Просмотр файла friends.php

Размер файла: 7.36Kb
<?php

$friends = "friends";
if($_GET['mode']==$friends)
{
include ("conf.php");
include ("lock.php");

if ($user == $myrow["user"] && $pass == $myrow["pass"])
{

$id_user = $myrow['id'];

$num = 10;
@$page = $_GET['page'];
$result00 = mysql_query("SELECT COUNT(*) FROM friends WHERE id_user='".$id_user."'");
$temp = mysql_fetch_array($result00);
$posts = $temp[0];
$total = (($posts - 1) / $num) + 1;
$total =  intval($total);
$page = intval($page);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * $num - $num;


$result2 = mysql_query ("select * from friends where id_user='".$id_user."' order by id desc limit $start, $num",$db);
$result33 = mysql_query ("select * from friends where id_user='".$id_user."'");
if (mysql_num_rows($result33) > 0)
{
$myrow2 = mysql_fetch_array($result2);


include ("head.php");
do {
echo "<div class='nav'>";

$m = "Мужской";
if($myrow2['user_pol'] == $m) { echo "<img src='img/m.gif' alt=''/></a> "; }
else { echo "<img src='img/w.gif' alt=''/></a> "; }

echo " [<b><a href='info.php?user=$user&pass=$pass&id=".$myrow2['user_id']."'>".$myrow2['user_nick']."</a></b>] |";
echo " (<a href='friends.php?mode=del&user=$user&pass=$pass&ids=".$myrow2['user_id']."'><font color='red'>del</font></a>)<br />";
echo "</div>";
}
while ($myrow2 = mysql_fetch_array($result2));



echo "<div class='nav'>";
if ($page != 1) echo "<a href=friends.php?mode=friends&user=$user&pass=$pass&page=".($page - 1).">Назад</a>";
if ($page != $total) echo " <a href=friends.php?mode=friends&user=$user&pass=$pass&page=".($page + 1).">Далее</a>";
echo "</div>";


}
else
{
include ("head.php");
echo "<div class='nav'>";
echo "У вас нет Друзей!<br />";
echo "</div>";
echo "<div class='nav'>";
echo "• <a href=friends.php?mode=add&user=$user&pass=$pass>Добавить</a><br />";
echo "• <a href=menu.php?user=$user&pass=$pass>В меню</a>";
echo "</div>";
include ("foot.php");
exit();
}
echo "<div class='nav'>";
echo "• <a href=friends.php?mode=add&user=$user&pass=$pass>Добавить</a><br />";
echo "• <a href=menu.php?user=$user&pass=$pass>В меню</a>";
echo "</div>";
include ("foot.php");
exit();
}
else
{
include ("head.php");
echo "<div class='nav'>";
echo "Ошибка! <br />Неверный <b>Ник</b> или <b>Пароль</b>!<br />";
echo "</div>";
echo <<<sss
<div class='nav'>
<a href="index.php">На главную</a>
</div>
sss;
include ("foot.php");
}
}




$add = "add";
if($_GET['mode']==$add)
{
include ("conf.php");
include ("lock.php");

if ($user == $myrow["user"] && $pass == $myrow["pass"])
{

include ("head.php");
echo "<div class='nav'>";
echo <<<sss
<form name="form" action="friends.php?mode=s&user=$user&pass=$pass" method="POST">
sss;
echo "Ник: <br /><input name='user_nick' type='text' value=''><br />";
echo "<input type='submit' value='Добавить'></form>";
echo "</div>";
echo "<div class='nav'>";
echo "• <a href=menu.php?user=$user&pass=$pass>В меню</a>";
echo "</div>";
include ("foot.php");
exit();
}
else
{
include ("head.php");
echo "<div class='nav'>";
echo "Ошибка! <br />Неверный <b>Ник</b> или <b>Пароль</b>!<br />";
echo "</div>";
echo <<<sss
<div class='nav'>
<a href="index.php">На главную</a>
</div>
sss;
include ("foot.php");
exit();
}

}


$s = "s";
if($_GET['mode']==$s)
{
include ("conf.php");
include ("lock.php");

if ($user == $myrow["user"] && $pass == $myrow["pass"])
{
$id_user = "".$myrow['id']."";
$user_nick = htmlspecialchars(mysql_real_escape_string(trim($_POST['user_nick']))); if ($user_nick == ''){unset($user_nick); }



