View file public_html/messadd.php

World Fastest and Cheapest Hosting
Buy Cheapest Web Domains
File size: 2.69Kb 
<? session_start();
if(!(isset($_SESSION["username"]) && isset($_SESSION["password"])))
{
	echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;<span style=\"color:#ff0000\"><b>Для доступа к этому разделу необходимо авторизоваться</b></span><br><br>";
	exit();
}
?>
<script language=javascript>
if(self==parent) self.window.location='chat.php';

function pasteSmile(cSmile)
{
	self.document.frmmessadd.mess.value=self.document.frmmessadd.mess.value+'*'+cSmile+'*';
	self.document.frmmessadd.mess.focus();
}
</script>
<?
function getsmiles()
{
	$smiles[]="angel"; $smiles[]="smile"; $smiles[]="sadness"; $smiles[]="wink"; $smiles[]="tongue";
	$smiles[]="glasses"; $smiles[]="laugh"; $smiles[]="shy"; $smiles[]="wonder"; $smiles[]="kiss";
	$smiles[]="tears"; $smiles[]="anger"; $smiles[]="music"; $smiles[]="flower";
	$smiles[]="THUMBS UP"; $smiles[]="cool"; $smiles[]="DONT_KNOW";

	for($i=0;$i<=16;$i++)
	{
		echo "<img src=\"smilies/".$smiles[$i].".gif\" onClick=\"pasteSmile('".$smiles[$i]."')\" align=\"middle\" hspace=\"2px\" vspace=\"2px\" border=\"0\">";
	}
}

function checkstring($stroka)
{
	$stroka = str_replace(">","&#62;",$stroka);
	$stroka = str_replace("<","&#60;",$stroka);
	return $stroka;
}

$user=$_SESSION["username"];

if(isset($_POST["mess"]))
{
	$t=time();
	if($t>$_SESSION["messtimer"])
	{
		require('funciones.php');

		$mess=checkstring($_POST["mess"]);
		$ip=getRealIP();

		require('config.php');
		$res=mysql_query("select * from tb_chatcens");
		while($row=mysql_fetch_Array($res)) $mess=str_ireplace($row["text"],"***",$mess);

		mysql_query("insert into tb_chat (user,ip,message,data) values ('$user','$ip','$mess','$t')");

		$res=mysql_query("select price from tb_config where item='chatmess'");
		$price=mysql_result($res,0,0);
		$res=mysql_query("select money,chatpaid,chatmessages from tb_users where username='$user'");
		$res=mysql_fetch_array($res);
		$money=$res["money"];
		$chatpaid=$res["chatpaid"];
		$cm=$res["chatmessages"];
		$money=$money+$price;
		$chatpaid=$chatpaid+$price;
		$cm=$cm+1;
		mysql_query("update tb_users set money='$money',chatpaid='$chatpaid',chatmessages='$cm' where username='$user'");

		mysql_close($con);

		$_SESSION["messtimer"]=time()+10;
	}else{
		?>
		<script language=javascript>
		alert('Запрещено так часто отправлять сообщения!!!');
		</script>
		<?
	}
}
?>
<center>
<form name="frmmessadd" method="post" action="messadd.php" style="margin-bottom: 0px;">
<b>Ваше сообщение: </b><input type="text" name="mess" value="" size="50" maxlength="500">
<input type="submit" value="Отправить">
</form>
<b>Смайлы:</b>
<fieldset style="background:#fff;">
<? getsmiles(); ?>
</fieldset>
</center>