battles/contacts.php

<?php
ob_start("ob_gzhandler");
session_start();
if ($_SESSION['uid'] == null) header("Location: index.php");

require_once 'functions.php';
$friend = db::c()->query('SELECT * FROM `friends` WHERE `user` = ?i', $_SESSION['uid'])->fetch_assoc();

if ($_POST['sd4'] && $_POST['friendadd']) {
    $_POST['friendadd'] = htmlspecialchars($_POST['friendadd'], NULL, 'cp1251');
    if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendadd'])) $status = 'Персонаж не найден.';
    else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendadd']}' LIMIT 1;"));

    $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, "");
    $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;"));
    if (!$igogo['id']) $status = 'Персонаж не найден.';
    elseif ($igogo['id'] == $user['id']) $status = 'Себя добавить нельзя.';
    elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!';
    elseif ($igogo2['friend']) $status = 'Персонаж уже есть в списке.';
    else {
        if ($_POST['group'] == 0) $friend = $igogo['id'];

        mysql_query("INSERT INTO `friends` (`user`, `friend`, `comment`) VALUES(" . $user['id'] . ", " . $friend . ", '" . $_POST['comment'] . "');");
        $status = 'Контакт добавлен.';
    }
}

if ($_POST['friendremove']) {
    $_POST['friendremove'] = htmlspecialchars($_POST['friendremove'], NULL, 'cp1251');
    if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendremove'])) $status = 'Персонаж не найден.';
    else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendremove']}' LIMIT 1;"));

    if (!$igogo['id']) $status = 'Персонаж не найден.';
    else {
        $igogo2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;"));
        if (!$igogo2['friend']) $status = 'Персонаж не найден.';
        else {
            $per = "`friend`='" . $igogo2['friend'] . "'";

            mysql_query("DELETE FROM `friends` WHERE `user`='" . $user['id'] . "' and " . $per . ";");
            $status = 'Контакт удалён.';
        }
    }
}

if ($_POST['friendedit']) {
    $_POST['friendedit'] = htmlspecialchars($_POST['friendedit'], NULL, 'cp1251');
    if (preg_match('/^[- \p{L}\d]+$/u', $_POST['friendedit'])) $status = 'Персонаж не найден.';
    else $igogo = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '{$_POST['friendedit']}' LIMIT 1;"));

    $_POST['comment'] = htmlspecialchars($_POST['comment'], NULL, "");

    if (!$igogo['id']) $status = 'Персонаж не найден.';
    elseif ($igogo['id'] == $user['id']) $status = 'Себя отредактировать нельзя.';
    elseif (preg_match('/^[- \p{L}\d]+$/u', $_POST['comment'])) $status = 'Ошибка ввода: запрещённые символы!';
    else {
        if ($_POST['group'] == 0) $friend = $igogo['id'];

        $igogo2 = mysql_fetch_array(mysql_query("SELECT friend FROM `friends` WHERE `user` = '" . $user['id'] . "' and `friend`=" . $igogo['id'] . " LIMIT 1;"));
        if (!$igogo2['friend']) $status = 'Персонаж не найден.';
        else {
            $per = "`friend`='" . $igogo2['friend'] . "'";

            mysql_query("UPDATE `friends` SET `friend` = " . $friend . ",`comment` = " . $_POST['comment'] . "  WHERE `user`='" . $user['id'] . "' and " . $per . "");
            $status = 'Контакт изменён.';
        }
    }
}

