-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsendmsg.php
37 lines (34 loc) · 1.36 KB
/
sendmsg.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?php
// Initialize the session
session_start();
//echo "qwerty";
// Check if the user is already logged in, if yes then redirect him to welcome page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true && (!isset($_SESSION["lastmsg"]) || $_SESSION["lastmsg"] + 3 < time())){
$_SESSION["lastmsg"] = time();
require_once "config.php";
if($_SERVER["REQUEST_METHOD"] == "POST"){
// if (strlen(trim($_POST["msg"]))>512){
// echo "tooLong";
// } else if (strlen(trim($_POST["msg"])) == 0) {
// echo "tooShort";
// } else {
$dbspec = "";
if (isset($_POST["u1"]) && isset($_POST["u2"])){
$u1 = intval($_POST["u1"]);
$u2 = intval($_POST["u2"]);
if(($_SESSION["id"] == $u1 || $_SESSION["id"] == $u2) && mysqli_num_rows(mysqli_query($link,"SELECT id FROM users where id = ".$u1." OR id = ".$u2)) == 2){
$dbspec = "_".min($u1,$u2)."_".max($u1,$u2);
}
}
$qry = 'INSERT INTO messages'.$dbspec.'(username,message) VALUES ("'.$_SESSION["username"].'","'.trim($_POST["msg"]).'")';
// echo $qry;
// no u
$result = mysqli_query($link,$qry);
// $result = mysqli_query($link,'INSERT INTO messages(username,message) VALUES ('.$_SESSION["username"].'$_POST["msg"])');
// echo $_SESSION["username"].$_POST["msg"];
// echo "yay";
// }
// } else {
// echo "spam";
}
}