Файл: friends.php
Строк: 502
<?php
require 'sid.php';
require 'config.php';
$link = connect_db();
list($user, $id, $ps) = check_login($link);
whorm(0, 'friends');
include 'head.php';
include 'navigator.php';
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
default:
$foto = (empty($user['img']))
? '<img src="ico/no_avatar.gif" alt=""/> '
: '<img src="resize.php?img='.$user['img'].'&width=30&height=0" alt=""/>';
$_num_z = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `who` = '$user[id]' AND `zajavka` = '0'"), 0);
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$pr = mysql_query("SELECT * FROM `friends` WHERE `who` = '$x' AND `user` = '$user[id]' AND `zajavka` = '1'");
if (mysql_num_rows($pr) != FALSE) {
mysql_query("DELETE FROM `friends` WHERE `who` = '$x' AND `user` = '$user[id]' AND `zajavka` = '1' LIMIT 1");
mysql_query("DELETE FROM `friends` WHERE `who` = '$user[id]' AND `user` = '$x' AND `zajavka` = '1' LIMIT 1");
$mess = us($user['id']) . ' удалился с друзей!';
mysql_query("INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'0','$x','$mess','" . time() . "','0','i')");
/*--------------------рассылка в ленту---------------------*/
$frnd = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'");
while($send = mysql_fetch_assoc($frnd)) {
if (user_inf($send['who'], 'my_lenta_friends') == 1 && $user['fr_lenta_friends'] == 1) {
$message = us($user['id']) . ' удалил из друзей пользователя <a href="/'.$x.'">' . us($x) . '</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$send[who]',
`text` = '$message',
`type` = 'friends',
`date` = '" . time() . "',
`read` = '1'");
}
}
/*--------------------рассылка в ленту---------------------*/
header('Location: friends.php?' . $ref);
}
}
if (isset($_GET['online'])) {
echo $div_left . $div_title . $foto . $user['user'] . '/ Друзья' . $div_end . $div_menu . '
<a href="friends.php?'.$ref.'">Друзья</a> |
<b>Онлайн</b> |
<a href="friends.php?recent">Недавние</a> |
<a href="friends.php?do=hb">Дни рождения</a> |
<a href="friends.php?do=invites">Заявки (' . $_num_z . ')</a>' . $div_end;
} elseif (isset($_GET['recent'])) {
echo $div_left . $div_title . $foto . $user['user'] . '/ Друзья' . $div_end . $div_menu . '
<a href="friends.php?'.$ref.'">Друзья</a> |
<a href="friends.php?online">Онлайн</a> |
<b>Недавние</b> |
<a href="friends.php?do=hb">Дни рождения</a> |
<a href="friends.php?do=invites">Заявки (' . $_num_z . ')</a>' . $div_end;
} else {
echo $div_left . $div_title . $foto . $user['user'] . '/ Друзья' . $div_end . $div_menu . '
<b>Друзья</b> |
<a href="friends.php?online">Онлайн</a> |
<a href="friends.php?recent">Недавние</a> |
<a href="friends.php?do=hb">Дни рождения</a> |
<a href="friends.php?do=invites">Заявки (' . $_num_z . ')</a>' . $div_end;
}
// недавние друзья
if (isset($_GET['recent'])) {
$look = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'"), 0);
$n = new navigator($look, 10, '?recent&');
$fr = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1' ORDER BY `id` DESC {$n->limit}");
} elseif (isset($_GET['online'])) {
// друзья в онлайне
$look = mysql_num_rows(mysql_query("SELECT DISTINCT `friends`.* FROM `friends`
LEFT JOIN `users`
ON
(`friends`.`who` = `users`.`id`)
WHERE
`friends`.`user` = '$user[id]'
AND
`users`.`onl` + '200' > '" . time() . "'"));
$n = new navigator($look, 10, '?online&');
$fr = mysql_query("SELECT DISTINCT `friends`.* FROM `friends`
LEFT JOIN `users`
ON
(`friends`.`who` = `users`.`id`)
WHERE
`friends`.`user` = '$user[id]'
AND
`users`.`onl` + '200' > '" . time() . "'
ORDER BY `users`.`onl` ASC {$n->limit}");
} else {
