Question
This is my code of my status.php file but on posting status it is showing only one thing i.e. type_unknown but I am not sure why it is not functioning properly. and type_unknown is also a command in this coding please go through this command and after that suggest any change you want to.
https://stackoverflow.com/questions/16885857
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian <?php
include_once("../php_includes/check_login_status.php");
if($user_ok != true || $log_username == "") {
exit();
}
?><?php
if (isset($_POST['action']) && $_POST['action'] == "status_post"){
// Make sure post data is not empty
if(strlen($_POST['data']) < 1){
mysqli_close($db_conx);
echo "data_empty";
exit();
}
// Make sure type is either a or c
if($_POST['type'] != "a" || $_POST['type'] != "c"){
mysqli_close($db_conx);
echo "type_unknown";
exit();
}
// Clean all of the $POST vars that will interact with the database
$type = preg_replace('#[^a-z]#', '', $_POST['type']);
$account_name = preg_replace('#[^a-z0-9]#i', '', $_POST['user']);
$data = htmlentities($_POST['data']);
$data = mysqli_real_escape_string($db_conx, $data);
// Make sure account name exists (the profile being posted on)
$sql = "SELECT COUNT(id) FROM users WHERE username='$account_name' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
if($row[0] < 1){
mysqli_close($db_conx);
echo "$account_no_exist";
exit();
}
// Insert the status post into the database now
$sql = "INSERT INTO status(account_name, author, type, data, postdate)
VALUES('$account_name','$log_username','$type','$data',now())";
$query = mysqli_query($db_conx, $sql);
$id = mysqli_insert_id($db_conx);
mysqli_query($db_conx, "UPDATE status SET osid='$id' WHERE id='$id' LIMIT 1");
// Count posts of type "a" for the person posting and evaluate the count
$sql = "SELECT COUNT(id) FROM status WHERE author='$log_username' AND type='a'";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
if ($row[0] > 9) { // If they have 10 or more posts of type a
// Delete their oldest post if you want a system that auto flushes the oldest
// (you can auto flush for post types c and b if you wish to also)
$sql = "SELECT id FROM status WHERE author='$log_username' AND type='a' ORDER BY id ASC LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$oldest = $row[0];
mysqli_query($db_conx, "DELETE FROM status WHERE osid='$oldest'");
}
// Insert notifications to all friends of the post author
$friends = array();
$query = mysqli_query($db_conx, "SELECT user1 FROM friends WHERE user2='$log_username' AND accepted='1'");
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) { array_push($friends, $row["user1"]); }
$query = mysqli_query($db_conx, "SELECT user2 FROM friends WHERE user1='$log_username' AND accepted='1'");
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) { array_push($friends, $row["user2"]); }
for($i = 0; $i < count($friends); $i++){
$friend = $friends[$i];
$app = "Status Post";
$note = $log_username.' posted on: <br /><a href="user.php?u='.$account_name.'#status_'.$id.'">'.$account_name.''s Profile</a>';
mysqli_query($db_conx, "INSERT INTO notifications(username, initiator, app, note, date_time) VALUES('$friend','$log_username','$app','$note',now())");
}
mysqli_close($db_conx);
echo "post_ok|$id";
exit();
}
?><?php
//action=status_reply&osid="+osid+"&user="+user+"&data="+data
if (isset($_POST['action']) && $_POST['action'] == "status_reply"){
// Make sure data is not empty
if(strlen($_POST['data']) < 1){
mysqli_close($db_conx);
echo "data_empty";
exit();
}
// Clean the posted variables
$osid = preg_replace('#[^0-9]#', '', $_POST['sid']);
$account_name = preg_replace('#[^a-z0-9]#i', '', $_POST['user']);
$data = htmlentities($_POST['data']);
$data = mysqli_real_escape_string($db_conx, $data);
// Make sure account name exists (the profile being posted on)
$sql = "SELECT COUNT(id) FROM users WHERE username='$account_name' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
if($row[0] < 1){
mysqli_close($db_conx);
echo "$account_no_exist";
exit();
}
// Insert the status reply post into the database now
$sql = "INSERT INTO status(osid, account_name, author, type, data, postdate)
VALUES('$osid','$account_name','$log_username','b','$data',now())";
$query = mysqli_query($db_conx, $sql);
$id = mysqli_insert_id($db_conx);
// Insert notifications for everybody in the conversation except this author
$sql = "SELECT author FROM status WHERE osid='$osid' AND author!='$log_username' GROUP BY author";
$query = mysqli_query($db_conx, $sql);
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
$participant = $row["author"];
$app = "Status Reply";
$note = $log_username.' commented here:<br /><a href="user.php?u='.$account_name.'#status_'.$osid.'">Click here to view the conversation</a>';
