2018-01-28 16:40:49 +00:00
< ? php
ob_start ( " ob_gzhandler " );
2018-12-13 20:37:51 +00:00
session_start ();
if ( $_SESSION [ 'uid' ] == null ) header ( " Location: index.php " );
2018-01-28 16:40:49 +00:00
2018-12-13 20:37:51 +00:00
require_once 'functions.php' ;
$friend = db :: c () -> query ( 'SELECT * FROM `friends` WHERE `user` = ?i' , $_SESSION [ 'uid' ]) -> fetch_assoc ();
2018-01-28 16:40:49 +00:00
2018-12-13 20:37:51 +00:00
if ( $_POST [ 'sd4' ] && $_POST [ 'friendadd' ]) {
$_POST [ 'friendadd' ] = htmlspecialchars ( $_POST [ 'friendadd' ], NULL , 'cp1251' );
2018-12-13 22:06:34 +00:00
if ( preg_match ( '/^[- \p{L}\d]+$/u' , $_POST [ 'friendadd' ])) $status = 'Персонаж не найден.' ;
else $igogo = mysql_fetch_array ( mysql_query ( " SELECT id FROM `users` WHERE `login` = ' { $_POST [ 'friendadd' ] } ' LIMIT 1; " ));
2018-12-13 20:37:51 +00:00
$_POST [ 'comment' ] = htmlspecialchars ( $_POST [ 'comment' ], NULL , " " );
2018-12-13 22:06:34 +00:00
$igogo2 = mysql_fetch_array ( mysql_query ( " SELECT friend FROM `friends` WHERE `user` = ' " . $user [ 'id' ] . " ' and `friend`= " . $igogo [ 'id' ] . " LIMIT 1; " ));
if ( ! $igogo [ 'id' ]) $status = 'Персонаж не найден.' ;
elseif ( $igogo [ 'id' ] == $user [ 'id' ]) $status = 'Себя добавить нельзя.' ;
elseif ( preg_match ( '/^[- \p{L}\d]+$/u' , $_POST [ 'comment' ])) $status = 'Ошибка ввода: запрещённые символы!' ;
elseif ( $igogo2 [ 'friend' ]) $status = 'Персонаж уже есть в списке.' ;
else {
if ( $_POST [ 'group' ] == 0 ) $friend = $igogo [ 'id' ];
mysql_query ( " INSERT INTO `friends` (`user`, `friend`, `comment`) VALUES( " . $user [ 'id' ] . " , " . $friend . " , ' " . $_POST [ 'comment' ] . " '); " );
$status = 'Контакт добавлен.' ;
2018-01-28 16:40:49 +00:00
}
}
2018-06-24 01:18:49 +00:00
2018-12-13 20:37:51 +00:00
if ( $_POST [ 'friendremove' ]) {
$_POST [ 'friendremove' ] = htmlspecialchars ( $_POST [ 'friendremove' ], NULL , 'cp1251' );
2018-12-13 22:06:34 +00:00
if ( preg_match ( '/^[- \p{L}\d]+$/u' , $_POST [ 'friendremove' ])) $status = 'Персонаж не найден.' ;
else $igogo = mysql_fetch_array ( mysql_query ( " SELECT id FROM `users` WHERE `login` = ' { $_POST [ 'friendremove' ] } ' LIMIT 1; " ));
if ( ! $igogo [ 'id' ]) $status = 'Персонаж не найден.' ;
else {
$igogo2 = mysql_fetch_array ( mysql_query ( " SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = ' " . $user [ 'id' ] . " ' and `friend`= " . $igogo [ 'id' ] . " LIMIT 1; " ));
if ( ! $igogo2 [ 'friend' ]) $status = 'Персонаж не найден.' ;
else {
$per = " `friend`=' " . $igogo2 [ 'friend' ] . " ' " ;
mysql_query ( " DELETE FROM `friends` WHERE `user`=' " . $user [ 'id' ] . " ' and " . $per . " ; " );
$status = 'Контакт удалён.' ;
2018-12-13 20:37:51 +00:00
}
}
2018-06-24 01:18:49 +00:00
}
2018-12-13 20:37:51 +00:00
if ( $_POST [ 'friendedit' ]) {
$_POST [ 'friendedit' ] = htmlspecialchars ( $_POST [ 'friendedit' ], NULL , 'cp1251' );
