Jump to content


This topic is now archived and is closed to further replies.



Recommended Posts

ok i have a game www.pimpdominion.co.uk and im trying to set up the mail feature which write the message to the database (mysql) then relates it to the player. however when i send a message everyone gets it? can some one look at the code and see anything wrong?
<?php $title = "Mailbox"; include("header.php")?>

if (!$_GET[view] && !$_GET[step] && !$_GET[read]) {
print "<table width=500 border=0 cellspacing=1 cellpadding=2 bgcolor=#676767> <tr bgcolor=#676767>";
print "<td width=120 height=25><b>From:</b></td>";
print "<td width=100><b><center>ID:</b></td>";
print "<td width=300><b>Subject:</b></td>";
print "<td width=60><b><center>Options</center></b></td></tr>  ";
$msel = mysql_query("select * from mail where owner=$stat[id] order by id desc");
while ($mail = mysql_fetch_array($msel)) {
print " <tr onMouseOver=\"style.backgroundColor='#333333';\" onMouseOut=\"style.backgroundColor='white';\" bgcolor=white>";
print "<td width=120><a href=view.php?view=$mail[senderid]>$mail[sender]</a></td>";
print "<td width=100><center>$mail[senderid]</a></td>";
print "<td width=300><a href=mail.php?read=$mail[id]>$mail[subject]</a></td>";
print "<td align=center width=60><a href=mail.php?step=selectclear&id=$mail[id]>Trash</a></td></tr>";

print "</table><br><table width=500 bgcolor=#676767 cellpadding=1 cellspacing=2><tr height=20 bgcolor=white><td align=center width=50%><a href=mail.php?step=clear>Trash All</a> </tD><td width=50%> <a href=mail.php?view=write><center>Compose</a></td></tr>";
print "</table></center>";
if ($_GET[step] == clear) {
print "<br>Mail cleared. (<a href=mail.php>refresh</a>)";
mysql_query("delete from mail where owner=$stat[id]");
if ($_GET[step] == selectclear) {
print "<br>Mail cleared. (<a href=mail.php>refresh</a>)";
mysql_query("delete from mail where owner=$stat[id] and id=$_GET[id]");

if ($_GET[view] == write) {
print "[<a href=mail.php>Inbox</a>]<br><br>";
print "<table>";
print "<form method=post action=mail.php?view=write&re=$_GET[re]&to=$_GET[to]&step=send>";
print "<tr><td>To (ID Number):</td><td><input type=text name=to maxsize=10 size=25 value=$_GET[to]></td></tr>";
print "<tr><td>Subject:</td><td><input type=text name=subject size=25 value=$_GET[re]></td></tr>";
print "<tr><td valign=top>Body:</td><td><textarea name=body rows=10 cols=50>$_POST[body]</textarea></td></tr>";
print "<tr><td colspan=2 align=center><input type=submit value=Send></td></tr>";
print "</form></table>";

if ($_GET[step] == send) {
$_POST[to] = strip_tags($_POST[to]);
$_POST[subject] = strip_tags($_POST[subject]);
$_POST[body] = str_replace($remove,"", $_POST[body]);
$_POST[subject] = str_replace($remove,"", $_POST[subject]);
$_POST[body] = nl2br(strip_tags($_POST[body]));
if (empty ($_POST[to]) || empty ($_POST[body]) || empty ($_POST[subject])) {
print "Please fill out all fields.";

$values=explode(" ", $_POST[body]);$longest=0;foreach($values as $value)
{if (strlen($value)>$longest) {$longest = strlen($value);}}
if ($longest > 100) { print "Your largest word is too long, it's $longest characters, it can't be more than 100 characters."; include("footer.php"); exit; }

if ($size > 2000) { print "Your message is too long, it can't be larger than 2000 characters, yours is $size characters"; include("footer.php"); exit; }

if ($size > 100) { print "Your subject is too long, it can't be larger than 100 characters, yours is $size"; include("footer.php"); exit; }
$rec = mysql_fetch_array(mysql_query("select * from players where id=$_POST[to]"));
if (empty ($rec[id])) {
print "No such player.";
print "You sent mail to $rec[id].";
$get = mysql_query("select * from players");
mysql_query("insert into mail (sender,owner,subject,body) values('$to','$list[id]','$subject','$body')") or die("Could not send mail.");

if ($_GET[read]) {
$mail = mysql_fetch_array(mysql_query("select * from mail where id=$_GET[read]"));
if (empty ($mail[id])) {
print "No such mail.";
if ($mail[owner] != $stat[id]) {
print "That's not your mail.";
mysql_query("update mail set unread='F' where id=$mail[id]");
print "<table width=99% bgcolor=#676767 cellpadding=2 cellspacing=1><tr height=30><td bgcolor=white><b>$mail[sender]</b> says... $mail[subject]</td></tr>
<tR bgcolor=white height=100 valign=top><td>
$mail[body]<br><br></tD></tR></table><bR><table bgcolor=#676767 cellpadding=2 cellspacing=1 width=99%><tr bgcolor=white align=center><td width=33%><center><a href=mail.php>Inbox</a></td><td width=34%><Center><a href=mail.php?view=write>Compose</a></tD><td height=25 width=33%><a href=mail.php?view=write&to=$mail[senderid]&re=RE:$mail[subject]>Reply</a></td></tR>";


<?php include("footer.php"); ?>


Share this post

Link to post
Share on other sites
Something comes to mind after a glance at the code.

Your code to prevent looking at other people's mail could be wrong:

You check against $stat[id], but I don't see a place where you set $stat[id].  If you haven't set it, then PHP treats it like ''.  Your security compares $mail[owner] against $stat[id] (or '')  That could be the problem.

However, since you use that variable all through the code, you may have other bugs waiting to happen.

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.