diff --git a/contacts.php b/contacts.php index ec24625..c0f5c4c 100644 --- a/contacts.php +++ b/contacts.php @@ -6,123 +6,69 @@ if ($_SESSION['uid'] == null) header("Location: index.php"); require_once 'functions.php'; $friend = db::c()->query('SELECT * FROM `friends` WHERE `user` = ?i', $_SESSION['uid'])->fetch_assoc(); - if ($_POST['sd4'] && $_POST['friendadd']) { $_POST['friendadd'] = htmlspecialchars($_POST['friendadd'], NULL, 'cp1251'); - if (preg_match("/__/", $_POST['friendadd']) || preg_match("/--/", $_POST['friendadd'])) { - echo "Персонаж не найден."; - } else { - $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendadd']}' LIMIT 1;")); - } + if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendadd'])) $status = 'Персонаж не найден.'; + else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendadd']}' LIMIT 1;")); + $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, ""); - $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and (`friend`=" . $igogo['id'] . " or `enemy`=" . $igogo['id'] . " or `notinlist`=" . $igogo['id'] . ") LIMIT 1;")); - if (!$igogo['id']) { - echo "Персонаж не найден."; - } elseif ($igogo['id'] == $user['id']) { - echo "Себя добавить нельзя."; - } elseif (preg_match("/__/", $_POST['comment']) || preg_match("/--/", $_POST['comment'])) { - echo "Введен неверный текст."; - } elseif ($igogo2['enemy'] or $igogo2['friend'] or $igogo2['notinlist']) { - echo "Персонаж уже есть в вашем списке."; - } else { - if ($_POST['group'] == 0) { - $notinlist = 0; - $friend = $igogo['id']; - $enemy = 0; - } elseif ($_POST['group'] == 1) { - $notinlist = 0; - $friend = 0; - $enemy = $igogo['id']; - } else { - $notinlist = $igogo['id']; - $friend = 0; - $enemy = 0; - } - mysql_query("INSERT INTO `friends` (`user`, `friend`, `enemy`, `notinlist`, `comment`) VALUES(" . $user['id'] . ", " . $friend . ", " . $enemy . ", " . $notinlist . ", '" . $_POST['comment'] . "');"); - echo "Персонаж " . $_POST['friendadd'] . " добавлен."; + $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;")); + if (!$igogo['id']) $status = 'Персонаж не найден.'; + elseif ($igogo['id'] == $user['id']) $status = 'Себя добавить нельзя.'; + elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!'; + elseif ($igogo2['friend']) $status = 'Персонаж уже есть в списке.'; + else { + if ($_POST['group'] == 0) $friend = $igogo['id']; + + mysql_query("INSERT INTO `friends` (`user`, `friend`, `comment`) VALUES(" . $user['id'] . ", " . $friend . ", '" . $_POST['comment'] . "');"); + $status = 'Контакт добавлен.'; } } if ($_POST['friendremove']) { $_POST['friendremove'] = htmlspecialchars($_POST['friendremove'], NULL, 'cp1251'); - if (preg_match("/__/", $_POST['friendremove']) || preg_match("/--/", $_POST['friendremove'])) { - echo "Персонаж не найден."; - } else { - $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendremove']}' LIMIT 1;")); - } - if (!$igogo['id']) { - echo "Персонаж не найден."; - } else { - $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and (`friend`=" . $igogo['id'] . " or `enemy`=" . $igogo['id'] . " or `notinlist`=" . $igogo['id'] . ") LIMIT 1;")); - if (!$igogo2['enemy'] && !$igogo2['friend'] && !$igogo2['notinlist']) { - echo "Персонаж не найден в вашем списке."; - } else { - if ($igogo2['friend'] > 0) { - $per = "`friend`='" . $igogo2['friend'] . "'"; - } - if ($igogo2['enemy'] > 0) { - $per = "`enemy`='" . $igogo2['enemy'] . "'"; - } - if ($igogo2['notinlist'] > 0) { - $per = "`notinlist`='" . $igogo2['notinlist'] . "'"; - } - if (mysql_query("DELETE FROM `friends` WHERE `user`='" . $user['id'] . "' and " . $per . ";")) { - echo "Данные контакта " . $_POST['friendremove'] . " успешно удалены."; - } + if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendremove'])) $status = 'Персонаж не найден.'; + else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendremove']}' LIMIT 1;")); + + if (!$igogo['id']) $status = 'Персонаж не найден.'; + else { + $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;")); + if (!