Размер файла: 1.06Kb
<?php
@session_start();
require_once $_SERVER['DOCUMENT_ROOT']."/includes/start.php";
if(isset($_SESSION['auth']) and $_SESSION['auth']==1){
if(eregi("[^0-9]" , $_GET['rm'])){
header ("Location: /enter.php?"); exit;
}
if(isset($HTTP_GET_VARS['rm'])) {$rm = $HTTP_GET_VARS['rm'];}
$rm = mysql_escape_string($rm);
$text=$_POST['text'];
$text=badwords($text);
$text=russian($text);
$text=smiles($text);
mysql_query ("Select rm from rooms where rm='".$rm."';");
if(mysql_affected_rows() == 0){
header ("Location: /enter.php?"); exit;
}
if(empty($text)){ header ("Location: /room.php?rm=$rm"); exit; }
mysql_query( "Insert into msg set id=0, rm='".$rm."', from_id='".$usr[id]."', for_id='', text='".$text."', type='', time='".date("H:i:s")."'" );
mysql_query("update users set points=points+1 where id='$usr[id]' limit 1");
mysql_query("update users set posts=posts+1 where id='$usr[id]' limit 1");
mysql_query("update users set rating=rating+1 where id='$usr[id]' limit 1");
header ("Location: /room.php?rm=$rm"); exit;
}else{
header ("Location: /?"); exit;
}