Файл: mail.php
Строк: 270
<?
require_once("core/core.php");
require_once("core/ava_users.php");
if (!$u['id']) {
header("Location: reg.php?err=1");
exit;
}
$location = 'В почте';
switch (@$_GET['act']) {
case 'ok':
//~~~~~~~~~~~~~~~~~~~~~~Отправляем~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
if (isset($_GET['id'])) {
$id = num($_GET['id']);
$req = mysql_query("SELECT `id` FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$user = mysql_fetch_assoc($req);
}
}
if (empty($user)) {
error('Ошибка! Нет такого пользователя.');
exit;
}
if (isset($_POST['message']) && $_POST['message']) {
if ($user['id'] == $u['id']) {
error('Ошибка! Себя писать нельзя.');
exit;
}
$flood = mysql_query("SELECT `time` FROM `mail_messages` WHERE `user` = '" . $u['id'] . "' AND `time` > '" . (time() - $system['mail_sms']) . "'");
if (mysql_num_rows($flood)) {
error('Не так быстро!');
exit;
}
$req = mysql_query("SELECT * FROM `mail_contacts` WHERE `user` = '" . $u['id'] . "' and `contact` = '" . $user['id'] . "' LIMIT 1");
if (mysql_num_rows($req) == 0)
mysql_query("INSERT INTO `mail_contacts` SET
`user` = '" . $u['id'] . "',
`contact` = '" . $user['id'] . "',
`time` = '" . time() . "'
");
$req = mysql_query("SELECT * FROM `mail_contacts` WHERE `user` = '" . $user['id'] . "' and `contact` = '" . $u['id'] . "' LIMIT 1");
if (mysql_num_rows($req) == 0)
mysql_query("INSERT INTO `mail_contacts` SET
`user` = '" . $user['id'] . "',
`contact` = '" . $u['id'] . "',
`time` = '" . time() . "'
");
$message = check(substr($_POST['message'], 0, 2000));
mysql_query("INSERT INTO `mail_messages` SET
`user` = '" . $user['id'] . "',
`outuser` = '" . $u['id'] . "',
`inuser` = '" . $user['id'] . "',
`message` = '$message',
`time` = '" . time() . "',
`new` = '1'
");
$id = mysql_insert_id();
mysql_query("INSERT INTO `mail_messages` SET
`user` = '" . $u['id'] . "',
`outuser` = '" . $u['id'] . "',
`inuser` = '" . $user['id'] . "',
`message` = '$message',
`time` = '" . time() . "',
`new` = '1',
`id2` = '$id'
");
mysql_query("UPDATE `mail_contacts` SET
`time` = '" . time() . "'
WHERE
(`user` = '" . $u['id'] . "' and `contact` = '" . $user['id'] . "') or
(`user` = '" . $user['id'] . "' and `contact` = '" . $u['id'] . "')
");
mysql_query("UPDATE `users` SET
`count_mail` = `count_mail`+1
WHERE
`id` = '" . $user['id'] . "'
");
header("Location: mail.php?act=view&id=" . $user["id"] . "&ok");
exit;
}
header("Location: mail.php?act=view&id=" . $user["id"] . "");
break;
case 'view':
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Просмотр сообщений~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
if (isset($_GET['id'])) {
$id = num($_GET['id']);
$req = mysql_query("SELECT `id`,`login`,`sex`,`admin`,`online` FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$user = mysql_fetch_assoc($req);
}
}
if (empty($user)) {
error(' Ошибка! Нет такого пользователя. ');
exit;
}
$req = mysql_query("SELECT `id` FROM `mail_messages` WHERE `user` = '" . $u['id'] . "' and `outuser` = '" . $user['id'] . "' and `inuser` = '" . $u['id'] . "' and `new` = '1'");
$count_req = mysql_num_rows($req);
if ($count_req) {
$u['count_mail'] = $u['count_mail'] - $count_req;
mysql_query("UPDATE `users` SET
`count_mail` = `count_mail`-'" . $count_req . "'
WHERE
`id` = '" . $u['id'] . "'
");
while ($res = mysql_fetch_assoc($req)) {
mysql_query("UPDATE `mail_messages` SET `new` = 0 WHERE `id` = '" . $res['id'] . "'");