$igogo2['friend']) $status = 'Персонаж не найден.'; + else { + $per = "`friend`='" . $igogo2['friend'] . "'"; + + mysql_query("DELETE FROM `friends` WHERE `user`='" . $user['id'] . "' and " . $per . ";"); + $status = 'Контакт удалён.'; } } } if ($_POST['friendedit']) { - $_POST['friendedit'] = htmlspecialchars($_POST['friendedit'], NULL, 'cp1251'); - if (preg_match("/__/", $_POST['friendedit']) || preg_match("/--/", $_POST['friendedit'])) { - echo "Персонаж не найден."; - } else { - $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendedit']}' LIMIT 1;")); - } - $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, ""); - if (!$igogo['id']) { - echo "Персонаж не найден."; - } elseif ($igogo['id'] == $user['id']) { - echo "Себя отредактировать нельзя."; - } elseif (preg_match("/__/", $_POST['comment']) || preg_match("/--/", $_POST['comment'])) { - echo "Введен неверный текст."; - } else { + if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendedit'])) $status = 'Персонаж не найден.'; + else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendedit']}' LIMIT 1;")); - if ($_POST['group'] == 0) { - $notinlist = 0; - $friend = $igogo['id']; - $enemy = 0; - } elseif ($_POST['group'] == 1) { - $notinlist = 0; - $friend = 0; - $enemy = $igogo['id']; - } else { - $notinlist = $igogo['id']; - $friend = 0; - $enemy = 0; - } - $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and (`friend`=" . $igogo['id'] . " or `enemy`=" . $igogo['id'] . " or `notinlist`=" . $igogo['id'] . ") LIMIT 1;")); - if (!$igogo2['enemy'] && !$igogo2['friend'] && !$igogo2['notinlist']) { - echo "Персонаж не найден в вашем списке."; - } else { - if ($igogo2['friend'] > 0) { - $per = "`friend`='" . $igogo2['friend'] . "'"; - } - if ($igogo2['enemy'] > 0) { - $per = "`enemy`='" . $igogo2['enemy'] . "'"; - } - if ($igogo2['notinlist'] > 0) { - $per = "`notinlist`='" . $igogo2['notinlist'] . "'"; - } - mysql_query("UPDATE `friends` SET `friend` = " . $friend . ",`enemy` = " . $enemy . ",`notinlist` = " . $notinlist . ",`comment` = " . $_POST['comment'] . " WHERE `user`='" . $user['id'] . "' and " . $per . ""); - echo "Данные контакта " . $_POST['friendedit'] . " успешно изменены."; + $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, ""); + + if (!$igogo['id']) $status = 'Персонаж не найден.'; + elseif ($igogo['id'] == $user['id']) $status = 'Себя отредактировать нельзя.'; + elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!'; + else { + if ($_POST['group'] == 0) $friend = $igogo['id']; + + $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;")); + if (!$igogo2['friend']) $status = 'Персонаж не найден.'; + else { + $per = "`friend`='" . $igogo2['friend'] . "'"; + + mysql_query("UPDATE `friends` SET `friend` = " . $friend . ",`comment` = " . $_POST['comment'] . " WHERE `user`='" . $user['id'] . "' and " . $per . ""); + $status = 'Контакт изменён.'; } } } $admins_list = db::c()->query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER BY `login` ASC', (time() - 60)); +$contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE `friend` > 0 AND `user` = ?i', $_SESSION['uid']); ?> @@ -132,16 +78,19 @@ $admins_list = db::c()->query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER -
+
+ + + +
0;"); - while ($row = mysql_fetch_array($data)) { - $us = mysql_fetch_array(mysql_query("SELECT `id`,`login`,`klan`,`level`,`align`,`room`, `invis`, (select `id` from `online` WHERE `date` >= " . (time() - 60) . " AND `id` = users.`id`) as `online` FROM `users` WHERE `id` = '" . $row['notinlist'] . "';")); ?> - + while ($row = $contacts_list->fetch_assoc()): + $us = db::c()->query('SELECT `id`,`login`,`klan`,`level`,`align`,`room`, `invis`, (select `id` from `online` WHERE `date` >= ?i AND `id` = `users`.`id`) as `online` FROM `users` WHERE `id` = ?i', (time() - 60), $row['friend'])->fetch_assoc(); + ?> - +

Контакты

@@ -156,12 +105,10 @@ $admins_list = db::c()->query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER 		", "", "2", ["Друзья","Враги","Не в группе"], "", [], "");'> + onclick='editcontact("Редактирование контакта", "contacts.php", "friendedit", "", "", "2", "Друзья", "", [], "");'>
query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER - -
+ + onclick='location="/contacts.php?friends="'>
+

Администраторы

fetch_assoc()) echo nick::id($row['id'])->full() . "
"; ?>