Файл: msg.php
Строк: 203
<?php
define('PROTECTOR', 1);
$head = 'msg';//фикс. места
$textl='Письма';
@include('files/db.php');
@include('files/auth.php');
@include('files/func.php');
@include('files/core.php');
@include('files/head.php');
@include('files/zag.php');
//если бан
$req = mysql_query("SELECT * FROM `ban` WHERE `usr` = '$log' LIMIT 1");
// //////////////////////////
$avto = mysql_num_rows($req);
if ($avto == 1) {
echo"<font color='red'> Ваш персонаж забанен! Доступ в почту закрыт!<br> Осталось: ";
$ban[ban_time]=$ban[ban_time]-time();
if($ban[ban_time]<60){
echo "$ban[ban_time] сек.</font>";
}elseif($ban[ban_time]>60 and $ban[ban_time]<3600){
$ban[ban_time]=round($ban[ban_time]/60);
echo "$ban[ban_time] мин.<br>";
}elseif($ban[ban_time]>3600 and $ban[ban_time]<86400){
$ban[ban_time]=round($ban[ban_time]/3600);
echo "$ban[ban_time] часов.<br>";}
else{
$ban[ban_time]=round($ban[ban_time]/86400);
echo "$ban[ban_time] суток.<br>";
}
echo "Забанил: $ban[admin]</br></font>";
include('files/down.php');exit;}
//конец бана
switch($_GET[mod]){
default:
$q = mysql_query("SELECT COUNT(*) FROM `msg_r` WHERE `user_to` = '$log' AND `read` = '1';");
$new_mail = mysql_result($q, 0);
$w = mysql_query("SELECT COUNT(*) FROM `msg_r` WHERE `user_to` = '$log'");
$old_mail = mysql_result($w, 0);
$qo = mysql_query("SELECT COUNT(*) FROM `msg_i` WHERE `user_from` = '$log'");
$new_mailo = mysql_result($qo, 0);
echo "<img src='pic/game/add_kontakt.png' alt='*'/> <a href="msg.php?mod=add_conts">Новый контакт</a><br/>";
echo "<img src='pic/game/inbox.png' alt='*'/> <a href="msg.php?mod=read">Входящие</a>[$new_mail/$old_mail]<br/>";
echo "<img src='pic/game/send.png' alt='*'/> <a href="msg.php?mod=vxod">Исходящие</a>[$new_mailo]<br/>";
echo "<img src='pic/game/kontakt.png' alt='*'/> <a href="msg.php?mod=write_message">Мои контакты</a><br/>$div";
echo'<a href="javascript:history.go(-1)">Назад</a>';
break;
case 'add_conts':
echo "<form action="msg.php?mod=save_conts" method="post">Игрок:<br/>";
echo "<input type="text" name="nick"><br/>";
echo "<input type="submit" value="Поиск" class="ibutton"></form><br>";
echo'<a href="javascript:history.go(-1)">Назад</a>';
break;
case 'write_message':
echo "<form method="post" action="msg.php?mod=save_message">Кому:";
echo " <select name="to">";
$using = mysql_query("SELECT id FROM `users` WHERE `usr` = '$log'");
$u2 = mysql_fetch_array($using);
$result = mysql_result(mysql_query("SELECT COUNT(*) FROM `users`"),0);
$whiel = mysql_query("SELECT contact FROM `msg_users` WHERE `user_id` = '$u2[id]'");
$lists = mysql_fetch_array($whiel);do{
printf("<option value="%s">%s</option><br/>",$lists[contact],$lists[contact]);
} while($lists = mysql_fetch_array($whiel));
echo "</select><br/>";
echo "Текст письма:<br/>";
echo "<textarea name="text" rows=3></textarea><br/><br/>";
echo "<input type="submit" value="Отправить" class="ibutton"></form>";
echo "<a href="msg.php?mod=save_conts">Добавить контакты</a><br/>
<a href="msg.php?mod=del">Удалить контакты</a><br/><a href="msg.php?">Назад</a><br/>";
break;
case 'wr':
if(!empty($_GET[go_user])){
$_GET[go_user]=htmlspecialchars(stripslashes(addslashes($_GET['go_user'])));
echo "<form method="post" action="msg.php?mod=save_info&to=$_GET[go_user]">Кому:<b>$_GET[go_user]</b>";
echo "<br/>Текст письма:<br/>";
echo "<textarea name="text" rows=3></textarea><br/><br/>";
echo "<input type="submit" value="Отправить" class="ibutton"></form>";
echo"<br/><a href="msg.php?">Назад</a><br/>";
}else{
echo'Не выбран получатель!';}
break;
case 'save_info':
$req=mysql_query("SELECT MAX(id) FROM `msg_i`");