mysql_query("UPDATE `mail_messages` SET `new` = 0 WHERE `id2` = '" . $res['id'] . "'");
}
}
$title = $title . ' :: Почта';
include 'head.php';
require('core/bb_code.php');
echo '<div class="title"><center>Почта :: <a href = "page.php?id=' . $user['id'] . '">' . $user['login'] . '</a></center></div>';
if (isset($_GET['ok'])) {
echo '<div class="div"><center> <font color="green">Сообщение отправлено</font> </center></div> ';
}
if (isset($_GET['del'])) {
$del = num($_GET['del']);
$req = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '" . $u['id'] . "') and ((`inuser` = '" . $u['id'] . "' and `outuser` = '" . $user['id'] . "') or (`inuser` = '" . $user['id'] . "' and `outuser` = '" . $u['id'] . "')) and `id` = '$del' LIMIT 1");
$req = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '" . $u['id'] . "') and ((`inuser` = '" . $u['id'] . "' and `outuser` = '" . $user['id'] . "') or (`inuser` = '" . $user['id'] . "' and `outuser` = '" . $u['id'] . "')) LIMIT 1");
if (mysql_num_rows($req) == 0) {
mysql_query("DELETE FROM `mail_contacts` WHERE `user` = '" . $u['id'] . "' and `contact` = '" . $user['id'] . "'");
}
}
if (isset($_GET['spam'])) {
$spam = num($_GET['spam']);
$req = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '" . $u['id'] . "') and (`inuser` = '" . $u['id'] . "' and `outuser` = '" . $user['id'] . "') and `id` = '$spam' LIMIT 1");
if (mysql_num_rows($req)) {
$msg = mysql_fetch_assoc($req);
$message = check($msg['message']);
mysql_query("INSERT INTO `spam` SET
`user` = '" . $u['id'] . "',
`spamer` = '" . $user['id'] . "',
`message` = '$message',
`type` = 'mail',
`time` = '" . time() . "'
");
mysql_query("DELETE FROM `mail_messages` WHERE `id` = '$spam'");
$req = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '" . $u['id'] . "') and ((`inuser` = '" . $u['id'] . "' and `outuser` = '" . $user['id'] . "') or (`inuser` = '" . $user['id'] . "' and `outuser` = '" . $u['id'] . "')) LIMIT 1");
if (mysql_num_rows($req) == 0) {
mysql_query("DELETE FROM `mail_contacts` WHERE `user` = '" . $u['id'] . "' and `contact` = '" . $user['id'] . "'");
}
$mn = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_messages` WHERE `user` = '" . $u['id'] . "' and `inuser` = '" . $u['id'] . "' and `new` = '1'"), 0);
mysql_query("UPDATE `users` SET `count_mail` = '$mn' WHERE `id` = '" . $u['id'] . "'");
error(' Сообщение отправлено администрации и удалено!');
}
}
$res = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '" . $user['id'] . "' LIMIT 1"));
$lol = $res['priv_mail'];
if (($lol) == 1) {
$req = mysql_query("SELECT * FROM `friends` WHERE `user` = '" . $u['id'] . "' and friend = '" . $user['id'] . "' LIMIT 1");
if (mysql_num_rows($req)) {
//Проверяем на дружбу
echo '<div class="page_menu">';
echo '<form action="?act=ok&id=' . $user['id'] . '" method="post">';
echo '<textarea cols="20" rows="3" name="message">';
echo '</textarea><br>';
echo '<input type="submit" name="submit" value="Отправить" class="submit">
<a href = "smiles.php">Смайлы</a> | <a href = "code.php">Теги</a>
</form></div>';
} else {
error('Пользователю могут писать только друзья!');
}
} else {
echo '<div class="page_menu">';
echo '<form action="?act=ok&id=' . $user['id'] . '" method="post">';
echo '<textarea cols="20" rows="3" name="message">';
echo '</textarea><br>';
echo '<input type="submit" name="submit" value="Отправить" class="submit">
<a href = "smiles.php">Смайлы</a> | <a href = "code.php">Теги</a>
