WMU-CS4430-Project/var/www/findFriend.php

<?php
    require 'common.php';
    require 'loginRequired.php';
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>friendbook Find Friend</title>
        <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
        <link rel="stylesheet" type="text/css" href="styling.css">
    </head>
    <body>
        <!--#include virtual="header.html" -->
        <!--#include virtual="topNavBar.html" -->
        <?php
            try{
                echo '<pre>';
                echo "Find Friends:\n\n";
                $sql_select = "SELECT username";
                $sql_from = "FROM contacts";
                $sql_where = "WHERE username = '".$_POST['friend']."'";
                $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
                $result = $db_connection->query($sql_statement);
                if(mysqli_num_rows($result) == 0)
                   echo "username doesn't exist";
                else
                {
                    $sql_select = "SELECT friend";
                    $sql_from = "FROM friendList";
                    $sql_where = "WHERE username = '".$_SESSION["loggedInUser"]."' and friend = '".$_POST['friend']."'";
                    $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
                    $result = $db_connection->query($sql_statement);
                    if(mysqli_num_rows($result) == 1)
                        echo "you already sent a request";
                    else
                    {
                        $sql_select = "SELECT username";
                        $sql_from = "FROM friendList";
                        $sql_where = "WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
                        $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
                        $result = $db_connection->query($sql_statement);
                        if(mysqli_num_rows($result) == 1)
                        {
                            $sql_statement = "UPDATE friendList SET confirm = 'true' WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
                            $db_connection->query($sql_statement);
                            $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', 'true')";
                            $db_connection->query($sql_statement);
                        }
                        else
                        {
                            $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', 'false')";
                            $db_connection->query($sql_statement);
                        }
                    }
                }

                echo '</pre>';
            }catch(PDOException $e){
                echo "PDOException: ".$e->getMessage().PHP_EOL;
            }catch(Exception $e){
                echo "Exception: ".$e->getMessage().PHP_EOL;
            }
        ?>
        
        <form action="" method="post">
                Username&colon; <input type="text" name="friend" placeholder="Friend Username"><br />
                <br />
                <input type="submit" class="button">
        </form>
    </body>
</html>
<?php
    $db_connection = null;
?>