Файл: chat/add.php
Строк: 50
<?php
include ("../conf.php");
include ("../lock.php");
include ("../functions.php");
$add = "add";
if($_GET['page'] == $add)
{
if ($user == $myrow["user"] && $pass == $myrow["pass"] && $user != '')
{
bann2($user);
include ("../head.php");
$userchat = mysql_query("SELECT * FROM `userlist` WHERE `id`='$_GET[id]' LIMIT 1");
$userto = mysql_fetch_array($userchat);
echo "<div class='nav'><form name='form' action='add.php?page=s&user=$user&pass=$pass' method='post'>";
echo "<input name='id_user' type='hidden' value='".$myrow['id']."'>";
if ($myrow["money"] >= 1)
{
echo <<<sss
Сообщение:<br /><textarea rows="3" cols="19" name="text">$userto[user]</textarea><br/>
<input type="submit" value="Отправить">
</form></div>
<a href=../smile.php?user=$user&pass=$pass>Смайлики</a>
<a href='index.php?user=$user&pass=$pass'>Назад</a>
sss;
}
else {
echo "Для отправки сообщения необходимо иметь 1 и более баксов на счету!</div> <a href=../smile.php?user=$user&pass=$pass>Смайлы</a>
<a href='index.php?user=$user&pass=$pass'>Назад</a>";
}
include ("../foot.php");
exit();
}
else
{
echo "<link rel='stylesheet' type='text/css' href='../style.css'/>";
include ("../head.php");
echo "<div class='nav'>";
echo "Ошибка! <br />Неверный <b>Ник</b> или<b>Пароль</b>!<br /></div>";
echo "<a href='index.php'>На главную</a>";
include ("../foot.php");
}
}
$s = "s";
if($_GET['page']==$s)
{
if ($user == $myrow["user"] && $pass == $myrow["pass"] && $user != '')
{
bann2($user);
$pol_user = $myrow["pol"];
echo "<link rel='stylesheet' type='text/css' href='../style.css'/>";
include ("../head.php");
$text = htmlspecialchars(mysql_real_escape_string(trim($_POST['text']))); if ($text == ''){unset($text); }
$id_user = htmlspecialchars(mysql_real_escape_string(trim($_POST['id_user']))); if ($id_user == ''){unset($id_user); }
$user2 = htmlspecialchars(mysql_real_escape_string(trim($myrow['user']))); if ($user2 == ''){unset($user2); }
$date = date("Y.m.d");
if (isset($text))
{
$result = mysql_query("INSERT INTO chat (text,date,id_user,user2,pol_user) VALUES ('$text','$date','$id_user','$user2','$pol_user')");
$id = $myrow['id'];
$mmm = $myrow["money"]-1;
mysql_query("UPDATE userlist SET money='$mmm' WHERE id='$id'",$db);
if ($result == 'true')
{
echo "<html><head>
<meta http-equiv='Refresh' content='0; URL=index.php?user=".$user."&pass=".$pass."'>
</head></html>";
}
}
else
{
echo "<div class='nav'>Ошибка! Сообщение не отправлено!</div>";
echo "<a href='index.php?user=$user&pass=$pass'>В чат</a>";
include ("../foot.php");
exit();
}
}
else
{
echo "<link rel='stylesheet' type='text/css' href='../style.css'/>";
include ("../head.php");
echo "<div class='nav'>";
echo "Ошибка! <br />Неверный <b>Ник</b> или<b>Пароль</b>!<br /></div>";
echo "<a href='index.php'>На главную</a>";
include ("../foot.php");
}
}
?>