<?php 
    include('../mb.php');
    if(!$_SESSION[userid]) {
	header("Location: $basehttp");
	exit();
    } 

    $id = mysqli_real_escape_string($dbconn,$_GET[id]);
    if(!is_numeric($id)) { exit(); } 

    if(is_numeric($_GET[approved])) {
	$approved=1;
    } 
    
    $sql="SELECT user FROM friends WHERE record_num = '$id' AND approved = 0 AND `friend` = '$_SESSION[userid]'";		
    $drow = dbQuery($sql,false);	
    if($drow){		
	$user=$drow[0]['user'];
	dbQuery("UPDATE friends SET  approved = 1 WHERE record_num = '$id'",false); 
        
	$time = date('Y-m-d H:i:s',time());
	dbQuery("INSERT INTO friends (`user` , `friend` ,`approved` ,`date_added`) VALUES('$_SESSION[userid]','$user','1','".$time."')");
        
        sendEmail('friend-request-confirmation',$user);
    }	
    exit();