<?php if (!isset($start)) { $start = 0; } if (isset($_COOKIE['user'])) { $errors = ''; if (isset($_POST['post'])) { if ($_POST['post'] == 'true') { if (!empty($_POST['message'])) { if (empty($errors)) { $date = date('ymdHi'); $_POST['message'] = htmlentities(stripslashes(trim(mysql_prep($_POST['message'])))); $_POST['message'] = trim(mysql_prep($_POST['message'])); badw($_POST['message']); $_POST['message'] = badw($_POST['message']); $underu = $_COOKIE['user'] . '_' . $_GET['user']; $sql = "INSERT INTO cc (c_to, under, c_From, message, date) VALUES ('{$_GET['user']}', '{$underu}', '{$_COOKIE['user']}', '{$_POST['message']}','{$date}')"; mysql_query($sql); $_POST['message'] = ''; header("Location: chitchat.php?user="******"user"] . "&start=" . $_GET["start"] . ""); } } else { $errors .= 'The post is empty'; } } } ?> <div id="Content1"> <h1 class="uoi">Chit Chat</h1>
$errors .= "The description is to short<br />"; } if (empty($_POST['subject'])) { $errors .= "The subject is empty<br />"; } if (empty($_POST['description'])) { $errors .= "The description is empty<br />"; } if (empty($errors)) { if (isset($_POST['subject']) && isset($_POST['description'])) { $_POST['subject'] = trim(mysql_prep($_POST['subject'])); $_POST['description'] = trim(mysql_prep($_POST['description'])); badw($_POST['subject']); $_POST['subject'] = badw($_POST['subject']); badw($_POST['description']); $_POST['description'] = badw($_POST['description']); $date = date('ymdHi'); if (getenv('HTTP_CLIENT_IP')) { $ip = getenv('HTTP_CLIENT_IP'); } elseif (getenv('HTTP_X_FORWARDED_FOR')) { $ip = getenv('HTTP_X_FORWARDED_FOR'); } elseif (getenv('HTTP_X_FORWARDED')) { $ip = getenv('HTTP_X_FORWARDED'); } elseif (getenv('HTTP_FORWARDED_FOR')) { $ip = getenv('HTTP_FORWARDED_FOR'); } elseif (getenv('HTTP_FORWARDED')) { $ip = getenv('HTTP_FORWARDED'); } else { $ip = $_SERVER['REMOTE_ADDR']; } $sql = "INSERT INTO errors (subject, description, ip, status, date) VALUES ('{$_POST['subject']}', '{$_POST['description']}', '{$ip}', 'pending', '{$date}')";
if (isset($_POST['spassword'])) { if ($_POST['spassword'] === 'naked') { $errors .= 'Bad words are not allowed<br />'; } } if (isset($_POST['spassword'])) { if ($_POST['spassword'] === 'sex') { $errors .= 'Bad words are not allowed<br />'; } } if (isset($_POST['spassword'])) { if ($_POST['spassword'] === 'sexy') { $errors .= 'Bad words are not allowed<br />'; } } badw($_POST['sname']); $_POST['sname'] = badw2($_POST['sname']); if (isset($_POST['sname'])) { if (strlen($_POST['sname']) > 15) { $errors .= "The name is to long<br />"; } } if (!preg_match("~^[A-Za-z0-9]*\$~", $_POST['sname'])) { $errors .= "The name is not valid<br />"; } if (isset($_POST['spassword'])) { if (strlen($_POST['spassword']) > 30) { $errors .= "The password is to long<br />"; } } if (isset($_POST['spassword']) && isset($_POST['spassword_confirm'])) {
} if (empty($_POST['age'])) { $_POST['age'] = ''; } $query = "SELECT * FROM users WHERE name = '{$_COOKIE['user']}' LIMIT 1"; $result = mysql_query($query); while ($row = mysql_fetch_array($result)) { $password = $row['password']; $_POST['about'] = trim(mysql_prep($_POST['about'])); if (isset($_POST['email'])) { $_POST['email'] = trim(mysql_prep($_POST['email'])); } if (empty($_POST['about'])) { $_POST['about'] = 'none'; } badw($_POST['about']); $_POST['about'] = badw_code($_POST['about']); if (isset($_POST['email'])) { $sql = "UPDATE users SET email = '{$_POST['email']}', about = '{$_POST['about']}', gender = '{$_POST['gender']}', age = '{$_POST['age']}' WHERE name = '{$_COOKIE['user']}' AND password = '******'"; } else { $sql = "UPDATE users SET about = '{$_POST['about']}', gender = '{$_POST['gender']}', age = '{$_POST['age']}' WHERE name = '{$_COOKIE['user']}' AND password = '******'"; } } mysql_query($sql); header("Location: editprofile.php?edited=true"); } } } } if (isset($_GET['edited'])) { if ($_GET['edited'] == 'true') {