2018-12-13 22:06:34 +00:00
if ( preg_match ( '/^[- \p{L}\d]+$/u' , $_POST [ 'friendedit' ])) $status = 'Персонаж не найден.' ;
else $igogo = mysql_fetch_array ( mysql_query ( " SELECT id FROM `users` WHERE `login` = ' { $_POST [ 'friendedit' ] } ' LIMIT 1; " ));
2018-12-13 20:37:51 +00:00
$_POST [ 'comment' ] = htmlspecialchars ( $_POST [ 'comment' ], NULL , " " );
2018-06-24 01:18:49 +00:00
2018-12-13 22:06:34 +00:00
if ( ! $igogo [ 'id' ]) $status = 'Персонаж не найден.' ;
elseif ( $igogo [ 'id' ] == $user [ 'id' ]) $status = 'Себя отредактировать нельзя.' ;
elseif ( preg_match ( '/^[- \p{L}\d]+$/u' , $_POST [ 'comment' ])) $status = 'Ошибка ввода: запрещённые символы!' ;
else {
if ( $_POST [ 'group' ] == 0 ) $friend = $igogo [ 'id' ];
$igogo2 = mysql_fetch_array ( mysql_query ( " SELECT friend FROM `friends` WHERE `user` = ' " . $user [ 'id' ] . " ' and `friend`= " . $igogo [ 'id' ] . " LIMIT 1; " ));
if ( ! $igogo2 [ 'friend' ]) $status = 'Персонаж не найден.' ;
else {
$per = " `friend`=' " . $igogo2 [ 'friend' ] . " ' " ;
mysql_query ( " UPDATE `friends` SET `friend` = " . $friend . " ,`comment` = " . $_POST [ 'comment' ] . " WHERE `user`=' " . $user [ 'id' ] . " ' and " . $per . " " );
$status = 'Контакт изменён.' ;
2018-12-13 20:37:51 +00:00
}
}
2018-06-24 01:18:49 +00:00
}
2018-12-13 21:15:49 +00:00
$admins_list = db :: c () -> query ( 'SELECT `id` FROM `users` WHERE `admin` = 1 ORDER BY `login` ASC' , ( time () - 60 ));
2018-12-13 22:06:34 +00:00
$contacts_list = db :: c () -> query ( 'SELECT `friend`,`comment` FROM `friends` WHERE `friend` > 0 AND `user` = ?i' , $_SESSION [ 'uid' ]);
2018-12-13 20:37:51 +00:00
?>
< HTML >
< HEAD >
< meta charset = " utf-8 " >
< link rel = stylesheet href = " css/main.css " >
< link rel = stylesheet href = " css/friend/main.css " >
< link href = " css/friend/design3.css " rel = " stylesheet " type = " text/css " >
2018-01-28 16:40:49 +00:00
</ HEAD >
2018-12-13 21:15:49 +00:00
< body >
2018-12-13 22:23:45 +00:00
< div style = " text-align: right " >
2018-12-13 23:58:05 +00:00
< input type = 'button' style = 'width: 100px' value = 'Добавить контакт' onclick = 'addcontact()' >
< input type = 'button' style = 'width: 100px' value = 'Удалить контакт' onclick = 'removecontact()' >
< input type = 'button' value = 'Обновить' style = 'width: 75px' onclick = 'location="/contacts.php?friends=<?= mt_rand() ?>"' >
2018-12-13 22:23:45 +00:00
< input TYPE = 'button' value = 'Вернуться' style = 'width: 75px' onclick = 'location="main.php"' >
</ div >
2018-12-13 22:06:34 +00:00
< div id = hint4 class = ahint >
< ? php if ( isset ( $status )) : ?>
2018-12-13 22:23:45 +00:00
< span style = " color: darkred; " >< ? = $status ?> </span>
2018-12-13 22:06:34 +00:00
< ? php endif ; ?>
</ div >
2018-12-13 21:15:49 +00:00
< TABLE width = " 100% " >
2018-12-13 20:37:51 +00:00
