Размер файла: 1.55Kb
<?php
@session_start();
require_once $_SERVER['DOCUMENT_ROOT']."/includes/start.php";
if(isset($_SESSION['auth']) and $_SESSION['auth']==1){
if(eregi("[^0-9]" , $_GET['rm'])){
header ("Location: /enter.php?"); exit;
}
if(isset($HTTP_GET_VARS['rm'])) {$rm = $HTTP_GET_VARS['rm'];}
$rm = mysql_escape_string($rm);
mysql_query ("Select rm from rooms where rm='".$rm."';");
if(mysql_affected_rows() == 0){
header ("Location: /enter.php?"); exit;
}
if($usr['status']>3){
switch ($_GET['go']){
default:
echo $_up;
echo '<div class="list"><form action="?go=add&rm='.$rm.'" method="post">
Сообщение:<br><textarea name="text" rows="3" cols="60%"></textarea><br>
<br><input type="submit" value="Отправить"/>
</form></div>';
echo '<div><a href="/room.php?rm='.$rm.'">В комнату</a></div>';
echo $_down;
break;
case 'add':
$text=$_POST['text'];
$text=badwords($text);
$text=russian($text);
$text=smiles($text);
if(empty($text)){ header ("Location: /room.php?rm=$rm"); exit; }
mysql_query( "Insert into msg set id=0, rm='".$rm."', from_id='".$usr[id]."', for_id='', text='".$text."', type='adminMSG', time='".date("H:i:s")."'" );
mysql_query("update users set points=points+1 where id='$usr[id]' limit 1");
mysql_query("update users set posts=posts+1 where id='$usr[id]' limit 1");
mysql_query("update users set rating=rating+1 where id='$usr[id]' limit 1");
header ("Location: /room.php?rm=$rm"); exit;
break;
}
}else{
header ("Location: /room.php?rm=$rm");
}
}else{
header ("Location: /?"); exit;
}