Файл: mob-lave.ru/user/mail/mail.php
Строк: 205
<?
require_once '../../core/set.php';
reg();
if (!isset($_GET['id'])){header("Location: /index.php?");exit;}
$ank = get_user($_GET['id']);
if (!$ank){header("Location: /index.php?");exit;}
// помечаем сообщения как прочитанные
mysql_query("UPDATE `$system[perfix]_mail` SET `read` = '1' WHERE `id_kont` = '$user[id]' AND `id_user` = '$ank[id]'");
$set['title']='Почта: '.$ank['login'];
require_once '../../core/head.php';
require_once '../../core/panel.php';
echo '<div class="navig">'.$home. $z.'<a href="/user/mail/konts.php">Контакты</a>'.$z. $set['title'].'</div>';
//------------- Приватность почты ------------- //
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_frends` WHERE (`id_user` = '$user[id]' && `id_ank` = '$ank[id]') or (`id_user` = '$ank[id]' && `id_ank` = '$user[id]')"),0) == false && $ank['close_mail'] == 1 && $user['level'] == 0){
echo '<div class="err">'.$ank['login'].' закрыл почту для всех, кроме своих друзей</div>';
require_once '../../core/foot.php';
exit();
}
if($ank['close_mail'] == 2 && $user['level'] == 0){
echo '<div class="err">'.$ank['login'].' закрыл почту для всех</div>';
require_once '../../core/foot.php';
exit();
}
// добавляем в контакты
//if (mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"),0)==0)
//mysql_query("INSERT INTO `$system[perfix]_users_konts` (`id_user`, `id_kont`, `time`) VALUES ('$user[id]', '$ank[id]', '$time')");
// обновление сведений о контакте
mysql_query("UPDATE `$system[perfix]_users_konts` SET `new_msg` = '0' WHERE `id_kont` = '$ank[id]' AND `id_user` = '$user[id]' LIMIT 1");
if (isset($_POST['refresh'])){ header("Location: ?id=$ank[id]"); exit;}
// ---------------- В контакт -------------- //
if(isset($_GET['act']) && $_GET['act'] == 'add' && isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"),0)==0){
mysql_query("INSERT INTO `$system[perfix]_users_konts` (`id_user`, `id_kont`, `time`) VALUES ('$user[id]', '$ank[id]', '$time')");
$_SESSION['message'] = 'Контакт добавлен'; header("Location: ?id=$ank[id]");
}
// ---------------- Удл конт -------------- //
if(isset($_GET['act']) && $_GET['act'] == 'del' && isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"),0)==1){
mysql_query("DELETE FROM `$system[perfix]_users_konts` WHERE `id_user` = '$user[id]' && `id_kont` = '$ank[id]'");
$_SESSION['message'] = 'Контакт успешно удален';
header("Location: ?id=$ank[id]");
}
if (isset($_POST['msg']) && $ank['id']!=0){
$msg = check($_POST['msg']);
if (strlen($msg) < 3 or strlen($msg) > 50000)$err[] = 'Сообщение должно быть в пределах 3 - 50 000 символов'; err();
if (!isset($err) && mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_mail` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' AND `time` > '".(time()-360)."' AND `msg` = '$msg'"),0)==0){
// отправка сообщения
mysql_query("INSERT INTO `$system[perfix]_mail` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$ank[id]', '$msg', '".time()."')");
// добавляем в контакты
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"),0)==0)
mysql_query("INSERT INTO `$system[perfix]_users_konts` (`id_user`, `id_kont`, `time`) VALUES ('$user[id]', '$ank[id]', '".time()."')");
// обновление сведений о контакте
mysql_query("UPDATE `$system[perfix]_users_konts` SET `time` = '".time()."' WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'");
$_SESSION['message'] = 'Сообщение успешно отправлено';
header("Location: ?id=$ank[id]");
exit;
}
}
if (isset($_GET['delete']) && $_GET['delete']!='add'){
$mess = mysql_fetch_assoc(mysql_query("SELECT * FROM `$system[perfix]_mail` WHERE `id` = '".num($_GET['delete'])."' limit 1"));
if ($mess['id_user'] == $user['id'] || $mess['id_kont']==$user['id']){
if ($mess['unlink'] != $user['id'] && $mess['unlink'] != 0)
mysql_query("DELETE FROM `$system[perfix]_mail` WHERE `id` = '".num($mess['id'])."'");
else
