . $desc; ?>">
<link rel="stylesheet" type="text/css" href="minimum.css">
</head>
<body <?php if($_GET['do']=="pubmsg" || $_GET['do']=="privmsg") { echo "onload=\"UpdateTimer();\""; } ?>>

<script type="text/javascript">

	function wrapBBCode(tag) {
		var msgInput = document.getElementById('msg');
		var content = msgInput.value;
		var selectedContent = content.substring(msgInput.selectionStart, msgInput.selectionEnd);
		var beforeContent = content.substring(0, msgInput.selectionStart);
		var afterContent = content.substring(msgInput.selectionEnd, content.length);
		msgInput.value = beforeContent + '[' + tag + ']' + selectedContent + '[/' + tag + ']' + afterContent;
	}

	function userTag(tag) {
                var msgInput = document.getElementById('msg');
                var content = msgInput.value;
                var beforeContent = content.substring(0, msgInput.selectionStart);
                var afterContent = content.substring(msgInput.selectionEnd, content.length);
                msgInput.value = beforeContent + '@' + tag + afterContent;
        }
</script>
<div class='contain'>
<div id="navbar">
        <?php if(isset($_SESSION['ssb-user']) && isset($_SESSION['ssb-pass'])) { ?>
	<a href="minimum.php?forms=post">create post</a> &bull;
	<a href="minimum.php?userfeed=<?php echo $username; ?>">your profile</a> &bull;
	<a href="minimum.php?do=userctrl">settings</a> &bull;
    <a href="minimum.php?do=logout">logout</a><br />
	<a href="minimum.php">feed</a> &bull;
	<a href="minimum.php?do=friends">friends</a> &bull;
	<a href="minimum.php?do=about">about</a> &bull;
	<a href="minimum.php?do=users" title="Public users!">users</a> 
	<?php } else { ?>
	<a href="minimum.php?forms=login">login</a> &bull;
	<a href="minimum.php?do=about">about</a>
	<?php } ?>
</div>
<div class='title'><?php echo $ssbtitle; ?></div>

<?php

if(isset($username) && isset($_SESSION['ssb-pass']) && $_GET['do']!="avatarlocation") {
	// PM notifications
	$notifications = "ssb_db/friends/" . $username . ".notifications";
	$handle = fopen($notifications, "r");

	echo "<div class='notifications'>";
	echo "<table><tr><td><a class='button' href='?do=clrnote'>Clear notifications</a></td></tr>";

	if ($handle) {
		while (($line = fgets($handle)) !== false) {
			echo "<tr><td>" . $line . "</td></tr>";
		}
		fclose($handle);
	} else {
   		echo "<tr><td>No notifications</td></tr>";
	}

	echo "</table></div><br />";
}

if(isset($_GET['forms']))
{
	$forms = $_GET['forms'];
	$id = $_GET['pid'];
	if($forms=="register") {
		registerForm();
	}
	else if($forms=="login") {
		loginForm();
	}
	else if($forms=="friendreq") {
		friendReqForm();
	}
	else if($forms=="changepass") {
		changePassForm();
	}
	else if($forms=="deleteacct") {
		deleteAcctForm();
	}
	else if($forms=="avatarupload") {
                uploadAvatarForm();
        }
        else if($forms=="post")
        {
                postForm();
        }
        else if($forms=="clean")
        {
                cleanForm();
        }
        else { echo "ERROR: Unknown form-name<br>"; }
}
else if(isset($_GET['notify']))
{
        $notify = $_GET['notify'];
        if($notify=="1") { echo "Error: User not found"; }
        else if($notify=="2") { echo "Error: Incorrect password provided"; }
        else if($notify=="3") { echo "Error: Please fill out all the text boxes"; }
        else if($notify=="4") { echo "Error: The provided passwords did not match"; }
        else if($notify=="5") { echo "Error: Special characters cannot be used in your username"; }
        else if($notify=="6") { echo "Error: This username is already in use"; }
        else { echo "Error: unknown error... this is quite unusual..."; }
}
else if(isset($_GET['userfeed'])) 
{
	$userid = $_GET['userfeed'];
	// Make sure we're friends or is my account.
	include "ssb_db/users/" . $userid . ".php";
	if ($accttype == "private") {
		if (isset($_SESSION['ssb-user']) || isset($_SESSION['ssb-pass'])) {
			$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
			include "ssb_db/friends/" . $username . ".php";
			for($x = 1; $x <= $friendcount; $x++)
			{

				// If private, and user is following. Allow
				if($userid == ${"friend" . $x}) {
					echo "<table><tr><td>";
					echo "<div class='avatar' style=\"background-image: url('index.php?do=avatarlocation&user=" . $userid . "');\" title='User Avatar'></div><br />";
					// DONE
					echo "</td><td>";
					echo "<h3>User information</h3>";
					echo "Username: " . $userid . "@" . $domain . "<br />";
					echo "Full name: " . $user_fullname . "<br />";
					echo "<h3>User posts</h3>";
					echo "</td></tr></table>";
				}
			}

