コード例 #1
0
ファイル: chat.php プロジェクト: albertomario/livesupport
            $data = $chat_settings["clientConnectedMessage"];
            if ($utype == 1) {
                $userResult = mysql_query("SELECT * FROM `tblclients` WHERE `id`='" . $uid . "';");
                while ($uRow = mysql_fetch_array($userResult)) {
                    $data = str_replace("%FIRSTNAME%", $uRow["firstname"], $data);
                    $data = str_replace("%LASTNAME%", $uRow["lastname"], $data);
                    $data = str_replace("%ENTEREDNAME%", "", $data);
                }
            } elseif ($utype == 0) {
                $data = str_replace("%FIRSTNAME%", "", $data);
                $data = str_replace("%LASTNAME%", "", $data);
                $data = str_replace("%ENTEREDNAME%", $_POST["user"], $data);
            }
        }
        $data = htmlspecialchars_decode($data);
        $result = mysql_query("INSERT INTO chat_conversations (`session`, `user`, `uid`, `ulevel`, `data`, `timestamp`, `order`, `datatype`)\nVALUES ('" . mysql_real_escape_string($_POST["session"]) . "', '" . mysql_real_escape_string($_POST["user"]) . "', '" . $uid . "', '" . $utype . "', '" . mysql_real_escape_string($data) . "', '" . $_SERVER['REQUEST_TIME'] . "', '" . mysql_real_escape_string($order) . "', '" . mysql_real_escape_string($_POST["datatype"]) . "');");
        if ($_POST["datatype"] == 0) {
            require "chatSession.php";
            $chat_session = new chatSession();
            $chat_session->useSession($_POST["session"]);
            if ($chat_session->getActive() == 2) {
                $userResult = mysql_query("SELECT * FROM `tbladmins` WHERE `id`='" . $uid . "'");
                while ($uRow = mysql_fetch_array($userResult)) {
                    $uname = $uRow["firstname"] . " " . $uRow["lastname"];
                }
                $result = mysql_query("INSERT INTO `tblticketreplies` (`tid`, `date`, `message`, `admin`) VALUES ('" . $chat_session->getTID() . "', '" . date("Y-m-d G:i:s") . "', '" . mysql_real_escape_string($data) . "', '" . mysql_real_escape_string($uname) . "');");
            }
        }
        mysql_close();
        break;
}