I LOVE the header, it's so creative!
I have a few suggestions:
You could use user_id as FK column in user_home instead of username, it's a good practice to always use an id column as FK if one is available. Also you seem to be using a different parameter in your queries each time while you're actually inserting a username every time. You could use :username as a parameter every time to make it more neat. The last thing is you're querying the user_home column two times, while you seem to be needing all the columns at the second time. You could select all the columns the first time and use those results twice. It will gain some miliseconds of speed! You're also making a connection to the database twice, that wouldn't be necessary.
This piece of code contains XSS leaks:
Code:
<div class="comment">
<IMG class="commentImg"
SRC="http://www.habbo.nl/habbo-imaging/avatarimage?figure=<?php echo $look; ?>&direction=2&head_direction=3&gesture=sml&size=1"
ALT="picture of a pumpkin">
<div class="commentText">
<h1 style=" font-weight: bold;
text-shadow: 2px 0px 11px #6E6E6E;"><a href="?url=home&user=<?php echo $username; ?>"><span <?php if($rank == '3' || $rank == '4' || $rank == '5') echo 'class="staffText"'; ?>
style="color: <?php echo $color; ?>; background-image: url('{url}/app/tpl/skins/Habbo/images/<?php if ($rank == '4' || $rank == '5') {
echo 'staff.gif';
} else if ($rank == '2') {
echo 'vip.gif';
} else if ($rank == '3') {
echo 'rank3.gif';
} ?>');"><?php echo $username; ?></span></a>
</h1>
<p class="rank"><?php echo $rankName; ?></p>
<p><?php echo $comment['comment']; ?></p>
</div>
<div class="reset">f</div>
<hr>
Always use htmlentities or htmlspecialchars if you're outputting data out of the database.
Same goes for:
Code:
<div id="column2" class="column">
<div class="habblet-container guestBook about">
<div class="cbb clearfix yellow">
<h2 class="title">About <?php echo $user['username']; ?></h2>
<?php
if ($_SESSION['user']['id'] != null && $_SESSION['user']['id'] == $user['id']) { ?>
<textarea class="long_desc" id="long_desc" rows="4" cols="39"
name="long_description"
form="long_description"><?php echo $home['long_description']; ?></textarea>
<form id="long_description" action="" method="POST">
<input style="margin: 8px; float: right;" type="submit" value="Save"/>
</form>
<?php } else { ?>
<p style="min-height: 80px;"><?php echo $home['long_description']; ?></p>
<?php } ?>
</div>
</div>
</div>
and
Code:
<div class="friend">
<IMG class="friendIMG"
SRC="http://www.habbo.nl/habbo-imaging/avatarimage?figure=<?php echo $friend['look']; ?>&direction=2&head_direction=3&gesture=sml&size=1"
ALT="picture of a pumpkin">
<div class="friendText">
<a style="display: table;" href="?url=home&user=<?php echo $friend['username']; ?>"><h1
class="friendName <?php if($rank == '3' || $rank == '4' || $rank == '5') echo 'staffText'; ?>"
style="display: table; color: <?php echo $color; ?>!important;background-image: url('{url}/app/tpl/skins/Habbo/images/<?php if ($rank == '4' || $rank == '5') {
echo 'staff.gif';
} else if ($rank == '2') {
echo 'vip.gif';
} else if ($rank == '3') {
echo 'rank3.gif';
} ?>');"><?php echo $friend['username']; ?></h1>
</a>
<p>Motto: <?php echo $friend['motto']; ?></p>
</div>
<br>
<br>
<br>
</div>
<hr>
And
Code:
<div id="column1" class="column">
<div class="habblet-container guestBook friends">
<div class="cbb clearfix red">
<h2 class="title"><?php echo $user['username']; ?>'s Status</h2>
<p style="padding: 8px;"><?php echo $user['username']; ?> is
currently <?php if ($user['online'] == 1) { ?><span
style="color: green;">Online</span> <?php } else { ?> <span
style="color: red;">Offline</span> <?php } ?></p>
</div>
</div>
</div>
Never trust your enduser!