// все друзья
$look = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'"), 0);
$n = new navigator($look, 10, '?');
$fr = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1' ORDER BY `id` ASC {$n->limit}");
}
$dv = 0;
if (mysql_num_rows($fr) != FALSE) {
// добавление в группу
if (isset($_GET['enter'])) {
$u = my_int($_GET['u']);
if (!user_inf($u)) {
header('Location: friends.php?' . $ref);
} else {
echo 'Добавить ' . user_inf($u, 'user') . ' в группу:<br/>
<FORM method="POST" action="friends.php?enter_ok">
<select name="group">
<option value="0">-Не выбрано-</option>
<option value="1">Родственники</option>
<option value="2">Близкие друзья</option>
<option value="3">Коллеги</option>
<option value="4">Друзья по школе</option>
<option value="5">Друзья по ВУЗу</option>
</select>
<br/>
<input type="hidden" name="u" value="'.$u.'"/>
<input type="submit" name="go" value="ok"/>
</FORM>';
}
}
if (isset($_POST['go'])) {
$u = my_int($_POST['u']);
$group = my_int($_POST['group']);
if ($group == 0) $gr = '';
elseif ($group == 1) $gr = 'Родственники';
elseif ($group == 2) $gr = 'Близкие друзья';
elseif ($group == 3) $gr = 'Коллеги';
elseif ($group == 4) $gr = 'Друзья по школе';
elseif ($group == 5) $gr = 'Друзья по ВУЗу';
mysql_query("UPDATE `friends` SET `group` = '$gr' WHERE `user` = '$user[id]' AND `who` = '$u' AND `zajavka` = '1'");
header('Location: friends.php?' . $ref);
}
while($q = mysql_fetch_assoc($fr)) {
$enter = '<a href="friends.php?enter&u='.$q['who'].'"><img src="ico/enter.png" alt=""/></a> ';
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo $enter . us($q['who']) . '
<a href="mail.php?do=send&nick='.$q['who'].'"><img src="ico/msg.gif" alt=""/></a>
<a href="friends.php?x='.$q['who'].'"><img src="ico/delete.gif" alt=""/></a><br/>
<span style="background: #D4EEFF;">'.$q['group'].'</span>' . $div_end;
}
echo $n->navi();
} else {
echo 'Пусто!<br/>';
}
echo $div_razdel . '<a href="friends.php?do=add_new">Добавить пользователя</a>' . $div_end . $div_end;
break;
case hb:
$_num_z = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `who` = '$user[id]' AND `zajavka` = '0'"), 0);
$foto = (empty($user['img']))
? '<img src="ico/no_avatar.gif" alt=""/> '
: '<img src="resize.php?img='.$user['img'].'&width=30&height=0" alt=""/>';
echo $div_left . $div_title . $foto . $user['user'] . '/ Друзья' . $div_end . $div_menu . '
<a href="friends.php?'.$ref.'">Друзья</a> |
<a href="friends.php?online">Онлайн</a> |
<a href="friends.php?recent">Недавние</a> |
<b>Дни рождения</b> |
<a href="friends.php?do=invites">Заявки (' . $_num_z . ')</a>' . $div_end;
$dayofmonth = date('t');
$day_count = 1;
$num = 0;
for($i = 0; $i < 7; $i++)
{
$dayofweek = date('w', mktime(0, 0, 0, date('m'), $day_count, date('Y')));
$dayofweek = $dayofweek - 1;
if ($dayofweek == -1) $dayofweek = 6;
if ($dayofweek == $i)
{
$week[$num][$i] = $day_count;
$day_count++;
}
else
{
$week[$num][$i] = '';
}
}
while(true)
{
$num++;
for($i = 0; $i < 7; $i++)
{
$week[$num][$i] = $day_count;
$day_count++;
if ($day_count > $dayofmonth) break;
}
if ($day_count > $dayofmonth) break;
}
echo '<table border="0">';
for($i = 0; $i < count($week); $i++)
{
echo '<tr>';
for($j = 0; $j < 7; $j++)
{
if (!empty($week[$i][$j]))
{
if ($week[$i][$j] == date('d')) $Day = '<a href="friends.php?do=hb&m='.$week[$i][$j].'"><span class="selected">' . $week[$i][$j] . '</span></a>';
else $Day = '<span class="next">' . $week[$i][$j] . '</span>';
if ($j == 5 || $j == 6)
echo '<td><a href="friends.php?do=hb&m='.$week[$i][$j].'"><font color="#FF0000">' . $Day . '</font></a></td>';
