var elem = document.getElementById('se-pre-con'); elem.parentNode.removeChild(elem); "; if(!defined('GAME')) { die(); } if ($u->info['exp']>100000) { if(isset($_GET['ignore'])) { $_POST['friendadd'] = $_GET['ignore']; $_POST['group'] = 3; $_POST['comment'] = 'Игнор из чата'; $_POST['sd4'] = 1; $_POST['x'] = 4; $_POST['y'] = 6; $frd = mysql_fetch_array(mysql_query("SELECT id,login FROM `users` WHERE `login` = '".mysql_real_escape_string($_POST['friendadd'])."' ORDER BY `id` ASC LIMIT 1;")); $frd20 = mysql_fetch_array(mysql_query("SELECT id,enemy,friend,notinlist,ignor FROM `friends` WHERE `user` = '".mysql_real_escape_string($u->info['id'])."' and (`friend`='".mysql_real_escape_string($frd['id'])."' or `enemy`='".mysql_real_escape_string($frd['id'])."' or `notinlist`='".mysql_real_escape_string($frd['id'])."' or `ignor`='".mysql_real_escape_string($frd['id'])."') LIMIT 1;")); if(isset($frd20['id'])) { mysql_query('DELETE FROM `friends` WHERE `id` = "'.mysql_real_escape_string($frd20['id']).'" LIMIT 1'); if( $frd20['ignor'] == $frd['id'] ) { echo"Персонаж был успешно удален из списка игнорирования."; echo ''; unset($_POST['friendadd'],$_POST['group'],$_POST['comment'],$_POST['sd4']); } } } } $clr_fr = mysql_query('SELECT `id`,`friend`,`enemy`,`ignor` FROM `friends` WHERE `user` = "'.$u->info['id'].'"'); while($clr_frd = mysql_fetch_array($clr_fr)) { if($clr_frd['friend'] > 0) { $usr_tst = mysql_fetch_array(mysql_query('SELECT `id`,`login` FROM `users` WHERE `id` = "'.$clr_frd['friend'].'" LIMIT 1')); }elseif($clr_frd['enemy'] > 0) { $usr_tst = mysql_fetch_array(mysql_query('SELECT `id`,`login` FROM `users` WHERE `id` = "'.$clr_frd['enemy'].'" LIMIT 1')); }elseif($clr_frd['ignor'] > 0) { $usr_tst = mysql_fetch_array(mysql_query('SELECT `id`,`login` FROM `users` WHERE `id` = "'.$clr_frd['ignor'].'" LIMIT 1')); } if(!isset($usr_tst['id']) || $usr_tst['login'] == 'delete') { mysql_query('DELETE FROM `friends` WHERE `id` = "'.$clr_frd['id'].'" LIMIT 1'); } } $friend = mysql_fetch_array(mysql_query("SELECT * FROM `friends` WHERE `user` = '".mysql_real_escape_string($u->info['id'])."' LIMIT 1;")); $st = $u->lookStats($u->info['stats']); $addfr = mysql_fetch_array(mysql_query("SELECT count(`id`) FROM `friends` WHERE `user` = '".mysql_real_escape_string($u->info['id'])."';")); $addf = 20; if($st['os5']>0) { $addf = 20+($st['os5']*5); } if($addfr[0]<$addf){ $canadd = 'onclick=\'findlogin2("Добавить в список", "main.php?friends", "friendadd", new Array("Друзья","Враги","Не в группе","Игнорирование"), new Array())\''; }else{$canadd = 'disabled';} if($_POST['sd4'] && $_POST['friendadd']){ $_POST['friendadd']=htmlspecialchars($_POST['friendadd'],NULL); if(/*preg_match("/__/",$_POST['friendadd']) ||*/ preg_match("/--/",$_POST['friendadd'])){ echo"Персонаж не найден."; }else{ $frd = mysql_fetch_array(mysql_query("SELECT `id`,`login` FROM `users` WHERE `login` = '".mysql_real_escape_string($_POST['friendadd'])."' LIMIT 1;")); } $_POST['comment']=htmlspecialchars($_POST['comment'],NULL); $frd2 = mysql_fetch_array(mysql_query("SELECT enemy,friend,notinlist,ignor FROM `friends` WHERE `user` = '".mysql_real_escape_string($u->info['id'])."' and (`friend`='".mysql_real_escape_string($frd['id'])."' or `enemy`='".mysql_real_escape_string($frd['id'])."' or `notinlist`='".mysql_real_escape_string($frd['id'])."' or `ignor`='".mysql_real_escape_string($frd['id'])."') LIMIT 1;")); if(!$frd['id']){echo"Персонаж не найден.";} elseif($frd['id']==$u->info['id']){echo"Себя добавить нельзя.";} elseif(preg_match("/__/",$_POST['comment']) || preg_match("/--/",$_POST['comment'])){echo"Введен неверный текст.";} elseif($frd2['enemy'] or $frd2['friend'] or $frd2['notinlist'] or $frd2['ignor']){ echo"Персонаж уже есть в вашем списке."; } else{ $lign = ''; $uign = ''; if($_POST['group']==0){$notinlist=0; $friend=$frd['id']; $enemy=0; $ignor = 0;} elseif($_POST['group']==1){$notinlist=0; $friend=0; $enemy=$frd['id']; $ignor = 0;} elseif($_POST['group']==3){$notinlist=0; $friend=0; $enemy=0; $ignor = $frd['id']; $lign = $frd['login']; $uign = $u->info['login']; } else{$notinlist=$frd['id']; $friend=0; $enemy=0; $ignor = 0;} mysql_query("INSERT INTO `friends` (`user`, `friend`, `enemy`, `notinlist`, `comment`,`ignor`,`login_ignor`,`user_ignor`) VALUES(".mysql_real_escape_string($u->info['id']).", ".mysql_real_escape_string($friend).", ".mysql_real_escape_string($enemy).", ".mysql_real_escape_string($notinlist).", '".mysql_real_escape_string($_POST['comment'])."', '".mysql_real_escape_string($ignor)."','".