$msg=mysql_fetch_array($req);
if($_POST[text]==$msg[mail_msg]){echo "Ваше сообщение повторяет предыдущее!<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";break;}
if($_POST[text] != "" && $_GET[to] != ""){
if(isset($_POST[text]))
{$text = htmlspecialchars(stripslashes($_POST[text]));}
if (isset($_GET[to])){
$to = $_GET[to];}
$time = date("H:i d.m.y");
mysql_query("INSERT INTO `msg_r` SET `user_from` = '$log', `user_to` = '$to', `time` = '$time', `read` = 1, `mail_msg` = '$text'");
mysql_query("INSERT INTO `msg_i` SET `user_from` = '$log', `user_to` = '$to', `time` = '$time',`mail_msg` = '$text'");
echo "Вы успешно отправили письмо для $to<br/> Дата отправления: $time";
echo "<br/><a href="msg.php?">Назад</a><br/>";}
elseif ($_POST[text] == "" || $_POST[text] == null ){
echo "Вы не ввели текст письма<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";}
elseif ($_GET[to] == "" || $_GET[to] == null){
echo "Не выбран отправитель!<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";}else{
echo "Ошибка!<br/>";
echo "<a href="msg.php?">Назад</a><br/>";}
break;
case 'save_message':
$text = htmlspecialchars(stripslashes($_POST[text]));
$_POST[to] = htmlspecialchars(stripslashes($_POST[to]));
$req=mysql_query("SELECT MAX(id) FROM `msg_i` WHERE `user_to`='$_POST[to]'") or die(mysql_error());
$msg=mysql_fetch_array($req);
if($text=="$msg[mail_msg]"){echo "Ваше сообщение повторяет предыдущее!<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";break;}
if($_POST[text] != "" && $_POST[to] != ""){
if(isset($_POST[text])){
$text = htmlspecialchars(stripslashes($_POST[text]));}
if (isset($_POST[to])){
$to = $_POST[to];}
$time = date("H:i d.m.y");
mysql_query("INSERT INTO `msg_r` SET `user_from` = '$log', `user_to` = '$to', `time` = '$time', `read` = 1, `mail_msg` = '$text'");
mysql_query("INSERT INTO `msg_i` SET `user_from` = '$log', `user_to` = '$to', `time` = '$time',`mail_msg` = '$text'");
echo "Вы успешно отправили письмо $msg[mail_msg] для $to<br/> Дата отправления: $time<br/>";
echo "<a href="msg.php?">Назад</a><br/>";}
elseif ($_POST[text] == "" || $_POST[text] == null ){
echo "Вы не ввели текст письма<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";}
elseif ($_POST[to] == "" || $_POST[to] == null)
{echo "Не выбран отправитель!";
echo "<br/><a href="msg.php?mod=write_message">Назад</a><br/>";
}else{echo "Ошибка!<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";}
break;
case 'vxod':
$result = mysql_result(mysql_query("SELECT COUNT(*) FROM `msg_i` WHERE user_from = '$log'"),0);
if ($result == 0){
echo "<b>Почта пуста</b>!<br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}else{
if ($_GET[page] == "" || $_GET[page] < 0 || $_GET[page] == "0") {
$_GET[page] = 0;}
$next = $_GET[page] + 1;
$back = $_GET[page] - 1;
$num = $_GET[page] * 5;
if($_GET[page] == "0")
{$i = 0;}
else{$i = ($_GET[page]*5)+1;}
$viso = mysql_num_rows(mysql_query("SELECT komentaras FROM komentarai"));
$puslap = floor($viso/5);
$message = mysql_query("SELECT * FROM msg_i WHERE user_from = '$log' ORDER BY id DESC LIMIT $num,5");
while($msg = mysql_fetch_array($message)){
$text = $msg[mail_msg];
$text = strip_tags($text);
$from = strip_tags($msg['user_to']);
echo "<b>Кому:</b>$from<br/><b>Дата Добавления</b>: <small>$msg[time]</small><br/><b>Письмо</b>: $text
<br/><a href="msg.php?user=$from&mod=answer">Ответить</a>|<a href="msg.php?iden=$msg[id]&mod=delete_mess_vxod">Удалить</a>
<br/>";}
echo "<a href="msg.php?mod=delete_all_vxod">Очистить почту</a><br/>";
if ($_GET[page] > 0){
echo "<a href="msg.php?mod=vxod&page=$back">back</a>";}
elseif ($_GET[page] == 0){