			// Check if viewing your own profile
			if($userid == $username)
			{
				echo "<table><tr><td>";
				// Get user avatar if set
            	echo "<div class='avatar' style=\"background-image: url('index.php?do=avatarlocation&user=" . $userid . "');\" title='User Avatar'></div><br />";
             	// DONE
              	echo "</td><td>";
				echo "<h3>User information</h3>";
				echo "Username: " . $userid . "@" . $domain . "<br />";
				echo "Full name: " . $user_fullname . "<br />";
				echo "<h3>User posts</h3>";
				echo "</td></tr></table>";

			}

			// Lets generate the users feed now.
			foreach(array_reverse(glob("ssb_db/posts/post_" . $userid . "_" . "*.php")) as $postfile) {
				//echo $postfile;
				include $postfile;
				for($x = 1; $x <= $friendcount; $x++)
				{
					if($postowner == ${"friend" . $x}) {
						echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>&nbsp;reply</a></h3></td></tr></table>";
						echo "" . bbcode_format($postcontent) . "";
						echo "</div><br />\n";
					}
				}

				if($postowner == $username)
				{
					echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>&nbsp;reply</a> &bull; <a href='minimum.php?do=delpost&user=$username&pid=$postid'>delete post</i></a></h3></td></tr></table>";
					echo "" . bbcode_format($postcontent) . "";
					echo "</div><br />\n";
				}
			}
			echo "<!-- Gen done...-->";
		}
	}
	else
	{
		echo "<h3>User information</h3>";
		echo "<table><tr><td>";
		// Get user avatar if set
		if(isset($user_avatar)) { echo "<img class='avatar' src='ssb_db/uploads/" . $user_avatar . "' title='User Avatar'><br />"; }
			// DONE
			echo "</td><td>";
			// If not friend, allow to send friend request from right here!
			$friend = 0;
			$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
			include "ssb_db/friends/" . $username . ".php";
			for($x = 1; $x <= $friendcount; $x++)
			{
				// If private, and user is following. Allow
				if($userid == ${"friend" . $x}) {
					$friend = 1;
				}
			}	
				
			if($friend!=1) {
				echo "<a class='button' href='minimum.php?do=sendfr&user=$userid'>Send friend request</a><br /><br />";
			}
             	
			echo "Username: " . $userid . "@" . $domain . "<br />";
			echo "Full name: " . $user_fullname;
			echo "</td></tr></table>";

		foreach(array_reverse(glob("ssb_db/posts/post_" . $userid . "_" . "*.php")) as $postfile) {
			//echo $postfile;
			include $postfile;
			echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>&nbsp;reply</a></h3></td></tr></table>";
			echo "" . bbcode_format($postcontent) . "";
			echo "</div><br />\n";
		}
	}
}
else if(isset($_GET['view']) && isset($_GET['user']))
{
	$puser = $_GET['user'];
	$id = $_GET['view'];
	$postc = file_get_contents("ssb_db/posts/reply_" . $puser . "_" . $id . ".count");
	include "ssb_db/posts/post_" . $puser . "_" . $id . ".php";

	echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span></h3></td></tr></table>";
	echo "" . bbcode_format($postcontent) . "";
	echo "</div><br />\n";

	for($x = 1; $x <= $postc; $x++) {
		$reply_content = ${"reply" . $x};
		$reply_user = ${"reply" . $x . "_user"};
		$reply_date = ${"reply" . $x . "_date"};
		
		echo "<div class='reply'>";
		echo "<table><tr><td><div class='avatar_small' style='background-image: url(\"index.php?do=avatarlocation&user=$reply_user\");' title='User Avatar'></div></td><td><h4><a onclick=\"userTag('$reply_user');\">$reply_user</a><span style='font-size: 8px; padding-left: 6px; color: #808080;'>$reply_date</span></h4></td></tr></table>";
		echo "<div class='reply_content'>" . bbcode_format($reply_content) . "</div>";
		echo "</div>\n";
	}

	echo "<br />";

	if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { 
		echo "Login to reply...";
	} else {
		$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
                include "ssb_db/friends/" . $username . ".php";
                for($x = 1; $x <= $friendcount; $x++)
	        {
                        if($puser == ${"friend" . $x}) {
				$z = "1";
				replyForm($id, $puser);
			}
		}

		// Its you dummy
		if($puser == $username) {
                 	$z = "1";
                      	replyForm($id, $puser);
           	}


		if(!isset($z))
		{
			echo "Not following! Follow to reply...<br />";
		}
	}
}
else if(isset($_GET['do']))
{
	$do = $_GET['do'];
	if($do=="post")
	{
		if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
			$date = date("YmdHis"); // timestamp in year, month, date, hour, minute, and second.
  			$titledate = date("m-d-Y h:i:sa"); // time stamp for people to read xD

