Файл: spuff.ru/other/main.php
Строк: 346
<?php
$title = 'Личный кабинет';
require_once '../includes/sys.php';
require_once '../includes/auth_u.php';
require_once '../includes/header.php';
session_start();
switch ($act) {
default:
if (!empty($u['name'])) {
tp('<a href="profile.php?id='.$u['id'].'"><b>'.username($u['id'], 2).'</b></a> ('.$u['name'].')');
} else {
tp('<a href="profile.php?id='.$u['id'].'"><b>'.username($u['id'], 2).'</b></a> - Личный кабинет');
}
$pm_conv = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_user` = '$u[id]'"), 0);
$pm_new = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_user` = '$u[id]' and `read` = 0"), 0);
echo '<div class="row"><img src="/images/editprofile.png"> <a href="?act=edit">Изменить профиль</a></div>
<div class="row"><img src="/images/pm.png"> <a href="?act=pm">Приват</a></div>
<div class="row"><img src="../images/pm_new.png"> <a href="?act=send"> Написать сообщение</a></div>';
echo '<div class="row"><img src="/images/friends.png"> <a href="?act=my_friends">Мои друзья</a></div>
<div class="row"><img src="../images/blacklist.png"> <a href="?act=blacklist">Чёрный список</a></div>
<div class="row"><img src="../images/settings.png"> <a href="?act=set">Настройки</a></div>
<div class="row"><img src="../images/password.png"> <a href="/avatars/">Загрузить аватар</a></div>
<div class="row"><img src="../images/password.png"> <a href="?act=pass">E-mail и пароль</a></div>
<div class="row"><img src="../images/exit.gif"> <a href="?act=signout">Выход</a></div>';
break;
case 'blacklist':
tp('<a href="?">ЛК</a>» Черный список');
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `blacklist` WHERE `blacklisted_by` = '$u[id]'"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$blacklist_r = mysql_query("SELECT * FROM `blacklist` WHERE `blacklisted_by` = '$u[id]' ORDER BY `id` DESC LIMIT $begin, $config[onpage]");
while ($blacklist = mysql_fetch_assoc($blacklist_r)) {
echo '<div class="raz">» <a href="profile.php?id='.$blacklist['id_user'].'">'.username($blacklist['id_user'], 2).'</a> [<a href="?act=blacklist&del='.$blacklist['id'].'" style="color:red">DEL</a>]</div>';
}
navig($page, '?act=blacklist&', $pages);
if (isset($_GET['del'])) {
$id_blacklisted = abs(intval($_GET['del']));
$blacklisted_r = mysql_query("SELECT `id` FROM `blacklist` WHERE `id` = '$id_blacklisted' and `blacklisted_by` = '$u[id]'");
if (mysql_num_rows($blacklisted_r)) {
mysql_query("DELETE FROM `blacklist` WHERE `id` = '$id_blacklisted'");
}
redirect('?act=blacklist');
}
} else {
echo '<div class="error">Черный список пуст</div>';
}
break;
case 'edit':
if ($ok) {
$icq = abs(intval($_POST['icq']));
$name = check($_POST['name']);
$gender = abs(intval($_POST['gender']));
$from = check($_POST['from']);
$gorod=check($_POST['gorod']);
$birthday = check($_POST['birthday']);
$site = check($_POST['site']);
$about = check($_POST['about']);
mysql_query("UPDATE `users` SET `icq` = '$icq', `name` = '$name', `gender` = '$gender', `from` = '$from', `gorod` = '$gorod', `birthday` = '$birthday', `site` = '$site', `about` = '$about' WHERE `id` = '$u[id]'");
$_SESSION['note'] = 'Изменения успешно сохранены';
redirect('?act=edit');
} else {
tp('<a href="?">ЛК</a>» Изменить профиль');
echo '<div class="body">';
note();
echo '<form name="form" action="?act=edit&ok=1" method="post">
<b>Имя(max20):</b><br/><input type="text" name="name" value="'.$u['name'].'" maxlength="20"><br/>
