Файл: plugins/user/mail/dialog.php
Строк: 25
<?php
core::only('user');
if (isset($_GET['id']))
{
$profile = $db->query("SELECT * FROM `users` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1")->fetch_assoc();
}
if (empty($profile))
core::go("/");
if ($db->query("SELECT * FROM `mail` WHERE `id_profile` = '$user[id]' AND `read` = '0' ")->num_rows != 0)
{
$db->query("UPDATE `mail` SET `read` = '1' WHERE `id_profile` = '$user[id]' AND `id_user` = '$profile[id]'");
}
$title = 'Диалог с '.$profile['login'];
require (SYS.'head.php');
if (isset($_GET['delete']))
{
$post = $db->query("SELECT * FROM `mail` WHERE `id` = '".intval($_GET['delete'])."' LIMIT 1")->fetch_assoc();
if ($user['id'] != $post['id_user'] && $user['level'] < 1)
{
$error = 'Недостаточно прав.';
}
elseif (empty($post))
{
$error = 'Сообщение не существует';
}
else
{
$db->query("DELETE FROM `mail` WHERE `id` = '".$post['id']."' LIMIT 1");
core::go('?');
}
}
if (isset($_POST['text']))
{
if (core::strlen($_POST['text']) > 5000)
{
$error = 'Длинный текст.';
}
elseif (core::strlen($_POST['text']) < 1)
{
$error = 'Короткий текст.';
}
elseif ($db->query("SELECT * FROM `mail` WHERE `text` = '".core::input($_POST['text'])."' AND `id_user` = '".$user['id']."' AND `id_profile` = '".$profile['id']."'")->num_rows == 1)
{
$error = 'Сообщение уже существует.';
}
elseif (empty($error))
{
$db->query("INSERT INTO `mail` SET `text` = '".core::input($_POST['text'])."', `id_user` = '".$user['id']."', `id_profile` = '".$profile['id']."', `time` = '".TIME."'");
}
}
$elements[] = [
'type' => 'textarea',
'title' => 'Сообщение',
'br' => 1,
'info' => [
'name' => 'text',
]
];
$elements[] = [
'type' => 'submit',
'info' => [
'value' => 'Отправить'
]
];
$smarty->assign([
'method' => 'POST',
'action' => '?',
'el' => $elements
]);
$smarty->display('form.tpl');
core::show('error');
$all = $db->query("SELECT * FROM `mail` WHERE `id_user` = '$user[id]' AND `id_profile` = '$profile[id]' OR `id_user` = '$profile[id]' AND `id_profile` = '$user[id]'")->num_rows;
$pages = new pages($all, $set['user_pages']);
$query = $db->query("SELECT * FROM `mail` WHERE `id_user` = '$user[id]' AND `id_profile` = '$profile[id]' OR `id_user` = '$profile[id]' AND `id_profile` = '$user[id]' ORDER BY `id` DESC LIMIT $start, $set[user_pages]");
while ($list = $query->fetch_assoc())
{
$posts[] = [
'div' => $list['read'] != 1 ? 'listing2' : NULL,
'image' => user::photo($list['id_user']),
'title' => user::login($list['id_user']),
'time' => core::time($list['time']),
'post' => core::output($list['text']),
'action' => [
'delete' => (isset($user) && $user['id'] == $list['id_user']) ? '?delete='.$list['id'] : NULL
]
];
}
if ($all == 0)
$posts[] = [
'title' => 'Нет сообщений.'
];
$smarty->assign('post', $posts);
$smarty->display('posts.tpl');
$pages->view('?');
require (SYS.'foot.php');