			if(isset($_FILES["file"]["name"]) && isset($username)) {
				
				$uploaded = array(); // empty array for upload names
				// File selected, upload!
				for($i=0; $i<count($_FILES["file"]["name"]); $i++)
				{
					$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "GIF", "JPEG", "JPG", "PNG", "BMP", "ICO");
					$temp = explode(".", $_FILES["file"]["name"][$i]);
					$extension = end($temp);
					if ((($_FILES["file"]["type"][$i] == "image/gif")
					|| ($_FILES["file"]["type"][$i] == "image/x-gif")
					|| ($_FILES["file"]["type"][$i] == "image/jpeg")
					|| ($_FILES["file"]["type"][$i] == "image/x-jpeg")
					|| ($_FILES["file"]["type"][$i] == "image/x-jpg")
					|| ($_FILES["file"]["type"][$i] == "image/jpg")
					|| ($_FILES["file"]["type"][$i] == "image/pjpeg")
					|| ($_FILES["file"]["type"][$i] == "image/x-png")
					|| ($_FILES["file"]["type"][$i] == "image/bmp")
					|| ($_FILES["file"]["type"][$i] == "image/x-icon")
					|| ($_FILES["file"]["type"][$i] == "application/octet-stream")
//					|| ($_FILES["file"]["type"][$i] == "video/mp4")
//					|| ($_FILES["file"]["type"][$i] == "video/ogg")
//					|| ($_FILES["file"]["type"][$i] == "video/webm")
//					|| ($_FILES["file"]["type"][$i] == "video/x-flv")
//					|| ($_FILES["file"]["type"][$i] == "video/mp4v-es")
					|| ($_FILES["file"]["type"][$i] == "image/png")
					|| ($_FILES["file"]["type"][$i] == ""))
					&& ($_FILES["file"]["size"][$i] < $user_max_upload)
					&& in_array($extension, $allowedExts))
					{
						
						if ($_FILES["file"]["error"][$i] > 0)
						{
							echo $_FILES["file"]["name"][$i] . " - Return Code: " . $_FILES["file"]["error"][$i] . "<br />";
						}
						else
						{
							if(file_exists("ssb_db/uploads/" . $_FILES["file"]["name"][$i]))
							{
								echo "Error: " . $_FILES["file"]["name"][$i] . " exists.<br />";
							}
							else
							{
								$randstring = getRandString("32");
								move_uploaded_file($_FILES["file"]["tmp_name"][$i],
								"ssb_db/uploads/" . $randstring . "." . $extension);
								array_push($uploaded, $randstring . "." . $extension);
								echo "Success: " . $_FILES["file"]["name"][$i] . " (" . tomb($_FILES["file"]["size"][$i]) . ") uploaded...<br />";
								//rename("ssb_db/uploads/" . $FILES["file"]["name"][$i], "ssb_db/uploads/" . $username . "_" . $date . $extension);
							}
						}
					}
					else
					{
						// Check if there was actually an issue
						if($_FILES["file"]["size"] == "0") {
							echo "Error: " . $_FILES["file"]["name"][$i] . " is too large, or is a invalid filetype";
						}
					}
				} // end of for loop
		
				$srchcont = stripslashes(htmlentities($_POST['body']));
				$srchcont .= " "; // doesn't find tag if there's not a fucking whitespace
				$checkForUserTag = searchForUserTag($srchcont);
				$taggedUser = substr($checkForUserTag, 1, -1);
				if(file_exists("ssb_db/users/" . $taggedUser . ".name")) {
					if($taggedUser!=$postowner) {
						$tagged_notifications = file_get_contents("ssb_db/friends/" . $taggedUser . ".notifications");
						file_put_contents("ssb_db/friends/" . $taggedUser . ".notifications", "<b>$username</b> <a href='index.php?view=$pid&user=$postowner'>tagged you in a comment</a>\n" . $tagged_notifications);
					}
				}

				$body = nl2br(htmlentities(stripcslashes($_POST['body'])));
				//$username = stripcslashes(htmlentities($username));
				include "ssb_db/users/" . $username . ".php";
				$post_file = "ssb_db/posts/post_" . $username . "_" . $date . ".php";
				$post_attachments = "<br />";
				$post_string = "<?php\n\$postowner = \"" . $username . "\";\$postid=\"" . $date . "\";\$postdate=\"" . $titledate . "\";\$postcontent = \"" . $body . "<br />";
					
				$attachments = array();
				foreach($uploaded as &$upload)
				{
					if(file_exists("ssb_db/uploads/" . $upload)) {
						array_push($attachments, "<div class='attachment'><a href='ssb_db/uploads/" . $upload . "'><img src='ssb_db/uploads/" . $upload . "'></a></div>");
					}
				}
				
				foreach($attachments as &$attachvar)
				{
					$post_attachments .= $attachvar;
				}
				
				$post_string_end = "\";\n?>\n";
				
				file_put_contents($post_file, $post_string . $post_attachments . $post_string_end);
				file_put_contents("ssb_db/posts/" . $date . ".post", "post_" . $username . "_" . $date . ".php");
				file_put_contents("ssb_db/posts/reply_" . $username . "_" . $date . ".count", "0");
				echo "Post processed... Redirecting in 3 seconds, if redirection fails, <a href=\"minimum.php?view=$date&user=$username\">Click Here</a><br />";
				//header( "refresh: 3; url=?view=$date&user=$username" );
			}
			else
			{
				echo "ERROR: Missing post data! Select an image to upload or let us know whats up!<br />";
			}		
		}
	}
	
	if($do=="avatarupload")
	{
		if(isset($_FILES["file"]["name"]) && isset($username)) {
			$date = date("YmdHis"); // timestamp in year, month, date, hour, minute, and second.

