Файл: mail.php
Строк: 190
<?php
require 'sys/sid.php';
require 'sys/config.php';
include 'sys/user.php';
include 'sys/head.php';
include 'sys/navigator.php';
visit(0, 'privat');
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do)
{
/*
* Очистка всех писем
*/
case del_all:
$P = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]'");
if (mysql_num_rows($P) == 0) {
err('Нечего чистить!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]'";
if (mysql_query($del)) {
header('Location: mail.php?clean_ok');
} else {
err('Произошла ошибка!');
}
}
echo '« <a href="mail.php">Вернуться</a>';
break;
/*
* Удаление сообщения
*/
case del:
$x = number($_GET['x']);
$P = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `id` = '$x' LIMIT 1");
if (mysql_num_rows($P) == 0) {
err('Ошибка!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `id` = '$x' LIMIT 1";
if (mysql_query($del)) {
header('Location: mail.php?del_ok');
} else {
err('Произошла ошибка!');
}
}
echo '« <a href="mail.php">Вернуться</a>';
break;
/*
* Новое сообщение/Ответ
*/
case send:
$expl = explode('_', char($_SERVER['HTTP_REFERER'], 0));
echo '<form method="post" action="send_ok">
<label>Кому (правитель):</label><br/>
<input type="text" name="nick" value="'.$expl[1].'"/>
<br/>
<label>Сообщение:</label><br/>
<textarea name="message" cols="20" rows="4"></textarea>
<br/>
<input type="submit" name="send" value="Отправить"/>
</form>
« <a href="mail.php">Вернуться</a>';
break;
/*
* Отправка сообщения
*/
case send_ok:
$nick = trim(mysql_real_escape_string(char($_POST['nick'], 0)));
$message = trim(mysql_real_escape_string(char($_POST['message'], 0)));
if (isset($_POST['next']))
{
$code = number($_POST['code']);
if ($_SESSION['SendCaptcha'] != $code)
{
err('Неверный проверочный код!');
}
else
{
unset($_SESSION['SendTimeOut']);
unset($_SESSION['SendCaptcha']);
header('Location: send_ok');
}
}
if (!isset($_SESSION['SendTimeOut'])) $_SESSION['SendTimeOut'] = 0;
if ($_SESSION['SendTimeOut'] > $rtime)
{
$_SESSION['SendCaptcha'] = mt_rand(100, 999);
echo '<form method="post" action="send_ok">
Введите код: <b>' . captcha($_SESSION['SendCaptcha']) . '</b><br/>
<input type="text" name="code" size="3"/>
<input type="hidden" name="nick" value="' . $nick . '"/>
<input type="hidden" name="message" value="' . $message . '"/>
<input type="submit" name="next" value="ok"/>
</form>';
include_once 'sys/foot.php';
exit();
}
$ctrl = mysql_query("SELECT id FROM users WHERE nick = '$nick' LIMIT 1");
if (mysql_num_rows($ctrl) == false)
{
err('Получатель не найден!');
include 'sys/foot.php';
exit();
}
if (mb_strtolower($nick, 'UTF-8') == mb_strtolower($user['nick'], 'UTF-8'))
{
err('Зачем себе писать?');
include 'sys/foot.php';
exit();
}
if (ignor(user($nick, 'id'), $user['id']) == 1)
{
err('Ты находишься в черном списке у этого человека');
include 'sys/foot.php';
exit();
}
if (empty($message))
{
err('Пустое поле сообщения!');
}
else
{
$send_1 = "INSERT INTO `letters` (`id`, `who`, `idwho`, `message`, `data`, `read`, `mod`)
VALUES ('" . mt_rand(1000000, 9999999) . "', '" . $user['id'] . "', '" . user($nick, 'id') . "', '$message', '$rtime', '0', 'i')";
$send_2 = "INSERT INTO `letters` (`id`, `who`, `idwho`, `message`, `data`, `read`, `mod`)
