polish up messages/friends a little

src/endpoints/social/deleteFriendRequest.cr

@@ -13,11 +13,11 @@ CrystalGauntlet.endpoints["/deleteGJFriendRequests20.php"] = ->(context : HTTP::
 
   own_request = params["isSender"]? == "1"
 
-  if DATABASE.scalar("select count(*) from friend_requests where #{own_request ? "to_account_id" : "from_account_id"} = ?", params["targetAccountID"].to_i).as(Int64) == 0
+  if DATABASE.scalar("select count(*) from friend_requests where #{own_request ? "to_account_id" : "from_account_id"} = ? and #{own_request ? "from_account_id" : "to_account_id"}", params["targetAccountID"].to_i, account_id).as(Int64) == 0
     return "-1"
   end
 
-  DATABASE.exec("delete from friend_requests where #{own_request ? "to_account_id" : "from_account_id"} = ?", params["targetAccountID"].to_i)
+  DATABASE.exec("delete from friend_requests where #{own_request ? "to_account_id" : "from_account_id"} = ? and #{own_request ? "from_account_id" : "to_account_id"}", params["targetAccountID"].to_i, account_id)
 
   return "1"
 }

src/endpoints/social/deleteMessage.cr

@@ -13,7 +13,7 @@ CrystalGauntlet.endpoints["/deleteGJMessages20.php"] = ->(context : HTTP::Server
 
   message_id = params["messageID"].to_i
 
-  id, from_account_id, to_account_id, subject, body, created_at, read_at, to_user_id, username = DATABASE.query_one("select messages.id, from_account_id, to_account_id, subject, body, messages.created_at, read_at, users.id, users.username from messages join users on users.id = to_account_id where messages.id = ?", message_id, as: {Int32, Int32, Int32, String, String, String, String?, Int32, String})
+  id, from_account_id, to_account_id, subject, body, created_at, read_at, to_user_id, username = DATABASE.query_one("select messages.id, from_account_id, to_account_id, subject, body, messages.created_at, read_at, users.id, users.username from messages join users on users.account_id = to_account_id where messages.id = ?", message_id, as: {Int32, Int32, Int32, String, String, String, String?, Int32, String})
 
   if from_account_id != account_id && to_account_id != account_id
     return "-1"

src/endpoints/social/getFriendRequests.cr

@@ -21,7 +21,7 @@ CrystalGauntlet.endpoints["/getGJFriendRequests20.php"] = ->(context : HTTP::Ser
 
   requests = [] of String
 
-  DATABASE.query_each("select friend_requests.id, users.account_id, body, friend_requests.created_at, read_at, users.id, users.username, users.icon_type, users.color1, users.color2, users.cube, users.ship, users.ball, users.ufo, users.wave, users.robot, users.spider, users.special from friend_requests join users on users.id = #{get_sent ? "to_account_id" : "from_account_id"} where #{get_sent ? "from_account_id" : "to_account_id"} = ? limit #{requests_per_page} offset #{page_offset}", account_id) do |rs|
+  DATABASE.query_each("select friend_requests.id, users.account_id, body, friend_requests.created_at, read_at, users.id, users.username, users.icon_type, users.color1, users.color2, users.cube, users.ship, users.ball, users.ufo, users.wave, users.robot, users.spider, users.special from friend_requests join users on users.account_id = #{get_sent ? "to_account_id" : "from_account_id"} where #{get_sent ? "from_account_id" : "to_account_id"} = ? limit #{requests_per_page} offset #{page_offset}", account_id) do |rs|
     id = rs.read(Int32)
     from_account_id = rs.read(Int32)
     body = rs.read(String)

src/endpoints/social/getMessage.cr

@@ -13,7 +13,7 @@ CrystalGauntlet.endpoints["/downloadGJMessage20.php"] = ->(context : HTTP::Serve
 
   message_id = params["messageID"].to_i
 
-  id, from_account_id, to_account_id, subject, body, created_at, read_at, to_user_id, username = DATABASE.query_one("select messages.id, from_account_id, to_account_id, subject, body, messages.created_at, read_at, users.id, users.username from messages join users on users.id = to_account_id where messages.id = ?", message_id, as: {Int32, Int32, Int32, String, String, String, String?, Int32, String})
+  id, from_account_id, to_account_id, subject, body, created_at, read_at, to_user_id, username = DATABASE.query_one("select messages.id, from_account_id, to_account_id, subject, body, messages.created_at, read_at, users.id, users.username from messages join users on users.account_id = to_account_id where messages.id = ?", message_id, as: {Int32, Int32, Int32, String, String, String, String?, Int32, String})
 