      		for($i=0; $i<count($_FILES["file"]["name"]); $i++)
			{
				$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "png");
				$temp = explode(".", $_FILES["file"]["name"][$i]);
               	$extension = end($temp);
				if ((($_FILES["file"]["type"][$i] == "image/gif")
				|| ($_FILES["file"]["type"][$i] == "image/x-gif")
				|| ($_FILES["file"]["type"][$i] == "image/jpeg")
				|| ($_FILES["file"]["type"][$i] == "image/x-jpeg")
				|| ($_FILES["file"]["type"][$i] == "image/x-jpg")
				|| ($_FILES["file"]["type"][$i] == "image/jpg")
				|| ($_FILES["file"]["type"][$i] == "image/pjpeg")
				|| ($_FILES["file"]["type"][$i] == "image/x-png")
				|| ($_FILES["file"]["type"][$i] == "image/bmp")
				|| ($_FILES["file"]["type"][$i] == "image/x-icon")
				|| ($_FILES["file"]["type"][$i] == "image/png")
				|| ($_FILES["file"]["type"][$i] == ""))
				&& ($_FILES["file"]["size"][$i] < $user_max_upload)
				&& in_array($extension, $allowedExts))
				{
					if ($_FILES["file"]["error"][$i] > 0)
					{
						echo $_FILES["file"]["name"][$i] . " - Return Code: " . $_FILES["file"]["error"][$i] . "<br>";
					}
					else
					{
						if(file_exists("ssb_db/uploads/" . $_FILES["file"]["name"][$i]))
						{
							echo "Error: " . $_FILES["file"]["name"][$i] . " exists.<br>";
						}
						else
						{
							move_uploaded_file($_FILES["file"]["tmp_name"][$i],
							"ssb_db/uploads/" . $username . "_" . $date . "." . $extension);
							$oldcontent = file_get_contents("ssb_db/users/" . $username . ".php");
							file_put_contents("ssb_db/users/" . $username . ".php", $oldcontent . "<?php \$user_avatar = \"" . $username . "_" . $date . "." . $extension . "\"; ?>\n");
							echo "Avatar uploaded and set! <a href='minimum.php'>Redirecting</a> in 3 seconds...";
							header("refresh: 3;url=minimum.php");
						}
					}
				} else {
					echo "Error: " . $_FILES["file"]["name"][$i] . " is too large, or is a invalid filetype";
				}
			}
		}
	}

	if($do=="users")
        {
                 if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
                        include "ssb_db/users/" . $username . ".php";

			echo "<h2>Community</h2>";
                        foreach(array_reverse(glob("ssb_db/users/"."*.name")) as $userfile) {
                		$userhandle = file_get_contents($userfile);
				include "ssb_db/users/" . $userhandle . ".php";
                                if($accttype == "public") {
					echo "<div class='attachment'>";
                                	echo "<a href='minimum.php?userfeed=$userhandle'>$userhandle</a>";
					echo "</div>";
				}
			}
                }
        }

	if($do=="reply")
	{
		if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
			if(!isset($_GET['pid']) or !file_exists("ssb_db/posts/" . $_GET['pid'] . ".post")) { echo "ERROR: Post ID is not set, or invalid"; } else {
				if(isset($_POST['reply']) && isset($username) && $_POST['body']!="")
				{
					$pid = $_GET['pid'];
					$post_file_name = file_get_contents("ssb_db/posts/$pid.post");
                    include "ssb_db/posts/" . $post_file_name;
					$srchcont = stripslashes(htmlentities($_POST['body']));
					$srchcont .= " ";
					$checkForUserTag = searchForUserTag($srchcont);
					$taggedUser = substr($checkForUserTag, 1, -1);
					if(file_exists("ssb_db/users/" . $taggedUser . ".name")) {
						if($taggedUser!=$postowner) {
							$tagged_notifications = file_get_contents("ssb_db/friends/" . $taggedUser . ".notifications");
							file_put_contents("ssb_db/friends/" . $taggedUser . ".notifications", "<b>$username</b> <a href='index.php?view=$pid&user=$postowner'>tagged you in a comment</a>\n" . $tagged_notifications);
						}
					}

					$replydate = date("m-d-Y h:i:sa"); // time stamp for people to read xD
					$body = nl2br(htmlentities(stripcslashes($_POST['body'])));
					//$username = stripcslashes(htmlentities($username));
					$old_content = file_get_contents("ssb_db/posts/" . $post_file_name);
					$reply_count = file_get_contents("ssb_db/posts/reply_" . $postowner  . "_" . $pid . ".count");

					$reply_count = $reply_count+1;

