game/online.php

<?php

if (!defined('GAME_VERSION')) {
    require_once '_incl_data/autoload.php';
}

use Core\Config;
use Core\Database;
use Core\Db;
use DarksLight2\Training\TrainingManager;


Config::init();
Database::init();

$u = User::start();
$filter = new Filter();
$chat = new Chat();

$code = PassGen::intCode();

if (
    !isset($u->info['id']) ||
    $u->info['banned'] > 0 ||
    !isset($_COOKIE['login']) ||
    $u->info['repass'] > 0
) {
    exit(json_encode(['js' => 'top.location="bk?exit=' . $code . '";']));
}

if ($u->info['bithday'] == '01.01.1800') {
    unset($_GET['msg'], $_POST['msg'], $_POST['warnMsg']);
    $_GET['r3'] = 1;
}

if ($u->info['online'] < time() - 60) {
    Db::sql('update users set online = unix_timestamp() where id = ?', [$u->info['id']]);
    $filter->setOnline($u->info['online'], $u->info['id']);
}

function isModerOrAdmin($uinfo): bool
{
    return $uinfo['admin'] > 0 ||
        (
            $uinfo['align'] > 1 &&
            $uinfo['align'] < 2) ||
        (
            $uinfo['align'] > 3 &&
            $uinfo['align'] < 4
        );
}

if (isset($_POST['delMsg']) && isModerOrAdmin($u->info)) {
    $delmsgid = (int)$_POST['delMsg'];
    if ($delmsgid > 0) {
        Db::sql('update chat set `delete` = ? where id = ?', [$u->info['id'], $delmsgid]);
    } else {
        Db::sql('update users set molch3 = unix_timestamp() + 3600 * 3 where id = ?', [-$delmsgid]);
    }
    unset($delmsgid);
}

$r = [
    'rnd' => $code,
    'rn' => null,
    'list' => null,
    'msg' => null,
    'js' => null,
    'xu' => 0,
];


if ($u->info['battle'] > 0) {
    $btl = Db::getValue('select count(*) from battle where id = ? and time_over = 0', [$u->info['battle']]);
    if (empty($btl)) {
        $r['js'] .= 'top.frames["main"].location="main.php";';
    }
}

if (isset($_POST['msg']) && str_replace(' ', '', $_POST['msg']) != '') {
    $msg = [];
    $_POST['msg'] = str_replace('\x3C', '<', $_POST['msg']);
    $_POST['msg'] = str_replace('\x3', '>', $_POST['msg']);

    function tolink($buf): string
    {
        $x = explode(" ", $buf);
        $newbuf = '';
        for ($j = 0; $j < count($x); $j++) {
            $uname = '&lt;Внутренняя ссылка&gt;';
            //
            if (strripos($x[$j], 'new-combats.com/info/')) {
                $ulogin = explode('/info/', $x[$j]);
                $ulogin = $ulogin[1];
                $ulogin = Db::getValue('select login from users where id = ? or login = ?', [$ulogin, $ulogin]);
                if (!empty($ulogin)) {
                    $uname = '<span style="color: #831db7; ">&lt;Информация о &quot;' . $ulogin . '&quot;&gt;</span>';
                }
            } elseif (strripos($x[$j], 'audio_1610649509.mp3')) { //ТУТ аудио
                $uname = '<span style="color: #FF851B; ">&lt;Голосовое сообщение&gt;</span>';
            } elseif (strripos($x[$j], 'new-combats.com/item/')) {
                $ulogin = explode('/item/', $x[$j]);
                $ulogin = $ulogin[1];
                $ulogin = Db::getValue('select name from items_main where id = ?', [$ulogin]);
                if (isset($ulogin)) {
                    $uname = '<span style="color: #5f9b00; ">&lt;Предмет &quot;' . $ulogin . '&quot;&gt;</span>';
                } else {
                    $uname = '<span style="color: #5f9b00; ">&lt;Библиотека предметов&gt;</span>';
                }
            } elseif (strripos($x[$j], 'new-combats.com/news')) {
                $ulogin = explode('/news', $x[$j]);
                $ulogin = $ulogin[1];
                $ulogin = ltrim($ulogin, '/');
                $ulogin = Db::getValue('select title from events_news where id = ?', [$ulogin]);
                if (isset($ulogin)) {
                    $uname = '<span style="color: #b57300; ">&lt;Новость &quot;' . $ulogin . '&quot;&gt;</span>';
                } else {
                    $uname = '<span style="color: #b57300; ">&lt;Новостная лента&gt;</span>';
                }
            } elseif (strripos($x[$j], 'new-combats.com/lib')) {
                $ulogin = explode('/lib', $x[$j]);
                $ulogin = $ulogin[1];
                $ulogin = ltrim($ulogin, '/');
                $ulogin = rtrim($ulogin, '/');
                $ulogin = Db::getValue('select title from library_content where url_name = ? and moder > 0', [$ulogin]);
                if (isset($ulogin)) {
                    $uname = '<span style="color: #4c6e00; ">&lt;Библиотека &quot;' . $ulogin . '&quot;&gt;</span>';
                } else {
                    $uname = '<span style="color: #4c6e00; ">&lt;Библиотека&gt;</span>';
                }
            } elseif (strripos($x[$j], 'new-combats.com/forum')) {
                $ulogin = explode('/forum?read=', $x[$j]);
                $ulogin = $ulogin[1];
                $ulogin = explode('&', $ulogin);
                $ulogin = $ulogin[0];
                $ulogin = Db::getValue('select title from forum_msg where id = ? and `delete` = 0', [$ulogin]);
                if (isset($ulogin)) {
                    $uname = '<span style="color: #0055b5; ">&lt;Форум &quot;' . $ulogin . '&quot;&gt;</span>';
                } else {
                    $ulogin = explode('/forum?r=', $x[$j]);
                    $ulogin = $ulogin[1];
                    $ulogin = explode('&', $ulogin);
                    $ulogin = $ulogin[0];
                    $ulogin = Db::getValue('select name from forum_menu where id = ?', [$ulogin]);
                    if (isset($ulogin)) {
                        $uname = '<span style="color: #0055b5; ">&lt;Конференция форума &quot;' . $ulogin . '&quot;&gt;</span>';
                    } else {
                        $uname = '<span style="color: #0055b5; ">&lt;Форум проекта&gt;</span>';
                    }
                }
            }
            //
            $newbuf .= preg_match(
                "/(https:\\/\\/)?(new-combats+\\.com(([ \"'>\r\n\t])|(\\/([^ \"'>\r\n\t]*)?)))/",
                $x[$j],
                $ok
            ) ? str_replace($ok[2], "<small><a href=https://$ok[2] target=_blank ><i>" . $uname . "</i></a></small>", str_replace("https://", "", $x[$j])) . " " : $x[$j] . " ";
        }
        return $newbuf;
    }

