-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfriendAction.php
48 lines (43 loc) · 1.49 KB
/
friendAction.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
$servername = "localhost";
$name = "antinc";
$password = "AntInc_AntInc123";
$dbname = "Ant_Planner";
$conn = mysqli_connect($servername, $name, $password, $dbname);
if (!$conn) {
die("Connection failed: ".mysqli_connect_error());
}
if(!$_GET) {
die("This file cannot be accessed directly!");
}
$id = $_GET["id"];
$password = $_GET["password"];
$friendId = $_GET["friendId"];
$action = $_GET["action"];
$verificationPW = "select password from Users where id='".$id."'";
$pw = mysqli_fetch_array($conn->query($verificationPW))["password"];
if($pw === $password){
switch ($action) {
case 'sendRequest':
$conn->query("insert into Requests (Requests.from, Requests.to) values ('".$id."','".$friendId."')");
break;
case 'deleteFriend':
$friends = explode("&", mysqli_fetch_array($conn->query("select friends from Users where id='".$id."'"))["friends"]);
foreach (array_keys($friends, $friendId) as $key) {
unset($friends[$key]);
}
$conn->query("update Users set friends='".join("&", $friends)."' where id='".$id."'");
$op = explode("&", mysqli_fetch_array($conn->query("select friends from Users where id='".$friendId."'"))["friends"]);
foreach (array_keys($op, $id) as $key) {
unset($op[$key]);
}
$conn->query("update Users set friends='".join("&", $op)."' where id='".$friendId."'");
break;
case 'cancelRequest':
$conn->query("delete from Requests where Requests.from='".$id."' and Requests.to='".$friendId."'");
break;
default:
break;
}
}
?>