Файл: mail.php
Строк: 94
<?php
/*ANDREY69RUS*/ define('cms', 1);
require_once 'core.php';
if ($user)
{
Error_Reporting(E_ALL & ~E_NOTICE);
$u = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user."'"));
echo '<div class="menu">Почта</div>';
echo '<div class="pt">';
switch ($_GET['a'])
{
default:
echo '<img src="./img/feather.png" alt=*> <a href="?a=create">Написать письмо</a><br />';
echo '<img src="./img/message_incoming.png" alt=*> <a href="?a=in">Входящие</a><br />';
echo '<img src="./img/message_outgoing.png" alt=*> <a href="?a=out">Исходящие</a><br />';
echo '<img src="./img/attention_gold.png" alt=*> <a href="?a=no_read">Непрочитаные</a><br />';
break;
case 'in':
include('navigation.php');
$all_in = mysql_result(mysql_query("select count(*) from `mail`"),0);
if ($all_in == 0) {echo 'Нет писем.';}
else
{
$newlist = new mail_in($all_in, 5, true);
$query = mysql_query("select * from `mail` WHERE `in` = '$user' order by `id` asc limit ". $newlist->limit().";");
while($res = mysql_fetch_assoc($query))
{
$ot_kogo = $id_user = mysql_fetch_array(mysql_query("SELECT `login` FROM `users` WHERE `id` = '".$res['out']."'"));
echo '<a href="?a=mail&id='.$res['id'].'">От '.$ot_kogo['login'].' ['.$res['time'].']</a><br />';
}echo '<br />';
echo $newlist->back_forward_links();
}
echo '<div class="lin"></div><a href="./mail.php">Назад</a>';
break;
case 'out':
include('navigation.php');
$all_out = mysql_result(mysql_query("select count(*) from `mail` WHERE `out` = '$user'"),0);
if ($all_out == 0) {echo 'Нет писем.';}
else
{
$newlist = new mail_out($all_out, 5, true);
$query = mysql_query("select * from `mail` WHERE `out` = '$user' order by `id` asc limit ". $newlist->limit().";");
while($res = mysql_fetch_assoc($query))
{
$komu = $id_user = mysql_fetch_array(mysql_query("SELECT `login` FROM `users` WHERE `id` = '".$res['in']."'"));
echo '<a href="?a=mail&id='.$res['id'].'">Для '.$komu['login'].' ['.$res['time'].']</a><br />';
}echo '<br />';
echo $newlist->back_forward_links();
}
echo '<div class="lin"></div><a href="./mail.php">Назад</a>';
break;
case 'no_read':
$num = mysql_result(mysql_query("select count(*) from `mail` WHERE `read` = 1 AND `in` = $user"),0);
if ($num == 0) {echo 'Непрочитанных сообщений нет!';}
else {
$query = mysql_query("select * from `mail` WHERE `read` = 1 AND `in` = $user order by `id` DESC;");
while($res = mysql_fetch_assoc($query))
{
$ot_kogo = $id_user = mysql_fetch_array(mysql_query("SELECT `login` FROM `users` WHERE `id` = '".$res['out']."'"));
echo '<a href="?a=mail&id='.$res['id'].'">От '.$ot_kogo['login'].' ['.$res['time'].']</a><br />';
}
}
echo '<div class="lin"></div><a href="./mail.php">Назад</a>';
break;
case 'create':
$m = mysql_fetch_array(mysql_query("SELECT `last_leter` FROM `mail` WHERE `out` = '$user'"));
$last_time = time()-$m['last_leter'];
if ($last_time > 25)
{
if (isset($_POST['submit']))
{
$to = (!empty($_POST['to']) ? $_POST['to'] : false);
$massage = (!empty($_POST['massage']) ? $_POST['massage'] : false);
if ($to && $massage)
{
$error = '';
$l = mysql_fetch_array(mysql_query("SELECT `id` FROM `users` WHERE `login` = '$to'"));
if (empty($l['id'])) $error .= 'Данного игрока не существует<br/>';
if (mb_strlen($to) < 4 || mb_strlen($to) > 20) $error .= 'Неверная длина логина<br/>';
if (mb_strlen($massage) < 4 || mb_strlen($massage) > 1000) $error .= 'Неверная длина сообщения<br/>';
if(!preg_match('/^[a-z0-9а-яґіїё_ -]{4,}$/iu', $to)) $error .='В логине есть запрещеные символы!<br />';
if (empty($error))
{
$id_user = mysql_fetch_array(mysql_query("SELECT `id` FROM `users` WHERE `login` = '$to'"));
mysql_query("INSERT INTO `mail` SET `in` = '".$id_user['id']."',
`out` = '$user',
`massage` = '".htmlspecialchars($massage)."',
`read` = '1',
`time` = '".date("H:i")."',
`last_leter` = '".time()."';");
echo 'Сообщение игроку '.$to.' успешно отправленно!';
} else echo '<b>Вы допустили следующие ошибки:</b><br />'.$error;
} else echo '<b>Вы заполнили не все поля</b><br />';
}
echo '<form method="post" action="">
Кому: <br />';
if (isset($_GET['to']) AND abs(round($_GET['to'])) !== 0)
{
$m = mysql_fetch_array(mysql_query("SELECT `login` FROM `users` WHERE `id` = '".abs(round($_GET['to']))."'"));
if (!empty($m['login']))
echo '<input type="text" name="to" size="10" maxlength="7" value="'.$m['login'].'"><br />';
}
else echo '
<input type="text" name="to" size="10" maxlength="7" value=""><br />';
echo 'Сообщение: <br />
<textarea name="massage" cols="15" rows="4"></textarea><br />
<input type="submit" name="submit" value="отправить">
</form>';
} else echo '<b>Антиспам-фильтр</b><br />Сообщения можно отправлять раз в 25 секунд!';
echo '<div class="lin"></div><a href="./mail.php">Назад</a>';
break;
case 'mail':
if (isset($_GET['id']))
{
$l = mysql_fetch_array(mysql_query("SELECT * FROM `mail` WHERE `id` = '".$_GET['id']."'"));
if (empty($l['id'])) header('Location: ./mail.php');
$o = mysql_fetch_array(mysql_query("SELECT `login` FROM `users` WHERE `id` = '".$l['out']."'"));
$o2 = mysql_fetch_array(mysql_query("SELECT `login` FROM `users` WHERE `id` = '".$l['in']."'"));
$m = mysql_fetch_array(mysql_query("SELECT * FROM `mail` WHERE `id` = '".$_GET['id']."'"));
if ($m['in'] == $user OR $m['out'] == $user)
{
echo 'Сообщение от: <a href="./user.php?id='.$l['out'].'">'.$o['login'].'</a>';
echo '<br />Для: <a href="./user.php?id='.$l['in'].'">'.$o2['login'].'</a>';
echo '<br />Время: '.$l['time'];
echo '<br />Сообщение: '.$l['massage'];
echo '<br /><br /><a href="./mail.php?a=create&to='.$l['out'].'">Ответить '.$o['login'].'</a>';
mysql_query("UPDATE `mail` SET `read` = 0 WHERE `id` = '".$_GET['id']."'");
}
else { header('Location: ./mail.php'); }
}
echo '<div class="lin"></div><a href="./mail.php">Назад</a>';
break;
}
echo '</div>';
}
else
{
header('Location: ./index.php');
}
include './include/foot.php';
?>