< TR >
2018-12-13 22:23:45 +00:00
< TD style = " vertical-align: top; background: silver; " >
2018-12-13 20:37:51 +00:00
< TABLE cellspacing = 0 cellpadding = 2 width = " 100% " >
2018-12-13 23:58:05 +00:00
< tr >
< td colspan = " 3 " >< h3 > Контакты </ h3 ></ td >
</ tr >
2018-12-13 20:37:51 +00:00
< ? php
2018-12-13 22:06:34 +00:00
while ( $row = $contacts_list -> fetch_assoc ()) :
2018-12-13 23:58:05 +00:00
$us = db :: c () -> query ( 'SELECT `id`,`login`,`room`, `invis`, (select `id` from `online` WHERE `date` >= ?i AND `id` = `users`.`id`) as `online` FROM `users` WHERE `id` = ?i' , ( time () - 60 ), $row [ 'friend' ]) -> fetch_assoc ();
2018-12-13 22:06:34 +00:00
?>
2018-12-13 20:37:51 +00:00
< TR valign = " top " >
< TD >
2018-12-13 21:15:49 +00:00
< ? php
2018-12-13 23:58:05 +00:00
if ( $us [ 'online' ] > 0 && ! $us [ " invis " ]) echo nick :: id ( $us [ 'id' ]) -> full () . " - <i> " . $us [ 'room' ] . " </i><br> " ;
else echo " <span style='color: grey'> " . nick :: id ( $us [ 'id' ]) -> full () . " </span><br> " ;
2018-12-13 20:37:51 +00:00
?>
</ TD >
2018-12-13 23:58:05 +00:00
< TD style = " background: #efeded; width: 60%; font-style: italic; " >
< small >< ? = $row [ 'comment' ] ?> </small>
2018-12-13 22:23:45 +00:00
</ TD >
2018-12-13 21:15:49 +00:00
< TD width = " 1% " >
2018-12-13 23:58:05 +00:00
< input type = 'button' style = " float: right " value = " Редактировать "
onclick = 'editcontact("<?= $us[' login '] ?>", "<?= $row[' comment '] ?>")' >
2018-12-13 20:37:51 +00:00
</ TD >
</ TR >
2018-12-13 22:06:34 +00:00
< ? endwhile ; ?>
2018-12-13 20:37:51 +00:00
</ TABLE >
</ TD >
2018-12-13 22:23:45 +00:00
< TD style = " width: 200px; vertical-align: top; background: whitesmoke; " >
< h3 > Администраторы </ h3 >
< ? php while ( $row = $admins_list -> fetch_assoc ()) echo nick :: id ( $row [ 'id' ]) -> full () . " <br> " ; ?>
2018-12-13 20:37:51 +00:00
</ TD >
</ TR >
</ TABLE >
< script >
2018-12-13 23:58:05 +00:00
function editcontact ( login , comment ) {
2018-12-14 00:30:54 +00:00
var s = '<table width=250 bgcolor=CCC3AA><tr><td align=center><b>Редактировать контакт</b></td><td width=20 align=right valign=top style="cursor: hand" onclick="closehint();"><b>x</td></tr><tr><td colspan=2>' ;
s += '<table width=100% align=center bgcolor=FFF6DD><form method=POST>' ;
s += '<tr><td><input type="hidden" name="friendedit" value="' + login + '"><input type="hidden" name="sd4">' ;
2018-12-14 00:36:47 +00:00
s += '<input name="comment" value="' + comment + '" placeholder="Комментарий" style="width: 105px">' ;
2018-12-14 00:39:41 +00:00
s += '<input type="submit" value="Сохранить"></td></tr></form></table>' ;
2018-12-14 00:30:54 +00:00
s += '</td></tr></table>' ;
2018-12-13 23:58:05 +00:00
document . getElementById ( " hint4 " ) . innerHTML = s ;
document . getElementById ( " hint4 " ) . style . visibility = " visible " ;
