<?php
$micro=microtime();
function nr($nick)
{
$nr=array('ё','й','ц','у','к','е','н','г','ш','щ','з','х','ъ','ф','ы','в','а','п','р','о','л','д','ж','э','я','ч','с','м','и','т','ь','б','ю');
$vr=array('Ё','Й','Ц','У','К','Е','Н','Г','Ш','Щ','З','Х','Ъ','Ф','Ы','В','А','П','Р','О','Л','Д','Ж','Э','Я','Ч','С','М','И','Т','Ь','Б','Ю');
return str_replace($vr,$nr,$nick);
}
$mt=microtime();
require_once('db.php');
require_once('nast.php');
require_once('stsmile.php');
$str=@$_GET['str'];
if(@$str!='wml' and @$str!='xhtml')
{
if(strstr($_SERVER['HTTP_ACCEPT'], 'wml') and !strstr($_SERVER['HTTP_ACCEPT'], 'html'))
$str='wml';
else
$str='xhtml';
}
@session_start();
$s=htmlspecialchars(session_id());
if(!@$_SESSION['enter'])
{
require_once('shapka.php');
print $beginpage;
print "Авторизация не удалась.<br />
Возможно вы ввели неверные логин или пароль, либо истекло время жизни сессии<br />
<a href=\"index.php?str=$str\">Повторить ввод</a><br />";
print $endpage;
exit;
}
else
{
$err='';
$time=time();
$info=mysql_fetch_assoc(mysql_query("SELECT * from `user` WHERE `uid`='$_SESSION[uid]' limit 1"));
mysql_query("UPDATE `user` SET `ldate`='$time' WHERE `uid`='$_SESSION[uid]' limit 1");
if($info['status']<2 or $info['bantime']>$time)
$err.='ошибка! Вы забанены<br />';
$room=intval(@$_GET['room']);
$result=mysql_query("SELECT * from `room` WHERE `rid`='$room' limit 1");
if(!mysql_num_rows($result))
$err.='Ошибка! Указанной комнаты не существует<br />';
if($err)
{
$roominfo=mysql_fetch_assoc($result);
require_once('shapka.php');
print $beginpage;
print "$err
<a href=\"enter.php?str=$str&ses=$s\">прихожая</a><br />";
print $endpage;
exit;
}
$roominfo=mysql_fetch_assoc($result);
$msg=mysql_real_escape_string(htmlspecialchars(@$_POST['msg']));
$msg=str_replace('|','',$msg);
$translit=@$_POST['translit'];
function translit($str)
{
$lat = array("Ch", "ch", "Ye", "ye", "Yu", "yu", "Ya", "ya", "Shc", "shc", "Sh", "sh", "Yo", "yo", "Q", "q", "'", "A", "a", "B", "b", "C", "c", "D", "d", "E", "e", "F", "f", "G", "g", "H", "h", "I", "i", "J", "j", "K", "k", "L", "l", "M", "m", "N", "n", "O", "o", "P", "p", "R", "r", "S", "s", "T", "t", "U", "u", "V", "v", "X", "x", "Z", "z");
$rus = array("Ч", "ч", "Э", "э", "Ю", "ю", "Я", "я", "Щ", "щ", "Ш", "ш", "Ё", "ё", "Ь", "ь", "ъ", "А", "а", "Б", "б", "Ц", "ц", "Д", "д", "Е", "е", "Ф", "ф", "Г", "г", "Х", "х", "И", "и", "Ж", "ж", "К", "к", "Л", "л", "М", "м", "Н", "н", "О", "о", "П", "п", "Р", "р", "С", "с", "Т", "т", "У", "у", "В", "в", "Х", "х", "З", "з");
return str_replace($lat, $rus, $str);
}
if($translit)
$msg=translit($msg);
$msg = preg_replace('#\[small\](.*?)\[/small\]#si', '<small>\1</small>', $msg);
switch($info['status'])
{
case 1: $status=0; break;
case 3: $status=5;break;
case 4: $status=5;break;
case 5: $status=5;break;
case 6: $status=5;break;
case 7: $status=6;break;
default :
if($info['countpost']<500)
$status=1;
elseif($info['countpost']<1000)
$status=2;
elseif($info['countpost']<3000)
$status=3;
elseif($info['countpost']<7000)
$status=4;
else
$status=4;
break;
}
$msg=stsmile($msg,$status);
if($info['status']>2)
{
$msg = preg_replace('#\[b\](.*?)\[/b\]#si', '<b>\1</b>', $msg);
$msg = preg_replace('#\[i\](.*?)\[/i\]#si', '<i>\1</i>', $msg);
$msg = preg_replace('#\[u\](.*?)\[/u\]#si', '<u>\1</u>', $msg);
}
if($info['status']>6)
$msg = preg_replace('#\[big\](.*?)\[/big\]#si', '<big>\1</big>', $msg);
$msg=substr($msg,0,600);
$privat=mysql_real_escape_string(@$_POST['privat']);
if(!$privat)
$privat=mysql_real_escape_string(@$_GET['privat']);
$privat=substr($privat,0,40);
$privat=nr($privat);
$res_pr=mysql_query("SELECT * from `user` WHERE `login`='$privat' LIMIT 1");
if(mysql_num_rows($res_pr))
$insert="INSERT into `mess` VALUES('0','$time','$room','$msg','$_SESSION[login]','1','$privat')";
else
{
$touser=mysql_real_escape_string(substr(trim(@$_GET['touser']),0,40));
// print $touser;
if(!$touser)
$insert="INSERT into `mess` VALUES('0','$time','$room','$msg','$_SESSION[login]','0','$privat')";
else
$insert="INSERT into `mess` VALUES('0','$time','$room','$msg','$_SESSION[login]','0','$touser')";
}
if($msg)
{mysql_query($insert);
if(($privat!==$_SESSION['login'] && $privat!==$nameum && $privat!==$nameshut))
mysql_query("UPDATE `user` SET `countpost`=`countpost`+1,`money`=`money`+0.05 WHERE `uid`='$_SESSION[uid]' limit 1");
}
if($roominfo['umnik'])
{
$ans=@file_get_contents("umnikdate/$room.ans");
if($ans)
{
if(trim(nr($msg))==trim(nr($ans)) and !strstr(file_get_contents("umnikdate/$room.us"), $_SESSION['login']))
{
mysql_query("INSERT into `mess` VALUES('0','$time','$room','$ans - это правильный ответ! +1','$nameum','1','$_SESSION[login]')");
mysql_query("UPDATE user SET `countques`=`countques`+1,`money`=`money`+1 WHERE `uid`='$_SESSION[uid]' limit 1");
$fp=fopen("umnikdate/$room.us",'a');
fputs($fp, $_SESSION['login']);
fclose($fp);
}
}
}
$nocache=mt_rand(1,10000);
header("location: room.php?ses=$s&room=$room&str=$str&nocache=$nocache");
}
//print ($micro-microtime()).'<br />';
?>