php mysql + create a friend request system

Question

i am creating a friend request system that allow user to send request to each other to add as friends like facebook and i have 2 conditions that if :

• the user is the profile owner he can not add him self i will echo an error msg
• the user is not the owner of the profile it will echo a message that say wait then the request is send

if the user has already send the request i will echo a message to infor the user that a request had been send.

but the error is that i am in the first condition because the system display that the user is the owner profile but this is wrong

can anyone help me ??

this is a chunk of code

function addAsFriend(a,b){
   //alert("Member with id:" + a + "request friendship with the memeber with id:" + b);
  var url = "script_for_profile/request_as_friend.php";
  $("#add_friend").text("please wait...").show();
  $.post(url,{request:"requestFreindship",mem1:a,mem2:b},function(data){
    $("#add_friend").html(data).show().fadeOut(12000);
  });
}

<div class="interactContainers" id="add_friend">
               <div align="right"><a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('add_friend');">Cancel</a></div>
               Add <?php echo $username ?> as Friend?&nbsp;
               <a href ="#" onclick="return false" onmousedown="javascript:addAsFriend(<?php echo $_SESSION['user_id']; ?>,<?php echo $userid; ?>);">Yes</a>

request_as_friend.php

<?php
//var we need for  both  members
$mem1=preg_replace('#[^0-9]#i','',$_POST['mem1']);
$mem2=preg_replace('#[^0-9]#i','',$_POST['mem2']);

if(!$mem1||!$mem2)
{
    echo "Error .missing data";
    exit();
}
if($mem1==$mem2)
{
    echo "Error you can not add yourself as friend";
    exit();
}
 require_once('../include/connect.php'); 


 if($_POST['request']=="requestFriendship")
 {
     //check that  there  is not  a request  pending  where this viewer  is requesting  this profile  owner
     $sql = mysql_query("SELECT id  FROM friend_requests WHERE mem1='$mem1' AND mem2='$mem2'limit1")or die(mysql_error());
     $numRows = mysql_num_rows($sql);
     if($numRows > 0)
     {
         echo "You have a friend request pending already  for this member. they must approve  it when they view their request list";
         exit();
     }
      //check that  there  is not  a request  pending  where this profile owner  is not already requesting  this viewer
     $sql = mysql_query("SELECT id  FROM friend_requests WHERE mem1='$mem2' AND mem2='$mem1'limit1")or die(mysql_error());
     $numRows = mysql_num_rows($sql);
     if($numRows > 0)
     {
         echo "This user has requested you as friend already! Check  your friend  Request on your profile";
         exit();
     }
     $sql = mysql_query("INSERT INTO friend_requests(mem1,mem2,timedate) VALUES('$mem1','$mem2',now())") or die (mysql_error("friend request  insertionn error"));
     //$sql = mysql_query("INSERT INTO pms(to,from,time,sub,msg) VALUES('$mem2','XXXXX',now(),'New Friend Request','YOU Have a New  friend request waiting for approval.<br /><br />Navigate to your profile and check  your friend request.<br /><br />Thank you.')") or die (mysql_error("friend request PM insertionn error"));

  echo "Friend Request  sent  succesfully. this member must approve the request";
  exit();    
 }
?>

Answer 1

What the post array returns for mem1 and mem2?

However, you shouldn't compare the post data. Or not both.

For example you have logged in, your id is stored in session. You are opening a user profile i.e.: http://yoursite.com/viewprofile.php?id=1001 . Then after passing from the jquery you should check in PHP smth like:

if ($_GET['id'] = $_SESSIOM['id']) {
   //you cannot add yourself
}

Answer 2

I was totally wrong, you don't need to create any extra flag, just store the user_id -which you retrieve from the database when the user logs in - store it in the session then when he/she clicks on the add friend button check the $_SESSION['user_id'] with the id of the other user before completing the friendship function, if they're both the same, means it's the same person, otherwise add friends.