Файл: housetrack/modules/friends/controllers/friends.php
Строк: 129
<?php
defined('IN_SYSTEM') or die('<b>403<br />Запрет доступа!</b>');
class Friends_Controller extends Controller {
public $access_level = 5;
public function action_index() {
$this->action_friends();
}
public function action_add() {
if(!$user_to_id = $this->db->get_one("SELECT user_id FROM #__users WHERE user_id = '". intval($_GET['user_id']) ."' AND
user_id != -1")) {
a_error('Пользователь не найден!');
}
elseif($user_to_id == USER_ID) {
a_error('Отправлять заявку самому себе запрещено!');
}
elseif($this->db->get_row("SELECT id FROM #__friends WHERE friends_user_id = '$user_to_id' AND user_id = '". USER_ID ."' AND status = 'ok'")) {
a_error('Пользователь уже есть в списке ваших друзей!');
}
elseif($this->db->get_row("SELECT id FROM #__friends WHERE friends_user_id = '$user_to_id' AND user_id = '". USER_ID ."' AND status = 'new'")) {
a_error('Вы уже отправляли заявку пользователю! Ждите подтверждения');
}
elseif($id = $this->db->get_row("SELECT id FROM #__friends WHERE friends_user_id = '". USER_ID ."' AND user_id = '$user_to_id' AND status = 'new'")) {
$this->db->query("UPDATE #__friends SET
status = 'ok',
time = UNIX_TIMESTAMP()
WHERE id = '". intval($id['id']) ."'");
$this->db->query("INSERT INTO #__friends SET
friends_user_id = '$user_to_id',
user_id = '". USER_ID ."',
status = 'ok',
time = UNIX_TIMESTAMP()
");
a_notice('Пользователь добавлен в список ваших друзей', a_url('friends'));
}
# Отправляем заявку
else {
$this->db->query("INSERT INTO #__friends SET
friends_user_id = '$user_to_id',
user_id = '". USER_ID ."',
status = 'new',
time = UNIX_TIMESTAMP()
");
a_notice('Заявка отправлена.', a_url('user/profile/view', 'user_id='. $_GET['user_id']));
}
}
public function action_new() {
$sql = "SELECT SQL_CALC_FOUND_ROWS fe.*, u.status AS user_status, up.avatar AS avatar_exists, u.last_visit
FROM #__friends AS fe LEFT JOIN #__users AS u USING(user_id) LEFT JOIN #__users_profiles AS up USING(user_id) WHERE fe.friends_user_id = '". USER_ID ."' AND fe.status = 'new' ORDER BY fe.user_id DESC LIMIT $this->start, $this->per_page";
$result = $this->db->query($sql);
while($friend = $this->db->fetch_array($result)) {
$friends[] = $friend;
}
$total = $this->db->get_one("SELECT FOUND_ROWS()");
# Пагинация
$pg_conf['base_url'] = a_url('friends/new', 'start=0');
$pg_conf['total_rows'] = $total;
$pg_conf['per_page'] = $this->per_page;
a_import('libraries/pagination');
$pg = new CI_Pagination($pg_conf);
$this->tpl->assign(array(
'friends' => $friends,
'pagination' => $pg->create_links()
));
$this->tpl->display('new');
}
public function action_friends() {
if(!empty($_GET['user_id'])) {
$user_id = intval($_GET['user_id']);
}
else {
$user_id = USER_ID;
}
$sql = "SELECT SQL_CALC_FOUND_ROWS fe.*, u.status AS user_status, up.avatar AS avatar_exists, u.last_visit
FROM #__friends AS fe LEFT JOIN #__users AS u USING(user_id) LEFT JOIN #__users_profiles AS up USING(user_id) WHERE fe.friends_user_id = '$user_id' AND fe.status = 'ok' ORDER BY fe.user_id DESC LIMIT $this->start, $this->per_page";
$result = $this->db->query($sql);
while($friend = $this->db->fetch_array($result)) {
$friends[] = $friend;
}
$total = $this->db->get_one("SELECT FOUND_ROWS()");
# Пагинация
$pg_conf['base_url'] = a_url('friends', 'user_id='. $user_id .'&start=0');
$pg_conf['total_rows'] = $total;
$pg_conf['per_page'] = $this->per_page;
a_import('libraries/pagination');
$pg = new CI_Pagination($pg_conf);
$this->tpl->assign(array(
'friends' => $friends,
'pagination' => $pg->create_links()
));
$this->tpl->display('friends');
}
public function action_delete() {
$friend = $this->db->get_row("SELECT * FROM #__friends
WHERE friends_user_id = '". USER_ID ."' AND user_id = '". intval($_GET['user_id']) ."' AND status = 'ok'
");
if(!$friend) a_error("Пользователя нет в ваших друзьях!");
if(!empty($_GET['confirm'])) {
$this->db->query("DELETE FROM #__friends WHERE friends_user_id = '". USER_ID ."' AND user_id = '". intval($_GET['user_id']) ."' AND status = 'ok'");
$this->db->query("DELETE FROM #__friends WHERE friends_user_id = '". intval($_GET['user_id']) ."' AND user_id = '". USER_ID ."' AND status = 'ok'");
a_notice('Пользователь удален из списка ваших друзей.', a_url('user/profile/view', 'user_id='. intval($_GET['user_id'])));
}
else {
a_confirm('Подтверждаете удаление?', a_url('friends/delete', 'user_id='. intval($_GET['user_id'])
.'&confirm=ok'),
a_url('user/profile/view', 'user_id='. intval($_GET['user_id'])));
}
}
public function action_reject() {
$friend = $this->db->get_row("SELECT * FROM #__friends
WHERE friends_user_id = '". USER_ID ."' AND user_id = '". intval($_GET['user_id']) ."' AND status = 'new'
");
if(!$friend) a_error("Заявка не найдена!");
else {
$this->db->query("DELETE FROM #__friends WHERE friends_user_id = '". USER_ID ."' AND user_id = '". intval($_GET['user_id']) ."' AND status = 'new'");
redirect('friends/new');
}
}
}
?>