contact_add.php at IntraMessenger

<?php
/*******************************************************
 **                  IntraMessenger - server          **
 **                                                   **
 **  Copyright:      (C) 2006 - 2011 THeUDS           **
 **  Web:            http://www.theuds.com            **
 **                  http://www.intramessenger.net    **
 **  Licence :       GPL (GNU Public License)         **
 **  http://opensource.org/licenses/gpl-license.php   **
 *******************************************************/

/*******************************************************
 **       This file is part of IntraMessenger-server  **
 **                                                   **
 **  IntraMessenger is a free software.               **
 **  IntraMessenger is distributed in the hope that   **
 **  it will be useful, but WITHOUT ANY WARRANTY.     **
 *******************************************************/
//
if (isset($_POST['id_user_1'])) $id_user_1 = intval($_POST['id_user_1']);  else $id_user_1 = 0;
if (isset($_POST['id_user_2'])) $id_user_2 = intval($_POST['id_user_2']);  else $id_user_2 = 0;
if (isset($_POST['tri'])) $tri = $_POST['tri'];  else $tri = "";
if (isset($_POST['page'])) $page = $_POST['page']; else $page = "";
if (isset($_POST['lang'])) $lang = $_POST['lang']; else $lang = "";
//
//
$url = "list_contact.php?tri=" . $tri . "&lang=" . $lang . "&page=" . $page . "&";
$repertoire  = getcwd() . "/"; 
if ( (substr_count($repertoire, "/admin_demo/") == 0) and (substr_count($repertoire, "\admin_demo/") == 0) ) 
{
  if ( ($id_user_1 > 0) and (!preg_match("#[^0-9]#", $id_user_1)) and ($id_user_2 > 0) and (!preg_match("#[^0-9]#", $id_user_2)) )
  {
    define('INTRAMESSENGER',true);
    require ("../common/sql.inc.php");
    require ("../common/functions.inc.php");
    //
    if (  ( f_is_deja_in_contacts_id($id_user_1, $id_user_2) == 0 ) and ($id_user_1 <> $id_user_2) and ($id_user_1 > 0) and ($id_user_2 > 0)  )
    {
      $requete = "INSERT INTO " . $PREFIX_IM_TABLE . "CNT_CONTACT (ID_USER_1, ID_USER_2, CNT_STATUS) ";
      $requete .= "VALUES (" . $id_user_1 . ", " . $id_user_2 . ", 1) ";
      $result = mysql_query($requete);
      if (!$result) error_sql_log("[ERR-A7a]", $requete);
      //
      $requete = "INSERT INTO " . $PREFIX_IM_TABLE . "CNT_CONTACT (ID_USER_1, ID_USER_2, CNT_STATUS) ";
      $requete .= "VALUES (" . $id_user_2 . ", " . $id_user_1 . ", 1) ";
      $result = mysql_query($requete);
      if (!$result) error_sql_log("[ERR-A7b]", $requete);
    }
    //
    mysql_close($id_connect);
  }
  //
  header("location:" . $url);
}
else
  require("redirect_acp_demo.inc.php");
?>