					$post_string = "<?php \n\$reply" . $reply_count . " = \"" . $body . "\";\$reply" . $reply_count . "_user = \"" . $username . "\"; \$reply" . $reply_count . "_date = \"" . $replydate . "\";\n?>\n";
					file_put_contents("ssb_db/posts/" . $post_file_name, $old_content . $post_string);
					file_put_contents("ssb_db/posts/reply_" . $postowner . "_" . $pid . ".count", $reply_count);

					if($username!=$postowner) {
						$owner_notifications = file_get_contents("ssb_db/friends/" . $postowner . ".notifications");
						file_put_contents("ssb_db/friends/" . $postowner . ".notifications", "<b>$username</b> <a href='index.php?view=$pid&user=$postowner'>replied to your post</a>\n" . $owner_notifications);
					}

					echo "If you're seeing this; redirection failed: <a href=\"?view=$pid&user=$postowner\">Click Here</a><br>";
					header( "Location: minimum.php?view=$pid&user=$postowner" );
				}
				else
				{
					echo "ERROR: Missing form data<br>";
				}
			}
		}
	}
	
	if($do=="delpost") 
	{
		 if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
			include "ssb_db/users/" . $username . ".php";
			if($user_password === $_SESSION['ssb-pass']) {
				if(isset($_GET['user']) && $_GET['user']!="" && isset($_GET['pid']) && $_GET['pid']!="") {
					if(file_exists("ssb_db/posts/post_" . stripslashes($_GET['user']) . "_" . stripslashes($_GET['pid']) . ".php") && $username == stripslashes($_GET['user'])) {
						$postuser = $_GET['user'];
						$pid = $_GET['pid'];
						unlink("ssb_db/posts/" . $pid . ".post");
						unlink("ssb_db/posts/post_" . $postuser . "_" . $pid . ".php");
						unlink("ssb_db/posts/reply_" . $postuser . "_" . $pid . ".count");
						echo "Post successfully deleted! <a href='index.php'>redirecting</a> in 3 seconds...<br />";
						header("refresh: 3;url=minimum.php");
						exit;
					} else { echo "ERROR: post doesn't exist or YOU ARE NOT THE OWNER OF SAID POST... THIS incident has been recorded!"; file_put_contents("ssb_db/log.txt", "Post deletion error: IP <" . $_SERVER['REMOTE_ADDR'] . "> post not found or not users post: post_" . $postuser . "_" . $pid . ".php\n"); }
				} else { echo "ERROR: USER and PID variables not set!"; }
			} else { echo "ERROR: PASSWORD FOR USER INCORRECT! IP LOGGED!"; file_put_contents("ssb_db/log.txt", "PASS MISMATCH: IP <" . $_SERVER['REMOTE_ADDR'] . "> Cookie spoofing detected from remote client!!!\n"); }
		}
	}
	
	if($do=="clrnote") 
	{
		 if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
			include "ssb_db/users/" . $username . ".php";
			if($user_password === $_SESSION['ssb-pass']) {
				unlink("ssb_db/friends/" . $username . ".notifications");
				header("Location: minimum.php");
				exit;
			} else { echo "ERROR: PASSWORD FROM COOKIE INCORRECT! IP RECORDED!"; file_put_contents("ssb_db/log.txt", "PASS MISMATCH: IP <" . $_SERVER['REMOTE_ADDR'] . "> Cookie spoofing detected from remote client!!!\n"); }
		}
	}
	
	if($do=="clrpending") 
	{
		 if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
			include "ssb_db/users/" . $username . ".php";
			if($user_password === $_SESSION['ssb-pass']) {
				unlink("ssb_db/friends/" . $username . ".pending");
				header("Location: minimum.php?do=friends");
				exit;
			} else { echo "ERROR: PASSWORD FROM COOKIE INCORRECT! IP RECORDED!"; file_put_contents("ssb_db/log.txt", "PASS MISMATCH: IP <" . $_SERVER['REMOTE_ADDR'] . "> Cookie spoofing detected from remote client!!!\n"); }
		}
	}

	// Server admin can just delete ssb_db
	/*if($do=="clean")
	{
		if($_POST['password']!="" && $_POST['password']==$pw)
		{
			$db_content = glob("ssb_db/" . '*', GLOB_MARK);
			foreach($db_content as $file)
			{
				unlink($file);
			}
			rmdir("ssb_db");
			echo "Database Cleaned<br>";
		}
		else
		{
			echo "ERROR: Wrong Password<br>";
		}
	}*/


	// grab session values and send friend request functions.
	if($do=="sendfr") {
		if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
			if(isset($_POST['user']) || isset($_GET['user'])) {
				
				//check if user exists first lol
				if(isset($_POST['user'])) { 
					$givenUser = htmlentities(stripcslashes($_POST['user']));
				} else {
					$givenUser = htmlentities(stripcslashes($_GET['user']));
				}
				