echo "back";}
echo"|";
if($_GET[page] < $puslap || $_GET[page] == "" || $_GET[page] == 0)
{echo "<a href="msg.php?mod=vxod&page=$next">next</a><br/>";}
else
{echo "next<br/>";}
echo "<br/><a href="msg.php?">Назад</a></div>";}
break;
case 'read':
$result = mysql_result(mysql_query("SELECT COUNT(*) FROM `msg_r` WHERE user_to = '$log'"),0);
if ($result == 0)
{echo "<b>Почта пуста!</b><br/>";
}else{
if ($_GET[page] == "" || $_GET[page] < 0 || $_GET[page] == "0"){
$_GET[page] = 0;}
$next = $_GET[page] + 1;
$back = $_GET[page] - 1;
$num = $_GET[page] * 5;
if($_GET[page] == "0")
{$i = 0;}
else{$i = ($_GET[page]*5)+1;}
$viso = mysql_num_rows(mysql_query("SELECT komentaras FROM komentarai"));
$puslap = floor($viso/5);
$message = mysql_query("SELECT * FROM msg_r WHERE user_to = '$log' ORDER BY id DESC LIMIT $num,5");
while($msg = mysql_fetch_array($message))
{if ($msg[read] == 1)
{mysql_query("UPDATE `msg_r` SET `read` = 0 WHERE `user_to` = '$log'");}
if($msg[read] == 1){
$read = "Не прочитано";}else
{$read = "Прочитано";}
$text = $msg[mail_msg];
$text = html_entity_decode($text);
$from = strip_tags($msg['user_from']);
echo "От кого: <b><a href='search.php?nick=".$from."&go=go'>$from</a></b> [$read] <br/><b>Дата Добавления</b>: <small>$msg[time]</small><br/><b>Письмо</b>: $text
<br/><a href="msg.php?user=$from&mod=answer">Ответить</a>|<a href="msg.php?iden=$msg[id]&mod=delete_mess">Удалить</a>
<br/><br/><hr>";}
echo "<a href="msg.php?mod=delete_all">Очистить почту</a><br/>";
if ($_GET[page] > 0)
{echo "<a href="msg.php?mod=read&page=$back">back</a>";}
elseif ($_GET[page] == 0)
{echo "back";}
echo"|";
if($_GET[page] < $puslap || $_GET[page] == "" || $_GET[page] == 0)
{echo "<a href="msg.php?mod=read&page=$next">next</a><br/>";}else
{echo "next<br/>";}
echo "<br/><a href="msg.php?">Назад</a></div>";}
break;
case 'delete_all':
mysql_query("DELETE FROM msg_r WHERE (user_to='$log')") or die("не пашет!");
echo"Все письма успешно удалены!<br/>";
echo"<a href="msg.php?mod=read">В письма</a><br/>";
break;
case 'delete_all_vxod':
mysql_query("DELETE FROM msg_i WHERE (user_from='$log')") or die("не пашет!");
echo"Все письма успешно удалены!<br/>";
echo"<a href="msg.php?mod=vxod">В письма</a><br/>";
break;
case 'answer':
if (isset($_GET[user])){
$_GET[user]=htmlspecialchars(stripslashes(addslashes($_GET['user'])));
echo "<form method="post" action="msg.php?mod=send_message">Кому: $_GET[user]<br/>";
echo "Текст письма:<br/>";
echo "<input type="hidden" name="to" value="$_GET[user]">";
echo "<textarea name="text" rows=5 cols=15 wrap="off"></textarea><br/><input type="submit" value="Отправить" class="ibutton"></form><br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";}else{
echo "Ошибка!НЕ выбран получатель!<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";}
break;
case 'send_message':
$req=mysql_query("SELECT MAX(id) FROM `msg_i`");
$msg=mysql_fetch_array($req);
if($_POST[text]==$msg[mail_msg]){echo "Ваше сообщение повторяет предыдущее!<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";break;}
if ($_POST[text] != "" && $_POST[to] != ""){
$time = date("H:i d.m.y");
mysql_query("INSERT INTO `msg_r` SET `user_from` = '$log', `user_to` = '$_POST[to]', `time` = '$time', `read` = 1, `mail_msg` = '$_POST[text]'");
mysql_query("INSERT INTO `msg_i` SET `user_from` = '$log', `user_to` = '$_POST[to]', `time` = '$time',`mail_msg` = '$_POST[text]'");
echo "Вы успешно отправили письмо для $_POST[to]";
echo "<br/><a href="msg.php?">Назад</a><br/>";
}elseif ($_POST[text] == ""){
echo "Вы не ввели текст письма<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";
