Hello..
I was asked on MSN to update a friend list for someone, I'll think Danny696 was the original author, I've simply changed the look, and added too it
Nothing major, Got asked and thought I'd share..
<?php
/*
This is friendlist.php, I was asked to too update it, I'm pretty sure Danny696 did the recoding, and added the security though.
Anyways..ENJOY!
*/
include(DIRNAME(__FILE__) . '/globals.php');
$donator = TRUE;
if($donator == TRUE && $ir['donatordays'] == 0)
{
echo'Sorry. This feature is for donators only';
$h->endpage();
exit;
}
$_GET['action'] = isset($_GET['action']) && ctype_alpha($_GET['action']) ? trim($_GET['action']) : 'index';
switch($_GET['action'])
{
case 'add': friend_add(); break;
case 'remove': friend_remove(); break;
case 'comment': friend_comment(); break;
default: index(); break;
}
if (!in_array($_GET['action'], array('add','remove','comment','index'))) {
die("<h2>Illegal Operation</h2>");
$h->endpage();
exit;
}
function index()
{
global $db,$ir,$c,$userid,$h;
$abc=$db->query("SELECT * FROM friendslist WHERE fl_ADDED=$userid",$c);
$friendcount = $db->num_rows($abc);
echo'<a href=?action=add>> Add a Friend</a><br />';
echo' <center><strong>'.number_format($friendcount).' players have added you as a friend</strong></center><br />
<center>Most Liked User: ';
$q2r=$db->query("SELECT u.username,count( * ) as cnt,fl.fl_ADDED FROM friendslist fl LEFT JOIN users u on fl.fl_ADDED=u.userid GROUP BY fl.fl_ADDED ORDER BY cnt DESC LIMIT 1",$c) or die(mysql_error());
$r=0;
while($r2r=$db->fetch_row($q2r))
{
$r++;
if($r > 1) { print " | "; }
echo '<a href="viewuser.php?u='.$r2r['fl_ADDED'].'">'.$r2r['username'].'['.$r2r['fl_ADDED'].']</a>';
}
echo'<br /></center>';
echo'<table cellspacing="2" cellpadding="2" border="1" style="background:#000000" class="table" width="85%">
<th>Name</th>
<th>Mail</th>
<th>Send Cash</th>
<th>Bank Xfer</th>
<th>Send Crystals</th>
<th>Remove</th>
<th>Comment</th>
<th>Change Comment</th>
<th>Status</th>
<th>Last Online</th></tr>';
$q=$db->query("SELECT fl.*,u.* FROM friendslist fl LEFT JOIN users u ON fl.fl_ADDED=u.userid WHERE fl.fl_ADDER=$userid ORDER BY u.username ASC",$c);
while($r=$db->fetch_row($q))
{
if($r['laston'] >= time()-15*60) { $on="<font color=green><b>Online</b></font>"; } else { $on="<font color=red><b>Offline</b></font>"; }
$d="";
if($r['donatordays']) { $r['username'] = '<font color=red>'.$r['username'].'</font>'; $d='<img src="donator.gif" alt="Donator: '.$r['donatordays'].' Days Left" title="Donator: '.$r['donatordays'].' Days Left" />'; }
if(!$r['fl_COMMENT']) { $r['fl_COMMENT']="None"; }
echo'
<tr>
<td><a href="viewuser.php?u='.$r['userid'].'">'.$r['username'].' ['.$r['userid'].']</a>'.$d.'</td>
<td><a href="mailbox.php?action=compose&ID='.$r['userid'].'"><center>Send Message</center></a></td>
<td><a href="sendcash.php?ID='.$r['userid'].'"><center>Send Cash</center></a></td>
<td><a href="sendbank.php?ID='.$r['userid'].'">Bank Xfer</a></td></br />
<td><a href="sendcrys.php?ID='.$r['userid'].'">Send Crystals</a></td><br/>
<td><a href="?action=remove&f='.$r['fl_ID'].'"><center>Remove</center></a></td>
<td><center>'.$r['fl_COMMENT'].'</center></td>