    $_POST['msg'] = $chat->expworld($_POST['msg'], 120);
    $_POST['msg'] = str_replace('\\', '\\\\', $_POST['msg']);
    $_POST['msg'] = str_replace('"', '[s1;]', $_POST['msg']);
    $_POST['msg'] = str_replace("'", '[s2;]', $_POST['msg']);
    $_POST['msg'] = str_replace('<', '[s3;]', $_POST['msg']);
    $_POST['msg'] = str_replace('>', '[s4;]', $_POST['msg']);
    $_POST['msg'] = str_replace('	', ' ', $_POST['msg']);
    $_POST['msg'] = str_replace('&gt;', '[s4;]', $_POST['msg']);
    $_POST['msg'] = str_replace('&lt;', '[s3;]', $_POST['msg']);

    $_POST['msg'] = str_replace("\r", '[s3;]br[s4;]', $_POST['msg']);
    $_POST['msg'] = str_replace("\b", '[s3;]br[s4;]', $_POST['msg']);
    $_POST['msg'] = str_replace("
 ", '[s3;]TAB[s4;]', $_POST['msg']);
    $_POST['msg'] = str_replace("
", '[s3;]TAB[s4;]', $_POST['msg']);

    $_POST['msg'] = htmlspecialchars($_POST['msg'], null);
    $_POST['msg'] = str_replace('%usersmile%', '', $_POST['msg']);
    $_POST['msg'] = tolink($_POST['msg']);

    $_POST['msg'] = str_replace('::', '', $_POST['msg']);

    $_POST['msg'] = str_replace('[s1;]', '&quot;', $_POST['msg']);
    $_POST['msg'] = str_replace("[s2;]", '&quot;', $_POST['msg']);
    $_POST['msg'] = str_replace('[s3;]', '&lt;', $_POST['msg']);
    $_POST['msg'] = str_replace('[s4;]', '&gt;', $_POST['msg']);

    $_POST['msg'] = str_replace('	', ' ', $_POST['msg']);

    $smg = Db::getRow('select * from chat where login = ? and time > unix_timestamp() - 20 order by time desc limit 1', [$u->info['login']]);

    if ($u->info['exp'] < 499999999) {
        $lmg = Db::getValue('select count(id) from chat where login = ? and time = unix_timestamp() - 5 limit 2', [$u->info['login']]);
    } else {
        $lmg = 0;
    }
    $testsmg = ' ' . $_POST['msg'] . ' ';
    if ($testsmg == $smg['text'] && $u->info['exp'] > 100000) {
        if ($u->info['molch1'] < time()) {

            //Молчанка за флуд на 5 минут
            $u->info['molch1'] = time() + 1200;
            $r['js'] .= 'chat.sendMsg(["new","' . time(
                ) . '","6","","' . $u->info['login'] . '","<small>Вы наказаны за спам на 20 минут </small>","Black","1","1","0"]);';

            Db::sql('update users set molch1 = ? where id = ?', [$u->info['molch1'], $u->info['id']]);
            Db::sql('update chat set `delete` = 1 where login = ?', [$u->info['login']]);

            $_POST['msg'] = 'Я спамер ' . $u->info['login'] . ' и меня нужно заблокировать!';

            $training_manager = TrainingManager::getInstance();
            $training_manager->addPoint('chat_first_quest');

            if(preg_match("/to\[(.*?)\]/", $_POST['msg'])) {
                $training_manager->addPoint('chat_second_quest');
            }

            if(preg_match("/private\[(.*?)\]/", $_POST['msg'])) {
                $training_manager->addPoint('chat_third_quest');
            }

            $cmsg = new ChatMessage();
            $cmsg->setInvis($u->info['invis']);
            $cmsg->setDa(1);
            $cmsg->setCity($u->info['city']);
            $cmsg->setType(6);
            $cmsg->setColor('#f00');
            $cmsg->setText("Я спамер {$u->info['login']} и меня нужно заблокировать " . Config::get('https') . '/info/' . $u->info['id']);
            $chat->sendMsg($cmsg);

            $cmsg->setLogin($u->info['login']);
            $cmsg->setType(6);
            $cmsg->setText('Это супер проект! Всем успехов!');
            $cmsg->setColor('#000');
            $chat->sendMsg($cmsg);
        }
    } elseif ($lmg > 0) {
        $r['js'] .= 'chat.sendMsg(["new","' . time(
            ) . '","6","","' . $u->info['login'] . '","<small>Вы не можете отправлять так часто сообщения... </small>","Black","1","1","0"]);';
        if ($u->info['molch1'] < time()) {
            if ($u->info['molch1'] < -5) {
                $u->info['molch1'] = time() + 300;
                $r['js'] .= 'chat.sendMsg(["new","' . time(
                    ) . '","6","","' . $u->info['login'] . '","<small>Вы наказаны за флуд на 5 минут </small>","Black","1","1","0"]);';
            } elseif ($u->info['molch1'] < 0) {
                $u->info['molch1']--;
            } else {
                $u->info['molch1'] = -1;
            }
            mysql_query(
                'UPDATE `users` SET `molch1` = "' . $u->info['molch1'] . '" WHERE `id` = "' . $u->info['id'] . '" LIMIT 1'
            );
        }
    } elseif ((preg_match("/private\[(.*?)\]/", $_POST['msg'], $msg['to']) || preg_match(
                "/private \[(.*?)\]/", $_POST['msg'], $msg['to']
            )) && $u->info['exp'] < 150000) {
        $r['js'] .= 'chat.sendMsg(["new","' . time(
            ) . '","6","","' . $u->info['login'] . '","<small>Вы не можете отправлять приват до достижения 150000 опыта.</small>","Black","1","1","0"]);';

