-
Notifications
You must be signed in to change notification settings - Fork 1
/
friend.inc.php
96 lines (93 loc) · 3.38 KB
/
friend.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?php
include 'header.php';
include 'dbh.inc.php';
if(!isset($_SESSION['email'])) {
header("location: index.php");
exit();
}
if(isset($_GET['f'])) {
$friend = $_GET['f'];
$friend = htmlspecialchars($friend, ENT_QUOTES, 'UTF-8');
$friend = mysqli_real_escape_string($conn, $friend);
$email = $_SESSION['email'];
$sql2 = "SELECT * FROM users WHERE email = '$email'";
$result2 = $conn->query($sql2);
$date3 = date("Y-m-d");
while($row2 = mysqli_fetch_assoc($result2)) {
$u = $row2['id'];
$u = htmlspecialchars($u, ENT_QUOTES, 'UTF-8');
$u = mysqli_real_escape_string($conn, $u);
$sql = "SELECT * FROM users WHERE id = '$friend'";
$result = $conn->query($sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
while($row = mysqli_fetch_assoc($result)) {
$friendname = $row['email'];
$friendname = htmlspecialchars($friendname, ENT_QUOTES, 'UTF-8');
$friendname = mysqli_real_escape_string($conn, $friendname);
$sqlf = "INSERT INTO friends (friend1, friend2, date, fid1, fid2) VALUES ('$email', '$friendname', '$date3', '$u', '$friend')";
$resultf = $conn->query($sqlf);
$sqla = "INSERT INTO friendalert (sendto, whofriended, date, whofriendedid) VALUES ('$friendname', '$email', '$date3', '$u')";
$resulta = $conn->query($sqla);
header("location: global.php");
exit();
}
} else {
header("location: global.php");
}
}
} else {
header("location: global.php");
exit();
}
if(isset($_GET['r'])) {
$friend = $_GET['r'];
$friend = htmlspecialchars($friend, ENT_QUOTES, 'UTF-8');
$friend = mysqli_real_escape_string($conn, $friend);
$email = $_SESSION['email'];
$sql2 = "SELECT * FROM users WHERE email = '$email'";
$result2 = $conn->query($sql2);
while($row2 = mysqli_fetch_assoc($result2)) {
$u = $row2['id'];
$u = htmlspecialchars($u, ENT_QUOTES, 'UTF-8');
$u = mysqli_real_escape_string($conn, $u);
$sql = "DELETE FROM friends WHERE fid1 = '$u' AND fid2 = '$friend'";
$result = $conn->query($sql);
header("location: global.php");
}
}
if(isset($_GET['po'])) {
$friend = $_GET['po'];
$friend = htmlspecialchars($friend, ENT_QUOTES, 'UTF-8');
$friend = mysqli_real_escape_string($conn, $friend);
$email = $_SESSION['email'];
$sql2 = "SELECT * FROM users WHERE email = '$email'";
$result2 = $conn->query($sql2);
$date3 = date("Y-m-d");
while($row2 = mysqli_fetch_assoc($result2)) {
$u = $row2['id'];
$u = htmlspecialchars($u, ENT_QUOTES, 'UTF-8');
$u = mysqli_real_escape_string($conn, $u);
$sql = "SELECT * FROM users WHERE id = '$friend'";
$result = $conn->query($sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
while($row = mysqli_fetch_assoc($result)) {
$friendname = $row['email'];
$friendname = htmlspecialchars($friendname, ENT_QUOTES, 'UTF-8');
$friendname = mysqli_real_escape_string($conn, $friendname);
$sqlf = "INSERT INTO friends (friend1, friend2, date, fid1, fid2) VALUES ('$email', '$friendname', '$date3', '$u', '$friend')";
$resultf = $conn->query($sqlf);
$sqla = "INSERT INTO friendalert (sendto, whofriended, date, whofriendedid) VALUES ('$friendname', '$email', '$date3', '$u')";
$resulta = $conn->query($sqla);
header("location: home.php");
exit();
}
} else {
header("location: home.php");
}
}
} else {
header("location: home.php");
exit();
}