mysql_query("UPDATE `$system[perfix]_mail` SET `unlink` = '$user[id]' WHERE `id` = '".num($mess['id'])."' LIMIT 1");
$_SESSION['message'] = 'Сообщение удалено';
header("Location: ?id=$ank[id]");
exit;
}
}
if (isset($_GET['delete']) && $_GET['delete']=='add'){
mysql_query("DELETE FROM `$system[perfix]_mail` WHERE `unlink` = '$ank[id]' AND `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]' AND `unlink` = '$ank[id]' ");
mysql_query("UPDATE `$system[perfix]_mail` SET `unlink` = '$user[id]' WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'");
$_SESSION['message'] = 'Сообщения удалены';
header("Location: ?id=$ank[id]");
exit;
}
echo '<div class="menu">';
echo avatar($ank['id'], false, 50). online($ank['id']).' <a href="/?login='.$ank['login'].'">'.$ank['login'].'</a><br />';
echo '<div style="text-align:right">';
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"), 0)==1){
$kont=mysql_fetch_array(mysql_query("SELECT * FROM `$system[perfix]_users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"));
echo '<a href="/user/mail/mail.php?act=del&id='.$ank['id'].'"><buttom class="btn">Из контактов</button></a> ';
}else{
echo ' <a href="/user/mail/mail.php?act=add&id='.$ank['id'].'"><buttom class="btn">В контакт</button></a> ';
}
echo '<a href="mail.php?id='.$ank['id'].'&page='.$page.'&delete=add"><buttom class="btn">Очистить почту</button></a></div>';
echo '</div>';
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `$system[perfix]_mail` WHERE `unlink` != '$user[id]' AND `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]' AND `unlink` != '$user[id]'"),0);
$k_page = k_page($k_post,$set['p_str']);
$page = page($k_page);
$start = $set['p_str']*$page-$set['p_str'];
$q = mysql_query("SELECT * FROM `$system[perfix]_mail` WHERE `unlink` != '$user[id]' AND `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]' AND `unlink` != '$user[id]' ORDER BY id DESC LIMIT $start, $set[p_str]");
if($k_post == 0) echo '<div class="mess">Нет сообщений</div>';
if($k_post > 0){
$post1 = mysql_fetch_array($q);
echo '<div class="mess">';
$avtor1 = mysql_fetch_assoc(mysql_query("SELECT `id`,`login` FROM `$system[perfix]_users` WHERE `id` = '$post1[id_user]'"));
echo online($avtor1['id']).' <a href="/?login='.$avtor1['login'].'">'.$avtor1['login'].'</a> ('.vremja($post1['time']).')';
if ($post1['read']==0)echo ' <font color=red>(не прочитано)</font>';
echo '<br />'.text($post1['msg']);
echo '<div style="text-align:right;">';
echo '<a href="mail.php?id='.$ank['id'].'&page='.$page.'&delete='.num($post1['id']).'"><div id="dark" class="icon-cancel"></div></a>';
echo '</div></div>';
}
if ($ank['id'] !=3 ){
echo "<form method='post' name='message' action='/user/mail/mail.php?id=$ank[id]'>";
panel_bb('textarea');
echo '<textarea id="textarea" name="msg"></textarea><br />
<input type="submit" name="send" value="Отправить" /> '.$Panel.' <a href = "/user/mail/mail.php?id='.$ank['id'].'&refresh='.rand(1,9999).'"><span style="float:right"><div id="dark" class="icon-spinner2"></div></span></a>
</form>';
}
while ($post = mysql_fetch_array($q)){
$ank2 = get_user($post['id_user']);
echo '<div class="mess">';
if ($ank2 && $ank2['id']){
echo online($ank2['id']).' <a href="/?login='.$ank2['login'].'">'.$ank2['login'].'</a>';
echo ' ('.vremja($post['time']).')<br />';
}else if ($ank2['id']==0){
echo "<b>Система</b>n";
echo ' ('.vremja($post['time']).')';
}else{
echo '[Удален!]';
echo ' ('.vremja($post['time']).')';
}
if ($post['read']==0)echo '<font color=red>(не прочитано)</font><br />';
echo text($post['msg']);
echo '<div style="text-align:right;">';
echo '<a href="mail.php?id='.$ank['id'].'&page='.$page.'&delete='.num($post['id']).'"><div id="dark" class="icon-cancel"></div></a>';
echo '</div></div>';
}
if ($k_page>1)str("mail.php?id=$ank[id]&",$k_page,$page); // Вывод страниц
echo '<div class="navig">'.$home. $z.'<a href="/user/mail/konts.php">Контакты</a>'.$z. $set['title'].'</div>';
require_once H.'core/foot.php';
?>