Файл: impwar.tk/sendmessage.php
Строк: 316
<?php
require_once('conf/dbc.php');
require_once('conf/session_start.php');
require_once('conf/ban.php');
if ((!isset($_SESSION['id'])) and (!isset($_SESSION['nick']))) {
?>
<script type="text/javascript">
document.location.href = "reg.php?err_login=1";
</script>
<?php
}
$H=getenv("HTTP_REFERER");
if (empty($H)) {
?>
<script type="text/javascript">
document.location.href = "mail.php";
</script>
<?php
exit();
}
$user_id = abs(intval($_SESSION['id']));
$set_id = abs(intval($_GET['set_id']));
$type = abs(intval($_GET['type']));
if (empty($type)) {
$type = abs(intval($_POST['type']));
}
//////////////////Если не указан тип
if (empty($type)) {
?>
<script type="text/javascript">
document.location.href = "mail.php";
</script>
<?php
exit();
}
//////////////////
//////////////////Если указан неправильный тип
if ($type <>1 and $type <>2 and $type <>3 and $type <>4 and$type <>5) {
?>
<script type="text/javascript">
document.location.href = "mail.php";
</script>
<?php
exit();
}
///////////////////
/////////////////Если не указан ид
if (empty($set_id)) {
?>
<script type="text/javascript">
document.location.href = "mail.php";
</script>
<?php
exit();
}
//////////////
//////////////Сам себе не отправляет
if ($user_id == $set_id) {
?>
<script type="text/javascript">
document.location.href = "mail.php";
</script>
<?php
exit();
}
///////////////
///////////////Если этого id не существует
$query_isset = "Select id, gruppa, admin, message from users where id='$set_id' limit 1";
$result_isset = mysqli_query($dbc, $query_isset) or die ('Ошибка передачи запроса к БД');
$row_isset = mysqli_num_rows($result_isset);
$row_isset = mysqli_fetch_array($result_isset);
if (empty($row_isset)) {
?>
<script type="text/javascript">
document.location.href = "mail.php";
</script>
<?php
exit();
}
/////////////
$query_user = "Select id, gruppa, admin, habar,money, aptechki,message from users where id='$user_id' limit 1";
$result_user = mysqli_query($dbc, $query_user) or die ('Ошибка передачи запроса к БД');
$row_user = mysqli_fetch_array($result_user);
///////////// Проверка на группу на админа не рапостроняется)
if ($row_user['admin'] <> -1 and $row_isset['admin'] <> -1)
if ($row_user['admin'] <> 0 and $row_isset['admin'] <> 0)
if ($row_user['admin'] <> 1 and $row_isset['admin'] <> 1)
if ($row_user['admin'] <> 2 and $row_isset['admin'] <> 2)
if ($row_user['admin'] <> 3 and $row_isset['admin'] <> 3)
if ($row_user['admin'] <> 4 and $row_isset['admin'] <> 4)
if ($row_user['admin'] <> 5 and $row_isset['admin'] <> 5) {
if ($row_user['gruppa'] <> $row_isset['gruppa']) {
?>
<script type="text/javascript">
document.location.href = "mail.php";
</script>
<?php
exit();
}
}
/////////////
$message = $row_isset['message'];
$message_up = ($message + 1);
///////Если нужно отправить текст
if($type == 1) {
$text = $_POST['text'];
preg_replace('/ {2,}/',' ',$text);
$allSpace = -1;
$number = strlen($text);
if(empty($text)) {//////////Если пустое сообщение|||||err = 1
?>
<script type="text/javascript">
document.location.href = "send.php?err=1&set_id=<?php echo "$set_id"?>";
</script>
<?php
exit();
}
if($number < 3 || $number > 1024) {////////////Если больше 1024 симв|||||err = 2
?>
<script type="text/javascript">
document.location.href = "send.php?err=2&set_id=<?php echo "$set_id"?>";
</script>
<?php
exit();
}
for($len = 0; $len < $number; $len++)
{
if($text[$len] == " ") $allSpace++;
}
if($allSpace == $number || $allSpace == $number+1 || $allSpace == $number-1)
{
?>
<script type="text/javascript">
document.location.href = "send.php?err=1&set_id=<?php echo "$set_id"?>";
</script>
<?php
exit();
}