else echo '<td><a href="friends.php?do=hb&m='.$week[$i][$j].'">' . $Day . '</a></td>';
}
else echo '<td> </td>';
}
echo '</tr>';
}
echo '</table>';
// днюхи друзей
if (isset($_GET['m'])) {
echo $block;
$_month = (int)$_GET['m'] . '.' . date('n');
$_view = mysql_query("SELECT DISTINCT `users`.* FROM `friends`
LEFT JOIN `users`
ON `friends`.`who` = `users`.`id`
WHERE `friends`.`zajavka` = '1'
AND `friends`.`user` = '$user[id]'
AND `users`.`birth` LIKE '%" . check($_month) . "%'");
$i = 0;
if (mysql_num_rows($_view) != false) {
if ($_a = mysql_fetch_assoc($_view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo us($_a['id']) . $div_end;
}
} else {
echo 'Пользователей не найдено!<br/>';
}
}
echo $div_end;
break;
case add:
echo $div_left . $div_title . $user['user'] . '/ Друзья' . $div_end;
$nk = my_int($_POST['nk']);
$friendtext = trim(mysql_real_escape_string(check($_POST['friendtext'])));
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$friendtext = ($ant[0] == 1) ? mat($friendtext) : $friendtext;
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $friendtext)) {
$friendtext = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $friendtext);
}
}
}
// отправление заявки на добавление
$_emp_z = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `who` = '$nk' AND `user` = '$user[id]' AND `zajavka` = '0'"), 0);
$_emp_zz = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `user` = '$nk' AND `who` = '$user[id]' AND `zajavka` = '0'"), 0);
$yes = mysql_query("SELECT * FROM `friends` WHERE `who` = '$nk' AND `user` = '$user[id]' AND `zajavka` = '1'");
if (!user_inf($nk)) {
err('Такого пользователя не существует!');
} elseif (mysql_num_rows($yes) != FALSE) {
err('Данный пользователь уже есть у Вас в друзьях!');
} elseif ($nk == $user['id']) {
err('Вы пытаетесь отправить себе заявку!');
} elseif ($_emp_z != 0) {
err('Заявка на дружбу уже была отправлена!');
} elseif ($_emp_zz != 0) {
err('Этот пользователь уже подал Вам заявку!');
} else {
mysql_query("INSERT INTO `friends` SET `who` = '$nk', `friendtext` = '$friendtext', `user` = '$user[id]', `zajavka` = '0'");
msg('Друг успешно добавлен, он получит уведомление!');
}
echo $div_end;
break;
case add_new:
echo $div_left . $div_title . $user['user'] . '/ Друзья' . $div_end . '
<FORM method="POST" action="friends.php?do=add">
<label>ID пользователя:</label><br/>
<input type="text" size="5" name="nk" value="' . my_int($_GET['nk']) . '"/>
<br/>
<label>Вы можете добавить сообщение:</label><br/>
<textarea name="friendtext" cols="50" rows="5" style="width: 99%;"></textarea>
<input type="submit" name="ok" value="Добавить"/>
</FORM>' . $div_end;
break;
case invites:
$_num_z = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `who` = '$user[id]' AND `zajavka` = '0'"), 0);
echo $div_left . $div_title . us($user['id']) . '/ Друзья' . $div_end . $div_menu . '
<a href="friends.php?'.$ref.'">Друзья</a> |
<a href="friends.php?online">Онлайн</a> |
<a href="friends.php?recent">Недавние</a> |
<a href="friends.php?do=hb">Дни рождения</a> |
<b>Заявки (' . $_num_z . ')</b>' . $div_end;
// принимание заявки
if (isset($_GET['good'])) {
$u = my_int($_GET['u']);
$empty = mysql_query("SELECT * FROM `friends` WHERE `user` = '$u' AND `who` = '$user[id]' AND `zajavka` = '0'");
if (mysql_num_rows($empty) == false) {
header('Location: friends.php?do=invites');
} else {
$yes = mysql_query("SELECT * FROM `friends` WHERE `who` = '$u' AND `user` = '$user[id]'");
if (!user_inf($u)) {
header('Location: friends.php?do=invites');
} elseif (mysql_num_rows($yes) != FALSE) {
header('Location: friends.php?do=invites');