    } else {
        //Записываем данные
        $msg['spam'] = 0;
        $msg['type'] = 1;
        $msg['molch'] = 0;

        $msg['cancel'] = 0;
        $msg['delete'] = 0;
        $msg['to'] = '';
        $msg['da'] = 0;

        //Нормируем типы сообщений
        if (preg_match("/private\[(.*?)\]/", $_POST['msg'], $msg['to'])) {
            $msg['to'] = $msg['to'][1];
            $_POST['msg'] = str_replace('private[' . $msg['to'] . ']', 'private [' . $msg['to'] . ']', $_POST['msg']);
            $msg['to'] = '';
        } elseif (preg_match("/to\[(.*?)\]/", $_POST['msg'], $msg['to'])) {
            $msg['to'] = $msg['to'][1];
            $_POST['msg'] = str_replace('to[' . $msg['to'] . ']', 'to [' . $msg['to'] . ']', $_POST['msg']);
            $msg['to'] = '';
        }

        if (preg_match("/private \[(.*?)\]/", $_POST['msg'], $msg['to'])) {
            $msg['to'] = trim($msg['to']['1'], ' ');
            $msg['type'] = 3;
            $_POST['msg'] = str_replace('private [' . $msg['to'] . ']', ' ', $_POST['msg']);
        } elseif (preg_match("/to \[(.*?)\]/", $_POST['msg'], $msg['to'])) {
            $msg['to'] = trim($msg['to']['1'], ' ');
            $msg['type'] = 2;
            $_POST['msg'] = str_replace('to [' . $msg['to'] . ']', ' ', $_POST['msg']);
        }
        if ($u->info['admin'] == 0) {  //ТУТ SPAM
            if ($msg['to'] != '' && !isset($admq['id']) && $msg['type'] == 3) {
                $admq = Db::getRow('select id, admin from users where login = ? and admin > 0', [$msg['to']]);
            }
            if (!isset($admq['id'])) {
                $msg['fspam'] = $filter->spamFiltr(str_replace('точка', '.', str_replace('ру', 'ru', $_POST['msg'])));
                if ($msg['fspam'] != '0') {
                    $msg['spam'] = 1;
                    $msg['delete'] = 1;
                    $r['js'] .= 'chat.sendMsg(["new","' . time(
                        ) . '","6","","' . $u->info['login'] . '","<small>В нашем чате запрещается сообщать ссылки на атльтернативные проекты. Повторные попытки могут привести к блокировке персонажа.</small>","Black","1","1","0"]);';
                }

                if ($msg['spam'] == 1 && $u->info['molch1'] < time() && $u->info['admin'] == 0) {
                    $mban = $u->testAction(
                        '`uid` = "' . $u->info['id'] . '" AND `time` >= ' . strtotime(
                            'now 00:00:00'
                        ) . ' AND `vars` = "msg_bans" LIMIT 1', 1
                    );
                    if (!isset($mban['id'])) {
                        $u->addAction(time(), 'msg_bans', '1');
                        $mban['vals'] = 0;
                    } else {
                        mysql_query(
                            'UPDATE `actions` SET `vals` = `vals` + 1 WHERE `id` = "' . $mban['id'] . '" LIMIT 1'
                        );
                        $msg['delete'] = time();
                    }

                    if ($mban['vals'] + 1 < 2) {
                        $msg['fspam'] = str_replace('%', '</b>,<b>', $msg['fspam']);
                        $msg['fspam'] = '<b>' . ltrim($msg['fspam'], '0</b>,<b>') . '</b>';
                        $r['js'] .= 'chat.sendMsg(["new","' . time(
                            ) . '","6","","' . $u->info['login'] . '","<small>В нашем чате запрещается сообщать ссылки на атльтернативные проекты. Запрещенные слова: ' . $msg['fspam'] . '. Предупреждения [' . ($mban['vals'] + 1) . '/1]</small>","Black","1","1","0"]);';
                    } else {
                        $r['js'] .= 'chat.sendMsg(["new","' . time(
                            ) . '","6","","' . $u->info['login'] . '","<small>В нашем чате запрещается сообщать ссылки на атльтернативные проекты. Вы наказаны за нарушение правил общения.</small>","Black","1","1","0"]);';

                        $cmsg = new ChatMessage();
                        $cmsg->setCity($u->info['city']);
                        $cmsg->setLogin('Комментатор');
                        $cmsg->setText("Персонаж {$u->info['login']}[{$u->info['level']}] был наказан за нарушение правил общения.");
                        $cmsg->setType(6);
                        $chat->sendMsg($cmsg);

                        $molchTime = time() + 60 * 60;
                        mysql_query(
                            'UPDATE `users` SET
                            `molch1` = ' . $molchTime . ',
                            `molch2` = ' . $molchTime . ',
                            `info_delete` = ' . $molchTime . '
                            WHERE `id` = ' . $u->info['id']);
                        $rtxt = $rang . ' &quot;' . $u->info['login'] . '&quot; <small><font color=red>Автоинформатор</font></small>: ' . $msg['text'] . ' [' . $msg['fspam'] . '].';
                        mysql_query(
                            "INSERT INTO `users_delo` (`uid`,`ip`,`city`,`time`,`text`,`login`,`type`) VALUES ('" . $u->info['id'] . "','" . $_SERVER['REMOTE_ADDR'] . "','" . $u->info['city'] . "','" . time(
                            ) . "','" . $rtxt . "','" . $u->info['login'] . "',0)"
                        );
                    }
                }
            }
            unset($admq);
        }

