require AT_INCLUDE_PATH . 'vitals.inc.php'; require AT_SOCIAL_INCLUDE . 'friends.inc.php'; require AT_SOCIAL_INCLUDE . 'classes/Applications.class.php'; require AT_SOCIAL_INCLUDE . 'classes/SocialGroups/SocialGroup.class.php'; require AT_SOCIAL_INCLUDE . 'classes/SocialGroups/SocialGroups.class.php'; if (!$_SESSION['valid_user']) { require AT_INCLUDE_PATH . 'header.inc.php'; $info = array('INVALID_USER', $_SESSION['course_id']); $msg->printInfos($info); require AT_INCLUDE_PATH . 'footer.inc.php'; exit; } //Handles search queries from side menu if (isset($_GET['searchFriends']) && $_GET['friendsName'] != '') { $wanted = $addslashes($_GET['friendsName']); $friends = searchFriends($wanted, true); } //Handles remove request if (isset($_GET['remove'])) { $id = intval($_GET['id']); // if (isset($_GET['confirm_remove'])){ removeFriend($id); header('Location: ' . url_rewrite(AT_SOCIAL_BASENAME . AT_SOCIAL_INDEX, AT_PRETTY_URL_IS_HEADER)); exit; // } // $msg->addConfirm("are_you_sure?"); // header('Location: '.url_rewrite(AT_SOCIAL_BASENAME.'index.php?remove=yes'.SEP.'id='.$id.SEP.'confirm_remove=yes')); } //Handles request approval, and rejection if (isset($_GET['approval'])) { $id = intval($_GET['id']);
//to adapt paginator GET queries //don't need to apply addslashes here cause searchFriends will do it. if ($_GET['search_friends']) { $search_field = $_GET['search_friends']; } else { $search_field = $_POST['search_friends_' . $rand_key]; } //take outs all htmlencode including slashes $search_field = html_entity_decode($search_field, ENT_QUOTES, 'UTF-8'); if (isset($_POST['myFriendsOnly'])) { //retrieve a list of my friends $friends = searchFriends($search_field, true); } else { //retrieve a list of friends by the search $friends = searchFriends($search_field); //to calculate the total number. TODO: need a better way, wasting runtime. $num_pages = max(ceil(sizeof($friends) / SOCIAL_FRIEND_SEARCH_MAX), 1); $friends = searchFriends($search_field, false, $offset); } } //mark those that are already added $friends = markFriends($_SESSION['member_id'], $friends); include AT_INCLUDE_PATH . 'header.inc.php'; $savant->display('social/pubmenu.tmpl.php'); $savant->assign('page', $page); $savant->assign('num_pages', $num_pages); $savant->assign('search_field', htmlentities_utf8($search_field)); $savant->assign('friends', $friends); $savant->assign('rand_key', $rand_key); $savant->display('social/connections.tmpl.php'); include AT_INCLUDE_PATH . 'footer.inc.php';
<?php $json = ""; require "../API/showFriends.php"; require "../API/searchFriends.php"; if (!empty($_POST)) { switch ($_POST['method']) { case "show": $json = myFriends($_POST['user_id']); break; case "search": $json = searchFriends($_POST['user_id']); break; default: break; } } echo $json;