Файл: user/mail/messageList.php
Строк: 290
<?php
/* DCMS Special
* Дата последнего редактирования 11.12.2015
* Модифицировал densnet
*/
foreach (array('start', 'compress', 'sess', 'settings', 'db_connect', 'ipua', 'fnc', 'user') as $inc) {
require_once "../../sys/inc/{$inc}.php";
}
only_reg();
$EmailUser = new EmailUser($user['id']);
$user = $EmailUser->getUser();
$user_set = mysql_fetch_assoc(mysql_query("SELECT * FROM `user_set` AS u WHERE `id_user` = '" . $user['id'] . "' LIMIT 1"));
$addres = null;
if (isset($_GET['contact']) || isset($_POST['to'])) {
$addres = (isset($_POST['to']) ? $_POST['to'] : urldecode($_GET['contact']));
}
$EmailUser = new EmailUser(strtolower($addres));
$contact = $EmailUser->getUser();
if ($contact['id'] === $user['id']) {
header('Location: ?');
exit;
}
if (!isset($_SESSION['mail']) || $_SESSION['mail']['to'] != $contact['id']) {
$_SESSION['mail'] = array(
'msg' => '',
'to' => $contact['id'],
'attachments' => array(),
);
}
/**
* @var Отправка сообщений
*/
if (isset($_POST['msg']) && isset($_POST['sid'])) {
if ($_SESSION['sid'] != $_POST['sid']) {
$err[] = 'Повторите отправку сообщения';
}
if (isset($_POST['files']) && !isset($err)) {
$_SESSION['mail']['msg'] = $_POST['msg'];
header('Location: attachments.php');
exit;
}
if (utf8_strlen($_POST['msg']) > 10240) {
$err[] = 'Сообщение слишком длинное';
} elseif (utf8_strlen($_POST['msg']) < 2) {
$err[] = 'Сообщение слишком короткое';
}
if ($contact['id'] == $user['id']) {
$err[] = 'Запрещено писать самому себе';
}
if (!preg_match('/([A-z0-9-_]+)/i', $contact['id'])) {
$err[] = 'Контакт не найден';
}
if (is_numeric($contact['id']) && $user['group_access'] <= 1) {
$contact_set = mysql_fetch_assoc(mysql_query("SELECT * FROM `user_set` AS u WHERE `id_user` = '" . $contact['id'] . "' LIMIT 1"));
if ($contact_set['privat_mail'] != 1) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id_kont` = '$user[id]' AND `id_user` = '$contact[id]' AND `deleted` != '$contact[id]' AND `deleted` != '-1'"), 0) == 0) {
$err['p'] = 'Вы не можете отправлять сообщения обитателю, так как он закрыл свою Почту от всех, кроме известных ему контактов.';
if ($contact_set['privat_mail'] == 2 && mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE (`user` = '$user[id]' AND `friends` = '$contact[id]') OR (`user` = '$contact[id]' AND `friends` = '$user[id]') LIMIT 1"), 0) != 2) {
$err['p'] = 'Вы не можете отправлять сообщения обитателю, так как он закрыл свою Почту от всех, кроме своих друзей и известных ему контактов.';
}
}
}
}
if (!isset($err)) {
if (preg_match("#^[A-z0-9-._-]+@[A-z0-9._-]{2,}.[A-z]{2,4}$#ui", $contact['id'])) {
$to = $contact['id'];
$from = strtolower($user['nick'] . '@' . $config['domain']);
if ($config['sender'] == 'phpmailer') {
$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->IsSendmail();
$mail->AddReplyTo($from, $user['nick']);
$mail->SetFrom($from, $user['nick']);
$mail->AddReplyTo($from, $user['nick']);
$mail->AddAddress($to, $to);
$mail->Subject = 'Сообщение от ' . $user['nick'];
$mail->AltBody = 'Вам новое сообщение от ' . $to . ' (' . $user['nick'] . ')';
$mail->msgHTML($_POST['msg']);
if (isset($_SESSION['mail']['attachments'])) {
foreach ($_SESSION['mail']['attachments'] AS $type => $files) {
foreach ($files AS $id => $file) {
$mail->AddAttachment($file['filePatch'], $file['fileName'] . '.' . $file['fileRas']);
}
}
}
$result = true;
if (!$mail->Send()) {
$result['error'] = $mail->ErrorInfo;
}
} else {