</form></div>';
}
if ($u['setting_mail_list']){
$count = $u['setting_mail_list'];
}
else
{
$count = 10;
}
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_messages` WHERE (`user` = '" . $u['id'] . "') and ((`inuser` = '" . $u['id'] . "' and `outuser` = '" . $user['id'] . "') or (`inuser` = '" . $user['id'] . "' and `outuser` = '" . $u['id'] . "'))"), 0);
if ($all > 0) {
$total = intval(($all - 1) / $count) + 1;
@$page = num($_GET['page']);
if (empty($page) or $page < 0)
$page = 1;
if ($page > $total)
$page = $total;
$start = $page * $count - $count;
echo '<div class="title">';
echo 'Сообщений (' . $all . ') ';
echo '</div>';
$result = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '" . $u['id'] . "') and ((`inuser` = '" . $u['id'] . "' and `outuser` = '" . $user['id'] . "') or (`inuser` = '" . $user['id'] . "' and `outuser` = '" . $u['id'] . "')) ORDER BY `time` DESC LIMIT $start, $count");
while ($mail = mysql_fetch_assoc($result)) {
echo '<div class="item">';
$contact = mysql_fetch_assoc(mysql_query("SELECT `id`,`login`,`sex`,`admin`,`online` FROM `users` WHERE `id` = '" . $mail["outuser"] . "'"));
$message = checkout($mail['message']);
echo ' ' . ico($contact['sex'], $contact['admin'], $contact['online']) . ' <a href = "page.php?id=' . $contact['id'] . '"><b><font color="#79358c">' . $contact['login'] . '</font></b></a>';
echo '<span style="float:right;color:green;">(' . vremya($mail['time']) . ')</span>';
if ($mail['new'] == 1)
echo ' <font color="red"><small>Не прочитано</small></font>';
echo '</br>' . smile(links(bb_code($message))) . '<br />';
if ($contact['id'] != $u['id'])
echo '<small> <span style="float:right;">[<a href = "?act=view&id=' . $user['id'] . '&spam=' . $mail['id'] . '"><font color="red">Жалоба</font></a>]</span></small>';
echo '</div>';
}
echo '</div>';
navigation($page, $total, '?act=view&id=' . $user['id'] . '&');
}
echo '<div class="title">';
echo '<img src="style/page/delete.gif"> <a href = "?act=delete_dialog&id=' . $user['id'] . '">Удалить контакт ' . $user['login'] . '</a>';
echo '</div>';
include 'foot.php';
break;
case 'write':
if (isset($_GET['id'])) {
$id = num($_GET['id']);
$req = mysql_query("SELECT * FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req) and $id != $u['id']) {
header("Location: ?act=view&id=" . $id . "");
exit;
}
} else {
header("Location: ?");
exit;
}
break;
//~~~~~~~~~~~~~~Удалить Диалог~~~~~~~~~~~~~~~~~~//
case 'delete_dialog':
if (isset($_GET['id'])) {
$id = num($_GET['id']);
$req = mysql_query("SELECT `id`,`login`,`sex`,`admin`,`online` FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$user = mysql_fetch_assoc($req);
}
}
if (empty($user)) {
error(' Нет такого пользователя ');
exit;
}
$req = mysql_query("SELECT * FROM `mail_contacts` WHERE `user` = '" . $u['id'] . "' and `contact` = '" . $user['id'] . "' LIMIT 1");
if (mysql_num_rows($req) == 0) {
header("Location: ?");
exit;
}
if (isset($_POST['submit'])) {
mysql_query("DELETE FROM `mail_messages` WHERE (`user` = '" . $u['id'] . "') and ((`inuser` = '" . $u['id'] . "' and `outuser` = '" . $user['id'] . "') or (`inuser` = '" . $user['id'] . "' and `outuser` = '" . $u['id'] . "'))");
mysql_query("DELETE FROM `mail_contacts` WHERE `user` = '" . $u['id'] . "' and `contact` = '" . $user['id'] . "'");
$mn = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_messages` WHERE `user` = '" . $u['id'] . "' and `inuser` = '" . $u['id'] . "' and `new` = '1'"), 0);
