session_start(); include("func.inc.php"); login_ver(); function swap_title($c){ switch($c){ case 0: echo "amicipenna.jpg"; break; case 1: echo "amicimsn.jpg"; break; default: echo "inserisci.jpg"; break; } } $link=Array(); $link[0]="leggi.php"; $link[1]="leggimsn.php"; if(!empty($_GET) && ($_SESSION['master']>0)){ $sql="SELECT * FROM bacheca WHERE id_autore=$_GET[id]"; }else{ $sql="SELECT * FROM bacheca WHERE id_autore=$_SESSION[id]"; } $flow=db_query($sql); $var=mysqli_num_rows($flow); if (!empty($_POST)) { if($_POST['mode']==0){ $sql="INSERT INTO bacheca (autore,id_autore,oggetto,messaggio,data,class) VALUES ('".htmlentities($_SESSION[nick],ENT_QUOTES)."',$_SESSION[id],'".htmlentities(nl2br($_POST[ogg]),ENT_QUOTES)."','".htmlentities(nl2br($_POST[msg]),ENT_QUOTES)."',".time().",$_POST[class])"; db_query($sql); $fatto=1; }else{ $sql="UPDATE bacheca SET oggetto='".htmlentities(nl2br($_POST[ogg]),ENT_QUOTES)."', messaggio='".htmlentities(nl2br($_POST[msg]),ENT_QUOTES)."', data=".time()." WHERE id_autore=$_SESSION[id] AND class=$_POST[class]"; if((!empty($_GET['id'])) && ($_SESSION['master']>0)){ $sql="UPDATE bacheca SET oggetto='".htmlentities(nl2br($_POST[ogg]),ENT_QUOTES)."', messaggio='".htmlentities(nl2br($_POST[msg]),ENT_QUOTES)."' WHERE id_autore=$_GET[id] AND class=$_POST[class]"; } db_query($sql); $fatto=1; } }else{ $fatto=0; } ?>