$sendMessage = new EmailSender($config);
$boundary = '--' . md5(uniqid(time()));
$headers = $sendMessage->getHeaders(array('subject' => $user['nick'], 'to' => $to, 'from' => $from), $boundary);
$msg = $sendMessage->getBody($_POST['msg'], $boundary);
$result = $sendMessage->mail($cont['to'], 'Сообщение от ' . $user['nick'], $msg, $headers, $from);
}
}
if (is_array($result)) {
$err = $result['error'];
} else {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `flaggedTo` = 'spam' AND `id_user` = '$user[id]' AND `id_kont` = '" . mysql_real_escape_string($contact['id']) . "'"), 0) > 0) {
$flaggedIs = 'spam';
} else {
$flaggedIs = 'inbox';
}
mysql_query("INSERT INTO `mail`(`id_user`, `id_kont`, `time`, `type`, `msg`, `read`, `flaggedTo`) VALUES ('" . $user['id'] . "', '" . mysql_real_escape_string($contact['id']) . "', '" . $time . "', '" . (isset($result) ? 'email' : 'personal') . "', '" . mysql_real_escape_string($_POST['msg']) . "', '" . (isset($result) ? '1' : '0') . "', '$flaggedIs')");
$id_email = mysql_insert_id();
$is_attachment = false;
if (isset($_SESSION['mail']['attachments'])) {
foreach ($_SESSION['mail']['attachments'] AS $type => $files) {
foreach ($files AS $id => $file) {
mysql_query("INSERT INTO `mail_files`(`name`, `md5`, `id_user`, `id_kont`, `ras`, `type`, `size`, `email_id`) VALUES ('" . mysql_real_escape_string($file['fileName']) . "', '" . $id . "', '" . mysql_real_escape_string($user['id']) . "', '" . mysql_real_escape_string($contact['id']) . "', '" . $file['fileRas'] . "', '" . $type . "', '" . $file['fileSize'] . "', '" . $id_email . "')");
$is_attachment = true;
}
}
}
if ($is_attachment) {
mysql_query("UPDATE `mail` SET `attachments` = '1' WHERE `id` = '$id_email' LIMIT 1");
}
$_SESSION['mail'] = array(
'msg' => '',
'to' => $contact['id'],
'attachments' => array(),
);
$_SESSION['message'] = 'Сообщение успешно отправлено';
}
}
if (!isset($err)) {
header('Location: ?contact=' . urlencode($contact['id']));
exit;
}
}
$listFlagged = array(
'inbox' => 'Контакты',
'favorite' => 'Избранное',
'archive' => 'Архив',
'spam' => 'Спам',
'deleted' => 'Корзина',
);
if (isset($_GET['s']) && $_GET['s'] != 'inbox' && array_key_exists($_GET['s'], $listFlagged)) {
$listSort[] = " IF(`id_kont` = '$user[id]', `flaggedTo`, `flaggedFrom`) = '" . mysql_real_escape_string($_GET['s']) . "' ";
$flagged = $_GET['s'];
} else {
$listSort[] = " IF(`id_kont` = '$user[id]', `flaggedTo`, `flaggedFrom`) = 'inbox' ";
$listSort[] = " IF(`id_kont` = '$user[id]', `flaggedTo`, `flaggedFrom`) = 'favorite' ";
$flagged = 'inbox';
}
if (isset($_GET['fav']) && isset($_GET['message_id'])) {
$message_id = (int) $_GET['message_id'];
$post = mysql_fetch_assoc(mysql_query("SELECT * FROM `mail` WHERE `id` = '$message_id' AND (`id_user` = '$user[id]' OR `id_kont` = '$user[id]') LIMIT 1"));
$flags = ($_GET['fav'] == 1 ? 'favorite' : $flagged);
$setFlags = ($post['id_kont'] == $user['id'] ? 'flaggedTo' : 'flaggedFrom');
mysql_query("UPDATE `mail` SET `$setFlags` = '$flags' WHERE `id` = '$post[id]' LIMIT 1");
}
if ($contact['id'] !== '') {
mysql_query("UPDATE `mail` SET `read` = '1' WHERE `id_kont` = '$user[id]' AND `id_user` = '" . mysql_real_escape_string($contact['id']) . "'");
}
$_SESSION['sid'] = mt_rand(11111, 99999);
include_once H . 'sys/inc/thead.php';
aut();
err();
echo "<link rel='stylesheet' href='/style/css/email.css' type='text/css' />";
echo "<ol class='breadcrumb' style='margin: -1px;'>";