if((preg_match("/sfrpg/i", $text)) OR (preg_match("/keo/i", $text)) OR (preg_match("/s t a 1 k e r s .ru/i", $text))OR (preg_match("/s т a 1 к e r s .ru/i", $text)) OR (preg_match("/s t a 1 k e r s . r u/i", $text)) OR (preg_match("/keo/i", $text)) OR (preg_match("/r u/i", $text)) OR (preg_match("/s u/i", $text)) OR (preg_match("/n e t/i", $text)) OR (preg_match("/http/i", $text)))
{
?>
<script type="text/javascript">
document.location.href = "send.php?err=17&set_id=<?php echo "$set_id"?>";
</script>
<?php
exit();
}
$habar = $row_user['habar'];
if ($habar <1) {////////////Мало железа|||||err = 3
?>
<script type="text/javascript">
document.location.href = "send.php?err=3&set_id=<?php echo "$set_id"?>";
</script>
<?php
exit();
}
$text = preg_replace('/(rn)+/', "rn", $text);
$text = preg_replace('/(r)+/', "r", $text);
$text = preg_replace('/(n)+/', "n", $text);
$number = strlen($text);
if ($number < 2) {////////////Если меньшн 2 симв|||||err = 2
?>
<script type="text/javascript">
document.location.href = "send.php?err=12&set_id=<?php echo "$set_id"?>";
</script>
<?php
exit();
}
$text = str_replace('<','<', $text);
$text = str_replace('>','>', $text);
$text = str_replace('"','"', $text);
$text = strtr($text, array("rn" => '<br />', "r" => '<br />', "n" => '<br />', '=D' => '<img src="img/smiles/D.gif" />', ':-D' => '<img src="img/smiles/D.gif" />', ':D' => '<img src="img/smiles/D.gif" />','mobstalker' => '<img src="img/smiles/smile.gif" />', '.net' => '<img src="img/smiles/smile.gif" />', '.com' => '<img src="img/smiles/smile.gif" />', '.tk' => '<img src="img/smiles/smile.gif" />', '.su' => '<img src="img/smiles/smile.gif" />', '.ru' => '<img src="img/smiles/smile.gif" />', 'sta1ker' => '<img src="img/smiles/smile.gif" />',':-)' => '<img src="img/smiles/smile.gif" />', '=)' => '<img src="img/smiles/smile.gif" />',':)' => '<img src="img/smiles/smile.gif" />',':(' => '<img src="img/smiles/sad.gif" />', ':собака' => '<img src="img/monsters/3.png" width="30" height="30" border="0"/>', "[b]" => '<b>', "[/b]" => '</b>', ':неспамить' => '<img src="img/smiles/adminl.gif" />', ':зло' => '<img src="img/smiles/zlo.gif" />', ":хмм" =>'<img src="img/smiles/xmm.gif" />', ":пишу" =>'<img src="img/smiles/mail.gif" />', ":хаха" => '<img src="img/smiles/xaxa.gif" />', ":ого" => '<img src="img/smiles/vau.gif" />', ":тихо" => '<img src="img/smiles/tiho.gif" />', ":смерть" => '<img src="img/smiles/smert.gif" />', ":поиск" => '<img src="img/smiles/poisk.gif" />', ":накрыло" => '<img src="img/smiles/pizdec.gif" />', ":оу" => '<img src="img/smiles/oy.gif" />', ":упс" => '<img src="img/smiles/oops.gif" />', ":ням" => '<img src="img/smiles/nyam.gif" />', ":ноно" => '<img src="img/smiles/nono.gif" />', ":нет" => '<img src="img/smiles/no.gif" />', ":ниндзя" => '<img src="img/smiles/ninja.gif" />', ":незнаю" => '<img src="img/smiles/neznaju.gif" />', ":неа" => '<img src="img/smiles/nea.gif" />', ":муз" => '<img src="img/smiles/music.gif" />', ":мистер" => '<img src="img/smiles/mister.gif" />', ":ламер" => '<img src="img/smiles/lamer.gif" />', ":кыш" => '<img src="img/smiles/kulak.gif" />', ":крут" => '<img src="img/smiles/krut.gif" />', ":кул" => '<img src="img/smiles/klass.gif" />', ":класс" => '<img src="img/smiles/klass.gif" />', ":супер" => '<img src="img/smiles/klass.gif" />', ":пока" => '<img src="img/smiles/hello.gif" />', ":фак" => '<img src="img/smiles/fuck.gif" />', ":флуд" => '<img src="img/smiles/flood.gif" />', ":фингал" => '<img src="img/smiles/fingal.gif" />', ":холодно" => '<img src="img/smiles/cold.gif" />', ":бомба" => '<img src="img/smiles/bomba.gif" />', ":блин" => '<img src="img/smiles/blin.gif" />', ":бан" => '<img src="img/smiles/ban.gif" />', ":атлет" => '<img src="img/smiles/atlet.gif" />', ":ааа" => '<img src="img/smiles/aaa.gif" />', ":8" => '<img src="img/smiles/8.gif" />', "[i]" => '<i>', "[/i]" => '</i>', "[big]" => '<big>', "[/big]" => '</big>', "[small]" => '<small>', "[/small]" => '</small>', "[s]" => '<s>', "[/s]" => '</S>', "[u]" => '<u>', "[/u]" => '</u>', "[pre]" => '<pre>', "[/pre]" => '</pre>', "[green]" => '<font color="gren">', "[/green]" => '</font>',"[grey]" => '<font color="grey">', "[/grey]" => '</font>',"[blue]" => '<font color="blue">', "[/blue]" => '</font>')); $text=stripslashes("$text");