        $qix = mysql_fetch_array(
            mysql_query(
                'SELECT `id` FROM `friends` WHERE `ignor` > 0 AND `login_ignor` = "' . mysql_real_escape_string(
                    $pl['login']
                ) . '" AND (`user_ignor` = "' . $u->info['login'] . '" OR `user` = "' . $u->info['id'] . '") LIMIT 1'
            )
        );
        if (isset($qix['id'])) {
            $r['js'] .= 'chat.sendMsg(["new","' . time(
                ) . '","6","","' . $u->info['login'] . '","<b>Вас добавили в игнор</b>: Вы не можете отправлять сообщения персонажу &quot;' . htmlspecialchars(
                    $msg['to']
                ) . '&quot;.","Black","1","1","0"]);';
            $msg['cancel']++;
        }
        if ($msg['type'] == 3 && $msg['to'] == 'klan') {
            if ($u->info['clan'] == 0) {
                $r['js'] .= 'chat.sendMsg(["new","' . time(
                    ) . '","6","","' . $u->info['login'] . '","<small>Вы не являетесь частью одного из <b>Кланов</b> и не можете общаться по этому каналу.</small>","Black","1","1","0"]);';
                $msg['cancel']++;
            } else {
                $msg['to'] = 'k' . $u->info['clan'];
                $msg['da'] = 1;
            }
        }
        if ($u->info['molch1'] > time()) {
            if ($msg['to'] != '' && !isset($admq['id'])) {
                $admq = mysql_fetch_array(
                    mysql_query(
                        'SELECT `id`,`admin` FROM `users` WHERE `login` = "' . mysql_real_escape_string(
                            $msg['to']
                        ) . '" AND `admin` > 0 LIMIT 1'
                    )
                );
                if ($msg['type'] != 3) {
                    unset($admq);
                }
            }
            if (!isset($admq['id'])) {
                $msg['molch'] = 1;
            }
        }

        if ($msg['cancel'] == 0) {
            if (is_array($msg['to'])) {
                $msg['to'] = '';
            }
            if ($msg['type'] == 3 && $msg['da'] > 0) {
                $msg['type'] = -3;
            }

            $msw = $chat->smileText($_POST['msg'], $msg['to'], $u->info['room'], $u->info['city']);
            $nosend = 0;
            if ($msw) {
                $_POST['msg'] = $msw;
                $msg['to'] = '';
                $msg['type'] = 21;
                if ($msw == 'USER IS FALSE') {
                    $r['js'] .= 'chat.sendMsg(["new","' . time(
                        ) . '","6","","' . $u->info['login'] . '","<small>Персонажа нет в данной комнате.</small>","Black","1","1","0"]);';
                    $nosend = 1;
                }
            } elseif ($chat->str_count($_POST['msg'], 3) == '/e ') {
                $msg['type'] = 21;
                $_POST['msg'] = ltrim($_POST['msg'], '/e ');
            } elseif ($chat->str_count($_POST['msg'], 3) == '/е ') {
                $msg['type'] = 21;
                $_POST['msg'] = ltrim($_POST['msg'], '/е ');
            } elseif ($chat->str_count($_POST['msg'], 4) == ' /e ') {
                $msg['type'] = 21;
                $_POST['msg'] = ltrim($_POST['msg'], ' /e ');
            } elseif ($chat->str_count($_POST['msg'], 4) == ' /е ') {
                $msg['type'] = 21;
                $_POST['msg'] = ltrim($_POST['msg'], ' /е ');
            }

            if ($nosend == 0) {

                //Именные смайлики
                $_POST['msg'] = str_replace('%usersmile%-', '%usеrsmilе%-', $_POST['msg']);
                $usml = explode(',', $u->info['add_smiles']);
                $i = 0;
                while ($i < count($usml)) {
                    $_POST['msg'] = str_replace(
                        ':' . $usml[$i] . ':', ':%usersmile%-' . $usml[$i] . ':', $_POST['msg']
                    );
                    $i++;
                }

                $cmsg = new ChatMessage();
                $cmsg->setInvis($u->info['invis']);
                $cmsg->setDa($msg['da']);
                $cmsg->setDelete($msg['delete']);
                $cmsg->setMolch($msg['molch']);
                $cmsg->setLogin($u->info['login']);
                $cmsg->setTo($msg['to']);
                $cmsg->setCity($u->info['city']);
                $cmsg->setRoom($u->info['room']);
                $cmsg->setType($msg['type']);
                $cmsg->setSpam($msg['spam']);
                $cmsg->setText($_POST['msg']);
                $cmsg->setColor($u->info['chatColor']);
                $chat->sendMsg($cmsg);