<b>ICQ(max9):</b><br/><input name="icq" type="text" maxlength="9" value="'.$u['icq'].'" /><br/>
<b>Пол:</b> ';
switch ($u['gender']) {
case '1': echo 'Муж<input name="gender" type="radio" value="1" checked /> Жен <input name="gender" type="radio" value="2" />'; break;
case '2': echo 'Муж<input name="gender" type="radio" value="1" /> Жен<input name="gender" type="radio" value="2" checked />'; break;
default: echo 'Муж<input name="gender" type="radio" value="1" /> Жен<input name="gender" type="radio" value="2" />'; break;
}
echo '<br />
<b>Страна(max25):</b><br /><input name="from" type="text" maxlength="25" value="'.$u['from'].'" /><br />
<b>Город(max50):</b><br/><input type="text" name="gorod" value="'.$u['gorod'].'" maxlength="50"><br/>
<b>Дата рождения(дд.мм.гггг):</b><br /><input name="birthday" type="text" maxlength="25" value="'.$u['birthday'].'" /><br />
<b>Сайт:(без http://, max20):</b><br /><input name="site" type="text" maxlength="20" value="'.$u['site'].'" /><br />';
echo '<b>О себе(max250):</b><br /><textarea name="about" cols="" rows="3">'.$u['about'].'</textarea>
<input name="submit" type="submit" value="Сохранить" /></form></div>';
}
if ((!$u['wmid']) && (!$u['wmr'])){
if (isset($_GET['web'])){
$wmid=htmlspecialchars(mysql_real_escape_string($_POST['wmid']));
$wmr=htmlspecialchars(mysql_real_escape_string($_POST['wmr']));
mysql_query("UPDATE `users` SET `wmid` = '$wmid', `wmr` = '$wmr' WHERE `id` = '$u[id]'");
header('Location: ?act=edit');
}else{
tp('Данные webmoney (Заполняются один раз, изменить будет нельзя)');
echo '<div class="body">';
echo '<form action="?act=edit&web=1" method="post">
<b>WMID:</b><br/><input type="text" name="wmid" value="'.$u['wmid'].'"><br/><b>WMR: (без R то-ко цифры)</b><br/><input type="text" name="wmr" value="'.$u['wmr'].'"><input type="submit" value="Сохранить"></form>';
echo '</div>';
}
}
break;
case 'email':
if ($_POST['email'] and $_POST['currentpass']) {
$email = check($_POST['email']);
if (preg_match('/[0-9a-z_-]+@[0-9a-z_-^.]+.[a-z]{2,6}/i', $email)) {
$currentpass = md5(md5(check($_POST['currentpass'])));
if ($currentpass == $u['password']) {
mysql_query("UPDATE `users` SET `email` = '$email' WHERE `id` = '$u[id]'");
$_SESSION['note'] = 'изменения сохранены';
} else {
$_SESSION['note'] = 'не верный пароль';
}
} else {
$_SESSION['note'] = 'не верный @mail';
}
} else {
$_SESSION['note'] = 'Поля не могут быть пустыми';
}
redirect('?act=pass');
break;
case 'my_friends':
tp('<a href="?">ЛК</a>» Мои друзья');
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `my_friends` WHERE `is_friend_of` = '$u[id]'"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$friend_r = mysql_query("SELECT * FROM `my_friends` WHERE `is_friend_of` = '$u[id]' ORDER BY `id` DESC LIMIT $begin, $config[onpage]");
while ($friend = mysql_fetch_assoc($friend_r)) {
echo '<div class="raz"><a href="profile.php?id='.$friend['id_user'].'">'.username($friend['id_user'], 2).'</a> [<a href="?act=send&id='.$friend['id_user'].'">в приват</a>] [<a href="?act=my_friends&del='.$friend['id'].'">уд</a>]</div>';
}
navig($page, '?act=my_friend&', $pages);
if (isset($_GET['del'])) {
$id_friend = abs(intval($_GET['del']));
$friend_r = mysql_query("SELECT `id` FROM `my_friends` WHERE `id` = '$id_friend' and `is_friend_of` = '$u[id]'");
if (mysql_num_rows($friend_r)) {
mysql_query("DELETE FROM `my_friends` WHERE `id` = '$id_friend'");
}
redirect('?act=my_friends');
}
} else {
