<?php

##
#
# Jisko: An open-source microblogging application
# Copyright (C) 2008  Rubén Díaz <outime@gmail.com> & Matías Parodi <mparodilabs@gmail.com>
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
##

if (!defined("SECURITY")) { exit; }
if ($_SESSION['LOGIN'] !== true) header("Location: {$base}home");

$username = safe_str($_GET['username'], true);
$permalink = safe_str($_GET['permalink'], true);

if ((!empty($username)) and (!empty($permalink))) {

	$sql = "
			SELECT `users`.`id_user`
			FROM `users`
			WHERE (`users`.`username` = '" . $username . "');";
	$result = mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	mysql_free_result($result);

	$id_user = $row['id_user'];
/*
	$sql = "
			SELECT `notes`.`id_user`
			FROM `notes`
			INNER JOIN `suscriptions` ON `suscriptions`.`id_user` = `notes`.`id_user`
			INNER JOIN `groups` ON `groups`.`id_group` = `suscriptions`.`id_group`
			WHERE ((`notes`.`id_user` = '" . $id_user . "') AND (`notes`.`permalink` = '" . $permalink . "') AND (`groups`.`type` = 'public') AND (`notes`.`type` != 'private'));";
*/
	$sql = "
			SELECT `notes`.`id_user`
			FROM `notes`
			WHERE ((`notes`.`id_user` = '" . $id_user . "') AND (`notes`.`permalink` = '" . $permalink . "') AND (`notes`.`type` != 'private'));";
	$result = mysql_query($sql);

	if (mysql_affected_rows() == 1) {

		$sql = "
		    SELECT `favorites`.`id_favorite`
		    FROM `favorites`
		    WHERE ((`favorites`.`id_user` = '" . $_SESSION['ID_USER'] . "') AND (`favorites`.`id_user_favorite` = '" . $id_user . "') AND (`favorites`.`permalink` = '" . $permalink . "'))
		    LIMIT 1;";
		$result = mysql_query($sql);
		$row = mysql_fetch_assoc($result);
		mysql_free_result($result);

		if (mysql_affected_rows() == 0) {
			$sql = "INSERT INTO `favorites` (`id_user`, `id_user_favorite`, `permalink`) values ('" . $_SESSION['ID_USER'] . "', '" . $id_user . "', '" . $permalink . "');";
			mysql_query($sql);
		} else {
			$sql = "DELETE FROM `favorites` WHERE (`favorites`.`id_favorite` = '" . $row['id_favorite'] . "') LIMIT 1;";
			mysql_query($sql);
		}
		header('Location: ' . $_SERVER['HTTP_REFERER']);

	} else { header('Location: ' . $_SERVER['HTTP_REFERER']); }
} else { header('Location: ' . $_SERVER['HTTP_REFERER']); }

?>