Файл: mail.php
Строк: 327
<?
include_once 'sys/inc/start.php';
include_once 'sys/inc/compress.php';
include_once 'sys/inc/sess.php';
include_once 'sys/inc/home.php';
include_once 'sys/inc/settings.php';
include_once 'sys/inc/db_connect.php';
include_once 'sys/inc/ipua.php';
include_once 'sys/inc/fnc.php';
include_once 'sys/inc/user.php';
only_reg();
if ((!isset($_SESSION['refer']) || $_SESSION['refer']==NULL)
&& isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!=NULL &&
!ereg('mail.php',$_SERVER['HTTP_REFERER']))
$_SESSION['refer']=str_replace('&','&',ereg_replace('^http://[^/]*/','/', $_SERVER['HTTP_REFERER']));
if (isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '".intval($_GET['id'])."'"),0)==1)
{
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = ".intval($_GET['id'])." LIMIT 1"));
$set['title']='Почта: '.$ank['nick'];
include_once 'sys/inc/thead.php';
title();
if ($user['id']!=$ank['id'] && $ank['autorization']==1 &&
mysql_result(mysql_query("SELECT COUNT(*) FROM `konts_aut` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' AND `aut` = 'ok'"), 0)==0)
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `konts_aut` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' AND `aut` = 'ignor'"), 0)==1)
{
$err[]='Пользователь обитателем Вам писать к нему в приват';
}
else
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `konts_getaut` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"), 0)==1)
{
msg("Ожидание подтверждения авторизации");
}
elseif(isset($_POST['getaut']) && isset($_SESSION['chislo']) && isset($_POST['chislo']))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `konts_aut` WHERE `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'"), 0)==0)
{
mysql_query("INSERT INTO `konts_aut` (`id_user`, `id_kont`, `aut`) VALUES ('$ank[id]','$user[id]', 'ok')");
}
else
{
mysql_query("UPDATE `konts_aut` SET `aut` = 'ok' WHERE `id_user`='$ank[id]' AND `id_kont`='$user[id]' LIMIT 1");
}
$msg="Пользователь $user[nick] запросил авторизациюn";
if (isset($_POST['msg']))
{
$msg2=$_POST['msg'];
if (isset($_POST['translit']) && $_POST['translit']==1)$msg2=translit($msg2);
if (strlen2($msg2)<1024 && strlen2($msg2)>2)
$msg.="Причина:n".$msg2;
}
$msg=mysql_real_escape_string($msg);
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$ank[id]', '$msg', '$time')");
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `konts` WHERE `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'"), 0)==0)
{
mysql_query("INSERT INTO `konts` (`id_kont`, `id_user`, `time`) values('$user[id]', '$ank[id]', '$time')");
}
if ($user['id']!=$ank['id'] && mysql_result(mysql_query("SELECT COUNT(*) FROM `konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"), 0)==0)
{
mysql_query("INSERT INTO `konts` (`id_user`, `id_kont`, `time`) values('$user[id]', '$ank[id]', '$time')");
msg(""$ank[nick]" добавлен в ваш список контактов");
}
mysql_query("UPDATE `konts` SET `time` = '$time' WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'");
mysql_query("INSERT INTO `konts_getaut` (`id_user`, `id_kont`, `time`) VALUES ('$user[id]', '$ank[id]', '$time')");
msg("Авторизация успешно запрошена");
}
else
msg("Для общения с этим обитателем необходима авторизация");
}
err();
aut();
if (!isset($err)){
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `konts_getaut` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"), 0)==0)
{
echo "<form method="post" name='message' action="mail.php?id=$ank[id]">n";
echo "Причина авторизации:<br />n<textarea name="msg"></textarea><br />n";
if ($user['set_translit']==1)echo "<input type="checkbox" name="translit" value="1" /> Транслит<br />n";
echo "<img src="/guest/img.php?".SID."" width="100" height="30" alt="Проверочное число"/><br />n<input name="chislo" size="5" maxlength="5" value="" type="text" /><br/>n";
