grlayouts Posted September 9, 2006 Share Posted September 9, 2006 ok i have a game www.pimpdominion.co.uk and im trying to set up the mail feature which write the message to the database (mysql) then relates it to the player. however when i send a message everyone gets it? can some one look at the code and see anything wrong?[code]<?php $title = "Mailbox"; include("header.php")?><br><br><?phpif (!$_GET[view] && !$_GET[step] && !$_GET[read]) {print "<table width=500 border=0 cellspacing=1 cellpadding=2 bgcolor=#676767> <tr bgcolor=#676767>";print "<td width=120 height=25><b>From:</b></td>";print "<td width=100><b><center>ID:</b></td>";print "<td width=300><b>Subject:</b></td>";print "<td width=60><b><center>Options</center></b></td></tr> ";$msel = mysql_query("select * from mail where owner=$stat[id] order by id desc");while ($mail = mysql_fetch_array($msel)) {print " <tr onMouseOver=\"style.backgroundColor='#333333';\" onMouseOut=\"style.backgroundColor='white';\" bgcolor=white>";print "<td width=120><a href=view.php?view=$mail[senderid]>$mail[sender]</a></td>";print "<td width=100><center>$mail[senderid]</a></td>";print "<td width=300><a href=mail.php?read=$mail[id]>$mail[subject]</a></td>";print "<td align=center width=60><a href=mail.php?step=selectclear&id=$mail[id]>Trash</a></td></tr>";}print "</table><br><table width=500 bgcolor=#676767 cellpadding=1 cellspacing=2><tr height=20 bgcolor=white><td align=center width=50%><a href=mail.php?step=clear>Trash All</a> </tD><td width=50%> <a href=mail.php?view=write><center>Compose</a></td></tr>";print "</table></center>";} if ($_GET[step] == clear) { print "<br>Mail cleared. (<a href=mail.php>refresh</a>)"; mysql_query("delete from mail where owner=$stat[id]"); } if ($_GET[step] == selectclear) { print "<br>Mail cleared. (<a href=mail.php>refresh</a>)"; mysql_query("delete from mail where owner=$stat[id] and id=$_GET[id]"); }if ($_GET[view] == write) { print "[<a href=mail.php>Inbox</a>]<br><br>"; print "<table>"; print "<form method=post action=mail.php?view=write&re=$_GET[re]&to=$_GET[to]&step=send>"; print "<tr><td>To (ID Number):</td><td><input type=text name=to maxsize=10 size=25 value=$_GET[to]></td></tr>"; print "<tr><td>Subject:</td><td><input type=text name=subject size=25 value=$_GET[re]></td></tr>"; print "<tr><td valign=top>Body:</td><td><textarea name=body rows=10 cols=50>$_POST[body]</textarea></td></tr>"; print "<tr><td colspan=2 align=center><input type=submit value=Send></td></tr>"; print "</form></table>"; if ($_GET[step] == send) { $_POST[to] = strip_tags($_POST[to]); $_POST[subject] = strip_tags($_POST[subject]); $_POST[body] = str_replace($remove,"", $_POST[body]); $_POST[subject] = str_replace($remove,"", $_POST[subject]); $_POST[body] = nl2br(strip_tags($_POST[body])); if (empty ($_POST[to]) || empty ($_POST[body]) || empty ($_POST[subject])) { print "Please fill out all fields."; include("footer.php");exit; }$values=explode(" ", $_POST[body]);$longest=0;foreach($values as $value) {if (strlen($value)>$longest) {$longest = strlen($value);}}if ($longest > 100) { print "Your largest word is too long, it's $longest characters, it can't be more than 100 characters."; include("footer.php"); exit; }$size=strlen($_POST[body]);if ($size > 2000) { print "Your message is too long, it can't be larger than 2000 characters, yours is $size characters"; include("footer.php"); exit; }$size=strlen($_POST[subject]);if ($size > 100) { print "Your subject is too long, it can't be larger than 100 characters, yours is $size"; include("footer.php"); exit; } $rec = mysql_fetch_array(mysql_query("select * from players where id=$_POST[to]")); if (empty ($rec[id])) { print "No such player."; include("footer.php");exit; } print "You sent mail to $rec[id]."; } $get = mysql_query("select * from players"); mysql_query("insert into mail (sender,owner,subject,body) values('$to','$list[id]','$subject','$body')") or die("Could not send mail."); }if ($_GET[read]) { $mail = mysql_fetch_array(mysql_query("select * from mail where id=$_GET[read]")); if (empty ($mail[id])) { print "No such mail."; include("footer.php");exit; } if ($mail[owner] != $stat[id]) { print "That's not your mail."; include("footer.php");exit; } mysql_query("update mail set unread='F' where id=$mail[id]"); print "<table width=99% bgcolor=#676767 cellpadding=2 cellspacing=1><tr height=30><td bgcolor=white><b>$mail[sender]</b> says... $mail[subject]</td></tr><tR bgcolor=white height=100 valign=top><td>$mail[body]<br><br></tD></tR></table><bR><table bgcolor=#676767 cellpadding=2 cellspacing=1 width=99%><tr bgcolor=white align=center><td width=33%><center><a href=mail.php>Inbox</a></td><td width=34%><Center><a href=mail.php?view=write>Compose</a></tD><td height=25 width=33%><a href=mail.php?view=write&to=$mail[senderid]&re=RE:$mail[subject]>Reply</a></td></tR>";}?><?php include("footer.php"); ?>[/code] Quote Link to comment Share on other sites More sharing options...
grlayouts Posted September 9, 2006 Author Share Posted September 9, 2006 anyone? Quote Link to comment Share on other sites More sharing options...
jefkin Posted September 9, 2006 Share Posted September 9, 2006 Something comes to mind after a glance at the code.Your code to prevent looking at other people's mail could be wrong:You check against $stat[id], but I don't see a place where you set $stat[id]. If you haven't set it, then PHP treats it like ''. Your security compares $mail[owner] against $stat[id] (or '') That could be the problem.However, since you use that variable all through the code, you may have other bugs waiting to happen. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.