xamedow/ajax_xamedow.php

## ajax_xamedow.php
<?php
session_start();
require_once("../mod/mod_config.php");
$filter = new filter;

if (isset($_POST['table'])) {
    // Friends remover.
    if ($_POST['table'] === 'friends') {
        $person_id = $filter->html_filter(@$_POST['person_id']);
        $friend_id = $filter->html_filter(@$_POST['friend_id']);

        if (is_numeric($person_id) && is_numeric($friend_id)) {
            $Db->query = "SELECT id FROM person_friends WHERE (person_id = $person_id AND friend_id = $friend_id)
            OR (person_id = $friend_id AND friend_id = $person_id)";
            $Db->query();
            while($q_res=mysql_fetch_assoc($Db->lQueryResult) ) {
                $delete_id .= $q_res['id'] . ',';
            }
            $delete_id = substr($delete_id,0,-1);

            $Db->query = "SELECT id FROM person_invitations WHERE status = 'accepted' AND init_by_id={$person_id} AND target_id={$friend_id}";
            $Db->query();
            while($q_res=mysql_fetch_assoc($Db->lQueryResult) ) {
                $delete_invite_id .= $q_res['id'] . ',';
            }
            $delete_invite_id = substr($delete_invite_id,0,-1);

            $Db->query = "DELETE FROM person_friends WHERE id IN ($delete_id)";
            $Db->query();
            $Db->query =  "DELETE FROM person_invitations WHERE id IN ($delete_invite_id)";
            $Db->query();
        }
    }
// Invitations handler.
    if ($_POST['table'] === 'invitations') {
        $id = $filter->html_filter(@$_POST['id']);
        $init_id = $filter->html_filter(@$_POST['init_id']);
        $person_id = $filter->html_filter(@$_POST['person_id']);
        $action = $filter->html_filter(@$_POST['action']);
        if (is_numeric($id)) {
            if ($action === 'accepted' || $action === 'rejected') {
                $Db->query = "UPDATE `person_invitations` SET status='$action' WHERE id = $id";
            }
        }
        if($action === 'add') {
            $Db->query = "INSERT INTO person_invitations (target_id, init_by_id, status) VALUES($person_id, $init_id, 'open')";
        }
        $Db->query();

        if ($action === 'accepted') {
            $Db->query = "INSERT INTO person_friends (friend_id, person_id) VALUES($init_id, $person_id),($person_id, $init_id)";
            $Db->query();
        }
    }
    if ($_POST['table'] === 'blacklist') {
        $id = $filter->html_filter(@$_POST['id']);
        $banned_id = $filter->html_filter(@$_POST['banned_id']);
        $person_id = $filter->html_filter(@$_POST['person_id']);
        $action = $filter->html_filter(@$_POST['action']);

        if($action === 'add') {
            $Db->query = "INSERT INTO person_blacklist (person_id, banned_id) VALUES($person_id, $banned_id)";
            $Db->query();
        }
        if($action === 'delete') {
            $Db->query = "DELETE FROM person_blacklist WHERE id = $id";
            $Db->query();
        }
    }
// Banned remover.
    if ($_POST['table'] === 'blacklist') {
        $id = $filter->html_filter(@$_POST['id']);
        if (is_numeric($id)) {
            $Db->query = "DELETE FROM `person_blacklist` WHERE `id` = '" . $id . "' LIMIT 1";
            $Db->query();
        }
    }
    // Group remover.
    if ($_POST['table'] === 'group') {
        if ($_POST['action'] === 'quit') {
            $id = $filter->html_filter(@$_POST['id']);
            if (is_numeric($id)) {
                $Db->query = "DELETE FROM `person_groups` WHERE `id` = '" . $id . "' LIMIT 1";
                $Db->query();
            }
        }
        if ($_POST['action'] === 'delete') {
            $id = $filter->html_filter(@$_POST['id']);
            if (is_numeric($id)) {
                $Db->query = "DELETE FROM `mod_groups` WHERE `id` = '" . $id . "' LIMIT 1";
                $Db->query();
            }
        }
        if ($_POST['action'] === 'query') {
            $query = '';
            $Db->query = "SELECT name FROM mod_groups";
            $Db->query();
            while($lRes = mysql_fetch_assoc($Db->lQueryResult)) {
                $query .= $lRes['name'] . '/';
            }
            echo $query;
        }
    }
// Group invitations handler.
    if ($_POST['table'] === 'group_invitations') {
        $id = $filter->html_filter(@$_POST['id']);
        $init_id = $filter->html_filter(@$_POST['init_id']);
        $person_id = $filter->html_filter(@$_POST['person_id']);
        $action = $filter->html_filter(@$_POST['action']);
        if (is_numeric($id)) {
            $Db->query = "UPDATE `person_group_invitations` SET status='$action' WHERE id = $id";
            $Db->query();
        }
        if ($action === 'accepted') {
            $Db->query = "INSERT INTO person_groups (group_id, person_id) VALUES($init_id, $person_id)";
            $Db->query();
        }
    }
}
	<?php
	session_start();
	require_once("../mod/mod_config.php");
	$filter = new filter;

