Файл: system/mail.php
Строк: 306
<?
include 'connect.php';
if(!$u['id']){
header ("Location: registration.php?err=1");
exit;}
switch ($_GET['act']) {
case 'ok':
//~~~~~~~~~~~~~~~~~~~~~~Отправляем~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT `id` FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)){
$user = mysql_fetch_assoc($req);
}
}
if(empty($user)){
error('Ошибка ! нет такого пользователя.');
exit;
}
if (isset($_POST['message']) && $_POST['message']){
if($user['id'] == $u['id']){
error('Ошибка ! себя писать нельзя.');
exit;
}
$flood = mysql_query("SELECT `time` FROM `mail_messages` WHERE `user` = '".$u['id']."' AND `time` > '" . (time() - 3) . "'");
if (mysql_num_rows($flood)) {
error('Не так быстро !');
exit;
}
$req = mysql_query("SELECT * FROM `mail_contacts` WHERE `user` = '".$u['id']."' and `contact` = '".$user['id']."' LIMIT 1");
if (mysql_num_rows($req) == 0)
mysql_query("INSERT INTO `mail_contacts` SET
`user` = '".$u['id']."',
`contact` = '".$user['id']."',
`time` = '".time()."'
");
$req = mysql_query("SELECT * FROM `mail_contacts` WHERE `user` = '".$user['id']."' and `contact` = '".$u['id']."' LIMIT 1");
if (mysql_num_rows($req) == 0)
mysql_query("INSERT INTO `mail_contacts` SET
`user` = '".$user['id']."',
`contact` = '".$u['id']."',
`time` = '".time()."'
");
$message = check(substr($_POST['message'], 0, 2000));
mysql_query("INSERT INTO `mail_messages` SET
`user` = '".$user['id']."',
`outuser` = '".$u['id']."',
`inuser` = '".$user['id']."',
`message` = '$message',
`time` = '".time()."',
`new` = '1'
");
$id=mysql_insert_id();
mysql_query("INSERT INTO `mail_messages` SET
`user` = '".$u['id']."',
`outuser` = '".$u['id']."',
`inuser` = '".$user['id']."',
`message` = '$message',
`time` = '".time()."',
`new` = '1',
`id2` = '$id'
");
mysql_query("UPDATE `mail_contacts` SET
`time` = '".time()."'
WHERE
(`user` = '".$u['id']."' and `contact` = '".$user['id']."') or
(`user` = '".$user['id']."' and `contact` = '".$u['id']."')
");
mysql_query("UPDATE `users` SET
`count_mail` = `count_mail`+1
WHERE
`id` = '".$user['id']."'
");
header ("Location: mail.php?act=view&id=".$user["id"]."&ok");
exit;
}
header ("Location: mail.php?act=view&id=".$user["id"]."");
break;
case 'view':
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Просмотр сообщений~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT `id`,`login`,`sex`,`admin`,`online` FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)){
$user = mysql_fetch_assoc($req);
}
}
if(empty($user)){
error(' Ошибка ! нет такого пользователя . ');
exit;
}
$req = mysql_query("SELECT `id` FROM `mail_messages` WHERE `user` = '".$u['id']."' and `outuser` = '".$user['id']."' and `inuser` = '".$u['id']."' and `new` = '1'");
$count_req = mysql_num_rows($req);
if($count_req){
$u['count_mail'] = $u['count_mail']-$count_req;
mysql_query("UPDATE `users` SET
`count_mail` = `count_mail`-'".$count_req."'
WHERE
`id` = '".$u['id']."'