document . getElementById ( " hint4 " ) . style . left = 100 ;
document . getElementById ( " hint4 " ) . style . top = document . body . scrollTop + 50 ;
document . getElementById ( " comment " ) . focus ();
2018-12-13 20:37:51 +00:00
Hint3Name = '' ;
}
2018-01-28 16:40:49 +00:00
2018-12-13 23:58:05 +00:00
function addcontact () {
2018-12-14 00:30:54 +00:00
var s = '<table width=250 bgcolor=CCC3AA><tr><td align=center><B>Добавить контакт</td><td width=20 align=right valign=top style="cursor: hand" onclick="closehint();"><b>x</td></tr><tr><td colspan=2>' ;
s += '<table width=100% bgcolor=FFF6DD align=center><form method=POST>' ;
2018-12-14 00:39:41 +00:00
s += '<tr><td><input name="friendadd" placeholder="Логин" style="width:105px"> ' ;
2018-12-14 00:36:47 +00:00
s += '<input name="comment" placeholder="Комментарий" style="width:105px"></td></tr>' ;
2018-12-14 00:39:41 +00:00
s += '<tr><td><input type="submit" value="Добавить запись"><input type="hidden" name="sd4"></td></tr></form></table>' ;
2018-12-14 00:30:54 +00:00
s += '</td></tr></table>' ;
2018-12-13 23:58:05 +00:00
document . getElementById ( " hint4 " ) . innerHTML = s ;
document . getElementById ( " hint4 " ) . style . visibility = " visible " ;
document . getElementById ( " hint4 " ) . style . left = 100 ;
document . getElementById ( " hint4 " ) . style . top = document . body . scrollTop + 50 ;
document . getElementById ( name ) . focus ();
2018-12-13 20:37:51 +00:00
Hint3Name = name ;
}
2018-01-28 16:40:49 +00:00
2018-12-13 23:58:05 +00:00
function removecontact () {
2018-12-14 00:30:54 +00:00
var s = '<table width=250 bgcolor=CCC3AA><tr><td align=center><b>Удалить контакт</b></td><td width=20 align=right valign=top style="cursor: hand" onclick="closehint();"><b>x</td></tr><tr><td colspan=2>' ;
s += '<table width=100% align=center bgcolor=FFF6DD><form method=POST>' ;
2018-12-14 00:36:47 +00:00
s += '<tr><td><input type="hidden" name="sd4">' ;
s += '<input name="friendremove" placeholder="Логин" style="width: 105px">' ;
2018-12-14 00:39:41 +00:00
s += '<input type="submit" value="Удалить"></td></tr></form></table>' ;
2018-12-14 00:30:54 +00:00
s += '</td></tr></table>' ;
2018-12-13 23:58:05 +00:00
document . getElementById ( " hint4 " ) . innerHTML = s ;
document . getElementById ( " hint4 " ) . style . visibility = " visible " ;
document . getElementById ( " hint4 " ) . style . left = 100 ;
document . getElementById ( " hint4 " ) . style . top = document . body . scrollTop + 50 ;
document . getElementById ( name ) . focus ();
Hint3Name = name ;
2018-12-13 20:37:51 +00:00
}
2018-01-28 16:40:49 +00:00
2018-12-14 00:30:54 +00:00
function closehint ()
2018-12-13 23:58:05 +00:00
{
document . getElementById ( " hint4 " ) . style . visibility = " hidden " ;
Hint3Name = '' ;
2018-12-13 20:37:51 +00:00
}
</ script >
</ body >
2018-01-28 16:40:49 +00:00
</ HTML >