   if from_account_id != account_id && to_account_id != account_id
     return "-1"

src/endpoints/social/getMessages.cr

@@ -21,7 +21,7 @@ CrystalGauntlet.endpoints["/getGJMessages20.php"] = ->(context : HTTP::Server::C
 
   messages = [] of String
 
-  DATABASE.query_each("select messages.id, users.account_id, subject, body, messages.created_at, read_at, users.id, users.username from messages join users on users.id = #{get_sent ? "to_account_id" : "from_account_id"} where #{get_sent ? "from_account_id" : "to_account_id"} = ? limit #{messages_per_page} offset #{page_offset}", account_id) do |rs|
+  DATABASE.query_each("select messages.id, users.account_id, subject, body, messages.created_at, read_at, users.id, users.username from messages join users on users.account_id = #{get_sent ? "to_account_id" : "from_account_id"} where #{get_sent ? "from_account_id" : "to_account_id"} = ? order by messages.created_at desc limit #{messages_per_page} offset #{page_offset}", account_id) do |rs|
     id = rs.read(Int32)
     from_account_id = rs.read(Int32)
     subject = rs.read(String)

src/endpoints/social/getUserList.cr

@@ -14,7 +14,7 @@ CrystalGauntlet.endpoints["/getGJUserList20.php"] = ->(context : HTTP::Server::C
   users = [] of String
 
   # todo: implement blocked users
-  DATABASE.query_all("select account_id_1, account_id_2, read_at_1, read_at_2 from friend_links where account_id_1 = ? or account_id_2 = ? order by created_at", account_id, account_id, as: {Int32, Int32, String?, String?}).each() do |account_id_1, account_id_2, read_at_1, read_at_2|
+  DATABASE.query_all("select account_id_1, account_id_2, read_at_1, read_at_2 from friend_links where account_id_1 = ? or account_id_2 = ? order by created_at desc", account_id, account_id, as: {Int32, Int32, String?, String?}).each() do |account_id_1, account_id_2, read_at_1, read_at_2|
     read_at = account_id_1 == account_id ? read_at_1 : read_at_2
     other_account_id = account_id_1 == account_id ? account_id_2 : account_id_1
 

src/endpoints/social/sendFriendRequest.cr

@@ -11,17 +11,19 @@ CrystalGauntlet.endpoints["/uploadFriendRequest20.php"] = ->(context : HTTP::Ser
     return "-1"
   end
 
+  target_account_id = params["toAccountID"].to_i
+
   # todo: check for blocks
-  if DATABASE.scalar("select count(*) from accounts where id = ?", params["toAccountID"].to_i).as(Int64) == 0
+  if DATABASE.scalar("select count(*) from accounts where id = ?", target_account_id).as(Int64) == 0
     return "-1"
   end
 
-  if DATABASE.scalar("select count(*) from friend_requests where from_account_id = ? or to_account_id = ?", account_id, account_id).as(Int64) > 0
+  if DATABASE.scalar("select count(*) from friend_requests where (from_account_id = ? and to_account_id = ?) or (to_account_id = ? and from_account_id = ?)", account_id, target_account_id, account_id, target_account_id).as(Int64) > 0
     # already fr'd
     return "-1"
   end
 
-  if DATABASE.scalar("select friend_requests_enabled from accounts where id = ?", account_id).as(Int64) == 0
+  if DATABASE.scalar("select friend_requests_enabled from accounts where id = ?", target_account_id).as(Int64) == 0
     # disabled
     return "-1"
   end

src/endpoints/users/getUser.cr

@@ -12,7 +12,7 @@ CrystalGauntlet.endpoints["/getGJUserInfo20.php"] = ->(context : HTTP::Server::C
 
   is_friend = Accounts.are_friends(id, account_id || -1)
   begin
-    friend_request_id, friend_request_body, friend_request_created_at, from = DATABASE.query_one("select id, body, created_at, from_account_id from friend_requests where from_account_id = ? or to_account_id = ?", id, id, as: {Int32, String, String, Int32})
+    friend_request_id, friend_request_body, friend_request_created_at, from = DATABASE.query_one("select id, body, created_at, from_account_id from friend_requests where (from_account_id = ? and to_account_id = ?) or (to_account_id = ? and from_account_id = ?)", id, account_id, id, account_id, as: {Int32, String, String, Int32})
   rescue
   end