diff --git a/contacts.php b/contacts.php
index ec24625..c0f5c4c 100644
--- a/contacts.php
+++ b/contacts.php
@@ -6,123 +6,69 @@ if ($_SESSION['uid'] == null) header("Location: index.php");
require_once 'functions.php';
$friend = db::c()->query('SELECT * FROM `friends` WHERE `user` = ?i', $_SESSION['uid'])->fetch_assoc();
-
if ($_POST['sd4'] && $_POST['friendadd']) {
$_POST['friendadd'] = htmlspecialchars($_POST['friendadd'], NULL, 'cp1251');
- if (preg_match("/__/", $_POST['friendadd']) || preg_match("/--/", $_POST['friendadd'])) {
- echo "Персонаж не найден.";
- } else {
- $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendadd']}' LIMIT 1;"));
- }
+ if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendadd'])) $status = 'Персонаж не найден.';
+ else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendadd']}' LIMIT 1;"));
+
$_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, "");
- $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and (`friend`=" . $igogo['id'] . " or `enemy`=" . $igogo['id'] . " or `notinlist`=" . $igogo['id'] . ") LIMIT 1;"));
- if (!$igogo['id']) {
- echo "Персонаж не найден.";
- } elseif ($igogo['id'] == $user['id']) {
- echo "Себя добавить нельзя.";
- } elseif (preg_match("/__/", $_POST['comment']) || preg_match("/--/", $_POST['comment'])) {
- echo "Введен неверный текст.";
- } elseif ($igogo2['enemy'] or $igogo2['friend'] or $igogo2['notinlist']) {
- echo "Персонаж уже есть в вашем списке.";
- } else {
- if ($_POST['group'] == 0) {
- $notinlist = 0;
- $friend = $igogo['id'];
- $enemy = 0;
- } elseif ($_POST['group'] == 1) {
- $notinlist = 0;
- $friend = 0;
- $enemy = $igogo['id'];
- } else {
- $notinlist = $igogo['id'];
- $friend = 0;
- $enemy = 0;
- }
- mysql_query("INSERT INTO `friends` (`user`, `friend`, `enemy`, `notinlist`, `comment`) VALUES(" . $user['id'] . ", " . $friend . ", " . $enemy . ", " . $notinlist . ", '" . $_POST['comment'] . "');");
- echo "Персонаж " . $_POST['friendadd'] . " добавлен.";
+ $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;"));
+ if (!$igogo['id']) $status = 'Персонаж не найден.';
+ elseif ($igogo['id'] == $user['id']) $status = 'Себя добавить нельзя.';
+ elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!';
+ elseif ($igogo2['friend']) $status = 'Персонаж уже есть в списке.';
+ else {
+ if ($_POST['group'] == 0) $friend = $igogo['id'];
+
+ mysql_query("INSERT INTO `friends` (`user`, `friend`, `comment`) VALUES(" . $user['id'] . ", " . $friend . ", '" . $_POST['comment'] . "');");
+ $status = 'Контакт добавлен.';
}
}
if ($_POST['friendremove']) {
$_POST['friendremove'] = htmlspecialchars($_POST['friendremove'], NULL, 'cp1251');
- if (preg_match("/__/", $_POST['friendremove']) || preg_match("/--/", $_POST['friendremove'])) {
- echo "Персонаж не найден.";
- } else {
- $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendremove']}' LIMIT 1;"));
- }
- if (!$igogo['id']) {
- echo "Персонаж не найден.";
- } else {
- $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and (`friend`=" . $igogo['id'] . " or `enemy`=" . $igogo['id'] . " or `notinlist`=" . $igogo['id'] . ") LIMIT 1;"));
- if (!$igogo2['enemy'] && !$igogo2['friend'] && !$igogo2['notinlist']) {
- echo "Персонаж не найден в вашем списке.";
- } else {
- if ($igogo2['friend'] > 0) {
- $per = "`friend`='" . $igogo2['friend'] . "'";
- }
- if ($igogo2['enemy'] > 0) {
- $per = "`enemy`='" . $igogo2['enemy'] . "'";
- }
- if ($igogo2['notinlist'] > 0) {
- $per = "`notinlist`='" . $igogo2['notinlist'] . "'";
- }
- if (mysql_query("DELETE FROM `friends` WHERE `user`='" . $user['id'] . "' and " . $per . ";")) {
- echo "Данные контакта " . $_POST['friendremove'] . " успешно удалены.";
- }
+ if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendremove'])) $status = 'Персонаж не найден.';
+ else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendremove']}' LIMIT 1;"));
+
+ if (!$igogo['id']) $status = 'Персонаж не найден.';
+ else {
+ $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;"));
+ if (!$igogo2['friend']) $status = 'Персонаж не найден.';
+ else {
+ $per = "`friend`='" . $igogo2['friend'] . "'";
+
