getToken(); $_SESSION['token'] = $csrf; } else { $csrf = $db->clean($_SESSION['token'],'encode'); } if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] != '') { $statuslogged = "Log out"; $statusloggedurl = "../logout/"; $uid = $db->intcast($_SESSION['uid']); } else { $statuslogged = "Log in"; $statusloggedurl = "login/"; $statusloggedurl = "../login/"; header("Location: ../"); exit; } if(isset($_POST['user-report']) && isset($_POST['csrf'])) { if($_POST['csrf'] == $_SESSION['token']) { $report = $db->clean($_POST['user-report'],'encode'); $accounttype = $db->clean($_POST['accounttype'],'encode'); $name = $db->clean($_POST['name'],'encode'); $email = $db->clean($_POST['email'],'encode'); // send mail. $postid = $db->intcast($_REQUEST['postid']); $profileid = $db->clean($_REQUEST["profileid"],'encode'); $uid = $db->intcast($_SESSION['uid']); $insertvalue = 1; $stmt = $mysqli->prepare("INSERT INTO flagged (flaggedby, reason, postid, hide) VALUES (?, ?, ?, ?)"); $stmt->bind_param("isii", $uid, $report, $postid, $insertvalue); $stmt->execute(); $message = $report; $message .= PHP_EOL; $message .= $accounttype; $message .= PHP_EOL; $message .= $name; $message .= PHP_EOL; $message .= $email; mail("","Incidence",$message); $showmessage = "Success!"; } } ?>