VALUES ('" . mt_rand(1000000, 9999999) . "', '" . user($nick, 'id') . "', '" . $user['id'] . "', '$message', '$rtime', '1', 'o')";
if (mysql_query($send_1) && mysql_query($send_2)) {
header('Location: lookmail_' . $nick);
} else {
err('Произошла ошибка при отправке!');
}
}
$_SESSION['SendTimeOut'] = $rtime + 10;
echo '« <a href="mail.php">Вернуться</a><br/>';
break;
/*
* Просмотр истории переписки
*/
case view:
$adr = char($_GET['adr'], 0);
$_test = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '".user($adr, 'id')."'");
if (mysql_num_rows($_test) == FALSE)
{
header('Location: /');
die();
}
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '".user($adr, 'id')."'"), 0);
$n = new navigator($all, 10, 'lookmail'.$adr.'&');
$read = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '".user($adr, 'id')."' ORDER BY `data` DESC {$n->limit}");
if ($all != false)
{
echo '<form method="post" action="mail.php?do=send_ok" name="form">
<textarea name="message" cols="20" rows="4"></textarea>
<br/>
<input type="hidden" name="nick" value="'.$adr.'"/>
<input type="submit" name="sendmsg" value="Отправить"/>
</form>' . separator;
while($ot = mysql_fetch_assoc($read))
{
$your = mysql_fetch_array(mysql_query("SELECT `id`, `read` FROM `letters` WHERE
`idwho` = '$ot[who]'
AND
`who` = '$user[id]'
AND
`mod` = 'i'
AND
`id` = '" . ($ot['id'] - 1) . "'"));
if ($ot['idwho'] == $user['id'] && $ot['mod'] == 'o')
{
$WHO = '<b>Я</b> -> ' . user($ot['who'], 'nick');
$bl = '';
$del = '<a href="delmail'.$ot['id'].'">[X]</a>';
}
elseif ($ot['idwho'] == $user['id'] && $ot['mod'] == 'i')
{
$WHO = user($ot['who'], 'nick') . ' -> <b>Я</b>';
$bl = '[<a href="blackmail_'.user($ot['who'], 'nick').'">В игнор</a>]';
$del = '<a href="delmail'.$ot['id'].'">[X]</a>';
}
if ($ot['read'] == 0) $NoRead = ' <span style="color:#FF3030;">(new!)</span>';
else $NoRead = '';
echo $WHO . $NoRead . '
<br/>
(' . timeAgo($ot['data']) . ')
<br/>
' . smiles($ot['message'], 0) . '
<br/>
' . $bl . $del . '<div style="border: 1px #CCC dotted;"></div>';
}
echo $n->navi();
} else {
echo 'История переписки пуста!<br/>';
}
/////////////////////
mysql_query("UPDATE `letters` SET `read` = '1' WHERE `idwho` = '$user[id]' AND `who` = '".user($adr, 'id')."'");
/////////////////////
echo '« <a href="mail.php">Вернуться</a>';
break;
case in:
if (isset($_GET['clean_ok'])) msg('История очищена!');
if (isset($_GET['del_ok'])) msg('Сообщение удалено!');
$_count = mysql_num_rows(mysql_query("SELECT id FROM `letters` WHERE `idwho` = '$user[id]' AND who != '0' GROUP BY who"));
if ($_count != FALSE)
{
$n = new navigator($_count, 10, 'mail_in&');
$_read = mysql_query("SELECT who AS w,
(SELECT COUNT(*) FROM `letters` WHERE
`read` = '0'
AND
`idwho` = '$user[id]'
AND
`who` = w) AS n,
(SELECT COUNT(*) FROM `letters` WHERE
`read` = '1'
AND
`idwho` = '$user[id]'
AND
`who` = w) AS a
FROM `letters` WHERE `idwho` = '$user[id]' AND who != '0' GROUP BY who ORDER BY MIN(`read`), MAX(data) DESC {$n->limit}");
while($_r = mysql_fetch_assoc($_read))
{
######
echo '<form method="post" action="mail_in">';
######
$d = ' <a href="xallmail_'.user($_r['w'], 'nick').'">[X]</a>';
echo 'От: <a href="lookmail_'.user($_r['w'], 'nick').'">' . user($_r['w'], 'nick') . ' (' . $_r['n'] . '/' . $_r['a'] . ')</a>