<td><a href="?action=comment&f='.$r['fl_ID'].'"><center>Change Comment</center></a></td>
<td><center>'.$on.'</center></td>
<td><center>'.date('F j, Y g:i:s a',$r['laston']).'</center></td>
</tr>
';
}
echo'</table>';
}
function friend_add()
{
global $db,$ir,$c,$userid,$h;
$_POST['ID'] = abs(@intval($_POST['ID']));
$_POST['comment']=str_replace(array("<",">","\n"),array("<",">","<br />"), $_POST['comment']);
if($_POST['ID'])
{
$qc=$db->query("SELECT * FROM friendslist WHERE fl_ADDER=$userid AND fl_ADDED=".$_POST['ID']."");
$q=$db->query("SELECT * FROM users WHERE userid=".$_POST['ID']."");
if($db->num_rows($qc))
{
echo'Why are you adding the same person twice...';
}
elseif($userid==$_POST['ID'])
{
echo'Why are you adding yourself you your friends list, got no friends...';
}
elseif($db->num_rows($q)==0)
{
echo'That user isnt a real person im afraid... Come back later...';
}
else
{
$db->query("INSERT INTO friendslist VALUES('', $userid, ".$_POST['ID'].", '".$_POST['comment']."')");
$r=$db->fetch_row($q);
$db->query("UPDATE users SET friend_count=friend_count+1 WHERE userid=".$_POST['ID']."");
echo'You added '.$r['username'].' to your friends list.<br />
<a href="friendslist.php">> Back</a>';
}
}
else
{
echo' <h4>Adding a friend.</h4> <form action="?action=add" method="post">
Friends ID: <input typpe="text" name="ID" value="'.$_GET['ID'].'" /><br />
Comment (optinal):<br />
<textarea name="comment" rows="7" cols="40"></textarea><br />
<input type="submit" value="Add!" /></form>';
}
}
function friend_remove()
{
global $db,$ir,$c,$userid,$h;
$q=$db->query("SELECT * FROM friendslist WHERE fl_ID=".$_GET['f']." AND fl_ADDER=$userid");
if($db->num_rows($q) == 0)
{
echo'You cannot remove something you havent got.';
}
$r=$db->fetch_row($q);
$db->query("DELETE FROM friendslist WHERE fl_ID=".$_GET['f']." AND fl_ADDER=$userid");
$db->query("UPDATE users SET friend_count=friend_count-1 WHERE userid=".$r['fl_ADDED']."");
echo'You have successfully removed the friends entry!<br />
<a href="friendslist.php">> Back</a>';
}
function friend_comment()
{
global $db,$ir,$c,$userid,$h;
$_POST['f'] = abs(@intval($_POST['f']));
$_POST['comment']=str_replace(array("<",">","\n"),array("<",">","<br />"), $_POST['comment']);
if($_POST['comment'])
{
$db->query("UPDATE friendslist SET fl_COMMENT='".$_POST['comment']."' WHERE fl_ID=".$_POST['f']." AND fl_ADDER=$userid");
echo'You have successfully changed the comment!<br />
<a href="friendslist.php">> Back</a>';
}
else
{
$q=$db->query("SELECT * FROM friendslist WHERE fl_ID=".$_GET['f']." AND fl_ADDER=$userid");
if($db->num_rows($q))
{
$r=$db->fetch_row($q);
$comment=str_replace(array("<",">","<br />"), array("<",">","\n"), $r['fl_COMMENT']);
echo 'Changing a comment. <form action="?action=comment" method="post">
<input type="hidden" name="f" value="'.$_GET['f'].'" /><br />
New Comment: <br />
<textarea rows="7" cols="40" name="comment">'.$comment.'</textarea><br />
<input type="submit" value="Change!" /></form>';
}
else
{
echo'Stop trying to edit posts that arn\'t yours';
}
}
}
$h->endpage();
?>
I doubt we need screen shots so I'll give them a miss..
Enjoy =)