            }
        }

        if ($msg['type'] == 2 && mb_convert_case($msg['to'], MB_CASE_LOWER) == 'комментатор') {
            $cmsg = new ChatMessage();
            if (preg_match("/анекдот/i", mb_convert_case($_POST['msg'], MB_CASE_LOWER))) {
                $text_com = '';
                $sp_all = Db::getValue('select count(*) from a_com_act where act = ? and time > unix_timestamp() limit 5', [$com_act]);
                if ($sp_all > 0) {
                    if (rand(0, 100) < 75) {
                        $text_com = [
                            'Отстань попрошайка! ... Ищу анекдоты, интернет не маленький!',
                            'Подожди... Сейчас что-нибудь найду',
                            'Почти нашел...',
                            'Вот один есть, но он не интересный...',
                            'А свет на центральной площади тьму &quot;пинает&quot;... Эх...',
                        ];
                        $text_com = $text_com[rand(0, (count($text_com) - 1))];
                    }
                } else {
                    $sp_all = Db::getRow('select * from a_com_anekdot order by rand() limit 1');
                    if (isset($sp_all['id'])) {
                        $text_com = $sp_all['text'];
                        $text_com = str_replace("<br>", "<br>&nbsp; &nbsp; ", $text_com);
                        $text_com = str_replace("<br />", "<br />&nbsp; &nbsp; ", $text_com);
                        $text_com = str_ireplace("\r\n", "", $text_com);
                        $text_com = str_replace("", "", $text_com);
                        $text_com = '<b style="color: red">Анекдот</b>:<br>&nbsp; &nbsp; ' . $text_com . '<br>';
                    } else {
                        $text_com = 'Анекдот из головы вылетел...';
                    }
                    Db::sql('insert into a_com_act (act, time, uid) values (0, unix_timestamp() + 60, ?)', [$u->info['id']]);
                }
                if ($text_com != '') {
                    $cmsg->setText($text_com);
                }
            } else {
                include_once 'commentator.php';
                if ($comment != '') {
                    $cmsg->setText($comment);
                }
            }
            if ($cmsg->getText()) {
                $cmsg->setLogin('Комментатор');
                $cmsg->setTo($u->info['login']);
                $cmsg->setCity($u->info['city']);
                $cmsg->setRoom($u->info['room']);
                $cmsg->setType(2);
                $chat->sendMsg($cmsg);
            }
        }
        Db::sql('update users set afk = default, dnd = default, timeMain = unix_timestamp() where id = ?', [$u->info['id']]);
    }

}

//Получаем список онлайн
if ($_GET['r1'] != 0) {
    // $_GET['r3'] передаётся из onlineList.js как переключатель "все пользователи\пользователи в комнате".
    define('BOT_ROOM', 303);
    $ar_id = 0;
    $ar_lvl = 0;
    $ar_all = '0';
    $usl = [];
    $cw = [];
    $usid = [];
    $onlineListQuery = 'select
    users.id, pass, sex, dnow, timeMain, bot, atack, afk, dnd, banned, molch1,
    room, city, cityreg, online, align, clan, login, level, inTurnir, battle, invis, inUser, x, y
from users left join stats on users.id = stats.id
where
    (
        (room = ? and ' . (int)$_GET['r3'] . ' != 1) or
        (' . (int)$_GET['r3'] . ' = 1 and pass not like ?)
    ) and
    mail != ? and
    room != ?
    order by inUser desc, online desc, login desc';
    $sp = Db::getRows($onlineListQuery, [$u->info['room'], '%saint%', '', BOT_ROOM]);
    foreach ($sp as $pl) {

//    }
//
//    $sp = mysql_query(
//        'SELECT
//        `u`.`pass`,
//        `u`.`sex`,
//        `s`.`dnow`,
//        `u`.`timeMain`,
//        `s`.`bot`,`s`.`atack`,`u`.`afk`,`u`.`dnd`,`u`.`banned`,`u`.`molch1`,`u`.`room`,`u`.`id`,`u`.`city`,`u`.`cityreg`,`u`.`online`,`u`.`align`,
//        `u`.`clan`,`u`.`login`,`u`.`level`,`u`.`inTurnir`,`u`.`battle`,`u`.`invis`,`u`.`inUser`,`s`.`x`,`s`.`y`
//FROM
//`users` AS `u`
//    LEFT JOIN `stats` AS `s` ON `s`.`id` = `u`.`id`
//WHERE (
//    (`u`.`room` = "' . $u->info['room'] . '" AND "' . mysql_real_escape_string((int)$_GET['r3']) . '" != "1") OR
//    ("' . mysql_real_escape_string((int)$_GET['r3']) . '" = "1" AND `pass` NOT LIKE "%saint%")) AND
//    `mail`!="No E-mail" AND
//    `room` != "303"
//    ORDER BY `u`.`inUser` DESC,`u`.`online` DESC,`u`.`login` DESC LIMIT 1000'
//    );
//    $ar_id = 0;
//    $ar_lvl = 0;
//    $ar_all = '0';
//    $usl = [];
//    $cw = [];
//    $usid = [];
//    while ($pl = mysql_fetch_array($sp)) {
        $ysee = 1;
        if ($pl['inUser'] > 0) {
            if ($pl['inTurnir'] == 0) {
                $ysee = 0;
            } else {
                if ($pl['online'] < time() - 120) {
                    User::setOnline($pl['id']);
                }
            }
        } else {
            if ($pl['inTurnir'] > 0) {
                $ysee = 0;
            }
        }

        if (!isset($usl[$pl['login']])) {
            $ysee = 1;
        }

        if (
            (
                (int)$_GET['r3'] != 1 &&
                $u->info['dnow'] != $pl['dnow']
            ) ||
            (
                $pl['room'] >= 362 &&
                $pl['room'] <= 366 &&
                (int)$_GET['r3'] != 1 &&
                (
                    $pl['x'] != $u->info['x'] ||
                    $pl['y'] != $u->info['y'] ||
                    $pl['room'] != $u->info['room']
                )
            ) ||
            $usid[$pl['login']]
        ) {
            $ysee = 0;
        }