<input type="checkbox" name="block[]" value="'.$_r['w'].'"/>' . $d . '<br/>';
######
}
######
echo $n->navi();
} else {
echo 'Почта пуста!<br/>';
}
if (isset($_POST['submitForm']))
{
if (empty($_POST['block']))
{
header('Location: mail_in');
die();
}
if ($_POST['d'] == 1) {
foreach($_POST['block'] as $value) {
mysql_query("DELETE FROM `letters` WHERE `who` = '$value' AND `idwho` = '$user[id]' AND who != '0");
header('Location: mail_in');
}
}
}
if (isset($_GET['delete_from']))
{
$who = number($_GET['who']);
mysql_query("DELETE FROM `letters` WHERE `who` = '$who' AND `idwho` = '$user[id]' AND who != '0'");
header('Location: mail_in');
}
echo '
<select name="d">
<option value="0">с отмеченными</option>
<option value="1">удалить</option>
</select>
<input type="submit" name="submitForm" value="OK"/>
</form>
' . ($_count != 0 ? '<a href="mail_all">Очистить историю</a><br/>' : '<br/>');
break;
case event:
if (isset($_GET['clean']))
{
mysql_query("DELETE FROM letters WHERE who = '0' AND idwho = '$user[id]'");
header('location: mail_event');
}
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '0'"), 0);
$n = new navigator($all, 10, 'mail_event&');
$read = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '0' ORDER BY `data` DESC {$n->limit}");
if ($all != false)
{
while($ot = mysql_fetch_assoc($read))
{
$your = mysql_fetch_array(mysql_query("SELECT `id`, `read` FROM `letters` WHERE
`idwho` = '0'
AND
`who` = '$user[id]'
AND
`mod` = 'i'
AND
`id` = '" . ($ot['id'] - 1) . "'"));
if ($ot['read'] == 0) $NoRead = ' <span style="color:#FF3030;">(new!)</span>';
else $NoRead = '';
echo $NoRead . '
<img src="images/time.png" alt=""/> <span style="color:#cb7c00;">' . timeAgo($ot['data']) . ' назад</span>
<br/>
' . smiles($ot['message'], 0) . '
<br/>
<a href="delmail'.$ot['id'].'">[X]</a>
<div style="border: 1px #CCC dotted;"></div>';
}
echo $n->navi();
} else {
echo 'Нет событий!<br/>';
}
/////////////////////
mysql_query("UPDATE `letters` SET `read` = '1' WHERE `idwho` = '$user[id]' AND `who` = '0'");
/////////////////////
if ($all >= 5) echo '<br/><a href="mail_event&clean">Очистить</a><br/>';
echo ($all < 5) ? '<br/>' : '';
echo '« <a href="mail.php">Вернуться</a>';
break;
/*
* Список контактов
*/
default:
if (isset($_GET['clean_ok'])) msg('Очищено!');
if (isset($_GET['del_ok'])) msg('Удалено!');
$newMail = mysql_result(mysql_query("SELECT COUNT(*) FROM `letters` WHERE `idwho` = '$user[id]' AND `read` = '0' AND who != '0'"), 0);
$newEvent = mysql_result(mysql_query("SELECT COUNT(*) FROM `letters` WHERE `idwho` = '$user[id]' AND `read` = '0' AND who = '0'"), 0);
$newM = ($newMail != 0) ? '<span style="color:#FF3030;">+' . $newMail . '</span>' : NULL;
$newE = ($newEvent != 0) ? '<span style="color:#FF3030;">+' . $newEvent . '</span>' : NULL;
echo '<a href="send"><u>Написать сообщение</u></a><br/><br/>';
echo '<img src="images/mail_in.png" alt=""/> <a href="mail_in">Входящие</a>' . $newM . '<br/>
<img src="images/mail_event.png" alt=""/> <a href="mail_event">Архив событий</a>' . $newE . '<br/>
<img src="images/mail_top.png" alt=""/> <a href="news.php">Новости</a><br/>
<img src="images/logout.png" alt=""/> <a href="black.php">Игноры</a><br/>
<br/>
<a href="/">На главную</a>';
break;
}
include 'sys/foot.php';
?>