");
while ($res = mysql_fetch_assoc($req)) {
mysql_query("UPDATE `mail_messages` SET `new` = 0 WHERE `id` = '".$res['id']."'");
mysql_query("UPDATE `mail_messages` SET `new` = 0 WHERE `id2` = '".$res['id']."'");
}
}
$title = $title.' | Сообщения';
if(ban($user['id'])){
include 'head.php';
error(' Пользователь заблокирован ! ');
include 'foot.php';
exit;
}
include 'head.php';
require('core/bb_code.php');
echo '<div class="title"><img src="ico/mail.png"> Сообщения <b>Диалоги</b></div>';
echo '<div class="nav">';
echo '<a href = "mail.php"> Диалоги </a> / Диалог с <a href = "/'.$user['id'].'">'.$user['login'].'</a></div>';
if(isset($_GET['ok'])) {
ok(' Сообщение отправлено ');}
if(isset($_GET['del'])){
$del = num($_GET['del']);
$req = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '".$u['id']."') and ((`inuser` = '".$u['id']."' and `outuser` = '".$user['id']."') or (`inuser` = '".$user['id']."' and `outuser` = '".$u['id']."')) and `id` = '$del' LIMIT 1");
if (mysql_num_rows($req)) {
mysql_query("DELETE FROM `mail_messages` WHERE `id` = '$del'");
$req = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '".$u['id']."') and ((`inuser` = '".$u['id']."' and `outuser` = '".$user['id']."') or (`inuser` = '".$user['id']."' and `outuser` = '".$u['id']."')) LIMIT 1");
if (mysql_num_rows($req) == 0) {
mysql_query("DELETE FROM `mail_contacts` WHERE `user` = '".$u['id']."' and `contact` = '".$user['id']."'");
}
$mn = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_messages` WHERE `user` = '".$u['id']."' and `inuser` = '".$u['id']."' and `new` = '1'"), 0);
mysql_query("UPDATE `users` SET `count_mail` = '$mn' WHERE `id` = '".$u['id']."'");
ok(' Сообщение удалено ! ');
}
}
if(isset($_GET['spam'])){
$spam = num($_GET['spam']);
$req = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '".$u['id']."') and (`inuser` = '".$u['id']."' and `outuser` = '".$user['id']."') and `id` = '$spam' LIMIT 1");
if (mysql_num_rows($req)) {
$msg = mysql_fetch_assoc($req);
$message = check($msg['message']);
mysql_query("INSERT INTO `spam` SET
`user` = '".$u['id']."',
`spamer` = '".$user['id']."',
`message` = '$message',
`type` = 'mail',
`time` = '".time()."'
");
mysql_query("DELETE FROM `mail_messages` WHERE `id` = '$spam'");
$req = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '".$u['id']."') and ((`inuser` = '".$u['id']."' and `outuser` = '".$user['id']."') or (`inuser` = '".$user['id']."' and `outuser` = '".$u['id']."')) LIMIT 1");
if (mysql_num_rows($req) == 0) {
mysql_query("DELETE FROM `mail_contacts` WHERE `user` = '".$u['id']."' and `contact` = '".$user['id']."'");
}
$mn = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_messages` WHERE `user` = '".$u['id']."' and `inuser` = '".$u['id']."' and `new` = '1'"), 0);
mysql_query("UPDATE `users` SET `count_mail` = '$mn' WHERE `id` = '".$u['id']."'");
error(' Сообщение помечено как спам и удалено !');
}
}
echo '<div class="app">';
echo '<form action="?act=ok&id='.$user['id'].'" method="post">';
echo '<textarea cols="20" rows="3" name="message" style="width: 97%">';
echo '</textarea><br>';
echo '<input type="submit" name="submit" value="Отправить" class="submit"><small>
<a href = "?act=view&id='.$user['id'].'&refresh='.rand(1,9999).'"> Обновить</a> | <a href = "smiles.php">Смайлы</a> | <a href = "code.php">BB-коды</a></small>
</form></div>';
if($u['setting_mail_list']) $count = $u['setting_mail_list']; else $count = 10;
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_messages` WHERE (`user` = '".$u['id']."') and ((`inuser` = '".$u['id']."' and `outuser` = '".$user['id']."') or (`inuser` = '".$user['id']."' and `outuser` = '".$u['id']."'))"), 0);
if($all > 0){
$total = intval(($all - 1) / $count) + 1;
$page = num($_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * $count - $count;
echo '<div class="nav">';