echo "<input value="Запросить авторизацию" name='getaut' type="submit" />n";
echo "</form>n";
}
}
echo "<div class='foot'>n";
echo "«<a href="/mail.php">Контакты</a><br />n";
if(isset($_SESSION['refer']) && $_SESSION['refer']!=NULL && otkuda($_SESSION['refer']))
echo "«<a href='$_SESSION[refer]'>".otkuda($_SESSION['refer'])."</a><br />n";
echo "«<a href='umenu.php'>Мое меню</a><br />n";
echo "</div>n";
include_once 'sys/inc/tfoot.php';
}
mysql_query("UPDATE `mail` SET `read` = '1' WHERE `id_kont` = '$user[id]' AND `id_user` = '$ank[id]' AND `read` = '0'");
if (isset($_POST['msg']))
{
$msg=$_POST['msg'];
if (isset($_POST['translit']) && $_POST['translit']==1)$msg=translit($msg);
if (strlen2($msg)>1024)$err='Сообщение превышает 1024 символа';
if (strlen2($msg)<2)$err='Слишком короткое сообщение';
if (!isset($err) && mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' AND `msg` = '".mysql_escape_string($msg)."' LIMIT 1"),0)==0)
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `konts` WHERE `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'"), 0)==0)
{
mysql_query("INSERT INTO `konts` (`id_kont`, `id_user`, `time`) values('$user[id]', '$ank[id]', '$time')");
}
$msg=mysql_escape_string($msg);
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$ank[id]', '$msg', '$time')");
mysql_query("UPDATE `konts` SET `time` = '$time' WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'");
mysql_query("UPDATE `user` SET `ball_mail` = '".($user['ball_mail']+1)."' WHERE `id` = '$user[id]' LIMIT 1");
msg('Сообщение успешно отправлено');
/*
aut();
header("Refresh: 2; url=/mail.php?id=$ank[id]&".SID);
echo "<div class="foot">n";
echo "»<a href="/mail.php?id=$ank[id]" title='К сообщениям'>К сообщениям</a><br />n";
echo "«<a href="/mail.php" title='Вернуться в контакты'>Контакты</a><br />n";
if(isset($_SESSION['refer']) && $_SESSION['refer']!=NULL && otkuda($_SESSION['refer']))
echo "«<a href='$_SESSION[refer]'>".otkuda($_SESSION['refer'])."</a><br />n";
echo "«<a href='umenu.php'>Мое меню</a><br />n";
echo "</div>n";
include_once 'sys/inc/tfoot.php';
*/
//mysql_query("UPDATE `user` SET `balls` = '".($user['balls']+1)."' WHERE `id` = '$user[id]' LIMIT 1");
}
}
aut();
if ($user['id']!=$ank['id'] && mysql_result(mysql_query("SELECT COUNT(*) FROM `konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"), 0)==0)
{
mysql_query("INSERT INTO `konts` (`id_user`, `id_kont`, `time`) values('$user[id]', '$ank[id]', '$time')");
msg(""$ank[nick]" добавлен в ваш список контактов");
}
if (isset($_GET['spam']) )
{
$q=mysql_fetch_array(mysql_query("SELECT * FROM `mail` WHERE `id` = '".intval($_GET['idd'])."' LIMIT 1"));
$msgrat="[b]$user[nick][/b]|$q[msg]|От: http://$_SERVER[HTTP_REFERER]/info.php?id=$q[id_user]";
mysql_query("INSERT INTO `spamus` (`id_user`, `id_kont`, `msg`, `time`) values('0', '1', '$msgrat', '$time')");
msg("Вы уведомили администрацию о спаме. Спасибо");
}
if (isset($_GET['aut']) )
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `konts_aut` WHERE `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'"), 0)==0)
{
mysql_query("INSERT INTO `konts_aut` (`id_user`, `id_kont`, `aut`) VALUES ('$ank[id]','$user[id]', 'ok')");
}
else
{
mysql_query("UPDATE `konts_aut` SET `aut` = 'ok' WHERE `id_user`='$ank[id]' AND `id_kont`='$user[id]' LIMIT 1");
}
$msg="Авторизация одобрена";
$msg=mysql_escape_string($msg);
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$ank[id]', '$msg', '$time')");
mysql_query("DELETE FROM `konts_getaut` WHERE `id_kont` = '$user[id]' AND `id_user` = '$ank[id]' LIMIT 1");
mysql_query("DELETE FROM `konts_getaut` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' LIMIT 1");
msg('Контакт успешно авторизован');
}
err();
echo "<div class='str2'><a href='/mail.php?id=$ank[id]'.$passgen.''>Обновить</a> | <a href='/smiles/'>Смайлы</a> | <a href="/mail.php">Контакты</a></div>";
