Просмотр файла add.php

Размер файла: 1.89Kb
<?php
include 'sys/db.php';
include 'sys/conf.php';
include 'sys/start.php';
include 'sys/functions.php';
include 'style/head.php';
$act = isset($_GET['act']) ? $_GET['act'] : '';
switch($act){
default:
if(isset($user['login'])){
$id = intval($_GET['id']);
if ($id != '0') {
$text = $_POST['text'];
$emotion = intval($_POST['emotion']);
$color = intval($_POST['color']);
$author = $user['login'];
$author_id = $user['id'];
$text = htmlspecialchars(stripslashes(trim($text)));
$text = str_replace("'",'&#39;',$text);
$text = str_replace("\$",'&#36;',$text);
$text = str_replace("$",'&#36;',$text);

$time = time()-10;
$af = mysql_query("SELECT * FROM `posts` WHERE `author_id`='$user[id]' AND time >='$time';");
$af1=mysql_num_rows($af);
if ($af1>0){header ("Location: room.php?id=$id&isset=af"); exit;}
$addmsg = mysql_query ("INSERT INTO `posts` (room_id,author,author_id,author_login,emotion,text,color,time) VALUES ('$id','$author','$author_id','$user[login]','$emotion','$text','$color','".time()."')");
if ($addmsg == 'true'){
mysql_query("UPDATE `users` SET `posts`=posts+1 WHERE `id` = '$author_id'");
header ("Location: room.php?id=$id&isset=msgyes"); exit;
}else{header ("Location: room.php?id=$id&isset=msgno"); exit;}
}else{ echo " ID комнаты пустое!\n";}}
break;

case('del'):
if(isset($user['login'])){
$id = $_GET['id'];
$pid = $_GET['pid'];
if(isset($user['level']) && $user['level']=='1'){
$result = mysql_query("DELETE FROM `posts` WHERE id='$id'");
header ("Location: room.php?id=$pid"); exit;
}elseif(isset($user['level']) && $user['level']=='2'){
$result = mysql_query("DELETE FROM `posts` WHERE id='$id'");
header ("Location: room.php?id=$pid"); exit;
}elseif(isset($user['level']) && $user['level']=='3'){
$result = mysql_query("DELETE FROM `posts` WHERE id='$id'");
header ("Location: room.php?id=$pid"); exit;
}}else{ header ("Location: index.php"); exit;}
break;}
include 'style/foot.php';
?>