Файл: msg.php
Строк: 143
<?php
define('PROTECTOR', 1);
$headmod = 'msg';//фикс. места
$textl='Письма';
include('files/path.php');
include($path.'files/db.php');
include($path.'files/auth.php');
include($path.'files/func.php');
include($path.'files/core.php');
include($path.'files/head.php');
include($path.'files/zag.php');
switch($_GET[mod]){
default:
$q = mysql_query("SELECT COUNT(*) FROM `msg_r` WHERE `user_to` = '$log' AND `read` = '1';");
$new_mail = mysql_result($q, 0);
$w = mysql_query("SELECT COUNT(*) FROM `msg_r` WHERE `user_to` = '$log'");
$old_mail = mysql_result($w, 0);
$qo = mysql_query("SELECT COUNT(*) FROM `msg_i` WHERE `user_from` = '$log'");
$new_mailo = mysql_result($qo, 0);
echo "<a href="msg.php?mod=add_conts">Новый контакт</a><br/>";
echo "<a href="msg.php?mod=read">Входящие</a>[$new_mail/$old_mail]<br/>";
echo "<a href="msg.php?mod=vxod">Исходящие</a>[$new_mailo]<br/>";
echo "<a href="msg.php?mod=write_message">Мои контакты</a><br/>";
echo"<a href="index.php?">Назад</a>";
break;
case 'add_conts':
echo "<form action="msg.php?mod=save_conts" method="post">Игрок:<br/>";
echo "<input type="text" name="nick"><br/>";
echo "<input type="submit" value="Поиск" class="ibutton"></form>";
echo "<br/><a href="msg.php?">Назад</a>";
break;
case 'write_message':
echo "<form method="post" action="msg.php?mod=save_message">Кому:";
echo " <select name="to">";
$using = mysql_query("SELECT id FROM `users` WHERE `usr` = '$log'");
$u2 = mysql_fetch_array($using);
$result = mysql_result(mysql_query("SELECT COUNT(*) FROM `users`"),0);
$whiel = mysql_query("SELECT contact FROM `msg_users` WHERE `user_id` = '$u2[id]'");
$lists = mysql_fetch_array($whiel);
do{
printf("<option value="%s">%s</option><br/>",$lists[contact],$lists[contact]);
} while($lists = mysql_fetch_array($whiel));
echo "</select><br/>";
echo "Текст письма:<br/>";
echo "<textarea name="text" rows=3></textarea><br/><br/>";
echo "<input type="submit" value="Отправить" class="ibutton"></form>";
echo "<br/><a href="msg.php?">Назад</a><br/>";
break;
case 'wr':
if(!empty($_GET[go_user])){
echo "<form method="post" action="msg.php?mod=save_info&to=$_GET[go_user]">Кому:<b>$_GET[go_user]</b>";
echo "<br/>Текст письма:<br/>";
echo "<textarea name="text" rows=3></textarea><br/><br/>";
echo "<input type="submit" value="Отправить" class="ibutton"></form>";
echo"<br/><a href="msg.php?">Назад</a><br/>";
}else{
echo'Не выбран получатель!';
}
break;
case 'save_info':
if ($_POST[text] != "" && $_GET[to] != "")
{
if (isset($_POST[text]))
{
$text = htmlspecialchars(stripslashes($_POST[text]));
}
if (isset($_GET[to]))
{
$to = $_GET[to];
}
$time = date("H:i d.m.y");
mysql_query("INSERT INTO `msg_r` SET `user_from` = '$log', `user_to` = '$to', `time` = '$time', `read` = 1, `mail_msg` = '$text'");
mysql_query("INSERT INTO `msg_i` SET `user_from` = '$log', `user_to` = '$to', `time` = '$time',`mail_msg` = '$text'");
echo "Вы успешно отправили письмо для $to<br/> Дата отправления: $time";
echo "<br/><a href="msg.php?">Назад</a><br/>";
}
elseif ($_POST[text] == "" || $_POST[text] == null )
{
echo "Вы не ввели текст письма<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";
