Файл: user/friends.php
Строк: 86
<?php
require_once '../core/system.php';
$req = mysql_query("SELECT * from `ban` where `id_us` = '".$user['id']."' and `time`>'".$_SERVER['REQUEST_TIME']."'");
$ban = mysql_fetch_array($req);
if($ban['ban'] == 3){
header('Location: /moduls/ban');
}
if(!isset($user['id'])) header('Location: /');
$header = 'Мои друзья';
require_once '../core/head.php';
if($user['mesto'] != 'Друзья') mysql_query("UPDATE `user` set `mesto` = 'Друзья' where `id` = '".$user['id']."'");
if(isset($_GET['ob'])){
if(mysql_result(mysql_query("SELECT count(id) FROM `friends` where `kto` = '".$user['id']."' and `kogo` = '".abs(intval($_GET['ob']))."'"),0)==0){
mysql_query("INSERT INTO `friends` set `kto` = '".$user['id']."', `kogo` = '".abs(intval($_GET['ob']))."'");
header('Location: /user/friends');
$_SESSION['message'] = 'Игрок добавлен в друзья';
exit();
} else {
header('Location: /user/friends');
mysql_query("DELETE FROM `friends` where `kto` = '".$user['id']."' and `kogo` = '".abs(intval($_GET['ob']))."'");
$_SESSION['err'] = 'Игрок удалён из друзей';
exit();
}
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE `kto` = '".$user['id']."'"),0);
$k_page = k_page($k_post,10);
$page = page($k_page);
$start = 10*$page-10;
$spis = mysql_query("SELECT kogo from `friends` where `kto` = '".$user['id']."' ORDER BY id DESC LIMIT ".$start.", 10");
if(mysql_num_rows($spis) == 0){
echo '<div class="head">
<div class="empty2"></div>
Список пуст
<div class="empty2"></div>
</div>
<hr>';
}
while($s = mysql_fetch_array($spis)){
echo"<div class='player'>
<div class='empty'></div>";
$nick = mysql_fetch_array(mysql_query("SELECT * from `user` where id = '".$s['kogo']."' limit 1"));
if($nick['prava'] == 5){
$status = "<font color='ffc22b'>[A]</font>";
}
if($nick['prava'] == 4){
$status = "<font color='ffc22b'>[a]</font>";
}
if($nick['prava'] == 3){
$status = "<font color='ffc22b'>[M]</font>";
}
if($nick['prava'] == 2){
$status = "<font color='ffc22b'>[m]</font>";
}
echo '<a href="/user/'.$s['kogo'].'/">';
echo online($nick['id']);
echo ' <font color='.$nick['font'].'>'.$nick['nick'].' </font>';
if($nick['prava'] > 1){
echo $status;
}
echo'</a>
('.$nick['mesto'].')
<span class="float-right">
<a href="?ob='.$s['kogo'].'">
<img src="/images/icon/error.png">
</a>
</span>
</a>
</br>
<div class="empty"></div>
</div>
<hr>';
}
echo "</div>
</div>";
if(empty($_POST['fres'])){
$fres = mysql_real_escape_string(htmlspecialchars(addslashes($_POST['fres'])));
echo'</div>
<div class="foot">
Введите ник
</br>
<form action="/user/friends.php" method="post">
<input name="fres" title="Ник игрока"/>
<input type="submit" value="Добавить"/>
</form>';
} else {
$fres = mysql_real_escape_string(htmlspecialchars(addslashes($_POST['fres'])));
$req = mysql_query("SELECT * FROM `user` WHERE `nick` = '".$fres."'");
$avto = mysql_num_rows($req);
$anki = mysql_fetch_array($req);
if($avto == 0){
header('Location: /user/friends');
$_SESSION['err'] = 'Нет такого игрока!';
exit;
}
$req = mysql_query("SELECT * FROM `friends` WHERE `kto` = '".$user['id']."' and `kogo` = '".$anki['id']."' LIMIT 1");
$avto=mysql_num_rows($req);
if($avto == 1){
header('Location: /user/friends');
$_SESSION['err'] = 'Игрок уже в друзьях';
exit();
}
if($_POST['fres'] == $user['nick']){
header('Location: /user/friends');
$_SESSION['err'] = 'Cебя добавить нельзя <br/>';
exit();
}
$fres = mysql_real_escape_string(htmlspecialchars(addslashes($_POST['fres'])));
mysql_query("INSERT INTO `friends` set `kto` = '".$user['id']."', `kogo` = '".$anki['id']."'");
header ("Location: /user/friends");
exit;
}
echo"</div>";
if ($k_page > 1)str('?id=' . intval($_GET['id']) . '&',$k_page,$page);
if($_SESSION['pumpit_id'] == 0){
echo'<hr>
</div>
<div class="but-list-light">
<a href="/user/ref">
<img src="/images/icon/add.png">
Пригласить друзей
</a>
</div>';
}
include_once '../core/foot.php';
?>
</div>
</body>
</html>