$text=stripslashes("$text");
$query = "insert into message (`type`, `ot`, `dlya`, `text`, `time`) values ('1', '$user_id', '$set_id', '- $text', NOW())";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
$query_up = "update users set message = '$message_up' where id='$set_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
$habar = ($habar -1);
$query_up = "update users set habar = '$habar' where id='$user_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
}
///////////////////////////
///////Eсли нужно отправить шмот
if ($type == 2) {
$thing = abs(intval($_GET['thing']));
if (empty($thing)) {//если не выбрана вещь
?>
<script type="text/javascript">
document.location.href = "send.php?err=4&set_id=<?php echo "$set_id"?>";
</script>
<?php
exit();
}
$query_cl = "Select inf_id, type from things where thing_id = '$thing' and place='0' and user_id = '$user_id' and privat = 0 limit 1";
$result_cl = mysqli_query($dbc, $query_cl) or die ('Ошибка передачи запроса к БД');
$row_cl = mysqli_fetch_array($result_cl);
$row_isset_cl = mysqli_num_rows($result_cl);
$tip = $row_cl['type'];
$inf_id = $row_cl['inf_id'];
if (empty($row_isset_cl)) {//если вещь не в рюкзаке, не автора, не новая,
?>
<script type="text/javascript">
document.location.href = "send.php?err=5&set_id=<?php echo "$set_id"?>&type=2";
</script>
<?php
exit();
}
$money= $row_user['money'];
if ($money<1) {//если вещь не в рюкзаке, не автора, не новая,
?>
<script type="text/javascript">
document.location.href = "send.php?err=6&set_id=<?php echo "$set_id"?>&type=2";
</script>
<?php
exit();
}
if ($tip == 1) {
$query_inf = "Select name from clothes where clothes_id = '$inf_id' limit 1";
$result_inf = mysqli_query($dbc, $query_inf) or die ('Ошибка передачи запроса к БД');
$row_inf = mysqli_fetch_array($result_inf);
}//Назваине брони
if ($tip == 2) {
$query_inf = "Select name from pistols where pistols_id = '$inf_id' limit 1";
$result_inf = mysqli_query($dbc, $query_inf) or die ('Ошибка передачи запроса к БД');
$row_inf = mysqli_fetch_array($result_inf);
}//Название Пистолета
if ($tip == 3) {
$query_inf = "Select name from weapons where weapons_id = '$inf_id' limit 1";
$result_inf = mysqli_query($dbc, $query_inf) or die ('Ошибка передачи запроса к БД');
$row_inf = mysqli_fetch_array($result_inf);
}//Название оружия
$name = $row_inf['name'];
$query = "insert into message (`type`, `ot`, `dlya`, `thing`, `time`, `text`) values ('2', '$user_id', '$set_id', '$thing', NOW(), '$name')";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
$query_up = "update users set message = '$message_up' where id='$set_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
$money = ($money -10);
$query_up = "update users set money = '$money' where id='$user_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
$query_up = "update things set user_id = '$set_id', place=3 where thing_id='$thing' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
}
////////////////////////////
///////Eсли нужно отправить деньги
if ($type == 3) {
$money= $row_user['money'];
$money_send = abs(intval($_POST['money']));
$sgn = '#[1-9]#';
if ($money_send==0) {
?>
<script type="text/javascript">
document.location.href = "send_vip.php?err=10&set_id=<?php echo "$set_id"?>&type=3";
</script>
<?php
exit();
}
if (!preg_match($sgn, $money_send)) {
?>
<script type="text/javascript">
document.location.href = "send_vip.php?err=7&set_id=<?php echo "$set_id"?>&type=3";
</script>
<?php
exit();
}
if ($money_send<20) {
?>
<script type="text/javascript">
document.location.href = "send_vip.php?err=8&set_id=<?php echo "$set_id"?>&type=3";