mysql_query("UPDATE `users` SET `count_mail` = '$mn' WHERE `id` = '" . $u['id'] . "'");
header("Location: ?");
exit;
}
$title = $title . ' :: Почта';
include 'head.php';
echo '<div class="title"><center><a href="mail.php?">Почта</a> :: Удалить</center></div>';
echo '<div class="div">';
echo 'Вы действительно хотите удалить контакт <a href = "page.php?id=' . $user['id'] . '"><b><font color="#79358c">' . $user['login'] . '</font></b></a> ?';
echo '<form action="?act=delete_dialog&id=' . $user['id'] . '" method="post">';
echo '<input type="submit" name="submit" value="Да, удалить" class="submit white"/>';
echo '</form></div>';
echo '<div class="title">';
echo '<img src="style/page/back.png" alt="Back"> <a href = "?sid=back" onclick="history.back()">Назад</a>';
echo '</div>';
include 'foot.php';
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Диалоги~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
default:
$title = $title . ' :: Почта';
include 'head.php';
echo '<div class="title"><center>Почта</center></div>';
if (@$_GET['err']) {
error(' Ошибка!');
}
if ($u['setting_mail_list'])
$count = $u['setting_mail_list']; else
$count = 10;
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_contacts` WHERE `user` = '" . $u['id'] . "'"), 0);
if ($all > 0) {
$total = intval(($all - 1) / $count) + 1;
@$page = num($_GET['page']);
if (empty($page) or $page < 0)
$page = 1;
if ($page > $total)
$page = $total;
$start = $page * $count - $count;
$result = mysql_query("SELECT * FROM `mail_contacts` WHERE `user` = '" . $u['id'] . "' ORDER BY `time` DESC LIMIT $start, 10");
while ($mail = mysql_fetch_assoc($result)) {
$user = mysql_fetch_assoc(mysql_query("SELECT `id`,`login`,`sex`,`admin`,`online` FROM `users` WHERE `id` = '" . $mail["contact"] . "'"));
$last = mysql_fetch_array(mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '" . $u['id'] . "') and ((`inuser` = '" . $u['id'] . "' and `outuser` = '" . $user['id'] . "') or (`inuser` = '" . $user['id'] . "' and `outuser` = '" . $u['id'] . "')) ORDER BY `time` DESC"));
echo '<div class="item">';
echo '<table><tr><td VALIGN=top>';
ava($user['id'], 50);
echo '</td><td VALIGN=top>';
if ($last['new'] == 1 and $last['outuser'] != $u['id']) {
if (@$user['delete'] == 1) {
echo '' . ico($user['sex'], $user['admin'], $user['online']) . ' <a href = "mail.php?act=view&id=' . $user['id'] . '"><b><font color="red"><del>' . $user['login'] . '</del></font></b></a>';
} else {
echo '' . ico($user['sex'], $user['admin'], $user['online']) . ' <a href = "mail.php?act=view&id=' . $user['id'] . '"><b><font color="red">' . $user['login'] . '</font></b></a>';
}
} else {
if (@$user['delete'] == 1) {
echo '' . ico($user['sex'], $user['admin'], $user['online']) . ' <a href = "mail.php?act=view&id=' . $user['id'] . '"><del><b><font color="#79358c">' . $user['login'] . '</font></b></del></a>';
} else {
echo '' . ico($user['sex'], $user['admin'], $user['online']) . ' <a href = "mail.php?act=view&id=' . $user['id'] . '"><b><font color="#79358c">' . $user['login'] . '</font></b></a>';
}
}
if ($last['new'] == 1 and $last['outuser'] != $u['id']) {
echo '</br><span style="float:right;color:red;">Не прочитано</span>';
}
Echo '</table></div>';
}
echo '</div>';
navigation($page, $total, '?');
} else {
echo '<div class="div">Почта пуста!</div>';
}
include 'foot.php';
break;
}
?>