Файл: world-faces.ru/world-faces.ru/msg.php
Строк: 135
<?
include_once 'i.php';
pdo();
only_reg();
if (isset($_GET['id']) && DB::$dbs->querySingle("SELECT COUNT(*) FROM `user` WHERE `id` = ?",array(intval($_GET['id'])))==1){
$ank=DB::$dbs->queryFetch("SELECT * FROM `user` WHERE `id` = ? LIMIT 1",array(intval($_GET['id'])));
$set['title']='Почта: '.$ank['nick'];
verh();
DB::$dbs->query("UPDATE `mail` SET `read` = ? WHERE `id_kont` = ? AND `id_user` = ? AND `read` = ?",array(1,$us['id'],$ank['id'],0));
if (isset($_POST['msg'])){
$msg=htmlspecialchars(mysql_real_escape_string($_POST['msg']));
if($user['level'] < 4) $msg = strtr($msg, array('.wen.ru'=>'', '.h2m.ru'=>'', 'ru'=>'','http'=>'', '.ru'=>'', '.org'=>'','.us'=>'','.US'=>'', '.Us'=>'','.uS'=>'','.com'=>'', '.net'=>'', '.tk'=>'', '.biz'=>''));
if($user['level'] < 4) $msg = strtr($msg, array('.ru'=>'', '.орг'=>'', 'ru'=>'', '.ком'=>'', '.сом'=>'', '.нет'=>'', '.тк'=>'', '.биз'=>''));
if (isset($_POST['translit']) && $_POST['translit']==1)$msg=translit($msg);
if (strlen2($msg)>3024)$err='<div class="prof">Сообщение превышает 3024 символа</div>';
if (strlen2($msg)<2)$err='<div class="prof">Слишком короткое сообщение</div>';
if (!isset($err)){
if (DB::$dbs->querySingle("SELECT COUNT(*) FROM `konts` WHERE `id_user` = ? AND `id_kont` = ?",array($ank['id'],$us['id']))==0){
DB::$dbs->query("INSERT INTO `konts` SET `id_kont` = ?, `id_user` = ?, `time` = ?",array($us['id'], $ank['id'], $time));
}
DB::$dbs->query("INSERT INTO `mail` SET `id_user`=?, `id_kont`=?, `msg`=?, `time`=?",array($us['id'], $ank['id'], $msg, $time));
DB::$dbs->query("UPDATE `user` SET `mail` = `mail`+ ? WHERE `id` = ? LIMIT 1",array(1,$us['id']));
DB::$dbs->query("UPDATE `konts` SET `time` = ? WHERE `id_user` = ? AND `id_kont` = ? OR `id_user` = ? AND `id_kont` = ?",array($time,$us['id'],$ank['id'],$ank['id'],$us['id']));
header('location:msg'.$ank['id'].'');
}
}
aut();
if ($user['id']!=$ank['id'] && DB::$dbs->querySingle("SELECT COUNT(*) FROM `konts` WHERE `id_user` = ? AND `id_kont` = ?",array($us['id'],$ank['id']))==0){
DB::$dbs->query("INSERT INTO `konts` SET `id_user`=?, `id_kont`=?, `time`=?",array($us['id'], $ank['id'], $time));
msg(""$ank[nick]" добавлен в ваш список контактов");
}
if (isset($_GET['spam'])){
$q=DB::$dbs->queryFetch("SELECT * FROM `mail` WHERE `id` = ? LIMIT 1",array(intval($_GET['idd'])));
$msgrat="Пожаловался: [b]$us[nick][/b]| Сообщение: $q[msg]| Нарушитель: http://vmobe.net/$q[id_user]";
DB::$dbs->query("INSERT INTO `notspam` SET `id_user`=?, `id_kont`=?, `msg`=?, `time`=?",array(0, 1, $msgrat, $time));
msg("Администрация уведомлена о спаме! Спасибо...");
}
err();
echo "<form method="post" name='message' action="msg$ank[id]">n";
echo "Сообщение:<br />n<textarea name="msg"></textarea><br />n";
echo "<input value="Отправить" type="submit" />n";
echo "</form>n";
echo "<table class='post'>n";
$k_post=DB::$dbs->querySingle("SELECT COUNT(*) FROM `mail` WHERE `id_user` = ? AND `id_kont` = ? OR `id_user` = ? AND `id_kont` = ?",array($us['id'],$ank['id'],$ank['id'],$us['id']));