if ($page != $total) {
echo '<a name="page-up" style="float: right; text-decoration: none;" href="#page-down"><img src = "ico/page_down.png"></a>';
}
echo 'Сообщений ('.$all.') ';
echo '</div>';
$result = mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '".$u['id']."') and ((`inuser` = '".$u['id']."' and `outuser` = '".$user['id']."') or (`inuser` = '".$user['id']."' and `outuser` = '".$u['id']."')) ORDER BY `time` DESC LIMIT $start, $count");
while($mail = mysql_fetch_assoc($result)){
echo $i % 2 ? '<div class="div">' : '<div class="div">';
$contact = mysql_fetch_assoc(mysql_query("SELECT `id`,`login`,`sex`,`admin`,`online` FROM `users` WHERE `id` = '".$mail["outuser"]."'"));
$message = checkout($mail['message']);
echo ' '.ico($contact['sex'],$contact['admin']).' <a href = "/'.$contact['id'].'"> '.$contact['login'].' </a>'.online($contact['online']).' '.vremya($mail['time']).'';
if($mail['new'] == 1) echo ' / <font color="red"><small>Не прочитано</small></font>';
echo '</br>'.smile(links(bb_code($message))).'';
echo '</br>';
echo '<small>';
if($contact['id'] != $u['id']) echo '[<a href = "?act=view&id='.$user['id'].'&spam='.$mail['id'].'">Спам</a>]';
echo ' [<a href = "?act=view&id='.$user['id'].'&del='.$mail['id'].'"><font color="red"><b>x</b></font> Удал</a>]';
echo '</small>';
echo '</div>';
$i++;
}
echo '</div>';
echo '<div class="nav">';
if ($page != $total) {
echo '<a name="page-down" style="float: right; text-decoration: none;" href="#page-up"><img src = "ico/page_up.png"></a>';
}
echo '<a href = "mail.php"> Диалоги </a> / Диалог с <a href = "/'.$user['id'].'">'.$user['login'].'</a>';
echo '</div>';
navigation($page, $total,'?act=view&id='.$user['id'].'&');
}else{
error(' История переписки пуста !');
}
echo '</div>';
include 'foot.php';
break;
case 'write':
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req) and $id != $u['id']) {
header ("Location: ?act=view&id=".$id."");
exit;
}
} else {
header ("Location: ?");
exit;
}
break;
//~~~~~~~~~~~~~~Удалить Диалог~~~~~~~~~~~~~~~~~~//
case 'delete_dialog':
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT `id`,`login`,`sex`,`admin`,`online` FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)){
$user = mysql_fetch_assoc($req);
}
}
if(empty($user)){
error(' Нет такого пользователя ');
exit;
}
$req = mysql_query("SELECT * FROM `mail_contacts` WHERE `user` = '".$u['id']."' and `contact` = '".$user['id']."' LIMIT 1");
if (mysql_num_rows($req) == 0){
header ("Location: ?");
exit;
}
if (isset($_POST['submit'])) {
mysql_query("DELETE FROM `mail_messages` WHERE (`user` = '".$u['id']."') and ((`inuser` = '".$u['id']."' and `outuser` = '".$user['id']."') or (`inuser` = '".$user['id']."' and `outuser` = '".$u['id']."'))");
mysql_query("DELETE FROM `mail_contacts` WHERE `user` = '".$u['id']."' and `contact` = '".$user['id']."'");
$mn = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_messages` WHERE `user` = '".$u['id']."' and `inuser` = '".$u['id']."' and `new` = '1'"), 0);
mysql_query("UPDATE `users` SET `count_mail` = '$mn' WHERE `id` = '".$u['id']."'");
header ("Location: ?");
exit;
}
$title = $title.' | Сообщения';
include 'head.php';
echo '<div class="title"><img src="ico/mail.png"> Сообщения <b>Диалоги</b></div>';
echo '<div class="nav"> <a href = "?"> Диалоги </a> | <a href = "/'.$user['id'].'">'.$user['login'].'</a></div>';
echo '<div class="div">';
echo 'Вы действительно хотите удалить диалог с пользователем <a href = "/'.$user['id'].'">'.$user['login'].'</a>?';
echo '<form action="?act=delete_dialog&id='.$user['id'].'" method="post">';
echo '<input type="submit" name="submit" value="Да, удалить" class="submit white"/>';
echo '</form></div>';
echo '</div>';
include 'foot.php';
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Отключить предупреждение~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'warning=off':