+ mysql_query("DELETE FROM `friends` WHERE `user`='" . $user['id'] . "' and " . $per . ";");
+ $status = 'Контакт удалён.';
}
}
}
if ($_POST['friendedit']) {
-
$_POST['friendedit'] = htmlspecialchars($_POST['friendedit'], NULL, 'cp1251');
- if (preg_match("/__/", $_POST['friendedit']) || preg_match("/--/", $_POST['friendedit'])) {
- echo "Персонаж не найден.";
- } else {
- $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendedit']}' LIMIT 1;"));
- }
- $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, "");
- if (!$igogo['id']) {
- echo "Персонаж не найден.";
- } elseif ($igogo['id'] == $user['id']) {
- echo "Себя отредактировать нельзя.";
- } elseif (preg_match("/__/", $_POST['comment']) || preg_match("/--/", $_POST['comment'])) {
- echo "Введен неверный текст.";
- } else {
+ if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendedit'])) $status = 'Персонаж не найден.';
+ else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendedit']}' LIMIT 1;"));
- if ($_POST['group'] == 0) {
- $notinlist = 0;
- $friend = $igogo['id'];
- $enemy = 0;
- } elseif ($_POST['group'] == 1) {
- $notinlist = 0;
- $friend = 0;
- $enemy = $igogo['id'];
- } else {
- $notinlist = $igogo['id'];
- $friend = 0;
- $enemy = 0;
- }
- $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and (`friend`=" . $igogo['id'] . " or `enemy`=" . $igogo['id'] . " or `notinlist`=" . $igogo['id'] . ") LIMIT 1;"));
- if (!$igogo2['enemy'] && !$igogo2['friend'] && !$igogo2['notinlist']) {
- echo "Персонаж не найден в вашем списке.";
- } else {
- if ($igogo2['friend'] > 0) {
- $per = "`friend`='" . $igogo2['friend'] . "'";
- }
- if ($igogo2['enemy'] > 0) {
- $per = "`enemy`='" . $igogo2['enemy'] . "'";
- }
- if ($igogo2['notinlist'] > 0) {
- $per = "`notinlist`='" . $igogo2['notinlist'] . "'";
- }
- mysql_query("UPDATE `friends` SET `friend` = " . $friend . ",`enemy` = " . $enemy . ",`notinlist` = " . $notinlist . ",`comment` = " . $_POST['comment'] . " WHERE `user`='" . $user['id'] . "' and " . $per . "");
- echo "Данные контакта " . $_POST['friendedit'] . " успешно изменены.";
+ $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, "");
+
+ if (!$igogo['id']) $status = 'Персонаж не найден.';
+ elseif ($igogo['id'] == $user['id']) $status = 'Себя отредактировать нельзя.';
+ elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!';
+ else {
+ if ($_POST['group'] == 0) $friend = $igogo['id'];
+
+ $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;"));
+ if (!$igogo2['friend']) $status = 'Персонаж не найден.';
+ else {
+ $per = "`friend`='" . $igogo2['friend'] . "'";
+
+ mysql_query("UPDATE `friends` SET `friend` = " . $friend . ",`comment` = " . $_POST['comment'] . " WHERE `user`='" . $user['id'] . "' and " . $per . "");
+ $status = 'Контакт изменён.';
}
}
}
$admins_list = db::c()->query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER BY `login` ASC', (time() - 60));
+$contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE `friend` > 0 AND `user` = ?i', $_SESSION['uid']);
?>
@@ -132,16 +78,19 @@ $admins_list = db::c()->query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER
-
+
+
+ = $status ?>
+
+
0;");
- while ($row = mysql_fetch_array($data)) {
- $us = mysql_fetch_array(mysql_query("SELECT `id`,`login`,`klan`,`level`,`align`,`room`, `invis`, (select `id` from `online` WHERE `date` >= " . (time() - 60) . " AND `id` = users.`id`) as `online` FROM `users` WHERE `id` = '" . $row['notinlist'] . "';")); ?>
-
+ while ($row = $contacts_list->fetch_assoc()):
+ $us = db::c()->query('SELECT `id`,`login`,`klan`,`level`,`align`,`room`, `invis`, (select `id` from `online` WHERE `date` >= ?i AND `id` = `users`.`id`) as `online` FROM `users` WHERE `id` = ?i', (time() - 60), $row['friend'])->fetch_assoc();
+ ?>
Контакты
@@ -156,12 +105,10 @@ $admins_list = db::c()->query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER
|
", "", "2", ["Друзья","Враги","Не в группе"], "", [], "= $row['comment'] ?>");'>
+ onclick='editcontact("Редактирование контакта", "contacts.php", "friendedit", "= $us['login'] ?>", "", "2", "Друзья", "", [], "= $row['comment'] ?>");'>
|
-
- }
- ?>
+ endwhile; ?>
query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER
|
| |