				//check if user exists first lol
				if(file_exists("ssb_db/users/" . $givenUser . ".php")) {
					include "ssb_db/users/" . $givenUser . ".php";

					if($accttype == "private") {
						sendFriendRequest($_SESSION['ssb-user'], $givenUser);
						echo "Follow request sent to " . $givenUser . " <a href='minimum.php?do=friends'>redirecting</a> in 3 seconds";
						header("refresh: 3;url=minimum.php?do=friends");
					} else if($accttype == "public") {
						acceptPublicFriendRequest($username, $givenUser);
						header("Location: minimum.php?do=friends");
					} else {
						echo "ERROR: Issues parsing account type...";
					}
				} else {
					echo "Error: Provided username does not exist in the database!";
				}
			} else {
				echo "Error: users not set in GET value...";
			}
		}
	}

	if($do=="accfr") {
                if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
                        if(isset($_GET['user']) && isset($_GET['friend'])) {
                                acceptFriendRequest(stripslashes($_GET['user']), stripslashes($_GET['friend']));
				echo "Accepted friend request from  " . htmlentities(stripslashes($_GET['friend'])) . " <a href='minimum.php?do=friends'>redirecting</a> in 3 seconds";
				header("refresh: 3;url=minimum.php?do=friends");
                        } else {
                                echo "Error: users not set in GET &amp; SESSION value...";
                        }
                }
        }

	if($do=="userctrl")
	{
		if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
                        // Beginning of user control panel
			echo "<h3>User control panel</h3>";
			echo "<a class='button' href='minimum.php?forms=changepass'>Change password</a><br />";
			echo "<a class='button' href='minimum.php?forms=avatarupload'>Upload avatar</a><br />";
                }
	}

	if($do=="changepass")
	{
		if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
			// Beginning password change
			// inputs
			$oldPassInput = htmlentities(stripslashes($_POST['oldpass']));
			$newPassInput = htmlentities(stripslashes($_POST['password']));
			$passwordAgainInput = htmlentities(stripslashes($_POST['password_again']));
			include "ssb_db/users/" . $username . ".php";
			if(sha1(md5($oldPassInput)) == $user_password) {
				if($newPassInput == $passwordAgainInput) {
					$oldcontent = file_get_contents("ssb_db/users/" . $username . ".php");
					$passString = "<?php \$user_password = \"" . sha1(md5($newPassInput)) . "\"; ?>\n";
					file_put_contents("ssb_db/users/" . $username . ".php", $oldcontent . $passString);
					echo "Password changed, <a href='minimum.php'>redirecting</a> in 3 seconds";
					$_SESSION['ssb-user'] = null;
					$_SESSION['ssb-pass'] = null;
					header("refresh: 3;url=minimum.php");
				}
			} else { echo "ERROR: password incorrect! IP recorded for constant monitoring of possible bots!"; file_put_contents("ssb_db/log.txt", "PASS MISMATCH: IP <" . $_SERVER['REMOTE_ADDR'] . "> Cookie spoofing detected from remote client!!!\n"); }
		}
	}
	
	if($do=="privmsg")
	{
		if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
			
		//check if friend is set
		if(!isset($_GET['friend'])) { echo "ERROR: No username defined!"; exit(1); } else {
		// set friend username
		$friendNick = htmlentities(stripslashes($_GET['friend']));
		
		$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
		include "ssb_db/friends/" . $username . ".php";
		for($x = 1; $x <= $friendcount; $x++)
        {
			if($friendNick == ${"friend" . $x}) {
		?>
<script language="javascript" type="text/javascript">
    <!--
		var httpObject = null;
		var link = "";
		var timerID = 0;
		var friendNick = "<?php echo $friendNick; ?>";
		var nickName = "<?php echo $_SESSION['ssb-user']; ?>";
		var userColor = "<?php echo $_SESSION['ssb-color'];; ?>";

		// Get the HTTP Object
		function getHTTPObject() {
			if (window.ActiveXObject) return new ActiveXObject("Microsoft.XMLHTTP");
			else if (window.XMLHttpRequest) return new XMLHttpRequest();
			else {
				alert("Your browser does not support AJAX.");
				return null;
			}
		}   

		// Change the value of the outputText field
		function setHtml() {
			if(ajaxVar.readyState == 4){
				var response = ajaxVar.responseText;
				var msgBox = document.getElementById("msgs");
				msgBox.innerHTML += response;
				msgBox.scrollTop = msgBox.scrollHeight;
			}
		}

		// Change the value of the outputText field
		function setAll() {
			if(ajaxVar.readyState == 4){
				var response = ajaxVar.responseText;
				var msgBox = document.getElementById("msgs");
				msgBox.innerHTML = response;
				msgBox.scrollTop = msgBox.scrollHeight;
			}
		}

		// Implement business logic    
		function serverWrite() {    
			ajaxVar = getHTTPObject();
			if (ajaxVar != null) {
				link = "chatserver.php?nick="+nickName+"&friend="+friendNick+"&msg="+document.getElementById('msg').value; 
				ajaxVar.open("GET", link , true);
				ajaxVar.onreadystatechange = setHtml;
				ajaxVar.send(null);
			}
		}
      
		function getInput() {
			// Send the server function the input
			var userInput = document.getElementById('msg');
			serverWrite(userInput.value);
			// Clean out the input values
			var msgBar = document.getElementById("msg");
			msgBar.value = "";
            msgBar.focus();
		}