echo '<div class="error">У вас нет друзей</div>';
}
break;
case 'pass':
tp('<a href="?">ЛК</a> » E-маил и пароль');
echo '<div class="body">';
if ($ok) {
if ($_POST['newpass'] and $_POST['newpass_confirm'] and $_POST['oldpass']) {
$newpass = check($_POST['newpass']);
$newpass_confirm = check($_POST['newpass_confirm']);
$oldpass = md5(md5(check($_POST['oldpass'])));
if ($oldpass == $u['password']) {
if ($newpass == $newpass_confirm) {
mysql_query("UPDATE `users` SET `password` = '".md5(md5($newpass))."' WHERE `id` = '$u[id]'");
$_SESSION['note2'] = 'изменения сохранены';
} else {
$_SESSION['note2'] = 'Пароли не совпадают';
}
} else {
$_SESSION['note2'] = 'Старый пароль не верный';
}
} else {
$_SESSION['note2'] = 'Не заполнены поля';
}
redirect('?act=pass');
} else {
note();
echo '<b>Изменение Е-mail:</b><br/><form name="form" action="?act=email&ok=1" method="post">
<b>E-mail(max50):</b><br /><input name="email" type="text" maxlength="50" value="'.$u['email'].'" /><br />
<b>Пароль:</b><br /><input name="currentpass" type="password" maxlength="20" /><br />
<input name="submit" type="submit" value="Изменить">
</form>';
echo '</div><div class="body">';
if (isset($_SESSION['note2'])) {
echo '<b>'.$_SESSION['note2'].'</b><br />';
unset($_SESSION['note2']);
}
echo '<b>Изменение пароля:</b><form name="form" action="?act=pass&ok=1" method="post">
<b>Новый пароль(max20):</b><br /><input name="newpass" type="password" maxlength="20" /><br />
<b>Потвердите новый пароль:</b><br /><input name="newpass_confirm" type="password" maxlength="20" /><br />
<b>Старый пароль:</b><br /><input name="oldpass" type="password" maxlength="20" /><br />
<input name="submit" type="submit" value="Изменить" /></form></div>';
}
break;
case 'pm':
$pm_conv = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = '$u[id]'"), 0);
tp('<a href="?">ЛК</a> » Приват');
note();
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = $u[id]"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$pm_r = mysql_query("SELECT * FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = $u[id] ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($pm = mysql_fetch_assoc($pm_r)) {
$pm_msg = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_pm` = '$pm[id]'"), 0);
$pm_new=mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_pm` = '$pm[id]' and `id_user` = '$pm[id_user]' and `read` = 0"), 0);
$pm['id_sender'] == $u['id'] ? $id_partner = $pm['id_user'] : $id_partner = $pm['id_sender'];
echo '<div class="row"><a href="?act=pm_view&id='.$pm['id'].'">'.username($id_partner, 2).'</a> (<b>'.$pm_new.'</b>/'.$pm_msg.')</div>';
}
} else {
echo '<div class="error">Нет сообщений</div>';
}
navig($page, '?act=pm&', $pages);
break;
case 'pm_view':
$pm_r = mysql_query("SELECT * FROM `pm` WHERE `id` = '$id'");
$pm = mysql_fetch_assoc($pm_r);
if ($pm['id'] and ($u['id'] == $pm['id_user'] OR $u['id'] == $pm['id_sender'] OR access(3)) ) {
if ($pm['id_sender'] == $u['id']) {
$id_user = $pm['id_user'];
} else {
$id_user = $pm['id_sender'];
}
$pm_unread_r = mysql_query("SELECT `id` FROM `pm_msg` WHERE `id_pm` = '$id' and `id_user` = '$u[id]' and `read` = 0 ORDER BY `time`");
while ($pm_id = mysql_fetch_assoc($pm_unread_r)) {
mysql_query("UPDATE `pm_msg` SET `read` = 1 WHERE `id` = '$pm_id[id]'");
}
echo '<div class="title"><a href="?act=pm">Приват</a> » Разговор с '.username($id_user, 2).'</div>
<div class="body">'.bbpanel('form', 'text').'
