Файл: data/postread2.dat.php
Строк: 127
<?
print '<div class="spiski"><div class="zagolovok">Отправка почты</div><div class="line"></div><ul>';
if ($_GET['go'] == 'post')
{
if (isset($_POST['log']))
{
include "./phpfile/post.php" ;
exitt($row, $opredelenie) ;
}
@$pers = htmlspecialchars($_GET['pers']) ;
print "
<div class="chat_conteiner">
<form action=88.php?go=post method=post>
Имя:<br><input class=x_text type=text1 name=log value=" . htmlspecialchars($pers) .
"><br>
Текст письма:<br><textarea class=x_text name=text rows=3 cols=20></textarea><br>
<input type=submit class=select value=Отправить></p>
</form></div>
<li><a href=88.php?go=gift&imia=" . htmlspecialchars($pers) . ">Подарить подарок</a></li>
<li><a href=88.php?go=drugd&imia=" . htmlspecialchars($pers) . ">В друзья</a></li>
<li> <a href=88.php?go=nedrugd&imia=" . htmlspecialchars($pers) . ">В черный список</a></li>
<li> <a href=88.php?go=posilka&pers=" . htmlspecialchars($pers) . ">Отправить посылку</a></li>
<li><a href=88.php?go=zoloto&pers=" . htmlspecialchars($pers) . ">Перевод золота</a></li>
" ;
exitt($row, $opredelenie) ;
}
$g = 3 ;
///////////////////////////////////////////////////////
mysql_query("UPDATE `table1` SET `pismo`='0'WHERE `name`='" .
mysql_real_escape_string($opredelenie) . "';") or die(mysql_error()) ;
if (isset($_GET['del']))
{$rm=mysql_query("SELECT *
FROM `post` WHERE `id`='" .
mysql_real_escape_string($_GET['del']) . "'");
$rm=mysql_fetch_assoc($rm);
if($rm['otkogo']==$opredelenie){
mysql_query(" UPDATE `post` SET `name2` = '1' WHERE `id` = '" .
mysql_real_escape_string($_GET['del']) . "' ") ;
print "<div class="style_mess_no">Сообщение удалено!<li><a href=88.php?go=postread&otr=".$rm['otkogo']."&otrt=".$rm['name']."&ot>Назад</a></li></div>";exitt($row,$opredelenie) ;
}else{
mysql_query(" UPDATE `post` SET `name1` = '1' WHERE `id` = '" .
mysql_real_escape_string($_GET['del']) . "' ") ;;}
;
}
if (isset($_GET['poluchit']))
{
$tx = mysql_real_escape_string($_GET['poluchit']) ;
$tx = htmlspecialchars($_GET['poluchit']) ;
mysql_query("UPDATE `rukzak` SET `odeto`='0' WHERE `time`='" .
mysql_real_escape_string($tx) . "' and `name`='" . mysql_real_escape_string($opredelenie) .
"' ") or die(mysql_error()) ;
mysql_query("UPDATE `post` SET `polyc`='0' WHERE `name`='" .
mysql_real_escape_string($opredelenie) . "'AND `polyc`='" .
mysql_real_escape_string($tx) . "';") or die(mysql_error()) ;
print "<div class="style_mess_yes">Вы получили посылку<li><a href=88.php?go=rukzak >Рюкзак</a></li></div>" ;
exitt($row, $opredelenie) ;
}
if(isset($_GET['ot'])){
if (isset($_GET['otr'])){
$rm=mysql_query("SELECT *
FROM `post` WHERE `name`='". mysql_real_escape_string($_GET['otr'])."'and `otkogo`='". mysql_real_escape_string($_GET['otrt'])."'");
$rm=mysql_fetch_assoc($rm);
;}else{
$rm=mysql_query("SELECT *
FROM `post` WHERE `id`='". mysql_real_escape_string($_GET['ot'])."'");
$rm=mysql_fetch_assoc($rm);}
$query_count= "SELECT *
FROM `post` WHERE ( `name`='" . mysql_real_escape_string($opredelenie) .