        $usl[$pl['login']] = $pl['id'];

        if (
            (
                $pl['online'] > time() - 520 ||
                $pl['inUser'] > 0
            ) &&
            (
                $pl['bot'] != 1 ||
                $pl['pass'] == '212121q'
            ) &&
            $pl['banned'] == 0 &&
            $ysee == 1
        ) {
            $usid[$pl['login']] = true;
            if ($pl['invis'] != 1 && $pl['invis'] < time()) {
                if ($pl['clan'] > 0) {
                    if ($u->info['clan'] > 0 && $pl['clan'] != $u->info['clan']) {
                        if (!isset($cw['war'][$pl['clan']][$u->info['clan']])) {
                            $pl['cwar'] = mysql_fetch_array(
                                mysql_query(
                                    'SELECT `id`,`type` FROM `clan_wars` WHERE
								((`clan1` = "' . $pl['clan'] . '" AND `clan2` = "' . $u->info['clan'] . '") OR (`clan2` = "' . $pl['clan'] . '" AND `clan1` = "' . $u->info['clan'] . '")) AND
								`time_finish` > ' . time() . ' LIMIT 1'
                                )
                            );
                            if (isset($pl['cwar']['id'])) {
                                $cw['war'][$pl['clan']][$u->info['clan']] = $pl['cwar']['type'];
                            } else {
                                $cw['war'][$pl['clan']][$u->info['clan']] = 0;
                            }
                        }
                        if ($cw['war'][$pl['clan']][$u->info['clan']] > 0) {
                            $pl['atack'] = $cw['war'][$pl['clan']][$u->info['clan']];
                        }
                    }
                    if (!isset($cw[$pl['clan']])) {
                        $pl['clan'] = mysql_fetch_array(
                            mysql_query('SELECT `name_mini` FROM `clan` WHERE `id` = "' . $pl['clan'] . '" LIMIT 1')
                        );
                    } else {
                        $pl['clan'] = $cw[$pl['clan']];
                    }
                    $pl['clan'] = $pl['clan']['name_mini'];
                }
                if ($pl['atack'] > time() || $pl['atack'] == 1 || $pl['atack'] == 2) {
                    if ($pl['atack'] != 2) {
                        $pl['atack'] = 1;
                    }
                } else {
                    $pl['atack'] = 0;
                }
                $trvm = mysql_fetch_array(
                    mysql_query(
                        'SELECT `id`,`name` FROM `eff_users` WHERE `uid` = "' . $pl['id'] . '" AND (`id_eff` = "4" OR `id_eff` = "6") AND `delete` = "0" ORDER BY `id_eff` ASC LIMIT 6'
                    )
                );
                $trvm = $trvm['name'];
                $r['list'] .= '"' . $r['xu'] . '":["' . $pl['id'] . '","' . $pl['login'] . '","' . $pl['level'] . '","' . $pl['align'] . '","' . $pl['clan'] . '","' . $pl['cityreg'] . '","' . $pl['city'] . '","' . $pl['room'] . '","' . $pl['afk'] . '","' . $pl['dnd'] . '","' . $pl['banned'] . '","' . $pl['molch1'] . '","' . $pl['battle'] . '","' . $pl['atack'] . '","' . $trvm . '","' . ($pl['sex'] * 0) . '","' . $pl['align2'] . '"],';
                $ar_id += $pl['id'];
                $ar_lvl += $pl['level'];
                $ar_all .= $pl['align'] . $pl['clan'] . $pl['molch1'] . $pl['banned'] . $pl['battle'] . 1;

            }
            $r['xu']++;
        }
    }
    unset($pl, $sp);
    $r['list'] = rtrim($r['list'], ',');
    $r['list'] = '{' . $r['list'] . '}';
}

function json_fix_cyr($json_str)
{
    return $json_str;
}


//Получаем сообщения
if (isset($_GET['mid']) && !isset($_POST['mid'])) {
    $_POST['mid'] = $_GET['mid'];
}
$i = 0;
$l = 0;
$sp = mysql_query(
    'SELECT `nosee`,`frv`,`id`,`dn`,`active`,`invis`,`login`,`to`,`city`,`room`,`time`,`type`,`spam`,`text`,`toChat`,`color`,`typeTime`,`sound`,`global`,`delete`,`molch`,`da` FROM `chat` WHERE 
		(
			(
				`delete` > 0 AND
				`time` > ' . (time() - 360) . '
			) OR
			(
				`time` > ' . (time() - 120) . ' OR
				(
					`time` = -1 AND
					(
						`to` = "' . $u->info['login'] . '" OR
						`type` = 8
					)
				) OR
				(
					`time` < -1 AND
					`time` > -' . time() . ' AND
					(
						`to` = "' . $u->info['login'] . '" OR
						`type` = 8 OR
						`to` = ""
					)
				)
			)
		)
		AND
		`new` = "1" AND
		(
			`id` > ' . ((int)$_POST['mid']) . '	OR
			`delete` > 0 OR
			`spam` > 0 OR
			(
				`time` < 0 AND
				`time` > -' . time() . ' AND
				(
					`to` = "' . $u->info['login'] . '" OR
					`to` = ""
				)
			)
		)
	ORDER BY `id`'
);
while ($pl = mysql_fetch_array($sp)) {

    if ($pl['delete'] > 0) {
        $r['msg'] .= ',"m' . $i . '":["' . $pl['id'] . '","","delete","","","","","","","0","0","0","1","",""]';
    }

    if ($pl['type'] == 6 || $pl['type'] == 8) {
        $pl['city'] = $u->info['city'];
    }

    $see = 1;

    if ($pl['type'] == 8 && isModerOrAdmin($u->info)) {
        $see = 0;
    }

    if (($pl['type'] > 0 && $pl['type'] < 4) || $pl['type'] == -3) {
        $pl['room'] = $u->info['room'];
        $pl['city'] = $u->info['city'];
    }