} elseif ($u == $user['id']) {
header('Location: friends.php?do=invites');
} else {
mysql_query("INSERT INTO `friends` SET `user` = '$u', `who` = '$user[id]', `zajavka` = '1'");
mysql_query("INSERT INTO `friends` SET `who` = '$u', `user` = '$user[id]', `zajavka` = '1'");
mysql_query("DELETE FROM `friends` WHERE `who` = '$user[id]' AND `user` = '$u' AND `zajavka` = '0'");
/*--------------------рассылка в ленту---------------------*/
$frnd = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'");
while($send = mysql_fetch_assoc($frnd)) {
if (user_inf($send['who'], 'my_lenta_friends') == 1 && $user['fr_lenta_friends'] == 1) {
if ($u == $send['who']) {
$message = 'Теперь вы друзья с <a href="/'.$user['id'].'">' . us($user['id']) . '</a>!';
} else {
$message = us($user['id']) . ' добавил в друзья <a href="/'.$u.'">' . us($u) . '</a>!';
}
mysql_query("INSERT INTO `lenta` SET
`user` = '$send[who]',
`text` = '$message',
`type` = 'friends',
`date` = '" . time() . "',
`read` = '1'");
}
}
/*--------------------рассылка в ленту---------------------*/
header('Location: friends.php?' . $ref);
}
}
}
// отклонение заявки
if (isset($_GET['bad'])) {
$u = my_int($_GET['u']);
$empty = mysql_query("SELECT * FROM `friends` WHERE `user` = '$u' AND `who` = '$user[id]' AND `zajavka` = '0'");
if (mysql_num_rows($empty) == false) {
header('Location: friends.php?do=invites');
} else {
$yes = mysql_query("SELECT * FROM `friends` WHERE `who` = '$u' AND `user` = '$user[id]'");
if (!user_inf($u)) {
header('Location: friends.php?do=invites');
} elseif (mysql_num_rows($yes) != FALSE) {
header('Location: friends.php?do=invites');
} elseif ($u == $user['id']) {
header('Location: friends.php?do=invites');
} else {
$message = us($user['id']) . ' отклонил Вашу заявку на добавление в друзья!';
mysql_query("INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'0','$u','$message','" . time() . "','0','i')");
mysql_query("DELETE FROM `friends` WHERE `who` = '$user[id]' AND `user` = '$u' AND `zajavka` = '0'");
header('Location: friends.php?' . $ref);
}
}
}
$_look = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `who` = '$user[id]' AND `zajavka` = '0'"), 0);
if ($_look != FALSE) {
$n = new navigator($_look, 10, '?do=invites&');
$i = 0;
$view = mysql_query("SELECT * FROM `friends` WHERE `who` = '$user[id]' AND `zajavka` = '0' ORDER BY `id` DESC {$n->limit}");
while($a = mysql_fetch_assoc($view)) {
$_p = ' <span class="next">
<a href="friends.php?do=invites&good&u='.$a['user'].'"><img src="ico/ok.gif" alt=""/>Да</a>
</span>
<span class="next">
<a href="friends.php?do=invites&bad&u='.$a['user'].'"><img src="ico/delete.gif" alt=""/>Нет</a>
</span>';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo us($a['user']) . $_p . '<br/>' . $a['friendtext'] . $div_end;
}
echo $n->navi();
} else {
echo 'Заявок нет!<br/>';
}
break;
case view:
$nk = my_int($_GET['nk']);
$foto = (user_inf($nk, 'img') == '')
? '<img src="ico/no_avatar.gif" alt=""/> '
: '<img src="resize.php?img='.$user['img'].'&width=30&height=0" alt=""/>';
if (!user_inf($nk)) {
err('Нет такого пользователя!');
include_once 'foot.php';
exit();
}
if ($user['id'] == $nk) {
header('Location: friends.php?' . $ref);
die();
}
$fr = mysql_query("SELECT COUNT(*) FROM `friends` WHERE
`user` = '$user[id]'
AND
`who` = '$nk'
AND
`zajavka` = '1'
OR
`user` = '$nk'
AND
`who` = '$user[id]'
AND
`zajavka` = '1'");
if (user_inf($nk, 'p_friends') == 2 || user_inf($nk, 'p_friends') == 0 && mysql_result($fr, 0) == FALSE) {
echo $div_title . 'Стоп!' . $div_end;