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
if ($k_post==0)
{
echo "<div class='rowup'>Нет сообщений</div>n";
}
$q=mysql_query("SELECT * FROM `mail` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]' ORDER BY id DESC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_array($q))
{
$ank2=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = $post[id_user] LIMIT 1"));
if($num==1){
echo "<div class='frends'>";
$num=0;
}else{
echo "<div class='frends2'>";
$num=1;}
avatar2($ank2['id']);
echo "<br />";
echo "".online($ank2['id'])." ";
echo "<a href="/info.php?id=$ank2[id]"><span style="color:$ank2[ncolor]">$ank2[nick]</span></a>n";
echo "[".vremja($post['time'])."]n";
if ($post['read']==0)echo "(не прочитано)n";
echo "<br/>[<a href="/mail.php?id=$ank[id]&spam&idd=$post[id]">Это спам</a>]n";
echo "<br />n";
echo "<span style="color:$ank2[color]">n";
echo trim(br(bbcode(smiles(links(stripcslashes(htmlspecialchars($post['msg'])))))))."<br />n";
echo "<a href='delete.php?id=$post[id]'>Удалить</a><br />n";
echo "</span>n";
echo "</div>n";
}
if ($k_page>1)str("mail.php?id=$ank[id]&",$k_page,$page); // Вывод страниц
echo "<form method="post" name='message' action="mail.php?id=$ank[id]">n";
if ($set['web'] && is_file(H.'style/themes/'.$set['set_them'].'/altername_post_form.php'))
include_once H.'style/themes/'.$set['set_them'].'/altername_post_form.php';
else
echo "Сообщение:<br />n<textarea name="msg"></textarea><br />n";
if ($user['set_translit']==1)echo "<input type="checkbox" name="translit" value="1" /> Транслит<br />n";
echo "<input value="Отправить" type="submit" />n";
echo "</form>n";
if ($user['id']!=$ank['id'] && $user['autorization']==1 &&
mysql_result(mysql_query("SELECT COUNT(*) FROM `konts_aut` WHERE `id_kont` = '$user[id]' AND `id_user` = '$ank[id]' AND `aut` = 'ok'"), 0)==0)
{
echo "<a href="/mail.php?id=$ank[id]&aut">Авторизовать</a><br />n";
}
include_once 'sys/inc/tfoot.php';
}
$set['title']='Мои контакты';
include_once 'sys/inc/thead.php';
title();
if (isset($_GET['delete']) && is_numeric($_GET['delete']))
{
mysql_query("UPDATE `mail` SET `read` = '1' WHERE `id_kont` = '$user[id]' AND `id_user` = '".intval($_GET['delete'])."' AND `read` = '0'");
mysql_query("DELETE FROM `konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '".intval($_GET['delete'])."' LIMIT 1");
mysql_query("DELETE FROM `konts_aut` WHERE `id_kont` = '$user[id]' AND `id_user` = '".intval($_GET['delete'])."' LIMIT 1");
mysql_query("OPTIMIZE TABLE `konts`");
msg('Контакт успешно удален');
}
aut();
$k_konts=mysql_result(mysql_query("SELECT COUNT(*) FROM `konts` WHERE `id_user` = '$user[id]'"), 0);
if ($k_konts==0)
{
echo "<div class='rowup'>Нет контактов</div>n";
}
$k_page=k_page($k_konts,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
$q = mysql_query("SELECT * FROM `konts` WHERE `id_user` = '$user[id]' ORDER BY `time` DESC LIMIT $start, $set[p_str]");
while ($konts = mysql_fetch_array($q))
{
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = $konts[id_kont] LIMIT 1"));
if($num==1){
echo "<div class='frends'>";
$num=0;
}else{
echo "<div class='frends2'>";
$num=1;}
avatar2($ank['id']);
echo "<br />";
echo "".online($ank['id'])." ";
echo "<img src='/style/papka/user/$ank[pol].png' alt='' /> ";
echo "<a href="/mail.php?id=$ank[id]">$ank[nick]</a>n";
echo '<span style="font-size:small">('.mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'"), 0);
echo '/<font color=red>';
echo mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id_kont` = '$user[id]' AND `id_user` = '$ank[id]' AND `read` = '0'"), 0).'</font>)</span><br />';
//echo "<a href="/info.php?id=$ank[id]">Анкета</a><br />n";
echo "</div>n";
}
if ($k_page>1)str("mail.php?",$k_page,$page); // Вывод страниц
include_once 'sys/inc/tfoot.php';
?>