if($u['panel1'] == 0) {
$u['mail']++;
mysql_query("UPDATE `users` SET `mail` = '".$u['mail']."' WHERE `id` = '".$u['id']."'");
header ("Location: mail.php?ok=1");
} else {
header ("Location: mail.php?err=1");
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Диалоги~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
default:
$title = $title.' | Сообщения';
include 'head.php';
echo '<div class="title"><img src="ico/mail.png"> Сообщения <b>Диалоги</b></div>';
if($_GET['err']) {
error(' Ошибка !');
}
if($_GET['ok']) {
ok(' Успешно ! Настоятельно рекомендуем</br> вам не указывать никаких своих данных на сторонних сайтах.');
}
if($u['setting_mail_list']) $count = $u['setting_mail_list']; else $count = 10;
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_contacts` WHERE `user` = '".$u['id']."'"), 0);
if($all > 0){
$total = intval(($all - 1) / $count) + 1;
$page = num($_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * $count - $count;
echo '<div class="nav">';
if ($page != $total) {
echo '<a name="page-up" style="float: right; text-decoration: none;" href="#page-down"><img src = "ico/page_down.png"></a>';
}
echo '<a href = "mail.php"> Диалоги </a>('.$all.')';
echo '</div>';
$result = mysql_query("SELECT * FROM `mail_contacts` WHERE `user` = '".$u['id']."' ORDER BY `time` DESC LIMIT $start, 10");
while($mail = mysql_fetch_assoc($result)){
$user = mysql_fetch_assoc(mysql_query("SELECT `id`,`login`,`sex`,`admin`,`online` FROM `users` WHERE `id` = '".$mail["contact"]."'"));
$last = mysql_fetch_array(mysql_query("SELECT * FROM `mail_messages` WHERE (`user` = '".$u['id']."') and ((`inuser` = '".$u['id']."' and `outuser` = '".$user['id']."') or (`inuser` = '".$user['id']."' and `outuser` = '".$u['id']."')) ORDER BY `time` DESC"));
echo $i % 2 ? '<div class="div">' : '<div class="div">';
if($last['new'] == 1 and $last['outuser'] != $u['id']) {
if(ban($user['id'])){
echo ''.ico($user['sex'],$user['admin']).' <a href = "mail.php?act=view&id='.$user['id'].'"><b><font color="red"><del>'.$user['login'].'</del></font></b></a> '.online($user['online']).'';
} else {
echo ''.ico($user['sex'],$user['admin']).' <a href = "mail.php?act=view&id='.$user['id'].'"><b><font color="red">'.$user['login'].'</font></b></a> '.online($user['online']).'';
}
} else {
if(ban($user['id'])){
echo ''.ico($user['sex'],$user['admin']).' <a href = "mail.php?act=view&id='.$user['id'].'"><del>'.$user['login'].'</del></a> '.online($user['online']).'';
} else {
echo ''.ico($user['sex'],$user['admin']).' <a href = "mail.php?act=view&id='.$user['id'].'">'.$user['login'].'</a> '.online($user['online']).'';
}
}
echo ' '.vremya($mail['time']).'';
if($last['new'] == 1 and $last['outuser'] != $u['id']) {
echo ' / <small><font color="red">Не прочитано</font> </small>';
}
echo '</br><small>
[<a href = "?act=delete_dialog&id='.$user['id'].'"><font color="red"><b>x</b></font>Удал</a>]</small>';
echo '</div>';
$i++;
}
echo '</div>';
if($u['mail'] == 0) {
echo '<div class="cred">
<b>Администрация сайта никогда не попросит вас</br></b>
<u>выслать пароль,</br> отправить смс,</br> зайти на какой-либо сайт.</u></br>
<b>Не сообщайте свой пароль и третьим лицам!</br>Все сообщения такого типа являются мошеничеством или рекламой.</br>
Если вы получили такое сообщение нажмите "<font color="red">Спам</font>" возле сообщения!</b>
<a href = "mail.php?act=warning=off"><img src="ico/mdel.gif"></div>';
}
echo '<div class="nav">';
if ($page != $total) {
echo '<a name="page-down" style="float: right; text-decoration: none;" href="#page-up"><img src = "ico/page_up.png"></a>';
}
echo '<a href = "mail.php"> Диалоги </a>('.$all.')';
echo '</div>';
navigation($page, $total,'?');
}else{
error(' У Вас нет ни одного диалога с пользователями !');
}
include 'foot.php';
break;
}
?>