	if (isset($_POST['table'])) {
	// Friends remover.
	if ($_POST['table'] === 'friends') {
	$person_id = $filter->html_filter(@$_POST['person_id']);
	$friend_id = $filter->html_filter(@$_POST['friend_id']);

	if (is_numeric($person_id) && is_numeric($friend_id)) {
	$Db->query = "SELECT id FROM person_friends WHERE (person_id = $person_id AND friend_id = $friend_id)
	OR (person_id = $friend_id AND friend_id = $person_id)";
	$Db->query();
	while($q_res=mysql_fetch_assoc($Db->lQueryResult) ) {
	$delete_id .= $q_res['id'] . ',';
	}
	$delete_id = substr($delete_id,0,-1);

	$Db->query = "SELECT id FROM person_invitations WHERE status = 'accepted' AND init_by_id={$person_id} AND target_id={$friend_id}";
	$Db->query();
	while($q_res=mysql_fetch_assoc($Db->lQueryResult) ) {
	$delete_invite_id .= $q_res['id'] . ',';
	}
	$delete_invite_id = substr($delete_invite_id,0,-1);

	$Db->query = "DELETE FROM person_friends WHERE id IN ($delete_id)";
	$Db->query();
	$Db->query = "DELETE FROM person_invitations WHERE id IN ($delete_invite_id)";
	$Db->query();
	}
	}
	// Invitations handler.
	if ($_POST['table'] === 'invitations') {
	$id = $filter->html_filter(@$_POST['id']);
	$init_id = $filter->html_filter(@$_POST['init_id']);
	$person_id = $filter->html_filter(@$_POST['person_id']);
	$action = $filter->html_filter(@$_POST['action']);
	if (is_numeric($id)) {
	if ($action === 'accepted' \|\| $action === 'rejected') {
	$Db->query = "UPDATE `person_invitations` SET status='$action' WHERE id = $id";
	}
	}
	if($action === 'add') {
	$Db->query = "INSERT INTO person_invitations (target_id, init_by_id, status) VALUES($person_id, $init_id, 'open')";
	}
	$Db->query();

	if ($action === 'accepted') {
	$Db->query = "INSERT INTO person_friends (friend_id, person_id) VALUES($init_id, $person_id),($person_id, $init_id)";
	$Db->query();
	}
	}
	if ($_POST['table'] === 'blacklist') {
	$id = $filter->html_filter(@$_POST['id']);
	$banned_id = $filter->html_filter(@$_POST['banned_id']);
	$person_id = $filter->html_filter(@$_POST['person_id']);
	$action = $filter->html_filter(@$_POST['action']);

	if($action === 'add') {
	$Db->query = "INSERT INTO person_blacklist (person_id, banned_id) VALUES($person_id, $banned_id)";
	$Db->query();
	}
	if($action === 'delete') {
	$Db->query = "DELETE FROM person_blacklist WHERE id = $id";
	$Db->query();
	}
	}
	// Banned remover.
	if ($_POST['table'] === 'blacklist') {
	$id = $filter->html_filter(@$_POST['id']);
	if (is_numeric($id)) {
	$Db->query = "DELETE FROM `person_blacklist` WHERE `id` = '" . $id . "' LIMIT 1";
	$Db->query();
	}
	}
	// Group remover.
	if ($_POST['table'] === 'group') {
	if ($_POST['action'] === 'quit') {
	$id = $filter->html_filter(@$_POST['id']);
	if (is_numeric($id)) {
	$Db->query = "DELETE FROM `person_groups` WHERE `id` = '" . $id . "' LIMIT 1";
	$Db->query();
	}
	}
	if ($_POST['action'] === 'delete') {
	$id = $filter->html_filter(@$_POST['id']);
	if (is_numeric($id)) {
	$Db->query = "DELETE FROM `mod_groups` WHERE `id` = '" . $id . "' LIMIT 1";
	$Db->query();
	}
	}
	if ($_POST['action'] === 'query') {
	$query = '';
	$Db->query = "SELECT name FROM mod_groups";
	$Db->query();
	while($lRes = mysql_fetch_assoc($Db->lQueryResult)) {
	$query .= $lRes['name'] . '/';
	}
	echo $query;
	}
	}
	// Group invitations handler.
	if ($_POST['table'] === 'group_invitations') {
	$id = $filter->html_filter(@$_POST['id']);
	$init_id = $filter->html_filter(@$_POST['init_id']);
	$person_id = $filter->html_filter(@$_POST['person_id']);
	$action = $filter->html_filter(@$_POST['action']);
	if (is_numeric($id)) {
	$Db->query = "UPDATE `person_group_invitations` SET status='$action' WHERE id = $id";
	$Db->query();
	}
	if ($action === 'accepted') {
	$Db->query = "INSERT INTO person_groups (group_id, person_id) VALUES($init_id, $person_id)";
	$Db->query();
	}
	}
	}