$lign."','".$uign."');"); echo"Персонаж ".$_POST['friendadd']." добавлен."; if( $ignor > 0 ) { echo ''; } } } if($_GET['friendremove']){ $_GET['friendremove']=htmlspecialchars($_GET['friendremove'],NULL); if(preg_match("/__/",$_GET['friendremove']) || preg_match("/--/",$_GET['friendremove'])){ echo"Персонаж не найден."; }else{ $frd = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '".mysql_real_escape_string($_GET['friendremove'])."' LIMIT 1;")); } if(!$frd['id']){echo"Персонаж не найден.";} else{ $frd2 = mysql_fetch_array(mysql_query("SELECT ignor,enemy,friend,notinlist FROM `friends` WHERE `user` = '".mysql_real_escape_string($u->info['id'])."' and (`friend`='".mysql_real_escape_string($frd['id'])."' or `enemy`='".mysql_real_escape_string($frd['id'])."' or `notinlist`='".mysql_real_escape_string($frd['id'])."' or `ignor`='".mysql_real_escape_string($frd['id'])."') LIMIT 1;")); if(!$frd2['enemy'] && !$frd2['friend'] && !$frd2['ignor'] && !$frd2['notinlist']){echo"Персонаж не найден в вашем списке."; }else{ if($frd2['friend']>0){$per="`friend`='".$frd2['friend']."'";} if($frd2['enemy']>0){$per="`enemy`='".$frd2['enemy']."'";} if($frd2['notinlist']>0){$per="`notinlist`='".$frd2['notinlist']."'";} if($frd2['ignor']>0){$per="`ignor`='".$frd2['ignor']."'";} if(mysql_query("DELETE FROM `friends` WHERE `user`='".mysql_real_escape_string($u->info['id'])."' and ".$per.";")){echo"Данные контакта ".$_GET['friendremove']." успешно удалены.";echo '';} } } } if($_POST['friendedit']){ $_POST['friendedit']=htmlspecialchars($_POST['friendedit'],NULL); if(preg_match("/__/",$_POST['friendedit']) || preg_match("/--/",$_POST['friendedit'])){ echo"Персонаж не найден."; }else{ $frd = mysql_fetch_array(mysql_query("SELECT id FROM `users` WHERE `login` = '".mysql_real_escape_string($_POST['friendedit'])."' LIMIT 1;")); } $_POST['comment']=htmlspecialchars($_POST['comment'],NULL); if(!$frd['id']){echo"Персонаж не найден.";} elseif($frd['id']==$u->info['id']){echo"Себя отредактировать нельзя.";} elseif(preg_match("/__/",$_POST['comment']) || preg_match("/--/",$_POST['comment'])){echo"Введен неверный текст.";} else{ if($_POST['group']==0){$notinlist=0; $friend=$frd['id']; $enemy=0; $ignor = 0;} elseif($_POST['group']==1){$notinlist=0; $friend=0; $enemy=$frd['id']; $ignor = 0;} elseif($_POST['group']==3){$notinlist=0; $friend=0; $enemy=0; $ignor = $frd['id'];} else{$notinlist=$frd['id']; $friend=0; $enemy=0; $ignor = 0;} $frd2 = mysql_fetch_array(mysql_query("SELECT ignor,enemy,friend,notinlist FROM `friends` WHERE `user` = '".mysql_real_escape_string($u->info['id'])."' and (`friend`='".mysql_real_escape_string($frd['id'])."' or `enemy`='".mysql_real_escape_string($frd['id'])."' or `notinlist`='".mysql_real_escape_string($frd['id'])."' or `ignor`='".mysql_real_escape_string($frd['id'])."') LIMIT 1;")); if(!$frd2['enemy'] && !$frd2['friend'] && !$frd2['ignor'] && !$frd2['notinlist']){echo"Персонаж не найден в вашем списке.";} else{ if($frd2['friend']>0){$per="`friend`='".mysql_real_escape_string($frd2['friend'])."'";} if($frd2['enemy']>0){$per="`enemy`='".mysql_real_escape_string($frd2['enemy'])."'";} if($frd2['notinlist']>0){$per="`notinlist`='".mysql_real_escape_string($frd2['notinlist'])."'";} if($frd2['ignor']>0){$per="`ignor`='".$frd2['ignor']."'";} $comment = $_POST['comment']; mysql_query("UPDATE `friends` SET `friend` = '".mysql_real_escape_string($friend)."',`enemy` = '".mysql_real_escape_string($enemy)."',`notinlist` = '".mysql_real_escape_string($notinlist)."',`comment` = '".mysql_real_escape_string($comment)."',`ignor` = '".mysql_real_escape_string($ignor)."' WHERE `user`='".mysql_real_escape_string($u->info['id'])."' and $per"); echo"Данные контакта ".$_POST['friendedit']." успешно изменены."; if( $ignor > 0 ) { echo ''; }else{ echo ''; } } } } ?>
|
|