}elseif ($_POST[to] == "" || $_POST[to] == null){
echo "Не выбран отправитель!";
echo "<br/><a href="msg.php?mod=write_message">Назад</a><br/>";
}else{
echo "Ошибка!!!";
echo "<br/><a href="msg.php?mod=write_message">Назад</a><br/>";}
break;
case 'delete_mess':
if (isset($_GET[iden])){
mysql_query("DELETE FROM `msg_r` WHERE `id` = '".intval($_GET['iden'])."' LIMIT 1");
mysql_query("OPTIMIZE TABLE `msg_r`");
echo "Вы успешно удалили письмо!<br/>";}else{echo "Ошибка!<br/>";}
echo "<a href="msg.php?mod=read">Назад</a><br/>";
break;
case 'delete_mess_vxod':
if (isset($_GET[iden])){
mysql_query("DELETE FROM `msg_i` WHERE `id` = '".intval($_GET['iden'])."' LIMIT 1");
mysql_query("OPTIMIZE TABLE `msg_r`");
echo "Вы успешно удалили письмо!<br/>";}else{
echo "Ошибка!<br/>";}
echo "<a href="msg.php?mod=vxod">Назад</a><br/>";
break;
case 'save_conts':
$_POST[nick] = htmlspecialchars("$_POST[nick]");
$find = mysql_num_rows(mysql_query("SELECT usr FROM users WHERE usr LIKE '%$_POST[nick]%'"));
if ($_POST[nick] != ""){
echo "Найдено игроков: <i>$find</i><br/>";
echo "<form action="msg.php?mod=adding" method="post">
<select name="user" value="one"><option name="one">--Выбрать--</option>";
$useras = mysql_query("SELECT usr FROM users WHERE usr LIKE '%$_POST[nick]%'");
while ($users = mysql_fetch_array($useras)){
$users = strip_tags($users['usr']);
echo "<option name="$users">$users</option>";}
echo "</select><br/><input type="submit" value="Ok" class="ibutton"></form>";}
elseif ($_POST[nick] == "") {
echo'<form action="msg.php?mod=save_conts" method="post">
Введите ник: <br/>
<input class="input" type="text" value="" size="15" name="nick" maxlength="20"/><br/>
<input class="button" type="submit" value="сохранить" /></form><br/>';}else{
echo "Нет такого бойца!<br/>";}
echo "<a href="msg.php?">Назад</a><br/>";
break;
case 'del':
if($_POST[to] == ''){
echo "<form method="post" action="msg.php?mod=del">Выберите контакт:</br>";
echo " <select name="to">";
$whiel = mysql_query("SELECT contact FROM `msg_users` WHERE `user_id` = '$udata[id]'");
do{
printf("<option value="%s">%s</option><br/>",$lists[contact],$lists[contact]);
} while($lists = mysql_fetch_array($whiel));
echo "</br><input type="submit" value="Удалить" class="ibutton"></form>";}else{
mysql_query("DELETE FROM `msg_users` WHERE user_id='$udata[id]' and contact='$_POST[to]'");
echo "Контакт $_POST[to] удален!";}
echo "</br><a href="msg.php?">Назад</a><br/>";
break;
case 'adding':
$_POST[user] = htmlspecialchars(stripslashes($_POST[user]));
$user = mysql_query("SELECT usr FROM users WHERE usr LIKE '%$_POST[user]%'");
$users = mysql_fetch_array($user);
$whiel = mysql_query("SELECT id FROM users WHERE usr='$log' LIMIT 1");
$u = mysql_fetch_array($whiel);
$c = mysql_query("SELECT contact FROM msg_users WHERE contact LIKE '$_POST[user]' and user_id = '$u[id]' LIMIT 1");
$contacts = mysql_fetch_array($c);
$time = date("H:i d.m.y");
if ($_POST[user] == $users[usr] && $_POST[user] != $log && $_POST[user] != $contacts[contact]) {
mysql_query("INSERT INTO msg_users SET user_id = '$u[id]', contact = '$_POST[user]', time = '$time'");
echo "<B>$_POST[user] успешно добавлен в контакты!</B><br/>";
echo "<a href="msg.php?">Назад</a><br/>";}
elseif ($_POST[user] == $log){
echo "<b>Себя нельзя добавить!<b><br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}elseif ($_POST[user] == $contacts[contact]){
echo "У вас такой контакт уже есть!<br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}else {
echo "<b>Неразрешимое действие!<b><br/>";
echo "<a href="msg.php?">Назад</a><br/>";}
break;}
@include('files/down.php');
?>