err('Пользователь запретил просмотр своих друзей или он только для контактов пользователя!');
include 'foot.php';
exit();
}
if ($user['id'] != $nk) {
// запись всевидящего ока
$vok = mysql_query("SELECT `id` FROM `oko` WHERE `user` = '$nk' AND `who` = '$user[id]'");
if (mysql_num_rows($vok) == FALSE && $user['p_oko'] == 1) {
$r_n_d = mt_rand(1000000, 9999999);
mysql_query("INSERT INTO `oko` SET `id` = '$r_n_d', `user` = '$nk', `who` = '$user[id]', `where` = 'friend', `time` = '" . time() . "'");
} elseif (mysql_num_rows($vok) != FALSE && $user['p_oko'] == 1) {
mysql_query("UPDATE `oko` SET `where` = 'friend', `time` = '" . time() . "' WHERE `user` = '$nk' AND `who` = '$user[id]' LIMIT 1");
}
}
// просмотр чужих друзей
$_num_z = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `who` = '$nk' AND `zajavka` = '0'"), 0);
// общих друзей
$count_ob = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `user` = '$nk' AND `zajavka` = '1' AND `who` IN(SELECT `who` FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1')"), 0);
if (isset($_GET['online'])) {
echo $div_left . $div_title . $foto . user_inf($nk, 'user') . '/ Друзья' . $div_end . $div_menu . '
<a href="friends.php?do=view&nk='.$nk.'">Друзья</a> |
<b>Онлайн</b> |
<a href="friends.php?do=view&nk='.$nk.'&general">Общие друзья(' . $count_ob . ')</a>' . $div_end;
} elseif (isset($_GET['general'])) {
echo $div_left . $div_title . $foto . user_inf($nk, 'user') . '/ Друзья' . $div_end . $div_menu . '
<a href="friends.php?do=view&nk='.$nk.'">Друзья</a> |
<a href="friends.php?do=view&nk='.$nk.'&online">Онлайн</a> |
<b>Общие друзья(' . $count_ob . ')</b>' . $div_end;
} else {
echo $div_left . $div_title . $foto . user_inf($nk, 'user') . '/ Друзья' . $div_end . $div_menu . '
<b>Друзья</b> |
<a href="friends.php?do=view&nk='.$nk.'&online">Онлайн</a> |
<a href="friends.php?do=view&nk='.$nk.'&general">Общие друзья(' . $count_ob . ')</a>' . $div_end;
}
if (isset($_GET['online'])) {
// друзья в онлайне
$look = mysql_num_rows(mysql_query("SELECT DISTINCT `friends`.* FROM `friends`
LEFT JOIN `users`
ON
(`friends`.`who` = `users`.`id`)
WHERE
`friends`.`user` = '$nk'
AND
`users`.`onl` + '200' > '" . time() . "'"));
$n = new navigator($look, 10, '?do=view&nk='.$nk.'&online&');
$fr = mysql_query("SELECT DISTINCT `friends`.* FROM `friends`
LEFT JOIN `users`
ON
(`friends`.`who` = `users`.`id`)
WHERE
`friends`.`user` = '$nk'
AND
`users`.`onl` + '200' > '" . time() . "'
ORDER BY `users`.`onl` ASC {$n->limit}");
// общие друзья
} elseif (isset($_GET['general'])) {
$look = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `user` = '$nk' AND `zajavka` = '1' AND `who` IN(SELECT `who` FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1')"), 0);
$n = new navigator($look, 10, '?do=view&nk='.$nk.'&general&');
$fr = mysql_query("SELECT * FROM `friends` WHERE `user` = '$nk' AND `zajavka` = '1' AND `who` IN(SELECT `who` FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1') ORDER BY `id` ASC {$n->limit}");
} else {
// все друзья
$look = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `user` = '$nk' AND `zajavka` = '1'"), 0);
$n = new navigator($look, 10, '?do=view&nk='.$nk.'&');
$fr = mysql_query("SELECT * FROM `friends` WHERE `user` = '$nk' AND `zajavka` = '1' ORDER BY `id` ASC {$n->limit}");
}
$dv = 0;
if (mysql_num_rows($fr) != FALSE) {
while($q = mysql_fetch_assoc($fr)) {
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo us($q['who']) . '<span style="background: #D4EEFF;">'.$q['group'].'</span>' . $div_end;
}
echo $n->navi();
} else {
echo 'Пусто!<br/>';
}
echo $div_end;
break;
}
include 'foot.php';
?>