    //Проверки на доступ к просмотру
    if (
        ((
                (
                    $pl['type'] == 3 ||
                    $pl['type'] == 4
                ) &&
                (
                    $pl['city'] == $u->info['city'] ||
                    $pl['global'] == 1
                )
            ) ||
            (
                (
                    $pl['type'] == 5 ||
                    $pl['type'] == 6 ||
                    (
                        $pl['type'] == 8 && isModerOrAdmin($u->info)
                    )
                ) &&
                (
                    $pl['city'] == $u->info['city'] ||
                    $pl['global'] == 1
                )
            ) ||
            (
                $pl['type'] == 7 &&
                $pl['city'] == $u->info['city'] &&
                $pl['room'] == $u->info['room']
            ) ||
            (
                $pl['type'] == 6 &&
                (
                    $pl['city'] == $u->info['city'] ||
                    $pl['global'] == 1
                )
            ) ||
            $pl['type'] == 9 ||
            $pl['type'] == 10
        ) &&
        $pl['to'] != '' &&
        $pl['login'] != $u->info['login'] &&
        $pl['to'] != $u->info['login']
    ) {
        $n = 0;
        $ex = explode(',', $pl['to']);
        $j = 0;
        while ($j < count($ex)) {
            if (trim($ex[$j], ' ') == $u->info['login']) {
                $n++;
            }
            $j++;
        }
        if ($n == 0) {
            $see = 0;
        }
        unset($n, $j, $ex);
    }
    //Клановое сообщение (по всем городам)
    if ($pl['type'] == -3 && ($pl['to'] == 'k' . $u->info['clan'] || $u->info['admin'] > 0)) {
        $pl['type'] = 3;
        if ($pl['to'] == 'k' . $u->info['clan']) {
            $pl['to'] = 'klan';
        }
        $see = 1;
    } elseif ($pl['type'] == -3) {
        $see = 0;
    }

    //Системное сообщение только в этой комнате
    if (
        $pl['type'] == 6 &&
        $pl['room'] > 0 &&
        $pl['room'] != $u->info['room'] &&
        $pl['to'] == ''
    ) {
        $see = 0;
    }

    //Системное сообщение по всему городу
    if ($pl['type'] == 8 && $pl['city'] != $u->info['city'] && $pl['global'] == 0) {
        $see = 0;
    }

    //Сообщение с молчанкой
    if ($pl['molch'] > 0) {
        $see = 0;
    }

    //Сообщение отправлено в другой комнате
    if (
        (
            $pl['type'] == 1 ||
            $pl['type'] == 2
        ) &&
        (
            $pl['room'] != $u->info['room'] ||
            $pl['city'] != $u->info['city']
        ) &&
        (
            $pl['global'] == 0 ||
            $_COOKIE['chatCfg11'] == 0
        )
    ) {
        $see = 0;
    }

    //Сообщение прочее, в другом городе
    if ($pl['city'] != $u->info['city'] && $pl['global'] == 0) {
        $see = 0;
    }

    //Глобал
    if ($pl['global'] == 1 && $pl['city'] == $u->info['city'] && $pl['type'] != -3) {
        $see = 1;
    }

    //Пещерное сообщение
    if ($pl['dn'] > 0 && $u->info['dnow'] != $pl['dn']) {
        $see = 0;
    }

    $modr = 0;

    if (isModerOrAdmin($u->info)) {
        $modr = 1;
    }

    if ($pl['login'] != $u->info['login'] && $pl['nosee'] != 0 && $u->info['id'] != $pl['nosee'] && $u->info['admin'] == 0 && $modr == 0) {
        $see = 0;
    } else {
        if ($pl['nosee'] != 0 && $pl['login'] != $u->info['login']) {
            $noseein = 'скрыто';
            if ($u->info['id'] == $pl['nosee']) {
                $noseein = 'ваш реферал';
            }
            $pl['text'] = '<span style=\"padding:0 5px 0 5px;background-color:#FFC;\"><font color=red><small>[' . $noseein . ']</small></font> ' . $pl['text'] . '</span>';
            if ($u->info['admin'] > 0 || $modr == 1) {
                $see = 1;
            }
        }
    }

    if ($see == 1 && $pl['delete'] == 0 && $pl['login'] != '') {

        $qix = mysql_fetch_array(
            mysql_query(
                'SELECT `id` FROM `friends` WHERE `ignor` > 0 AND `login_ignor` = "' . mysql_real_escape_string(
                    $pl['login']
                ) . '" AND (`user_ignor` = "' . $u->info['login'] . '" OR `user` = "' . $u->info['id'] . '") LIMIT 1'
            )
        );
        if (isset($qix['id'])) {
            $see = 0;
        }
        unset($qix);
    }

    if ($see == 1 && $pl['delete'] == 0) {
        if ($pl['time'] < 0) {
            if ($pl['to'] == '') {
                $lmsch = mysql_fetch_array(mysql_query('SELECT `id` FROM `chat` ORDER BY `id` DESC LIMIT 1'));
                if (isset($lmsch['id'])) {
                    $lmsch['id']++;
                    mysql_query(
                        'UPDATE `chat` SET `id` = "' . $lmsch['id'] . '",`time` = "' . time(
                        ) . '" WHERE `id` = "' . $pl['id'] . '" LIMIT 1'
                    );
                    $pl['id'] = $lmsch['id'];
                } else {
                    mysql_query('UPDATE `chat` SET `time` = "' . time() . '" WHERE `id` = "' . $pl['id'] . '" LIMIT 1');
                }
            } else {
                mysql_query('UPDATE `chat` SET `time` = "' . time() . '" WHERE `id` = "' . $pl['id'] . '" LIMIT 1');
            }
            $pl['time'] = time();
        }
        if ($pl['spam'] > 0) {
            $r['msg'] .= ',"' . $i . '":{"s":"' . $pl['id'] . '"}';
        } else {
            $reimg = [];
            if (preg_match_all(
                    "/\[img\[(.*?)\]\]\[1\]/", $pl['text'], $reimg
                ) && ($u->info['admin'] > 0 || $pl['type'] == 5 || $pl['type'] == 6 || $pl['type'] == 10 || $pl['type'] == 11)) {
                $k = 0;
                while ($k <= count($reimg[1])) {
                    $pl['text'] = str_replace(
                        '[img[' . $reimg[1][$k] . ']][1]',
                        '<img src=//img.new-combats.tech/i/' . $reimg[1][$k] . ' height=19>', $pl['text']
                    );
                    $k++;
                }
            }
            if (preg_match_all(
                    "/\[img\[(.*?)\]\]/", $pl['text'], $reimg
                ) && ($u->info['admin'] > 0 || $pl['type'] == 5 || $pl['type'] == 6 || $pl['type'] == 10 || $pl['type'] == 11)) {
                $k = 0;
                while ($k <= count($reimg[1])) {
                    $pl['text'] = str_replace(
                        '[img[' . $reimg[1][$k] . ']]', '<img src=//img.new-combats.tech/i/' . $reimg[1][$k] . '>',
                        $pl['text']
                    );
                    $k++;
                }
            }