mysqli_query($db_conx, "INSERT INTO notifications(username, initiator, app, note, date_time)
VALUES('$participant','$log_username','$app','$note',now())");
}
mysqli_close($db_conx);
echo "reply_ok|$id";
exit();
}
?><?php
if (isset($_POST['action']) && $_POST['action'] == "delete_status"){
if(!isset($_POST['statusid']) || $_POST['statusid'] == ""){
mysqli_close($db_conx);
echo "status id is missing";
exit();
}
$statusid = preg_replace('#[^0-9]#', '', $_POST['statusid']);
// Check to make sure this logged in user actually owns that comment
$query = mysqli_query($db_conx, "SELECT account_name, author FROM status WHERE id='$statusid' LIMIT 1");
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
$account_name = $row["account_name"];
$author = $row["author"];
}
if ($author == $log_username || $account_name == $log_username) {
mysqli_query($db_conx, "DELETE FROM status WHERE osid='$statusid'");
mysqli_close($db_conx);
echo "delete_ok";
exit();
}
}
?><?php
if (isset($_POST['action']) && $_POST['action'] == "delete_reply"){
if(!isset($_POST['replyid']) || $_POST['replyid'] == ""){
mysqli_close($db_conx);
exit();
}
$replyid = preg_replace('#[^0-9]#', '', $_POST['replyid']);
// Check to make sure the person deleting this reply is either the account owner or the person who wrote it
$query = mysqli_query($db_conx, "SELECT osid, account_name, author FROM status WHERE id='$replyid' LIMIT 1");
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
$osid = $row["osid"];
$account_name = $row["account_name"];
$author = $row["author"];
}
if ($author == $log_username || $account_name == $log_username) {
mysqli_query($db_conx, "DELETE FROM status WHERE id='$replyid'");
mysqli_close($db_conx);
echo "delete_ok";
exit();
}
}
?>
/*new one demanded*/
<?php
$status_ui = "";
$statuslist = "";
if($isOwner == "yes"){
$status_ui = '<textarea id="statustext" onkeyup="statusMax(this,250)" placeholder="What's new with you '.$u.'?"></textarea>';
$status_ui .= '<button id="statusBtn" onclick="postToStatus(\'status_post\',\'a\',\''.$u.'\',\'statustext\')">Post</button>';
} else if($isFriend == true && $log_username != $u){
$status_ui = '<textarea id="statustext" onkeyup="statusMax(this,250)" placeholder="Hi '.$log_username.', say something to '.$u.'"></textarea>';
$status_ui .= '<button id="statusBtn" onclick="postToStatus(\'status_post\',\'c\',\''.$u.'\',\'statustext\')">Post</button>';
}
?><?php
$sql = "SELECT * FROM status WHERE account_name='$u' AND type='a' OR account_name='$u' AND type='c' ORDER BY postdate DESC LIMIT 20";
$query = mysqli_query($db_conx, $sql);
$statusnumrows = mysqli_num_rows($query);
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
$statusid = $row["id"];
$account_name = $row["account_name"];
$author = $row["author"];
$postdate = $row["postdate"];
$data = $row["data"];
$data = nl2br($data);
$data = str_replace("&","&",$data);
$data = stripslashes($data);
$statusDeleteButton = '';
if($author == $log_username || $account_name == $log_username ){
$statusDeleteButton = '<span id="sdb_'.$statusid.'"><a href="#" onclick="return false;" onmousedown="deleteStatus(\''.$statusid.'\',\'status_'.$statusid.'\');" title="DELETE THIS STATUS AND ITS REPLIES">delete status</a></span> ';
}
// GATHER UP ANY STATUS REPLIES
$status_replies = "";
$query_replies = mysqli_query($db_conx, "SELECT * FROM status WHERE osid='$statusid' AND type='b' ORDER BY postdate ASC");
$replynumrows = mysqli_num_rows($query_replies);
if($replynumrows > 0){
while ($row2 = mysqli_fetch_array($query_replies, MYSQLI_ASSOC)) {
$statusreplyid = $row2["id"];
$replyauthor = $row2["author"];
$replydata = $row2["data"];
$replydata = nl2br($replydata);
$replypostdate = $row2["postdate"];
$replydata = str_replace("&","&",$replydata);
$replydata = stripslashes($replydata);
$replyDeleteButton = '';
if($replyauthor == $log_username || $account_name == $log_username ){
$replyDeleteButton = '<span id="srdb_'.$statusreplyid.'"><a href="#" onclick="return false;" onmousedown="deleteReply(\''.$statusreplyid.'\',\'reply_'.$statusreplyid.'\');" title="DELETE THIS COMMENT">remove</a></span>';
}
$status_replies .= '<div id="reply_'.$statusreplyid.'" class="reply_boxes"><div><b>Reply by <a href="user.php?u='.$replyauthor.'">'.$replyauthor.'</a> '.$replypostdate.':</b> '.$replyDeleteButton.'<br />'.$replydata.'</div></div>';
}
}
$statuslist .= '<div id="status_'.$statusid.'" class="status_boxes"><div><b>Posted by <a href="user.php?u='.$author.'">'.$author.'</a> '.$postdate.':</b> '.$statusDeleteButton.' <br />'.$data.'</div>'.$status_replies.'</div>';
if($isFriend == true || $log_username == $u){
