Файл: vsime.com/friends/inc/act_new.php
Строк: 74
<?
if_user('is_reg');
if (isset($_GET['yes'])) {
$yes = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `friends` WHERE `id` = '".intval($_GET['yes'])."' AND `id_ank` = '$user[id]'"));
$ank = profile($yes['id_user']);
if (!$yes) {
$title .= ' - Ошибка!';
ex_head();
show_errors('Предложение не найдено.');
ex_foot();
}
mysqli_query($dbi, "UPDATE `friends` SET `ok` = '1', `time` = '$time' WHERE `id` = '$yes[id]'");
if (!mysqli_result("SELECT COUNT(*) FROM `readers` WHERE `id_user` = '$user[id]' AND `id_ank` = '$ank[id]'")) {
mysqli_query($dbi, "INSERT INTO `readers` SET `id_user` = '$user[id]', `id_ank` = '$ank[id]'");
}
if (!mysqli_result("SELECT COUNT(*) FROM `readers` WHERE `id_user` = '$ank[id]' AND `id_ank` = '$user[id]'")) {
mysqli_query($dbi, "INSERT INTO `readers` SET `id_user` = '$ank[id]', `id_ank` = '$user[id]'");
}
msg_sess("Пользователь <b>$ank[nick]</b> стал Вашим другом");
$msg = "Пользователь [user]$user[nick][/user] принял Ваше предложение дружбы.";
write_mail(0, $ank['id'], $msg);
header("Location: ?act=".(mysqli_result("SELECT COUNT(*) FROM `friends` WHERE `id_ank` = '$user[id]' AND `ok` = '0'")?"new":"user&id=$user[id]"));
exit();
}
if (isset($_GET['no'])) {
$no = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `friends` WHERE `id` = '".intval($_GET['no'])."' AND `id_user` = '$user[id]'"));
$ank = profile($no['id_user']);
if (!$no) {
$title .= ' - Ошибка!';
ex_head();
show_errors('Предложение не найдено.');
ex_foot();
}
$msg = "Пользователь [user]$user[nick][/user] отклонил Ваше предложение дружбы.";
write_mail(0, $ank['id'], $msg);
mysqli_query($dbi, "DELETE FROM `friends` WHERE `id` = '$no[id]'");
msg_sess("Предложение отклонено.");
header("Location: ?act=".(mysqli_result("SELECT COUNT(*) FROM `friends` WHERE `id_user` = '$user[id]' AND `ok` = '0'")?"new":"user&id=$user[id]"));
exit();
}
$title .= ' - Предложения';
ex_head();
$count_results = mysqli_result("SELECT COUNT(*) FROM `friends` WHERE `id_ank` = '$user[id]' AND `ok` = '0'");
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
if ($count_results == 0)
{
echo "<div class='list_empty'>n";
echo "Нет предложенийn";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `friends` WHERE `id_ank` = '$user[id]' AND `ok` = '0' ORDER BY `time` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query))
{
$ank = profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank['id']).profile_nick($ank['id'], 1).profile_medal($ank['id']);
echo "<br />n";
echo "<a href='?act=new&yes=$post[id]'>Принять</a> <a href='?act=new&no=$post[id]'>Отклонить</a>n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?act=new&");
echo "<div class='foot'>n";
echo image_back()." <a href='/friends/?id=$user[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
?>