" ' and `otkogo`='". mysql_real_escape_string($rm['otkogo'])."'and `name1` = '0')or(`name`='" . mysql_real_escape_string($rm['otkogo']) .
" ' and `otkogo`='".$opredelenie."'and `name2` = '0') order by `date` DESC
" ;
mysql_query(" UPDATE `post` SET `prochitano` = '0' WHERE `otkogo`='".$rm['otkogo']."'and `name`='$opredelenie' ") ;
mysql_query("UPDATE `post` SET `pro`='0'WHERE `otkogo`='".$rm['otkogo']."'and `name`='$opredelenie' ") or die(mysql_error()) ;
include "./dvig/stranic.php" ;
$Str = new Stran ;
$query_count = "SELECT COUNT(*) AS `counter`
FROM `post` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"' and `name1`='0' " ;
$page = $Str->skoka_stran($query_count) ;
if ($page == 0)
{
print '<div class="style_mess_no">Почты нет!</div>' ;
exitt($row, $opredelenie) ;
}
$start = $Str->start ;
$nums = $Str->nums ;
$sql =mysql_query( "SELECT *
FROM `post` WHERE ( `name`='" . mysql_real_escape_string($opredelenie) .
" ' and `otkogo`='". mysql_real_escape_string($rm['otkogo'])."'and `name1` = '0')or(`name`='" . mysql_real_escape_string($rm['otkogo']) .
" ' and `otkogo`='".$opredelenie."'and `name2` = '0') order by `date` DESC
LIMIT " . mysql_real_escape_string($start) . ", " .
mysql_real_escape_string($nums) . "") ;
while ($row = mysql_fetch_assoc($sql))
{
print '<li>
';
$ttt = date('j-n-Y G:i:s ', $row['date']) ;
echo "<b><a href=88.php?go=post&pers=" . htmlspecialchars($row['otkogo']) . ">" .
htmlspecialchars($row['otkogo']) . "</a> " . htmlspecialchars($ttt) .
"</B> <br>
" .$row['text']. "
<br>" ;
if ($row['polyc'] !== '0')
{
$arr = unserialize($row['name_pos']) ;
$k = sizeof($arr) ;
$a = 0 ;
$r = array_values($arr) ;
while ($a < $k)
{
$query = "SELECT *
FROM `rukzak` WHERE `idrukzak`='" . mysql_real_escape_string($r[$a]) .
"'
" ;
$sql = mysql_query($query) or die(mysql_error()) ;
$roww = mysql_fetch_array($sql) ;
print " " . htmlspecialchars($roww['nazvanie']) . ", " ;
$a++ ;
;
}
print "<br><a href=88.php?go=postread&poluchit=" . htmlspecialchars($row['polyc']) .
">Получить</a>___ <br>" ;
}
print "<a href=88.php?go=postread&ot=".$row['id']."&del=" . htmlspecialchars($row['id']) .
">[X]</a><br>" ;
print ' </li>' ;
}
$get = $_GET['go']."&ot=".$_GET['ot'] ;
echo '<li>'; $Str->vivod_stran($page, $get) ;echo('</li>');
;}else{
if(isset($_GET['deleteall'])){
mysql_query("update post set vid='1' where `name` ='$opredelenie'and otkogo='".mysql_real_escape_string($_GET['deleteall'])."' ")
;}
$query = "SELECT *
FROM `post`
WHERE `name` ='$opredelenie' and vid='0'
ORDER BY `date` DESC " ;
$sql = mysql_query($query) or die(mysql_error()) ;
$i=1;$s=array();
while ($row = mysql_fetch_assoc($sql))
{
if (array_search($row['otkogo'], $s)===FALSE)
{
print '<li>
';
print "$i. <a href=88.php?go=postread&ot=".$row['id'].">".$row['otkogo']."</a>";if($row['prochitano']==1){print"[+]";}
print"<br>";
print ' <a href=88.php?go=postread&deleteall='.$row["otkogo"].'>[X]</a>' ;
print'</li>' ;;$s[]=$row['otkogo'];
$i++ ;} }
;}
exitt($row,$opredelenie);
?>