}
elseif ($_GET[to] == "" || $_GET[to] == null)
{
echo "Не выбран отправитель!<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";
}
else
{
echo "Ошибка!<br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}
break;
case 'save_message':
if ($_POST[text] != "" && $_POST[to] != "")
{
if (isset($_POST[text]))
{
$text = htmlspecialchars(stripslashes($_POST[text]));
}
if (isset($_POST[to]))
{
$to = $_POST[to];
}
$time = date("H:i d.m.y");
mysql_query("INSERT INTO `msg_r` SET `user_from` = '$log', `user_to` = '$to', `time` = '$time', `read` = 1, `mail_msg` = '$text'");
mysql_query("INSERT INTO `msg_i` SET `user_from` = '$log', `user_to` = '$to', `time` = '$time',`mail_msg` = '$text'");
echo "Вы успешно отправили письмо для $to<br/> Дата отправления: $time<br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}
elseif ($_POST[text] == "" || $_POST[text] == null )
{
echo "Вы не ввели текст письма<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";
}
elseif ($_POST[to] == "" || $_POST[to] == null)
{
echo "Не выбран отправитель!";
echo "<br/><a href="msg.php?mod=write_message">Назад</a><br/>";
}
else
{
echo "Ошибка!<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";
}
break;
case 'vxod':
$result = mysql_result(mysql_query("SELECT COUNT(*) FROM `msg_i` WHERE user_from = '$log'"),0);
if ($result == 0)
{
echo "<b>Почта пуста</b>!<br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}else{
if ($_GET[page] == "" || $_GET[page] < 0 || $_GET[page] == "0")
{
$_GET[page] = 0;
}
$next = $_GET[page] + 1;
$back = $_GET[page] - 1;
$num = $_GET[page] * 5;
if($_GET[page] == "0")
{$i = 0;}
else{$i = ($_GET[page]*5)+1;}
$viso = mysql_num_rows(mysql_query("SELECT komentaras FROM komentarai"));
$puslap = floor($viso/5);
$message = mysql_query("SELECT * FROM msg_i WHERE user_from = '$log' ORDER BY id DESC LIMIT $num,5");
while($msg = mysql_fetch_array($message))
{
$text = $msg[mail_msg];
$text = strip_tags($text);
$from = strip_tags($msg['user_to']);
echo "<b>Кому:</b>$from<br/><b>Дата Добавления</b>: <small>$msg[time]</small><br/><b>Письмо</b>: $text
<br/><a href="msg.php?user=$from&mod=answer">Ответить</a>|<a href="msg.php?iden=$msg[id]&mod=delete_mess_vxod">Удалить</a>
<br/>";
}
echo "<a href="msg.php?mod=delete_all_vxod">Очистить почту</a><br/>";
if ($_GET[page] > 0)
{
echo "<a href="msg.php?mod=vxod&page=$back">Назад</a>";
}
elseif ($_GET[page] == 0)
{
echo "Назад";
}
echo"|";
if($_GET[page] < $puslap || $_GET[page] == "" || $_GET[page] == 0)
{echo "<a href="msg.php?mod=vxod&page=$next">Далее</a><br/>";}
else
{echo "Далее<br/>";}
echo "<br/><a href="msg.php?">Назад</a></div>";
}
break;
case 'read':
$result = mysql_result(mysql_query("SELECT COUNT(*) FROM `msg_r` WHERE user_to = '$log'"),0);
if ($result == 0)
{
echo "<b>Почта пуста!</b><br/>";
}
else {
if ($_GET[page] == "" || $_GET[page] < 0 || $_GET[page] == "0")
{
$_GET[page] = 0;
}
$next = $_GET[page] + 1;
$back = $_GET[page] - 1;
$num = $_GET[page] * 5;
if($_GET[page] == "0")
{$i = 0;}
else{$i = ($_GET[page]*5)+1;}
$viso = mysql_num_rows(mysql_query("SELECT komentaras FROM komentarai"));
$puslap = floor($viso/5);
