JohnCMSMod tin nhắn nhanh for johncms

**Hoccode** · 04.10.2017 / 14:07

Lâu lâu rảnh share

dán đâu cũng oki. Head.php chẳng hạn

PHP

//////--------JOHNCMS MAIL FASTER-------////////////
$tinnhan = mysql_fetch_assoc(mysql_query("select * FROM `cms_mail` WHERE `from_id`='$user_id' AND `read`='0' AND `sys`='0' AND `delete`!='$user_id' ORDER BY `time` ASC LIMIT 1"));
 
if ($_POST['tn']) {
echo ''.$nickgui['id'].'';
mysql_query("insert into `cms_mail` set
`user_id` = '" . $datauser['id'] . "',
`from_id` = '" . $_POST['gui'] . "',
`text` = '" . mysql_real_escape_string($_POST['text']) . "',
`time` = '" . time() . "'");
echo '<script type="text/javascript" language="javascript">
 
function refreshPage()
{
location.reload(true);
}
 
</script>';
 
}
 
 
$idtin = '' .$tinnhan['id']. '';
 
$nickgui = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='" . $tinnhan['user_id'] . "'"));
 
 
$new_maila = mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_mail` WHERE `from_id`='$user_id' AND `read`='0' AND `sys`='0' AND `delete`!='$user_id'"), 0);
 
 
$textm = $tinnhan['text'];
$textm = bbcode::tags($textm);
$textm = functions::smileys($textm, 1);
 
 
if ($new_maila >= 1) echo '<div style="color: #333333;
border: 1px solid #a1a1a1;
background-color: #fff5bc;
margin: 4px 0px 0px 0px;
padding: 2px 4px 2px 4px;"><b>'.$nickgui['name'].'</b> : ' . $textm . '
<form name="post" method="post"><input type="text" value="" name="text"><input type="hidden" value="'.$tinnhan['user_id'].'" name="gui"><input class="button" type="submit" name="tn" value="Gửi"/></form></div>';
 
 
mysql_query("update `cms_mail` set `read`='1' where `id`='" . $idtin . "';");
 
 
//////---------End Tin Nhan By Clombies123-------////////////

**MrKen** · 04.10.2017 / 14:14

injection kìa

**Hoccode** · 04.10.2017 / 14:15

MrKen đã viết ↑

injection kìa

Biết thì add function check vô