		// Implement business logic    
		function serverReload() {    
			ajaxVar = getHTTPObject();
			//var randomnumber=Math.floor(Math.random()*10000);
			if (ajaxVar != null) {
				link = "chatserver.php?get=<?php echo $friendNick; ?>";
				ajaxVar.open("GET", link , true);
				ajaxVar.onreadystatechange = setAll;
				ajaxVar.send(null);
			}
		}
	
		function UpdateTimer() {
			serverReload();   
			setTimeout(UpdateTimer, 1000);
		}
    
		function keypressed(e) {
			if(e.keyCode=='13'){
				getInput();
			}
		}
    //-->
    </script> 
<div class="replycontain">
		<?php
		
		// Header
		include "ssb_db/users/" . $friendNick . ".php";
		echo "<h3><a href='?userfeed=" . $friendNick . "'>" . $friendNick . ": " . $user_fullname . "</a></h3>";
		
		?>
		<div id="msgs">
		<?php 
			echo "<div class=\"msgbox\">";
			echo "</div>";
		?>
		</div>
		<div id="msgbox" style="padding-left: 6px;" onkeyup="keypressed(event);">
			<button onclick="javascript:wrapBBCode('i');">Italic</button>
     		<button onclick="javascript:wrapBBCode('u');">Underline</button>
        	<button onclick="javascript:wrapBBCode('b');">Bold</button>
        	<button onclick="javascript:wrapBBCode('img');">Image</button>
    		<button onclick="javascript:wrapBBCode('url');">URL</button><br />
			<textarea style="width: 98%;" name="msg" id="msg"></textarea>
			<button style="width: 50px;" onclick="getInput();">Send</button>
		</div>
</div>

	<?php
		} // Check friend end
		} // Check loop end
		} // GET friend set end
		} // session check end
	} // function end

	if($do=="about")
	{
		echo "<h2>About</h2>";
		echo "<div class='dllink'><a class='button' href='download/securespace-v1.0.0.apk'>Download for Android!</a></div>";
		echo $desc;
		echo "<br /><br />";
		echo "$ssbtitle statistics: ";
		getUserCount(); 
		echo "; ";
		getPostCount(); 
		echo "; ";
		getUploadFileCount();
	}

	if($do=="friends")
	{
		if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass'])) { loginForm(); } else {
			
			$friendpend = "ssb_db/friends/" . $username . ".pending";
			$handle = fopen($friendpend, "r");

			echo "<h3>Friend requests</h3> <a class='button' href='?do=clrpending'>Clear history</a> <a class='button' href='?forms=friendreq'>Send friend request</a>";
			echo "<div class='notifications'>";

			if ($handle) {
    				while (($line = fgets($handle)) !== false) {
        				echo "Pending friend request from " . $line . "! <a class='button' href='?do=accfr&friend=" . $line . "&user=" . $username . "'>Accept</a><br />";
    				}
				fclose($handle);
			} else {
			    echo "No pending friend requests<br />";
			} 

			echo "</div>";

			// Friends list if you have any.
			echo "<h3>Friends list</h3><br />";

			$friendc = file_get_contents("ssb_db/friends/" . $username . ".count");
			if($friendc == "0")
			{
				echo "<b style='color:red;'>We're sorry... no friends found on your user account...</b>";
			}
			else
			{
				$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
				include "ssb_db/friends/" . $username . ".php";
				echo "<table class='friendslist'>";
				for($x = 1; $x <= $friendcount; $x++)
				{
					if(isset(${"friend" . $x})) {
						echo "<tr><td>" . ${"friend" . $x} . "</td><td><a class='button' href='?userfeed=" . ${"friend" . $x} . "'>View user profile</a></td><td><a class='button' href='?do=privmsg&friend=" . ${"friend" . $x} . "'>Private message</a></td></tr>";
					}
				}
				echo "</table>";
			}
		}
	}

	if($do=="login")
	{
		$username = $_POST['username'];
    		if(file_exists("ssb_db/users/$username.php")) {
			include_once("ssb_db/users/$username.php");
			if($user_password==sha1(md5($_POST['password']))) {
				$pass = $user_password;
				$user = $username;
				$color = $user_color;
				$_SESSION['ssb-user'] = $user;
				$_SESSION['ssb-pass'] = $pass;
				$_SESSION['ssb-color'] = $color;
				header("Location: minimum.php");
			} else {
				echo "Wrong password!";
			}
		} else {
			echo "User $username not found!";
		}
	}
	
	// Push user avatar to specific avatar image location
	if($do=="avatarlocation")
	{
		if(isset($_GET['user'])) {
			$user = htmlentities(stripslashes($_GET['user']));
			include "ssb_db/users/" . $user . ".php";
			if(file_exists("ssb_db/uploads/" . $user_avatar)) {
				echo "Direct to: ssb_db/uploads/" . $user_avatar;
				header("Location: ssb_db/uploads/" . $user_avatar . "");
				exit;
			} else {
				echo "Direct to: data/defaultprofile.png";
				header("Location: data/defaultprofile.png");
				exit;
			}
		} else {
			echo "User is NOT set!";
		}
	}

	if($do=="logout")
	{
	        $_SESSION['ssb-user'] = null;
	        $_SESSION['ssb-pass'] = null;
		header("Location: minimum.php?forms=login");
	}

