php - profile page issues in the system that always display that the user is the owner of the profile whcich is wrong -
i have profile page allow users send friend request other users , have friend request table fields : id mem1 mem2 datetime
mem1 : viewer user profile page mem2 : owner of profile page
when mem1 send request system check if the user owner not allow him send request self .
if not user send request , table fill required data
but error system display user owner , viewer wrong.
profile.php
if($username!=$login_user) { $interactionbox='<div class = "interactionlinksdiv"> <a href= "#" onclick="return false" onmousedown="javascript:toggleinteractcontainers(\'add_friend\');">add friend</a> </div>'; $isowner = "no"; } //check if logued in user equal url username else { $interactionbox='<div style="display:inline; border:#ccc 1px solid; padding:5px; background-color:#e4e4e4; color:#999; font-size:11px;"> other members see links interact here. </div>'; $isowner = "yes"; } ?> function addasfriend(a,b){ //alert("member id:" + + "request friendship memeber id:" + b); var url = "script_for_profile/request_as_friend.php"; $("#add_friend").text("please wait...").show(); $.post(url,{request:"requestfreindship",mem1:a,mem2:b},function(data){ $("#add_friend").html(data).show().fadeout(12000); }); } <div class="interactcontainers" id="add_friend"> <div align="right"><a href="#" onclick="return false" onmousedown="javascript:toggleinteractcontainers('add_friend');">cancel</a></div> add <?php echo $username ?> friend? <a href ="#" onclick="return false" onmousedown="javascript:addasfriend(<?php echo $_session['user_id']; ?>,<?php echo $userid; ?>);">yes</a> </div> request_as_friend.php
<?php require_once('../include/connect.php'); if(@!$login){ session_start(); } $login = ($_session['login']); $userid = ($_session['user_id']); $login_user = ($_session['username']); $fname = ($_session['first_name']); $lname = ($_session['last_name']); ob_start(); $username = ""; if(isset($_get['u'])) { $username = mysql_real_escape_string($_get['u']); if(ctype_alnum($username)){ //check user exists $check = mysql_query("select user_name, first_name user user_name = '$username'"); if(mysql_num_rows($check)==1) { $get = mysql_fetch_assoc($check); $username = $get['user_name']; $fname = $get['first_name']; var_dump($username); var_dump($fname); } else { echo "<meta http-equiv=\"refresh\" content=\"0; url=http://localhost/lam-el-chamel/index.php\">"; exit(); } } } $mem1 = $login_user; $mem2 = $username; //var need both members $mem1=preg_replace('#[^0-9]#i','',$_post['mem1']); $mem2=preg_replace('#[^0-9]#i','',$_post['mem2']); if(!$mem1||!$mem2) { echo "error .missing data"; exit(); } if($mem1==$mem2) { echo "error can not add friend"; exit(); } if($_post['request']=="requestfreindship") { //check there not request pending viewer requesting profile owner $sql = mysql_query("select id friend_requests mem1='$mem1' , mem2='$mem2'limit 1")or die(mysql_error()); $numrows = mysql_num_rows($sql); if($numrows > 0) { echo "you have friend request pending member. must approve when view request list"; exit(); } //check there not request pending profile owner not requesting viewer $sql = mysql_query("select id friend_requests mem1='$mem2' , mem2='$mem1'limit 1")or die(mysql_error()); $numrows = mysql_num_rows($sql); if($numrows > 0) { echo "this user has requested friend already! check friend request on profile"; exit(); } $sql = mysql_query("insert friend_requests(mem1,mem2,timedate) values('$mem1','$mem2',now())") or die (mysql_error("friend request insertionn error")); //$sql = mysql_query("insert pms(to,from,time,sub,msg) values('$mem2','xxxxx',now(),'new friend request','you have new friend request waiting approval.<br /><br />navigate profile , check friend request.<br /><br />thank you.')") or die (mysql_error("friend request pm insertionn error")); echo "friend request sent successfully. member must approve request"; exit(); } ?>
Comments
Post a Comment