$statuslist .= '<textarea id="replytext_'.$statusid.'" class="replytext" onkeyup="statusMax(this,250)" placeholder="write a comment here"></textarea><button id="replyBtn_'.$statusid.'" onclick="replyToStatus('.$statusid.',\''.$u.'\',\'replytext_'.$statusid.'\',this)">Reply</button>';
}
}
?>
<script>
function postToStatus(action,type,user,ta){
var data = _(ta).value;
if(data == ""){
alert("Type something first weenis");
return false;
}
_("statusBtn").disabled = true;
var ajax = ajaxObj("POST", "php_parsers/status_system.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
var datArray = ajax.responseText.split("|");
if(datArray[0] == "post_ok"){
var sid = datArray[1];
data = data.replace(/</g,"<").replace(/>/g,">").replace(/\n/g,"<br />").replace(/\r/g,"<br />");
var currentHTML = _("statusarea").innerHTML;
_("statusarea").innerHTML = '<div id="status_'+sid+'" class="status_boxes"><div><b>Posted by you just now:</b> <span id="sdb_'+sid+'"><a href="#" onclick="return false;" onmousedown="deleteStatus(\''+sid+'\',\'status_'+sid+'\');" title="DELETE THIS STATUS AND ITS REPLIES">delete status</a></span><br />'+data+'</div></div><textarea id="replytext_'+sid+'" class="replytext" onkeyup="statusMax(this,250)" placeholder="write a comment here"></textarea><button id="replyBtn_'+sid+'" onclick="replyToStatus('+sid+',\'<?php echo $u; ?>\',\'replytext_'+sid+'\',this)">Reply</button>'+currentHTML;
_("statusBtn").disabled = false;
_(ta).value = "";
} else {
alert(ajax.responseText);
}
}
}
ajax.send("action="+action+"&type="+type+"&user="+user+"&data="+data);
}
function replyToStatus(sid,user,ta,btn){
var data = _(ta).value;
if(data == ""){
alert("Type something first weenis");
return false;
}
_("replyBtn_"+sid).disabled = true;
var ajax = ajaxObj("POST", "php_parsers/status_system.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
var datArray = ajax.responseText.split("|");
if(datArray[0] == "reply_ok"){
var rid = datArray[1];
data = data.replace(/</g,"<").replace(/>/g,">").replace(/\n/g,"<br />").replace(/\r/g,"<br />");
_("status_"+sid).innerHTML += '<div id="reply_'+rid+'" class="reply_boxes"><div><b>Reply by you just now:</b><span id="srdb_'+rid+'"><a href="#" onclick="return false;" onmousedown="deleteReply(\''+rid+'\',\'reply_'+rid+'\');" title="DELETE THIS COMMENT">remove</a></span><br />'+data+'</div></div>';
_("replyBtn_"+sid).disabled = false;
_(ta).value = "";
} else {
alert(ajax.responseText);
}
}
}
ajax.send("action=status_reply&sid="+sid+"&user="+user+"&data="+data);
}
function deleteStatus(statusid,statusbox){
var conf = confirm("Press OK to confirm deletion of this status and its replies");
if(conf != true){
return false;
}
var ajax = ajaxObj("POST", "php_parsers/status_system.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
if(ajax.responseText == "delete_ok"){
_(statusbox).style.display = 'none';
_("replytext_"+statusid).style.display = 'none';
_("replyBtn_"+statusid).style.display = 'none';
} else {
alert(ajax.responseText);
}
}
}
ajax.send("action=delete_status&statusid="+statusid);
}
function deleteReply(replyid,replybox){
var conf = confirm("Press OK to confirm deletion of this reply");
if(conf != true){
return false;
}
var ajax = ajaxObj("POST", "php_parsers/status_system.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
if(ajax.responseText == "delete_ok"){
_(replybox).style.display = 'none';
} else {
alert(ajax.responseText);
}
}
}
ajax.send("action=delete_reply&replyid="+replyid);
}
function statusMax(field, maxlimit) {
if (field.value.length > maxlimit){
alert(maxlimit+" maximum character limit reached");
field.value = field.value.substring(0, maxlimit);
}
}
</script>
<div id="statusui">
<?php echo $status_ui; ?>
</div>
<div id="statusarea">
<?php echo $statuslist; ?>
Solution
If the problem is appearing in this line:
if($_POST['type'] != "a" || $_POST['type'] != "c"){
Then, it means that the you do not have an input form with the name type inside it, or the post data may not be transferred at all. So, check your HTML form if it has input called type
OTHER TIPS
The problem appears to be the logic in the conditional. If you change this to:
if($_POST['type'] != "a" && $_POST['type'] != "c")
then the conditional should work as expected. Note that the edit changes the '||' to '&&'.
Why make this edit? Assume that: $_POST['type'] == "a". If so, then:
$_POST['type'] != "a" // false
$_POST['type'] != "c" // true
Thus, the conditional evaluates to: if( false || true ), which in turn evaluates to if( true ). The only time that the original logic will work is if $_POST['type'] != "a" AND $_POST['type'] != "c" (which can never happen because it requires the same variable to have two values at the same time).
See http://en.wikipedia.org/wiki/Truth_table#Logical_disjunction
