Jump to content



  • Please log in to reply
2 replies to this topic

#1 grlayouts

  • Members
  • PipPipPip
  • Advanced Member
  • 342 posts

Posted 09 September 2006 - 02:36 PM

ok i have a game www.pimpdominion.co.uk and im trying to set up the mail feature which write the message to the database (mysql) then relates it to the player. however when i send a message everyone gets it? can some one look at the code and see anything wrong?
<?php $title = "Mailbox"; include("header.php")?>

if (!$_GET[view] && !$_GET[step] && !$_GET[read]) {
print "<table width=500 border=0 cellspacing=1 cellpadding=2 bgcolor=#676767> <tr bgcolor=#676767>";
print "<td width=120 height=25><b>From:</b></td>";
print "<td width=100><b><center>ID:</b></td>";
print "<td width=300><b>Subject:</b></td>";
print "<td width=60><b><center>Options</center></b></td></tr>  ";
$msel = mysql_query("select * from mail where owner=$stat[id] order by id desc");
while ($mail = mysql_fetch_array($msel)) {
print " <tr onMouseOver=\"style.backgroundColor='#333333';\" onMouseOut=\"style.backgroundColor='white';\" bgcolor=white>";
print "<td width=120><a href=view.php?view=$mail[senderid]>$mail[sender]</a></td>";
print "<td width=100><center>$mail[senderid]</a></td>";
print "<td width=300><a href=mail.php?read=$mail[id]>$mail[subject]</a></td>";
print "<td align=center width=60><a href=mail.php?step=selectclear&id=$mail[id]>Trash</a></td></tr>";

print "</table><br><table width=500 bgcolor=#676767 cellpadding=1 cellspacing=2><tr height=20 bgcolor=white><td align=center width=50%><a href=mail.php?step=clear>Trash All</a> </tD><td width=50%> <a href=mail.php?view=write><center>Compose</a></td></tr>";
print "</table></center>";
	if ($_GET[step] == clear) {
		print "<br>Mail cleared. (<a href=mail.php>refresh</a>)";
		mysql_query("delete from mail where owner=$stat[id]");
	if ($_GET[step] == selectclear) {
		print "<br>Mail cleared. (<a href=mail.php>refresh</a>)";
		mysql_query("delete from mail where owner=$stat[id] and id=$_GET[id]");

if ($_GET[view] == write) {
	print "[<a href=mail.php>Inbox</a>]<br><br>";
	print "<table>";
	print "<form method=post action=mail.php?view=write&re=$_GET[re]&to=$_GET[to]&step=send>";
	print "<tr><td>To (ID Number):</td><td><input type=text name=to maxsize=10 size=25 value=$_GET[to]></td></tr>";
	print "<tr><td>Subject:</td><td><input type=text name=subject size=25 value=$_GET[re]></td></tr>";
	print "<tr><td valign=top>Body:</td><td><textarea name=body rows=10 cols=50>$_POST[body]</textarea></td></tr>";
	print "<tr><td colspan=2 align=center><input type=submit value=Send></td></tr>";
	print "</form></table>";

	if ($_GET[step] == send) {
		$_POST[to] = strip_tags($_POST[to]);
		$_POST[subject] = strip_tags($_POST[subject]);
		$_POST[body] = str_replace($remove,"", $_POST[body]);
		$_POST[subject] = str_replace($remove,"", $_POST[subject]);
		$_POST[body] = nl2br(strip_tags($_POST[body]));
		if (empty ($_POST[to]) || empty ($_POST[body]) || empty ($_POST[subject])) {
			print "Please fill out all fields.";

$values=explode(" ", $_POST[body]);$longest=0;foreach($values as $value) 
{if (strlen($value)>$longest) {$longest = strlen($value);}}
if ($longest > 100) { print "Your largest word is too long, it's $longest characters, it can't be more than 100 characters."; include("footer.php"); exit; }

if ($size > 2000) { print "Your message is too long, it can't be larger than 2000 characters, yours is $size characters"; include("footer.php"); exit; }

if ($size > 100) { print "Your subject is too long, it can't be larger than 100 characters, yours is $size"; include("footer.php"); exit; }
		$rec = mysql_fetch_array(mysql_query("select * from players where id=$_POST[to]"));
		if (empty ($rec[id])) {
			print "No such player.";
		print "You sent mail to $rec[id].";
	$get = mysql_query("select * from players"); 
 mysql_query("insert into mail (sender,owner,subject,body) values('$to','$list[id]','$subject','$body')") or die("Could not send mail."); 

if ($_GET[read]) {
	$mail = mysql_fetch_array(mysql_query("select * from mail where id=$_GET[read]"));
	if (empty ($mail[id])) {
		print "No such mail.";
	if ($mail[owner] != $stat[id]) {
		print "That's not your mail.";
	mysql_query("update mail set unread='F' where id=$mail[id]");
	print "<table width=99% bgcolor=#676767 cellpadding=2 cellspacing=1><tr height=30><td bgcolor=white><b>$mail[sender]</b> says... $mail[subject]</td></tr>
<tR bgcolor=white height=100 valign=top><td>
$mail[body]<br><br></tD></tR></table><bR><table bgcolor=#676767 cellpadding=2 cellspacing=1 width=99%><tr bgcolor=white align=center><td width=33%><center><a href=mail.php>Inbox</a></td><td width=34%><Center><a href=mail.php?view=write>Compose</a></tD><td height=25 width=33%><a href=mail.php?view=write&to=$mail[senderid]&re=RE:$mail[subject]>Reply</a></td></tR>";


<?php include("footer.php"); ?>

#2 grlayouts

  • Members
  • PipPipPip
  • Advanced Member
  • 342 posts

Posted 09 September 2006 - 03:32 PM


#3 jefkin

  • Members
  • PipPipPip
  • Advanced Member
  • 55 posts

Posted 09 September 2006 - 06:47 PM

Something comes to mind after a glance at the code.

Your code to prevent looking at other people's mail could be wrong:

You check against $stat[id], but I don't see a place where you set $stat[id].  If you haven't set it, then PHP treats it like ''.  Your security compares $mail[owner] against $stat[id] (or '')  That could be the problem.

However, since you use that variable all through the code, you may have other bugs waiting to happen.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users