Файл: chat/handler/msg.php
Строк: 27
<?php
if (!empty($_POST['msg']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `chat_ban` WHERE `ban_id` = '$user_id' AND (`time` > '$time')"), 0)==0)
{
// Антифлуд
if (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `chat` WHERE `user_id` = '".$user_id."' AND `time` > '".(time()-5)."'"),0) == true) $flood = true;
$msg = check($_POST['msg']);
$msg = substr($msg, 0, 1000);
if (empty($msg)) go(URL.'/chat/');
if (!empty($_POST['reuser']) && is_numeric($_POST['reuser']))
{
$for_id = abs(intval($_POST['reuser']));
$msg = user_name3(abs(intval($_POST['reuser']))).', '.$msg;
} else $for_id = '';
if ($flood == false && mysql_query("INSERT INTO `chat` SET
`user_id` = '".$user_id."',
`for_id` = '".$for_id."',
`msg` = '".$msg."',
`time` = '".time()."'
") == true) {
if (mysql_query("INSERT INTO `notifications` SET
`from_id` = '".$user_id."',
`sex` = '".$user['sex']."',
`for_id` = '".$for_id."',
`mod` = 'minichat',
`type` = 'answer',
`refid` = '".$user_id."',
`time` = '".time()."',
`count` = 1,
`new` = 1
") == true){
mysql_query("UPDATE `users` SET `notifications` = 1, notifications_journal=notifications_journal+1 WHERE `id` = '".$for_id."'");
$price =1;
$money = $user['money']+$price;
$sql = "UPDATE users SET money='$money' WHERE id=$user_id";
$dbi->query($sql);
}
}
}
else if ($user['level']>0 && !empty($_GET['del']) && is_numeric($_GET['del']))
{
$del = abs(intval($_GET['del']));
if (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `chat` WHERE `id` = '".$del."' LIMIT 1"),0) == true) mysql_query("DELETE FROM `chat` WHERE `id` = '".$del."'");
}
?>