Файл: vxas.ru/soo/friends.php
Строк: 83
<?
require '../sys/inc/start.php';
require '../sys/inc/compress.php';
require '../sys/inc/sess.php';
require '../sys/inc/home.php';
require '../sys/inc/settings.php';
require '../sys/inc/db_connect.php';
require '../sys/inc/ipua.php';
require '../sys/inc/fnc.php';
require '../sys/inc/user.php';
if(isset($_GET['s']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo` WHERE `id` = '".intval($_GET['s'])."' LIMIT 1"),0)==1)
{
$s=intval($_GET['s']);
$soo=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo` WHERE `id` = '".mysql_real_escape_string($s)."' LIMIT 1"));
require 'inc/ban.php';
$set['title']=$soo['name'].' - Друзья соо'; // заголовок страницы
require '../sys/inc/thead.php';
title();
if(isset($user) && $user['id']==$soo['admid'])
{
if(isset($_GET['del']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_friends` WHERE `id` = '".intval($_GET['del'])."' AND `id_soo`='".mysql_real_escape_string($soo[id])."' LIMIT 1"),0)==1)
{
mysql_query("DELETE FROM `soo_friends` WHERE `id`='".intval($_GET['del'])."' LIMIT 1");
msg('Друг соо успешно удален');
}
elseif(isset($_POST['friend_add']) && $_POST['friend_add']!=$soo['id'] && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo` WHERE `id` = '".intval($_POST['friend_add'])."' LIMIT 1"),0)==1 && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_friends` WHERE `id_soo`='".mysql_real_escape_string($soo[id])."' AND `id_friend`='".intval($_POST['friend_add'])."' LIMIT 1"),0)==0)
{
$add_friend=intval($_POST['friend_add']);
mysql_query("INSERT INTO `soo_friends` (`id_soo`, `id_friend`, `time`) values ('".mysql_real_escape_string($soo[id])."', '".mysql_real_escape_string($add_friend)."', '".mysql_real_escape_string($time)."')");
msg('Друг соо успешно добавлен');
}
}
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_friends` WHERE `id_soo`='".mysql_real_escape_string($soo[id])."'"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
if ($k_post==0)
{
?>
<div class='noy'>Друзей нет</div>
<?
}
$q=mysql_query("SELECT * FROM `soo_friends` WHERE `id_soo`='".mysql_real_escape_string($soo[id])."' ORDER BY `time` ASC LIMIT $start, $set[p_str]");
while ($friends = mysql_fetch_assoc($q))
{
$friend=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo` WHERE `id` = '".mysql_real_escape_string($friends[id_friend])."' LIMIT 1"));
if($num==1){
echo "<div class='enk_div'>n";
$num=0;
}else{
echo "<div class='enk2_div'>n";
$num=1;}
echo '<img src="img/cat.png" alt="" /> ';
echo '<a href="/soo/'.htmlspecialchars($friend['id']).'">'.htmlspecialchars($friend['name']).'</a> ('.vremja($friends['time']).')';
if(isset($user) && $user['id']==$soo['admid'])echo' [<a href="?s='.htmlspecialchars($soo['id']).'&del='.htmlspecialchars($friends['id']).'">x</a>]';
echo '<br />'.output_text($friend['desc']).'';
echo '</div>';
}
if ($k_page>1)str("?s=$soo[id]&",$k_page,$page); // Вывод страниц
if(isset($user) && $user['id']==$soo['admid'])
{
if(isset($_GET['add']))
{
echo'<form method="post" action="?s='.htmlspecialchars($soo['id']).'">';
echo'Введите ID сообщества<br/>';
echo'<input type="text" name="friend_add" size="3">';
echo'<input type="submit" value="Добавить">';
echo'</form>';
}else{
echo "<div class='fyt'>n";
echo'<a href="?s='.htmlspecialchars($soo['id']).'&add">Добавить друга</a>';
echo "</div>n";
}
}
echo "<div class='fyt'>n";
echo '<img src="img/back.png" alt="" class="icon"/> <a href="index.php?s='.htmlspecialchars($soo['id']).'">В сообщество</a>';
echo "</div>n";
}else{
header("Location:index.php");
}
require '../sys/inc/tfoot.php';
?>