</script>
<?php
exit();
}
$money_need = (($money_send/100*5)+$money_send);
$money_need = round ($money_need);
if ($money_need>$money) {
?>
<script type="text/javascript">
document.location.href = "send_vip.php?err=9&set_id=<?php echo "$set_id"?>&type=3";
</script>
<?php
exit();
}
$query = "insert into message (`type`, `ot`, `dlya`, `thing`, `time`) values ('3', '$user_id', '$set_id', '$money_send', NOW())";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
$query_up = "update users set message = '$message_up' where id='$set_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
$money = ($money - $money_need);
$query_up = "update users set money = '$money' where id='$user_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
}
///////////////////////////////////////
//////Если нужно отправить хабар
if ($type == 4) {
$money= $row_user['money'];
$habar = $row_user['habar'];
$habar_send = abs(intval($_POST['habar']));
$sgn = '#[1-9]#';
if ($habar_send==0) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=10&set_id=<?php echo "$set_id"?>&type=4";
</script>
<?php
exit();
}
if (!preg_match($sgn, $habar_send)) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=7&set_id=<?php echo "$set_id"?>&type=4";
</script>
<?php
exit();
}
if ($money < 5) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=9&set_id=<?php echo "$set_id"?>&type=4";
</script>
<?php
exit();
}
if ($habar_send>$habar) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=3&set_id=<?php echo "$set_id"?>&type=4";
</script>
<?php
exit();
}
if($habar_send < 1) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=15&set_id=<?php echo "$set_id"?>&type=4";
</script>
<?php
exit();
}
$query = "insert into message (`type`, `ot`, `dlya`, `thing`, `time`) values ('4', '$user_id', '$set_id', '$habar_send', NOW())";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
$query_up = "update users set message = '$message_up' where id='$set_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
$money = ($money - 5);
$habar = ($habar-$habar_send);
$query_up = "update users set money = '$money', habar='$habar' where id='$user_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
}
/////////////////////////////
//////Если нужно отправить аптечки
if ($type == 5) {
$money= $row_user['money'];
$aptechki = $row_user['aptechki'];
$aptechki_send = abs(intval($_POST['aptechki']));
$sgn = '#[1-9]#';
if ($aptechki_send==0) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=10&set_id=<?php echo "$set_id"?>&type=5";
</script>
<?php
exit();
}
if (!preg_match($sgn, $aptechki_send)) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=7&set_id=<?php echo "$set_id"?>&type=5";
</script>
<?php
exit();
}
if ($money < 5) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=9&set_id=<?php echo "$set_id"?>&type=5";
</script>
<?php
exit();
}
if ($aptechki_send>$aptechki) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=11&set_id=<?php echo "$set_id"?>&type=5";
</script>
<?php
exit();
}
if($aptechki_send < 1) {
?>
<script type="text/javascript">
document.location.href = "send.php?err=16&set_id=<?php echo "$set_id"?>&type=4";
</script>
<?php
exit();
}
$query = "insert into message (`type`, `ot`, `dlya`, `thing`, `time`) values ('5', '$user_id', '$set_id', '$aptechki_send', NOW())";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
$query_up = "update users set message = '$message_up' where id='$set_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
$money = ($money - 5);
$aptechki = ($aptechki-$aptechki_send);
$query_up = "update users set money = '$money', aptechki='$aptechki' where id='$user_id' limit 1";
$result_up = mysqli_query($dbc, $query_up) or die ('Ошибка передачи запроса к БД');
}
///////////////////////////
?>
<script type="text/javascript">
document.location.href = "mail.php";
</script>
<?php
mysqli_close($dbc);
?>