            if (preg_match_all("/item\[(.*?)\]/", $pl['text'], $reimg)) {
                $k = 0;
                while ($k <= count($reimg[1])) {
                    $pl['text'] = str_replace(
                        'item[' . $reimg[1][$k] . ']',
                        '<b oncontextmenu=\"return false;\" onClick=\"alert(\'Функция временно недоступна!\');\" style=\"cursor:pointer;\" class=\"itemsInfo\">Предмет</b>',
                        $pl['text']
                    );
                    $k++;
                }
            }
            if (preg_match_all("/\.(?:mp3)$/i", $pl['text'], $reimg)) //ТУТ аудио audio
            {
                $k = 0;
                while ($k <= count($reimg[1])) {
                    $pl['text'] = str_replace(
                        'item[' . $reimg[1][$k] . ']',
                        '<b oncontextmenu=\"return false;\" onClick=\"alert(\'Функция временно недоступна!\');\" style=\"cursor:pointer;\" class=\"itemsInfo\">Аудио запись</b>',
                        $pl['text']
                    );
                    $k++;
                }
            }
            if (preg_match_all("/item \[(.*?)\]/", $pl['text'], $reimg)) {
                $k = 0;
                while ($k <= count($reimg[1])) {
                    $pl['text'] = str_replace(
                        'item [' . $reimg[1][$k] . ']',
                        '<b oncontextmenu=\"return false;\" onClick=\"alert(\'Функция временно недоступна!\');\" style=\"cursor:pointer;\" class=\"itemsInfo\">Предмет</b>',
                        $pl['text']
                    );
                    $k++;
                }
            }

            if ($pl['type'] != 3 && ($pl['invis'] == 1 || $pl['invis'] > time())) {
                if ($u->info['admin'] == 0) {
                    $pl['login'] = '<b><i>Невидимка</i></b>';
                } else {
                    $pl['login'] = '<b><i>Невидимка</i></b></a> <small>(' . $pl['login'] . ')</small>';
                }

            }

            if ($pl['invis'] > 0 && ($pl['type'] == 1 || $pl['type'] == 2)) {
                $pl['color'] = 'Black';
            }

            $r['msg'] .= ',"m' . $i . '":["' . $pl['id'] . '","' . $pl['time'] . '","' . $pl['type'] . '","' . $pl['login'] . '","' . $pl['to'] . '","' . $pl['text'] . '","' . $pl['color'] . '","' . $pl['toChat'] . '","' . $pl['typeTime'] . '","' . $pl['sound'] . '","' . $pl['global'] . '","' . $pl['molch'] . '","' . $pl['active'] . '","' . date(
                    'H:i', $pl['time']
                ) . '","' . date('d.m.Y H:i', $pl['time']) . '","' . $pl['frv'] . '","' . $pl['invis'] . '"]';
        }
    }
    if ($l < $pl['id']) {
        $l = $pl['id'];
    }
    $i++;

}
$r['msg'] = '{"ld":"' . (0 + $l) . '","id":"' . $i . '"' . $r['msg'] . '}';

//Генерируем ключ
$r['key'] = md5($u->room['name'] . '+' . $ar_id . '+' . $ar_lvl . '+' . $ar_all);
unset($ar_id, $ar_lvl);
if ($_COOKIE['chatCfg12'] == 0) {
    $_GET['key'] = time();
}
if ($r['key'] == $_GET['key']) {
    //Список онлайн остается неизменным
    unset($r['rn'], $r['list'], $r['key'], $r['xu']);
} elseif ($_GET['r1'] != 0) {
    $r['rn'] = $u->room['name'];
}

$posts = mysql_fetch_array(
    mysql_query(
        'SELECT COUNT(`id`) FROM `items_users` AS `iu` WHERE `iu`.`uid` = "-51' . $u->info['id'] . '" AND `iu`.`delete` = 0 AND `iu`.`inOdet` = 0 AND `iu`.`inShop` = 0 AND `iu`.`lastUPD` < ' . time(
        ) . ' LIMIT 1'
    )
);
$posts = $posts[0];

if ($posts > 0) {
    $r['js'] .= ' $("#postdiv").show();';
} else {
    $r['js'] .= ' $("#postdiv").hide();';
}

//Предложение на обмен
$trf = mysql_fetch_array(
    mysql_query(
        'SELECT * FROM `transfers` WHERE `uid2` = "' . $u->info['id'] . '" AND `start2` = 0 AND `cancel1` = 0 AND `cancel2` = 0 LIMIT 1'
    )
);
if (isset($trf['id'])) {
    $utf = mysql_fetch_array(mysql_query('SELECT `login` FROM `users` WHERE `id` = "' . $trf['uid1'] . '" LIMIT 1'));
    if (isset($utf['login']) && $u->info['battle'] == 0) {
        $r['js'] .= 'top.intransferNew(' . $trf['id'] . ',"' . $utf['login'] . '");';
    } else {
        mysql_query('UPDATE `transfers` SET `cancel2` = "' . time() . '" WHERE `id` = "' . $trf['id'] . '" LIMIT 1');
    }
}

unset($c, $u, $db);
echo json_encode($r);