From 81415acba4a597219df48cf63d53a23a047710ff Mon Sep 17 00:00:00 2001 From: "Igor Barkov [iwork]" Date: Fri, 14 Dec 2018 13:43:50 +0200 Subject: [PATCH] =?UTF-8?q?=D0=A3=D0=B1=D1=80=D0=B0=D0=BB=20Deprecated.=20?= =?UTF-8?q?=D0=A0=D0=B0=D0=B1=D0=BE=D1=87=D0=B0=D1=8F=20=D0=B2=D0=B5=D1=80?= =?UTF-8?q?=D1=81=D0=B8=D1=8F.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- contacts.php | 88 ++++++++++++++++++---------------------------------- 1 file changed, 30 insertions(+), 58 deletions(-) diff --git a/contacts.php b/contacts.php index fb51dd0..cf7739f 100644 --- a/contacts.php +++ b/contacts.php @@ -2,69 +2,42 @@ ob_start("ob_gzhandler"); session_start(); if ($_SESSION['uid'] == null) header("Location: index.php"); +require_once 'config.php'; -require_once 'functions.php'; -$friend = db::c()->query('SELECT * FROM `friends` WHERE `user` = ?i', $_SESSION['uid'])->fetch_assoc(); +if (input::post('friendadd')) { + $q = db::c()->query('SELECT `id` FROM `users` WHERE `login` = "?s"', input::post('friendadd'))->fetch_assoc(); + $q2 = db::c()->query('SELECT 1 FROM `friends` WHERE `user` = ?i AND `friend` = ?i', $_SESSION['uid'], $q['id']); -if ($_POST['sd4'] && $_POST['friendadd']) { - $_POST['friendadd'] = htmlspecialchars($_POST['friendadd'], NULL, 'cp1251'); - if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendadd'])) $status = 'Персонаж не найден.'; - else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendadd']}' LIMIT 1;")); - - $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, ""); - $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;")); - if (!$igogo['id']) $status = 'Персонаж не найден.'; - elseif ($igogo['id'] == $user['id']) $status = 'Себя добавить нельзя.'; - elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!'; - elseif ($igogo2['friend']) $status = 'Персонаж уже есть в списке.'; + if (!$q['id']) $status = 'Персонаж не найден.'; + elseif ($q['id'] == $_SESSION['uid']) $status = 'Себя добавить нельзя.'; + elseif ($q2->getNumRows()) $status = 'Персонаж уже есть в списке.'; else { - if ($_POST['group'] == 0) $friend = $igogo['id']; - - mysql_query("INSERT INTO `friends` (`user`, `friend`, `comment`) VALUES(" . $user['id'] . ", " . $friend . ", '" . $_POST['comment'] . "');"); + db::c()->query('INSERT INTO `friends` (`user`, `friend`, `comment`) VALUES (?i,?i,"?s")', $_SESSION['uid'], $q['id'], input::post('comment')); $status = 'Контакт добавлен.'; } } -if ($_POST['friendremove']) { - $_POST['friendremove'] = htmlspecialchars($_POST['friendremove'], NULL, 'cp1251'); - if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendremove'])) $status = 'Персонаж не найден.'; - else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendremove']}' LIMIT 1;")); +if (input::post('friendremove')) { + $q = db::c()->query('SELECT `id` FROM `users` WHERE `login` = "?s"', input::post('friendremove'))->fetch_assoc(); + $q2 = db::c()->query('SELECT 1 FROM `friends` WHERE `user` = ?i AND `friend` = ?i', $_SESSION['uid'], $q['id']); - if (!$igogo['id']) $status = 'Персонаж не найден.'; + if (!$q['id'] OR !$q2->getNumRows()) $status = 'Персонаж не найден.'; else { - $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;")); - if (!$igogo2['friend']) $status = 'Персонаж не найден.'; - else { - $per = "`friend`='" . $igogo2['friend'] . "'"; - - mysql_query("DELETE FROM `friends` WHERE `user`='" . $user['id'] . "' and " . $per . ";"); - $status = 'Контакт удалён.'; - } + db::c()->query('DELETE FROM `friends` WHERE `user` = ?i AND `friend` = ?i', $_SESSION['uid'], $q['id']); + $status = 'Контакт удалён.'; } } -if ($_POST['friendedit']) { - $_POST['friendedit'] = htmlspecialchars($_POST['friendedit'], NULL, 'cp1251'); - if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendedit'])) $status = 'Персонаж не найден.'; - else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendedit']}' LIMIT 1;")); +if (input::post('friendedit')) { + $q = db::c()->query('SELECT `id` FROM `users` WHERE `login` = "?s"', input::post('friendedit'))->fetch_assoc(); + $q2 = db::c()->query('SELECT 1 FROM `friends` WHERE `user` = ?i AND `friend` = ?i', $_SESSION['uid'], $q['id']); - $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, ""); - - if (!$igogo['id']) $status = 'Персонаж не найден.'; - elseif ($igogo['id'] == $user['id']) $status = 'Себя отредактировать нельзя.'; - elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!'; + if (!$q2['friend']) $status = 'Персонаж не найден.'; else { - if ($_POST['group'] == 0) $friend = $igogo['id']; - - $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;")); - if (!$igogo2['friend']) $status = 'Персонаж не найден.'; - else { - $per = "`friend`='" . $igogo2['friend'] . "'"; - - mysql_query("UPDATE `friends` SET `friend` = " . $friend . ",`comment` = " . $_POST['comment'] . " WHERE `user`='" . $user['id'] . "' and " . $per . ""); - $status = 'Контакт изменён.'; - } + db::c()->query('UPDATE `friends` SET `comment` = "?s" WHERE `user` = ?i AND `friend` = ?i', input::post('comment'), $_SESSION['uid'], $q['id']); + $status = 'Контакт изменён.'; } + } $admins_list = db::c()->query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER BY `login` ASC', (time() - 60)); @@ -81,7 +54,8 @@ $contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE
- +
@@ -128,7 +102,7 @@ $contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE function editcontact(login, comment) { var s = '
Редактировать контактx
'; s += ''; - s += '
'; + s += '
'; s += ' '; s += '
'; s += '
'; @@ -145,7 +119,7 @@ $contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE s += ''; s += ''; - s += '
'; s += '
'; + s += ''; s += ''; document.getElementById("hint4").innerHTML = s; document.getElementById("hint4").style.visibility = "visible"; @@ -158,22 +132,20 @@ $contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE function removecontact() { var s = '
Удалить контактx
'; s += ''; - s += '
'; - s += ' '; + s += '
'; s += '
'; s += '
'; document.getElementById("hint4").innerHTML = s; document.getElementById("hint4").style.visibility = "visible"; document.getElementById("hint4").style.left = 100; - document.getElementById("hint4").style.top = document.body.scrollTop+50; + document.getElementById("hint4").style.top = document.body.scrollTop + 50; document.getElementById(name).focus(); Hint3Name = name; } - function closehint() - { - document.getElementById("hint4").style.visibility="hidden"; - Hint3Name=''; + function closehint() { + document.getElementById("hint4").style.visibility = "hidden"; + Hint3Name = ''; }