File: /home/httpd/html/porn.tw/public_html/controllers/control.my_friends.php
<?php
if (!$_SESSION['userid']) {
header("Location: $basehttp/login");exit();
}
$title = _t('My Friends');
$headertitle = _t('My Friends');
if ($_GET['acceptAll']) {
$sql = "SELECT friends.record_num, friends.user FROM friends, users WHERE friends.friend = '$_SESSION[userid]' AND users.record_num = friends.user AND approved = 0";
$drow = dbQuery($sql, false);
if ($drow) {
foreach ($drow as $a) {
dbQuery("UPDATE friends SET approved = 1 WHERE record_num = '$a[record_num]'", false);
dbQuery("INSERT INTO friends (`user` , `friend` ,`approved` ,`date_added`) VALUES('$_SESSION[userid]','$a[user]','1','" . date('Y-m-d H:i:s', time()) . "')");
sendEmail('friend-request-confirmation', $a['user']);
}
}
}
if ($_GET['declineAll']) {
unset($drow);
$sql = "SELECT friends.record_num, friends.user FROM friends, users WHERE friends.friend = '$_SESSION[userid]' AND users.record_num = friends.user AND approved = 0";
$drow = dbQuery($sql, false);
if ($drow) {
foreach ($drow as $a) {
dbQuery("DELETE FROM friends WHERE record_num = '$a[record_num]'");
}
}
}
$userRes = dbQuery("SELECT * FROM users WHERE record_num = '" . $_SESSION['userid'] . "'", false);
$urow = $userRes[0];
$_template_header = 'overall_header';
$_template_content = 'my_friends';
$_template_footer = 'overall_footer';
?>