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
if ($k_post==0){
echo "<div class='mail1'><div class='mail2'>";
echo "Нет сообщений</div></div>";
}
$q=DB::$dbs->query("SELECT * FROM `mail` WHERE `id_user` = ? AND `id_kont` = ? OR `id_user` = ? AND `id_kont` = ? ORDER BY id DESC LIMIT $start, $set[p_str]",array($us['id'],$ank['id'],$ank['id'],$us['id']));
while ($post = $q -> Fetch())
{
$ank2=DB::$dbs->queryFetch("SELECT * FROM `user` WHERE `id` = ? LIMIT 1",array($post['id_user']));
echo "<div class='mail1'><div class='mail2'><div class='guser_aut'>";
echo "<a href="/$ank2[id]">$ank2[nick]</a>".foto($ank2['id'])."n";
echo "(".vremja($post['time']).")n";
if ($post['read']==0){echo "(<font color=red>не прочитано</font>)<br />n";}else{echo'<br/>';}
echo trim(br(bbcode(smiles(links(stripcslashes(htmlspecialchars($post['msg'])))))))."n";
echo "<br/>[<a href="/msg.php?id=$ank[id]&spam&idd=$post[id]">Спам</a>]n";
echo"</div></div></div>";
}
if ($k_page>1)str("msg.php?id=$ank[id]&",$k_page,$page);
echo "[<a href="/msg.php?delete=$ank[id]">Удалить контакт</a>]<br />n";
niz();
}
$set['title']='Мои контакты';
verh();
if (isset($_GET['delete']) && is_numeric($_GET['delete'])){
DB::$dbs->query("UPDATE `mail` SET `read` = ? WHERE `id_kont` = ? AND `id_user` = ? AND `read` = ?",array(1,$us['id'],intval($_GET['delete']),0));
DB::$dbs->query("DELETE FROM `konts` WHERE `id_user` = ? AND `id_kont` = ? LIMIT 1",array($us['id'],intval($_GET['delete'])));
if (DB::$dbs->querySingle("SELECT COUNT(*) FROM `konts` WHERE `id_kont` = ? AND `id_user` = ?",array($us['id'],intval($_GET['delete'])))==0){
DB::$dbs->query("DELETE FROM `mail` WHERE `id_kont` = ? AND `id_user` = ? OR `id_user` = ? AND `id_kont` = ?",array($us['id'],intval($_GET['delete']),$us['id'],intval($_GET['delete'])));
}
msg('Контакт успешно удален');
}
aut();
$k_konts=DB::$dbs->querySingle("SELECT COUNT(*) FROM `konts` WHERE `id_user` = ?",array($us['id']));
if ($k_konts==0)
{
echo "<div class='mail1'><div class='mail2'>";
echo "Нет контактовn";
echo"</div></div>";
}
$k_page=k_page($k_konts,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
$q = DB::$dbs->query("SELECT * FROM `konts` WHERE `id_user` = ? ORDER BY `time` DESC LIMIT $start, $set[p_str]",array($us['id']));
while ($konts = $q -> Fetch())
{
$ank=DB::$dbs->queryFetch("SELECT * FROM `user` WHERE `id` = ? LIMIT 1",array($konts['id_kont']));
if($ank[id]==!NULL){
echo "<div class='mail1'><div class='mail2'><div class='guser_aut'>";
echo "<a href="/msg$ank[id]">$ank[nick]</a>".foto($ank['id'])." n";
echo '('.DB::$dbs->querySingle("SELECT COUNT(*) FROM `mail` WHERE `id_kont` = ? AND `id_user` = ? AND `read` = ?",array($us['id'],$ank['id'],0));
echo '/';
echo DB::$dbs->querySingle("SELECT COUNT(*) FROM `mail` WHERE `id_user` = ? AND `id_kont` = ? OR `id_user` = ? AND `id_kont` = ?",array($us['id'],$ank['id'],$ank['id'],$us['id'])).')';
echo "n <br/><a href="/info.php?id=$ank[id]">Анкета</a><br/><a href="/msg.php?delete=$ank[id]">Удалить контакт</a>n";
echo "</div></div></div>n";
}
}
if ($k_page>1)str("msg.php?",$k_page,$page);
niz();
?>