$message = mysql_query("SELECT * FROM msg_r WHERE user_to = '$log' ORDER BY id DESC LIMIT $num,5");
while($msg = mysql_fetch_array($message))
{
if ($msg[read] == 1)
{
mysql_query("UPDATE `msg_r` SET `read` = 0 WHERE `user_to` = '$log'");
}
if ($msg[read] == 1)
{
$read = "Не прочитано";
} else
{
$read = "Прочитано";
}
$text = $msg[mail_msg];
$text = strip_tags($text);
$from = strip_tags($msg['user_from']);
echo "<b>От кого:</b><b><a href='search.php?nick=".$from."&go=go'>$from</a> [$read] </b><br/><b>Дата Добавления</b>: <small>$msg[time]</small><br/><b>Письмо</b>: $text
<br/><a href="msg.php?user=$from&mod=answer">Ответить</a>|<a href="msg.php?iden=$msg[id]&mod=delete_mess">Удалить</a>
<br/><br/><hr>";
}
echo "<a href="msg.php?mod=delete_all">Очистить почту</a><br/>";
if ($_GET[page] > 0)
{
echo "<a href="msg.php?mod=read&page=$back">Назад</a>";
}
elseif ($_GET[page] == 0)
{
echo "Назад";
}
echo"|";
if($_GET[page] < $puslap || $_GET[page] == "" || $_GET[page] == 0)
{echo "<a href="msg.php?mod=read&page=$next">Далее</a><br/>";}
else
{echo "Далее<br/>";}
echo "<br/><a href="msg.php?">Назад</a></div>";
}
break;
case 'delete_all':
mysql_query("DELETE FROM msg_r WHERE (user_to='$log')") or die("не пашет!");
echo"Все письма успешно удалены!<br/>";
echo"<a href="msg.php?mod=read">В письма</a><br/>";
break;
case 'delete_all_vxod':
mysql_query("DELETE FROM msg_i WHERE (user_from='$log')") or die("не пашет!");
echo"Все письма успешно удалены!<br/>";
echo"<a href="msg.php?mod=vxod">В письма</a><br/>";
break;
case 'answer':
if (isset($_GET[user]))
{
echo "<form method="post" action="msg.php?mod=send_message">Кому: $_GET[user]<br/>";
echo "Текст письма:<br/>";
echo "<input type="hidden" name="to" value="$_GET[user]">";
echo "<textarea name="text" rows=5 cols=15 wrap="off"></textarea><br/><input type="submit" value="Отправить" class="ibutton"></form><br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";
}
else
{
echo "Ошибка!НЕ выбран получатель!<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";
}
break;
case 'send_message':
if ($_POST[text] != "" && $_POST[to] != "")
{
$time = date("H:i d.m.y");
mysql_query("INSERT INTO `msg_r` SET `user_from` = '$log', `user_to` = '$_POST[to]', `time` = '$time', `read` = 1, `mail_msg` = '$_POST[text]'");
mysql_query("INSERT INTO `msg_i` SET `user_from` = '$log', `user_to` = '$_POST[to]', `time` = '$time',`mail_msg` = '$_POST[text]'");
echo "Вы успешно отправили письмо для $_POST[to]";
echo "<br/><a href="msg.php?">Назад</a><br/>";
}
elseif ($_POST[text] == ""){
echo "Вы не ввели текст письма<br/>";
echo "<a href="msg.php?mod=write_message">Назад</a><br/>";
}
elseif ($_POST[to] == "" || $_POST[to] == null)
{
echo "Не выбран отправитель!";
echo "<br/><a href="msg.php?mod=write_message">Назад</a><br/>";
}
else
{
echo "Ошибка!!!";
echo "<br/><a href="msg.php?mod=write_message">Назад</a><br/>";
}
break;
case 'delete_mess':
if (isset($_GET[iden]))
{
mysql_query("DELETE FROM `msg_r` WHERE `id` = '".intval($_GET['iden'])."' LIMIT 1");
mysql_query("OPTIMIZE TABLE `msg_r`");
echo "Вы успешно удалили письмо!<br/>";
} else
{
echo "Ошибка!<br/>";
}
echo "<a href="msg.php?mod=read">Назад</a><br/>";
break;
case 'delete_mess_vxod':
