Тема закрыта!
Ребята привет есть проблемка со скриптом дружба вот он
<?
include_once \'sys/inc/start.php\';
include_once \'sys/inc/compress.php\';
include_once \'sys/inc/sess.php\';
include_once \'sys/inc/home.php\';
include_once \'sys/inc/settings.php\';
include_once \'sys/inc/db_connect.php\';
include_once \'sys/inc/ipua.php\';
include_once \'sys/inc/fnc.php\';
include_once \'sys/inc/user.php\';
only_reg();
$ank[\'id\']=$user[\'id\'];
$set[\'title\'] = \'Предложения дружбы\';
include_once \'sys/inc/thead.php\';
title();
if (isset($_GET[\'ok\']))
{
$ok = intval($_GET[\'ok\']);
if (mysql_result(mysql_query(\"SELECT COUNT(*) FROM `user` WHERE `id` = \'$ok\' LIMIT 1\"
,0)==0){header(\"Location: index.php?\";exit;}
mysql_query(\"INSERT INTO `frends` (`user`, `frend`, `time`, `i`) values(\'$ank[id]\', \'$ok\', \'$time\', \'1\')\";
mysql_query(\"INSERT INTO `frends` (`user`, `frend`, `time`, `i`) values(\'$ok\', \'$ank[id]\', \'$time\', \'1\')\";
mysql_query(\"DELETE FROM `frends_new` WHERE `user` = \'$ok\' AND `to` = \'$user[id]\' LIMIT 1\";
mysql_query(\"DELETE FROM `frends_new` WHERE `user` = \'$user[id]\' AND `to` = \'$ok\' LIMIT 1\";
mysql_query(\"OPTIMIZE TABLE `frends`\";
mysql_query(\"OPTIMIZE TABLE `frends_new`\";
$msgok=\"Поздравляем! обитатель $user[nick] принял ваше предложение дружбы\";
mysql_query(\"INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values(\'0\', \'$ok\', \'$msgok\', \'$time\')\";
$hereJob = mysql_query(\"SELECT id FROM jobs WHERE user = \'$user[id]\' AND job = \'1\' AND status = \'1\' LIMIT 1\";
if (mysql_num_rows($hereJob) != false)
{
$_FileJob = file_get_contents(\'jobs.dat\');
$exJob = explode(\',\', $_FileJob);
mysql_query(\"UPDATE user SET balls = balls + \'$exJob[2]\' WHERE id = \'$user[id]\' LIMIT 1\";
mysql_query(\"UPDATE jobs SET time = \'\" . (time() + 5 * 60) . \"\', status = \'2\' WHERE user = \'$user[id]\' AND status = \'1\' LIMIT 1\";
}
msg (\'Предложение дружбы успешно принято\');
}
if (isset($_GET[\'no\']))
{
$no = intval($_GET[\'no\']);
if (mysql_result(mysql_query(\"SELECT COUNT(*) FROM `user` WHERE `id` = \'$no\' LIMIT 1\",0)==0){header(\"Location: index.php?\";exit;}
mysql_query(\"DELETE FROM `frends` WHERE `user` = \'$user[id]\' AND `frend` = \'$no\' LIMIT 1\";
mysql_query(\"DELETE FROM `frends` WHERE `user` = \'$no\' AND `frend` = \'$user[id]\' LIMIT 1\";
mysql_query(\"DELETE FROM `frends_new` WHERE `user` = \'$no\' AND `to` = \'$user[id]\' LIMIT 1\";
mysql_query(\"DELETE FROM `frends_new` WHERE `user` = \'$user[id]\' AND `to` = \'$no\' LIMIT 1\";
mysql_query(\"OPTIMIZE TABLE `frends`\";
mysql_query(\"OPTIMIZE TABLE `frends_new`\";
$msgno=\"К сожалению,обитатель $user[nick] отклонил ваше предложение дружбы!\";
mysql_query(\"INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values(\'0\', \'$no\', \'$msgno\', \'$time\')\";
msg (\'Предложение отклонено\');
}
if (isset($_GET[\'del\']))
{
$no = intval($_GET[\'del\']);
if (mysql_result(mysql_query(\"SELECT COUNT(*) FROM `user` WHERE `id` = \'$no\' LIMIT 1\",0)==0){header(\"Location: index.php?\";exit;}
mysql_query(\"DELETE FROM `frends` WHERE `user` = \'$user[id]\' AND `frend` = \'$no\' LIMIT 1\";
mysql_query(\"DELETE FROM `frends` WHERE `user` = \'$no\' AND `frend` = \'$user[id]\' LIMIT 1\";
mysql_query(\"DELETE FROM `frends_new` WHERE `user` = \'$no\' AND `to` = \'$user[id]\' LIMIT 1\";
mysql_query(\"DELETE FROM `frends_new` WHERE `user` = \'$user[id]\' AND `to` = \'$no\' LIMIT 1\";
mysql_query(\"OPTIMIZE TABLE `frends`\";
mysql_query(\"OPTIMIZE TABLE `frends_new`\";
$msgno=\"К сожалению,$user[nick] удалил вас из списка друзей!\";
mysql_query(\"INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values(\'0\', \'$no\', \'$msgno\', \'$time\')\";
msg (\'Дружба закончена\');
}
if ($ank[\'id\']==$user[\'id\'])
{
echo \"<div class=\'aut\'>\";
echo \'<img src=\"friends.gif\" alt=\"\"/> <a href=\"frend.php\">Список друзей</a>\';
echo \"</div>\";
}
$m = date(\'m\', $time);
if (substr($m, 0, 1) == 0)$m = str_replace(\'0\', \'\', $m);
$d = date(\'d\', $time);
$k_f = mysql_result(mysql_query(\"SELECT COUNT(id) FROM `frends_new` WHERE `to` = \'$user[id]\' LIMIT 1\", 0);
if ($k_f==0)echo \'Нет предложений дружбы\';
$q = mysql_query(\"SELECT * FROM `frends_new` WHERE `to` = \'$user[id]\' ORDER BY time DESC\";
while ($f = mysql_fetch_array($q))
{
$a = mysql_fetch_array(mysql_query(\"SELECT * FROM `user` WHERE `id` = \'\".$f[\'user\'].\"\' LIMIT 1\");
if($num==1){
echo \"<div class=\'str\'>\";
$num=0;
}else{
echo \"<div class=\'str\'>\";
$num=1;}
echo \'<center>\';
echo \'Обитатель хочет добавить Вас в друзья!<br/>\';
avatar($a[\'id\']);
echo \'<br/>\';
echo \'\'.online($a[\'id\']).\' <a href=\"/info.php?id=\'.$a[\'id\'].\'\">\'.$a[\'nick\'].\'</a> (\'.vremja($f[\'time\']).\')\';
echo \'<div class=\"menu_razd\"><a href=\"frend_new.php?ok=\'.$a[\'id\'].\'\">Принять</a> | <a href=\"frend_new.php?no=\'.$a[\'id\'].\'\">Отклонить</a></div>\';
echo \'</center>\';
echo \"</div>\";
}
include_once \'sys/inc/tfoot.php\';
?>
что там не так потому что когда составишь такой запрос сайт.ру/frend_new.php?ok=иди пользователя можешь добавит его в друзья даже если он делал тебе предложение дружбы
- 1 из 1
