Файл: modules/friends/add.php
Строк: 60
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
if(!User::logged() || !isset($_GET['id']) || $_GET['id'] == 0 || $_GET['id'] == $user['id'] || $db->query("SELECT * FROM `friends` WHERE `friend_id` = '". abs(intval($_GET['id'])) ."' AND `user_id` = '". $user['id'] ."'")->rowCount() !=0 || $db->query("SELECT * FROM `friends` WHERE `user_id` = '". abs(intval($_GET['id'])) ."' AND `friend_id` = '". $user['id'] ."'")->rowCount() !=0)
{
header('location: /');
exit;
}
if(isset($_GET['id']) && isset($_POST['no']))
{
header('location: /user/profile/'. abs(intval($_GET['id'])));
exit;
}
elseif(isset($_GET['id']) && isset($_POST['yes']))
{
$db->query("INSERT INTO `friends` SET `user_id` = '" .$user['id'] ."', `friend_id` = '". abs(intval($_GET['id'])) ."', `active` = '0'");
header('location: /user/profile/'. abs(intval($_GET['id'])));
exit;
}
$title = _t('friends_add');
include_header($title);
$tpl->div('title', _t('friends_add'));
echo '<div class="menu">
<form action="/friends/add/'.abs(intval($_GET['id'])) .'?act=last" method="post">
'. _t('friends_verify_add').' <b>'.tnick(abs(intval($_GET['id']))).'</b>?<br/>
<input type="submit" name="yes" value="'._t('yyes').'" /> <input type="submit" name="no" value="'. _t('yno').'" />
</form>
</div>';
$tpl->div('block', NAV .'<a href="/user/profile/'. abs(intval($_GET['id'])) .'">'. _t('back') .'</a><br/>'
. HICO .'<a href="/">'. _t('home') .'</a>');
include_footer();
?>