	if($do=="register")
	{
		if($_POST['username']!="" && $_POST['password']!="" && $_POST['password-again']!="" && $_POST['fullname']!="" && isset($_POST['acct'])) {
			if($_POST['password']==$_POST['password-again']) {
				if(!preg_match('/[^a-z0-9]/i', $_POST['username'])) {
					if(!file_exists("ssb_db/users/" . $_POST['username'] . ".php")) {
						$colors = array("0000ff", "9900cc", "0080ff", "008000", "ededed");
						$acct = $_POST['acct'];
						file_put_contents("ssb_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".php", "<?php\n\$accttype = \"" . $acct . "\";\n\$user_password = \"" . sha1(md5($_POST['password'])) . "\";\n \$user_color = \"" . $colors[array_rand($colors)] . "\"; \$user_fullname = \"" . stripslashes(htmlentities($_POST['fullname'])) . "\"; \$user_avatar = \"../../data/defaultprofile.png\"; \n?>");
						file_put_contents("ssb_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".name", stripslashes(htmlentities($_POST['username'])));
						file_put_contents("ssb_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".postnumber", "0");
						file_put_contents("ssb_db/friends/" . stripslashes(htmlentities($_POST['username'])) . ".count", "0");
						file_put_contents("ssb_db/friends/" . stripslashes(htmlentities($_POST['username'])) . ".php", "<?php ?>\n");
						header("Location: minimum.php");
					} else {
						header("Location: minimum.php?notify=6");
					}
				} else {
					header("Location: minimum.php?notify=5");
				}
			} else {
				header("Location: minimum.php?notify=4");
			}
		} else {
			header("Location: minimum.php?notify=3");
		}
		header("Location: minimum.php");
	}
}
else if (!isset($_SESSION['ssb-user']) || !isset($_SESSION['ssb-pass']))
{
        loginForm();
} 
else
{
	// Watch feed, lets generate pages while we're at it
	$pagecall = $_GET['page'];
	$postcount = 1;
	if(isset($pagecall) && $pagecall!="")
	{
		if($pagecall == "1")
		{
			$poststart = $postcount;
		}
		else
		{
			$poststart = ($pagecall - 1) * 15; // 15 posts per page
		}
	}
	else
	{
		$poststart = $postcount;
	}
	
	
	
	// Lets actually generate some feed now.
	foreach(array_reverse(glob("ssb_db/posts/*.post")) as $postfile) {
		$postphp = file_get_contents($postfile);
		include "ssb_db/posts/$postphp";
		$friendcount = file_get_contents("ssb_db/friends/" . $username . ".count");
		include "ssb_db/friends/" . $username . ".php";
		
		for($x = 1; $x <= $friendcount; $x++)
		{
			if($postowner == ${"friend" . $x}) {
				// Found a post, post count goes up!
				$postcount++;
				
				if($poststart == "1" && $postcount < ($poststart + 15)) {
					echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>reply</a></h3></td></tr></table>";
					echo "" . bbcode_format($postcontent) . "";
					echo "</div><br />\n";
				}
				
				if($poststart > "1" && $postcount > $poststart && $postcount < ($poststart + 15)) {
					echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>reply</a></h3></td></tr></table>";
					echo "" . bbcode_format($postcontent) . "";
					echo "</div><br />\n";
				}
			}
		}

		if($postowner == $username)
		{
			// Found a post, post count goes up!
			$postcount++;
			
			if($poststart == "1" && $postcount < ($poststart + 15)) {
				echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>reply</a> &bull; <a href='minimum.php?do=delpost&user=$username&pid=$postid'>delete post</a></h3></td></tr></table>";
				echo "" . bbcode_format($postcontent) . "";
				echo "</div><br />\n";
			}
			
			if($poststart > "1" && $postcount > $poststart && $postcount < ($poststart + 15)) {
				echo "<div class='post'><table><tr><td><div class='avatar_small' style=\"background-image: url('index.php?do=avatarlocation&user=$postowner');\" title='User Avatar'></div></td><td><h3>$postowner<span style='font-size: 11px; padding-left: 6px; color: #808080;'>$postdate</span><br /><a href='minimum.php?view=$postid&user=$postowner'>reply</a> &bull; <a href='minimum.php?do=delpost&user=$username&pid=$postid'>delete post</a></h3></td></tr></table>";
				echo "" . bbcode_format($postcontent) . "";
				echo "</div><br />\n";
			}
		}
	}
	
	
	// Page button generation
	echo "<div class='page-controls'>";
	
	if($poststart > "1") {
		$prevpage = $poststart / 15;
		echo "<a href='minimum.php?page=$prevpage'>Prev page</a>";
	}
	
	if($poststart == "1" && $postcount > ($poststart + 15)) {
		echo "<a href='minimum.php?page=2'>Next page</i></a>";
	}
	
	if($poststart > "1" && $postcount > ($poststart + 15)) {
		$nextpage = ($poststart / 15) + 2;
		echo "&bull; <a href='minimum.php?page=$nextpage'>Next page</i></a>";
	}
	
	echo "</div>";
}

?>

<br /><br />
<center style="background-color: #555555; padding 3px;">Powered By SSB <?php echo $version; ?></center>
</div> <!-- main contain -->
</body>
</html>