<form name="form" action="?act=send&id='.$id_user.'&ok=1" method="post">
<input name="username" type="hidden" value="'.username($id_user, 0).'" />
<textarea name="text" cols="" rows="3"></textarea>';
echo '<input name="" type="submit" value="Отправить">
</form></div>';
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_pm` = '$pm[id]'"), 0);
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$msg_r = mysql_query("SELECT * FROM `pm_msg` WHERE `id_pm` = '$pm[id]' ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($msg = mysql_fetch_assoc($msg_r)) {
echo '<div class="raz">';
if (!isset($num) ) $num = 1;
$num++;
$row_class = (!($num % 2)) ? 'row1' : 'row2';
$unread = '';
if ($msg['read'] == 0) {
$unread = '[<b style="color:red">Не прочитано</b>]';
}
if ($msg['id_sender'] != $u['id']) {
echo '<a href="profile.php?id='.$msg['id_sender'].'">'.username($msg['id_sender'], 2).'</a>';
} else {
echo username($msg['id_sender'], 2);
}
echo ' '.ccdate($msg['time'], $msg['id_sender']).' '.$unread.'<br />'.bb($msg['text']).'</div>';
}
navig($page, '?act=pm_view&id='.$id.'&', $pages);
} else {
redirect('?');
}
break;
case 'send':
tp('<a href="?">ЛК</a> » Отправить сообщение');
echo '<div class="body">';
if ($ok) {
$_SESSION['username'] = $_POST['username'];
$_SESSION['text'] = $_POST['text'];
$text = check($_POST['text']);
if ($_POST['username'] and $text) {
$id_user = id(check($_POST['username']));
if ($id_user > 0) {
if ($u['id'] != $id_user) {
$blacklist_r = mysql_query("SELECT `id` FROM `blacklist` WHERE `id_user` = '$u[id]' and `blacklisted_by` = '$id_user'");
if (!mysql_num_rows($blacklist_r) OR access(1) ) {
$pm_r = mysql_query("SELECT `id` FROM `pm` WHERE (`id_user` = '$id_user' and `id_sender` = '$u[id]') OR (`id_user` = '$u[id]' and `id_sender` = '$id_user')");
$pm = mysql_fetch_assoc($pm_r);
if ($pm['id']) {
$id_pm = $pm['id'];
mysql_query("UPDATE `pm` SET `time` = '".TIME."' WHERE `id` = '$id_pm'");
} else {
mysql_query("INSERT INTO `pm` SET `id_user` = '$id_user', `id_sender` = '$u[id]', `time` = '".TIME."'");
$id_pm = mysql_insert_id();
}
mysql_query("INSERT INTO `pm_msg` SET `id_pm` = '$id_pm', `id_user` = '$id_user', `id_sender` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
session_destroy();
redirect('?act=pm_view&id='.$id_pm);
} else {
$_SESSION['note'] = 'Вы в черном списке у адресата';
redirect('?act=send');
}
} else {
$_SESSION['note'] = 'Ты чё имбицил, сам себе писать?';
redirect('?act=send');
}
} else {
$_SESSION['note'] = 'Адресат не существует';
redirect('?act=send');
}
} else {
$_SESSION['note'] = 'Поля не могут быть пустыми';
redirect('?act=send');
}
} else {
$ses_username = !empty($_SESSION['username']) ? $_SESSION['username'] : '';
$ses_text = !empty($_SESSION['text']) ? $_SESSION['text'] : '';
$username = !empty($id) ? username($id, 0) : $ses_username;
note();
echo '<form name="form" action="?act=send&ok=1" method="post" name="form">
<b>Логин(max12):</b><br /><input name="username" type="text" value="'.$username.'" maxlength="12" /><br />
<b>Сообщение(max250):</b><br /><textarea name="text" cols="" rows="4">'.$ses_text.'</textarea><br />
<input name="submit" type="submit" value="Отправить">
</form>
</div>';
}
break;
case 'set':
tp('<a href="?">ЛК</a> » Настройки');
echo '<div class="body">';
if ($ok) {
if ($_POST['onpage']) {
$style = check($_POST['style']);
$onpage = abs(intval($_POST['onpage']));
mysql_query("UPDATE `users` SET `style` = '$style', `onpage` = '$onpage' WHERE `id` = '$u[id]'") or die(mysql_error());
$_SESSION['note'] = 'Сохранено';
redirect('?act=set');
} else {
$_SESSION['note'] = 'Поля не могут быть пустыми';
redirect('?act=set');
}
} else {
note();
echo '<form name="form" action="?act=set&ok=1" method="post">
<b>Стиль:</b><br /><select name="style">';
$styles = glob('../styles/*', GLOB_ONLYDIR);
foreach ($styles as $style) {
$selected = ($u['style'] == basename($style)) ? ' selected="selected"' : '';
echo '<option value="'.basename($style).'"'.$selected.'>'.basename($style).'</option>';
}
echo '</select><br />
<b>Элементов на страницу(1-99):</b><br /><input name="onpage" type="text" maxlength="2" value="'.$u['onpage'].'" /><br/>
<input name="submit" type="submit" value="Сохранить">
</form></div>';
}
break;
case 'signout':
mysql_query("DELETE FROM `online` WHERE `id_user` = '$u[id]'");
setcookie('cusername', '', TIME - 86400*31, '/', '');
setcookie('cpassword', '', TIME - 86400*31, '/', '');
redirect(HTTPHOME);
break;
}
require_once '../includes/tail.php';
?>