| Andreu Huguet | fc1e833 | 2020-09-15 18:21:12 +0200 | [diff] [blame] | 1 | <?php |
| 2 | require '../credentials.php'; |
| 3 | require 'utils.php'; |
| Adrià Vilanova Martínez | 13cf0cd | 2022-11-20 01:02:20 +0100 | [diff] [blame] | 4 | require_once("security.php"); |
| Andreu Huguet | fc1e833 | 2020-09-15 18:21:12 +0200 | [diff] [blame] | 5 | |
| Adrià Vilanova Martínez | 6052433 | 2022-11-20 02:33:56 +0100 | [diff] [blame] | 6 | // Yup, this is a f*ature, not a b*g. Please be responsible when exploit*ng this :) Have fun with it, but please don't cross the line! |
| Adrià Vilanova Martínez | 13cf0cd | 2022-11-20 01:02:20 +0100 | [diff] [blame] | 7 | $victimid = (int)$_POST["victim-id"]; |
| 8 | $killerid = (int)$_POST["killer-id"]; |
| 9 | $msgcontent = mysqli_real_escape_string($conn, $_POST["msg-content"]); |
| Andreu Huguet | fc1e833 | 2020-09-15 18:21:12 +0200 | [diff] [blame] | 10 | |
| Andreu Huguet | d5f9c42 | 2020-09-15 18:37:05 +0200 | [diff] [blame] | 11 | $template = "INSERT INTO `missatges` (`id`, `sender_id`, `receiver_id`, `timestamp`, `content`) VALUES (NULL, $killerid, $victimid, CURRENT_TIMESTAMP, '$msgcontent')"; |
| Andreu Huguet | fc1e833 | 2020-09-15 18:21:12 +0200 | [diff] [blame] | 12 | if (!query($template)) die("An error ocurred." . $template); |
| 13 | |
| Adrià Vilanova Martínez | 13cf0cd | 2022-11-20 01:02:20 +0100 | [diff] [blame] | 14 | header("Location: /main.php"); |
| Andreu Huguet | fc1e833 | 2020-09-15 18:21:12 +0200 | [diff] [blame] | 15 | ?> |