diff --git a/contacts.php b/contacts.php
index fb51dd0..cf7739f 100644
--- a/contacts.php
+++ b/contacts.php
@@ -2,69 +2,42 @@
ob_start("ob_gzhandler");
session_start();
if ($_SESSION['uid'] == null) header("Location: index.php");
+require_once 'config.php';
-require_once 'functions.php';
-$friend = db::c()->query('SELECT * FROM `friends` WHERE `user` = ?i', $_SESSION['uid'])->fetch_assoc();
+if (input::post('friendadd')) {
+ $q = db::c()->query('SELECT `id` FROM `users` WHERE `login` = "?s"', input::post('friendadd'))->fetch_assoc();
+ $q2 = db::c()->query('SELECT 1 FROM `friends` WHERE `user` = ?i AND `friend` = ?i', $_SESSION['uid'], $q['id']);
-if ($_POST['sd4'] && $_POST['friendadd']) {
- $_POST['friendadd'] = htmlspecialchars($_POST['friendadd'], NULL, 'cp1251');
- if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendadd'])) $status = 'Персонаж не найден.';
- else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendadd']}' LIMIT 1;"));
-
- $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, "");
- $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;"));
- if (!$igogo['id']) $status = 'Персонаж не найден.';
- elseif ($igogo['id'] == $user['id']) $status = 'Себя добавить нельзя.';
- elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!';
- elseif ($igogo2['friend']) $status = 'Персонаж уже есть в списке.';
+ if (!$q['id']) $status = 'Персонаж не найден.';
+ elseif ($q['id'] == $_SESSION['uid']) $status = 'Себя добавить нельзя.';
+ elseif ($q2->getNumRows()) $status = 'Персонаж уже есть в списке.';
else {
- if ($_POST['group'] == 0) $friend = $igogo['id'];
-
- mysql_query("INSERT INTO `friends` (`user`, `friend`, `comment`) VALUES(" . $user['id'] . ", " . $friend . ", '" . $_POST['comment'] . "');");
+ db::c()->query('INSERT INTO `friends` (`user`, `friend`, `comment`) VALUES (?i,?i,"?s")', $_SESSION['uid'], $q['id'], input::post('comment'));
$status = 'Контакт добавлен.';
}
}
-if ($_POST['friendremove']) {
- $_POST['friendremove'] = htmlspecialchars($_POST['friendremove'], NULL, 'cp1251');
- if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendremove'])) $status = 'Персонаж не найден.';
- else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendremove']}' LIMIT 1;"));
+if (input::post('friendremove')) {
+ $q = db::c()->query('SELECT `id` FROM `users` WHERE `login` = "?s"', input::post('friendremove'))->fetch_assoc();
+ $q2 = db::c()->query('SELECT 1 FROM `friends` WHERE `user` = ?i AND `friend` = ?i', $_SESSION['uid'], $q['id']);
- if (!$igogo['id']) $status = 'Персонаж не найден.';
+ if (!$q['id'] OR !$q2->getNumRows()) $status = 'Персонаж не найден.';
else {
- $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;"));
- if (!$igogo2['friend']) $status = 'Персонаж не найден.';
- else {
- $per = "`friend`='" . $igogo2['friend'] . "'";
-
- mysql_query("DELETE FROM `friends` WHERE `user`='" . $user['id'] . "' and " . $per . ";");
- $status = 'Контакт удалён.';
- }
+ db::c()->query('DELETE FROM `friends` WHERE `user` = ?i AND `friend` = ?i', $_SESSION['uid'], $q['id']);
+ $status = 'Контакт удалён.';
}
}
-if ($_POST['friendedit']) {
- $_POST['friendedit'] = htmlspecialchars($_POST['friendedit'], NULL, 'cp1251');
- if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendedit'])) $status = 'Персонаж не найден.';
- else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendedit']}' LIMIT 1;"));
+if (input::post('friendedit')) {
+ $q = db::c()->query('SELECT `id` FROM `users` WHERE `login` = "?s"', input::post('friendedit'))->fetch_assoc();
+ $q2 = db::c()->query('SELECT 1 FROM `friends` WHERE `user` = ?i AND `friend` = ?i', $_SESSION['uid'], $q['id']);
- $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, "");
-
- if (!$igogo['id']) $status = 'Персонаж не найден.';
- elseif ($igogo['id'] == $user['id']) $status = 'Себя отредактировать нельзя.';
- elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!';
+ if (!$q2['friend']) $status = 'Персонаж не найден.';
else {
- if ($_POST['group'] == 0) $friend = $igogo['id'];
-
- $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;"));
- if (!$igogo2['friend']) $status = 'Персонаж не найден.';
- else {
- $per = "`friend`='" . $igogo2['friend'] . "'";
-
- mysql_query("UPDATE `friends` SET `friend` = " . $friend . ",`comment` = " . $_POST['comment'] . " WHERE `user`='" . $user['id'] . "' and " . $per . "");
- $status = 'Контакт изменён.';
- }
+ db::c()->query('UPDATE `friends` SET `comment` = "?s" WHERE `user` = ?i AND `friend` = ?i', input::post('comment'), $_SESSION['uid'], $q['id']);
+ $status = 'Контакт изменён.';
}
+
}
$admins_list = db::c()->query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER BY `login` ASC', (time() - 60));
@@ -81,7 +54,8 @@ $contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE
-
+
@@ -128,7 +102,7 @@ $contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE
function editcontact(login, comment) {
var s = '
Редактировать контакт
x
';
s += '
';
s += '
';
@@ -145,7 +119,7 @@ $contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE
s += '
';
+ s += '
';
s += '';
document.getElementById("hint4").innerHTML = s;
document.getElementById("hint4").style.visibility = "visible";
@@ -158,22 +132,20 @@ $contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE
function removecontact() {
var s = '