Файл: Dvig/chat/add.php
Строк: 26
<?php
####################
## Автор - USER-X ##
## Copyright 2013 ##
## xcms.mcdir.ru ##
####################
define( 'xcms_pro', 1 ) ;
set_time_limit( 0 ) ;
$path = '../' ;
include_once ( $path . 'core/core.php' ) ;
#########
if ( $act )
{
$room=(int)check(protect($_GET['room']));
if ( ! $users )
{
$_SESSION['error'] = 'Авторизуйтесь<br/>' ;
header( "location: ../index.php" ) ;
include_once ( $path . 'core/foot.php' ) ;
exit ;
}
$text = isset( $_POST['text'] ) ? trim( $_POST['text'] ) : '' ;
if ( empty( $text ) )
{
$_SESSION['error'] = 'Пожалуйста,введите название!<br/>' ;
header("location: ".$_SERVER["HTTP_REFERER"]);
exit ;
}
#############################
$text = check($_POST['text']);
$room=(int)check(protect($_GET['room']));
mysql_query( "INSERT INTO `chat_posts` SET
`text` = '" . $text . "',
`author` = '". $users['id']."',
`room` = '". $room."',
`time` = '" . time() . "'
" ) ;
mysql_query("UPDATE `users` SET
`posts` = posts+1,`balans`=balans+1
WHERE `id` = '".$users['id'].
"'");
header('location: /chat/'.$room.'') ;
exit ;
}
#########
$title = 'Пишем в чате' ;
include_once ( $path . 'core/head.php' ) ;
#########
if($id){
$res = mysql_fetch_assoc(mysql_query( "SELECT * FROM `chat_room` WHERE `id`='$id' " ));
if($res['id']){
if($users){
echo '<div id="body">' ;
echo '<form action="?act=ok" method="post" enctype="multipart/form-data">
Сообщение:<small>(max:700)</small><br/><input type="text" name="text" value="" maxlength="700"/><br/>
<input type="submit" value="Добавить"/><br/>
</form>' ;}}else{echo'<div id="error">Такой комнаты нет</div>';}}else{
$_SESSION['error']='Ошибочный запрос<br/>';
header("location: /index.php");
}
echo '</div>';
#########
include_once ( $path . 'core/foot.php' ) ;
?>