if (isset($_GET[iden]))
{
mysql_query("DELETE FROM `msg_i` WHERE `id` = '".intval($_GET['iden'])."' LIMIT 1");
mysql_query("OPTIMIZE TABLE `msg_r`");
echo "Вы успешно удалили письмо!<br/>";
} else
{
echo "Ошибка!<br/>";
}
echo "<a href="msg.php?mod=vxod">Назад</a><br/>";
break;
case 'save_conts':
$_POST[nick] = htmlspecialchars("$_POST[nick]");
$find = mysql_num_rows(mysql_query("SELECT usr FROM users WHERE usr LIKE '%$_POST[nick]%'"));
if ($_POST[nick] != "")
{
echo "Найдено игроков: <i>$find</i><br/>";
echo "<form action="msg.php?mod=adding" method="post">
<select name="user" value="one"><option name="one">--Выбрать--</option>";
$useras = mysql_query("SELECT usr FROM users WHERE usr LIKE '%$_POST[nick]%'");
while ($users = mysql_fetch_array($useras))
{
$users = strip_tags($users['usr']);
echo "<option name="$users">$users</option>";
}
echo "</select><br/><input type="submit" value="Ok" class="ibutton"></form>";
}
elseif ($_POST[nick] == "") {
echo "<b>Вы не ввели имя в поле!</b><br/>";
}
else
{
echo "Нет такого бойца!<br/>";
}
echo "<a href="msg.php?">Назад</a><br/>";
break;
case 'info_m':
$_GET[nick] = htmlspecialchars("$_GET[nick]");
$find = mysql_num_rows(mysql_query("SELECT usr FROM users WHERE usr LIKE '%$_GET[nick]%'"));
if ($_GET[nick] != "")
{
echo "Найдено бойцов: <i>$find</i><br/>";
echo "<form action="msg.php?mod=adding" method="post">
<select name="user" value="one"><option name="one">--Выбрать--</option>";
$useras = mysql_query("SELECT usr FROM users WHERE usr LIKE '%$_GET[nick]%'");
while ($users = mysql_fetch_array($useras))
{
$users = strip_tags($users['usr']);
echo "<option name="$users">$users</option>";
}
echo "</select><br/><input type="submit" value="Ok" class="ibutton"></form>";
echo "<br/><a href="msg.php?">Назад</a><br/>";
}
elseif ($_GET[nick] == "") {
echo "<b>ERROR!</b><br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}
else
{
echo "Нет такого бойца!<br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}
break;
case 'adding':
$user = mysql_query("SELECT usr FROM users WHERE usr LIKE '%$_POST[user]%'");
$users = mysql_fetch_array($user);
$_POST[user] = htmlspecialchars(stripslashes($_POST[user]));
$whiel = mysql_query("SELECT id FROM users WHERE usr='$log' LIMIT 1");
$u = mysql_fetch_array($whiel);
$c = mysql_query("SELECT contact FROM msg_users WHERE contact LIKE '$_POST[user]' and user_id = '$u[id]' LIMIT 1");
$contacts = mysql_fetch_array($c);
$time = date("H:i d.m.y");
if ($_POST[user] == $users[usr] && $_POST[user] != $log && $_POST[user] != $contacts[contact]) {
mysql_query("INSERT INTO msg_users SET user_id = '$u[id]', contact = '$_POST[user]', time = '$time'");
echo "<B>$_POST[user] успешно добавлен в контакты!</B><br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}
elseif ($_POST[user] == $log)
{
echo "<b>Себя нельзя добавить!<b><br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}
elseif ($_POST[user] == $contacts[contact])
{
echo "У вас такой контакт уже есть!<br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}
else {
echo "<b>Неразрешимое действие!<b><br/>";
echo "<a href="msg.php?">Назад</a><br/>";
}
break;
}
include($path.'files/down.php');
?>