$admins_list = db::c()->query('SELECT `id` FROM `users` WHERE `admin` = 1 ORDER BY `login` ASC', (time() - 60));
$contacts_list = db::c()->query('SELECT `friend`,`comment` FROM `friends` WHERE `friend` > 0 AND `user` = ?i', $_SESSION['uid']);
?>
<HTML>
<HEAD>
    <meta charset="utf-8">
    <link rel=stylesheet href="css/main.css">
    <link rel=stylesheet href="css/friend/main.css">
    <link href="css/friend/design3.css" rel="stylesheet" type="text/css">
</HEAD>
<body>
<div style="text-align: right">
    <input type='button' style='width: 100px' value='Добавить контакт' onclick='addcontact()'>
    <input type='button' style='width: 100px' value='Удалить контакт' onclick='removecontact()'>
    <input type='button' value='Обновить' style='width: 75px' onclick='location="/contacts.php?friends=<?= mt_rand() ?>"'>
    <input TYPE='button' value='Вернуться' style='width: 75px' onclick='location="main.php"'>
</div>
<div id=hint4 class=ahint>
    <?php if (isset($status)): ?>
        <span style="color: darkred;"><?= $status ?></span>
    <?php endif; ?>
</div>
<TABLE width="100%">
    <TR>
        <TD style="vertical-align: top; background: silver;">
            <TABLE cellspacing=0 cellpadding=2 width="100%">
                <tr>
                    <td colspan="3"><h3>Контакты</h3></td>
                </tr>
                <?php
                while ($row = $contacts_list->fetch_assoc()):
                    $us = db::c()->query('SELECT `id`,`login`,`room`, `invis`, (select `id` from `online` WHERE `date` >= ?i AND `id` = `users`.`id`) as `online` FROM `users` WHERE `id` = ?i', (time() - 60), $row['friend'])->fetch_assoc();
                    ?>
                    <TR valign="top">
                        <TD>
                            <?php
                            if ($us['online'] > 0 && !$us["invis"]) echo nick::id($us['id'])->full() . " - <i>" . $us['room'] . "</i><br>";
                            else echo "<span style='color: grey'>" . nick::id($us['id'])->full() . "</span><br>";
                            ?>
                        </TD>
                        <TD style="background: #efeded; width: 60%; font-style: italic;">
                            <small><?= $row['comment'] ?></small>
                        </TD>
                        <TD width="1%">
                            <input type='button' style="float: right" value="Редактировать"
                                   onclick='editcontact("<?= $us['login'] ?>", "<?= $row['comment'] ?>")'>
                        </TD>
                    </TR>
                <? endwhile; ?>
            </TABLE>
        </TD>
        <TD style="width: 200px; vertical-align: top; background: whitesmoke;">
            <h3>Администраторы</h3>
            <?php while ($row = $admins_list->fetch_assoc()) echo nick::id($row['id'])->full() . "<br>"; ?>
        </TD>
    </TR>
</TABLE>
<script>
    function editcontact(login, comment) {
        var s = '<table width=250 bgcolor=CCC3AA><tr><td align=center><b>Редактировать контакт</b></td><td width=20 align=right valign=top style="cursor: hand" onclick="closehint();"><b>x</td></tr><tr><td colspan=2>';
        s += '<table width=100% align=center bgcolor=FFF6DD><form method=POST>';
        s += '<tr><td><input type="hidden" name="friendedit" value="' + login + '"><input type="hidden" name="sd4">';
        s += '<input name="comment" value="' + comment + '" placeholder="Комментарий" style="width: 105px"></td></tr>';
        s += '<tr><td><input type="submit" value="Сохранить" style="border:0; vertical-align: middle"></td></tr></form></table>';
        s += '</td></tr></table>';
        document.getElementById("hint4").innerHTML = s;
        document.getElementById("hint4").style.visibility = "visible";
        document.getElementById("hint4").style.left = 100;
        document.getElementById("hint4").style.top = document.body.scrollTop + 50;
        document.getElementById("comment").focus();
        Hint3Name = '';
    }

    function addcontact() {
        var s = '<table width=250 bgcolor=CCC3AA><tr><td align=center><B>Добавить контакт</td><td width=20 align=right valign=top style="cursor: hand" onclick="closehint();"><b>x</td></tr><tr><td colspan=2>';
        s += '<table width=100% bgcolor=FFF6DD align=center><form method=POST>';
        s += '<tr><td><input name="friendadd" placeholder="Логин" style="width:105px"></td></tr>';
        s += '<tr><td><input name="comment" placeholder="Комментарий" style="width:105px"></td></tr>';
        s += '<tr><td><input type="submit" value="Добавить запись" style="border:0; vertical-align: middle"><input type="hidden" name="sd4"></td></tr></form></table>';
        s += '</td></tr></table>';
        document.getElementById("hint4").innerHTML = s;
        document.getElementById("hint4").style.visibility = "visible";
        document.getElementById("hint4").style.left = 100;
        document.getElementById("hint4").style.top = document.body.scrollTop + 50;
        document.getElementById(name).focus();
        Hint3Name = name;
    }

    function removecontact() {
        var s = '<table width=250 bgcolor=CCC3AA><tr><td align=center><b>Удалить контакт</b></td><td width=20 align=right valign=top style="cursor: hand" onclick="closehint();"><b>x</td></tr><tr><td colspan=2>';
        s += '<table width=100% align=center bgcolor=FFF6DD><form method=POST>';
        s += '<tr><td><input type="hidden" name="friendedit" value="' + login + '"><input type="hidden" name="sd4">';
        s += '<input name="friendremove" placeholder="Логин" style="width: 105px"></td></tr>';
        s += '<tr><td><input type="submit" value="Сохранить" style="border:0; vertical-align: middle"></td></tr></form></table>';
        s += '</td></tr></table>';
        document.getElementById("hint4").innerHTML = s;
        document.getElementById("hint4").style.visibility = "visible";
        document.getElementById("hint4").style.left = 100;
        document.getElementById("hint4").style.top = document.body.scrollTop+50;
        document.getElementById(name).focus();
        Hint3Name = name;
    }

    function closehint()
    {
        document.getElementById("hint4").style.visibility="hidden";
        Hint3Name='';
    }
</script>
</body>
</HTML>