php - 页面所有者和查看者之间的分离

Question

我有一个个人资料页面，允许用户向其他用户发送好友请求，我有一个包含字段的好友请求表：id mem1 mem2 datetime

mem1：是个人资料页面的查看者用户 mem2：是个人资料页面的所有者

当 mem1 发送请求时，系统会检查用户是否是所有者，因此不允许他自己向其发送请求。

如果不是用户发送请求，表格将填写所需的数据

但我得到的错误是系统总是显示用户是所有者和查看者，这是错误的。

这是所有代码，但问题在于检查用户是所有者还是查看者...

配置文件.php

if($username!=$login_user)
{
    $interactionBox='<div class = "InteractionLinksDiv">
    <a href= "#" onclick="return false" onmousedown="javascript:toggleInteractContainers(\'add_friend\');">Add as Friend</a>
    </div>';
    $isOwner = "no";
}
//check if the logued in user is equal from the url username
else
{
    $interactionBox='<div style="display:inline; border:#CCC 1px solid; padding:5px; background-color:#E4E4E4; color:#999; font-size:11px;">
    Other members will see  links to interact with you here.
    </div>';
    $isOwner = "yes";
}
?>

function addAsFriend(a,b){
   //alert("Member with id:" + a + "request friendship with the memeber with id:" + b);
  var url = "script_for_profile/request_as_friend.php";
  $("#add_friend").text("please wait...").show();
  $.post(url,{request:"requestFreindship",mem1:a,mem2:b},function(data){
    $("#add_friend").html(data).show().fadeOut(12000);
  });
}

<div class="interactContainers" id="add_friend">
               <div align="right"><a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('add_friend');">Cancel</a></div>
               Add <?php echo $username ?> as Friend?&nbsp;

               <a href ="#" onclick="return false" onmousedown="javascript:addAsFriend(<?php echo $_SESSION['user_id']; ?>,<?php echo $userid; ?>);">Yes</a>
               </div>

request_as_friend.php

<?php
require_once('../include/connect.php'); 
   if(@!$login){
         session_start();
        }
        $login = ($_SESSION['login']);
         $userid = ($_SESSION['user_id']);
         $login_user = ($_SESSION['username']);
         $fname = ($_SESSION['first_name']);
         $lname = ($_SESSION['last_name']);
ob_start();
$username = "";
   if(isset($_GET['u']))
   {
        $username = mysql_real_escape_string($_GET['u']);
        if(ctype_alnum($username)){
                //check  user exists
       $check = mysql_query("SELECT user_name, first_name FROM user WHERE user_name = '$username'");
       if(mysql_num_rows($check)==1)
       {
           $get = mysql_fetch_assoc($check);
           $username = $get['user_name'];
           $fname = $get['first_name'];
           var_dump($username);
           var_dump($fname);
       }
       else
       {
           echo "<meta http-equiv=\"refresh\" content=\"0; url=http://localhost/lam-el-chamel/index.php\">";
           exit();
       }
     }
   }



$mem1 = $login_user;
$mem2 = $username;

//var we need for  both  members
$mem1=preg_replace('#[^0-9]#i','',$_POST['mem1']);
$mem2=preg_replace('#[^0-9]#i','',$_POST['mem2']);

if(!$mem1||!$mem2)
{
    echo "Error .missing data";
    exit();
}

if($mem1==$mem2)
{
    echo "Error you can not add yourself as friend";
    exit();
}



 if($_POST['request']=="requestFreindship")
 {
     //check that  there  is not  a request  pending  where this viewer  is requesting  this profile  owner
     $sql = mysql_query("SELECT id  FROM friend_requests WHERE mem1='$mem1' AND mem2='$mem2'LIMIT 1")or die(mysql_error());
     $numRows = mysql_num_rows($sql);
     if($numRows > 0)
     {
         echo "You have a friend request pending already  for this member. they must approve  it when they view their request list";
         exit();
     }
      //check that  there  is not  a request  pending  where this profile owner  is not already requesting  this viewer
     $sql = mysql_query("SELECT id  FROM friend_requests WHERE mem1='$mem2' AND mem2='$mem1'LIMIT 1")or die(mysql_error());
     $numRows = mysql_num_rows($sql);
     if($numRows > 0)
     {
         echo "This user has requested you as friend already! Check  your friend  Request on your profile";
         exit();
     }
     $sql = mysql_query("INSERT INTO friend_requests(mem1,mem2,timedate) VALUES('$mem1','$mem2',now())") or die (mysql_error("friend request  insertionn error"));
     //$sql = mysql_query("INSERT INTO pms(to,from,time,sub,msg) VALUES('$mem2','XXXXX',now(),'New Friend Request','YOU Have a New  friend request waiting for approval.<br /><br />Navigate to your profile and check  your friend request.<br /><br />Thank you.')") or die (mysql_error("friend request PM insertionn error"));

  echo "Friend Request sent successfully. this member must approve the request";
  exit();    
 }
?>