$result4 = mysql_query("SELECT id,pol FROM userlist WHERE user='".$user_nick."'",$db);
$myrow4 = mysql_fetch_array($result4);
$user_id = "".$myrow4['id']."";
$user_pol = "".$myrow4['pol']."";

$result3 = mysql_query("INSERT INTO friends (id_user,user_nick,user_id,user_pol) VALUES ('$id_user','$user_nick','$user_id','$user_pol')");

if (isset($id_user)  and isset($user_nick))
{
if ($result3 == 'true')
{
include ("head.php");
echo "<div class='nav'>Друг добавлен!</div>";
echo "<div class='nav'>• <a href=menu.php?user=$user&pass=$pass>В меню</a></div>";
include ("foot.php");
}
}
else
{
include ("head.php");
echo "<div class='nav'>Ошибка! Друг не добавлен!</div>";
echo "<div class='nav'>";
echo "• <a href=menu.php?user=$user&pass=$pass>В меню</a>";
echo "</div>";
include ("foot.php");
}

}
else
{
include ("head.php");
echo "<div class='nav'>";
echo "Ошибка! <br />Неверный <b>Ник</b> или<b>Пароль</b>!<br /></div>";
echo "<div class='nav'><a href='index.php'>На главную</a></div>";
include ("foot.php");
}
}



$get = "get";
if($_GET['mode']==$get)
{
include ("conf.php");
include ("lock.php");

if ($user == $myrow["user"] && $pass == $myrow["pass"])
{
$id_user = "".$myrow['id']."";
$user_nick = htmlspecialchars(mysql_real_escape_string(trim($_GET['user_nick']))); if ($user_nick == ''){unset($user_nick); }



$result4 = mysql_query("SELECT id,pol FROM userlist WHERE user='".$user_nick."'",$db);
$myrow4 = mysql_fetch_array($result4);
$user_id = "".$myrow4['id']."";
$user_pol = "".$myrow4['pol']."";

$result3 = mysql_query("INSERT INTO friends (id_user,user_nick,user_id,user_pol) VALUES ('$id_user','$user_nick','$user_id','$user_pol')");

if (isset($id_user)  and isset($user_nick))
{
if ($result3 == 'true')
{
include ("head.php");
echo "<div class='nav'>Друг добавлен!</div>";
echo "<div class='nav'>• <a href=menu.php?user=$user&pass=$pass>В меню</a></div>";
include ("foot.php");
}
}
else
{
include ("head.php");
echo "<div class='nav'>Ошибка! Друг не добавлен!</div>";
echo "<div class='nav'>";
echo "• <a href=menu.php?user=$user&pass=$pass>В меню</a>";
echo "</div>";
include ("foot.php");
}

}
else
{
include ("head.php");
echo "<div class='nav'>";
echo "Ошибка! <br />Неверный <b>Ник</b> или<b>Пароль</b>!<br /></div>";
echo "<div class='nav'><a href='index.php'>На главную</a></div>";
include ("foot.php");
}
}





$del = "del";
if($_GET['mode']==$del)
{
include ("conf.php");
include ("lock.php");

if ($user == $myrow["user"] && $pass == $myrow["pass"])
{

$ids = htmlspecialchars(mysql_real_escape_string(trim($_GET['ids']))); if ($ids == ''){unset($ids); }
$result3 = mysql_query("DELETE FROM friends WHERE user_id='".$ids."'");

if ($result3 == 'true')
{
include ("head.php");
echo "<div class='nav'>";
echo "Друг Удален!";
echo "</div>";
echo "<div class='nav'>";
echo "• <a href=menu.php?user=$user&pass=$pass>В меню</a>";
echo "</div>";
include ("foot.php");
exit();
}
else
{
include ("head.php");
echo "<div class='nav'>Ошибка! Друг не Удален!</div>";
echo "<div class='nav'>";
echo "• <a href=menu.php?user=$user&pass=$pass>В меню</a>";
echo "</div>";
include ("foot.php");
exit();
}

}
else
{
include ("head.php");
echo "<div class='nav'>";
echo "Ошибка! <br />Неверный <b>Ник</b> или<b>Пароль</b>!<br /></div>";
echo "<div class='nav'><a href='index.php'>На главную</a></div>";
include ("foot.php");
}
}



?>