echo "<li><a href='/'><span class='fa fa-home'></span></a></li>";
echo "<li><a href='/info.php?id=$user[id]'>$user[nick]</a></li>";
echo "<li><a href='/user/mail/'>Почта</a></li>";
if ($flagged == 'inbox') {
echo "<li class='active'>$contact[nick]</li>";
} else {
echo "<li class='active' href='/user/mail/?s=$flagged'>$listFlagged[$flagged]</li>";
echo "<li class='active'>$contact[nick]</li>";
}
echo "</ol>";
if ($contact['id']) {
echo "<div class='list-group-item'>";
echo "<span style='float: right;' id='hides'>";
if (IS_WEB) {
echo "<a data-toggle='modal' data-target='#im' href='/?users_set'><span style='padding: 10px;' data-toggle='tooltip' data-placement='left' title='Выберите действие'><span class='fa fa-ellipsis-v fa-lg'></span></span></a>";
} else {
echo "<a data-toggle='modal' data-target='#im' href='/?users_set'><span style='padding: 10px;' title='Выберите действие'><span class='fa fa-ellipsis-v fa-lg'></span></span></a>";
}
echo "</span>";
echo "Диалог с $contact[nick]";
if ($flagged == 'deleted') {
$d = 'share';
} else {
$d = 'trash';
}
?>
<div class="modal fade bd-example-modal-sm" id='im' tabindex="-1" role="dialog" aria-labelledby="mySmallModalLabel" aria-hidden="true">
<div class="modal-dialog modal-sm">
<div class="modal-content">
<form class="list-group-item" action="index.php?s=<?= $flagged ?>" method="POST">
<input type="hidden" name="cnt1" value="<?= stripcslashes(htmlspecialchars($contact['id'])) ?>">
<button type="submit" name="action" value="<?= ($flagged != 'archive' ? 'archive' : 'inbox') ?>" class="btn btn-secondary btn-block"><span class='fa fa-archive fa-fw'></span> <?= ($flagged != 'archive' ? 'В архив' : 'Из архива') ?></button><br />
<button type="submit" name="action" value="<?= ($flagged != 'spam' ? 'spam' : 'inbox') ?>" class="btn btn-secondary btn-block"><span class='fa fa-ban fa-fw'></span> <?= ($flagged != 'spam' ? 'Это спам' : 'Это не спам') ?></button><br />
<button type="submit" name="action" value="<?= ($flagged != 'deleted' ? 'deleted' : 'inbox') ?>" class="btn btn-secondary btn-block"><span class='fa fa-<?= $d ?> fa-fw'></span> <?= ($flagged != 'deleted' ? 'Удалить' : 'Восстановить') ?></button>
</form>
</div>
</div>
</div>
<?php
echo "</div>";
}
if ($contact['id'] !== 0 && ($flagged == 'inbox' || $flagged == 'archive')) {
echo "<form class='list-group-item' method='post' name='message' action='?contact=" . urlencode($contact['id']) . "'>";
echo "<input type='hidden' name='sid' value='" . $_SESSION['sid'] . "'>";
if (!$contact['id']) {
echo "Кому:<br />";
echo "<input class='form-control' type='text' name='to' placeholder='Логин или Email'>";
}
$insert = stripcslashes(htmlspecialchars($_SESSION['mail']['msg']));
$msg2 = stripcslashes(htmlspecialchars($_SESSION['mail']['msg']));
echo "Сообщение:<br />";
echo "<textarea class='form-control' rows='3' name='msg' placeholder='Написать сообщение..'>$insert</textarea><br />";
}
echo "<button class='btn btn-success'>Отправить</button> <button class='btn' name='files'><span class='fa fa-paperclip fa-lg'></span></button>";
echo "</form>";
$attachments = new Attachments();
echo $attachments->get_list();
if ($contact['id'] !== '') {
$arrContacts = mysql_query("SELECT e.`id_user` FROM `mail` AS e WHERE (`id_kont` = '$user[id]' AND `id_user` = '" . mysql_real_escape_string($contact['id']) . "' OR `id_kont` = '" . mysql_real_escape_string($contact['id']) . "' AND `id_user` = '$user[id]') AND (" . implode(' OR ', $listSort) . ") ");
$k_post = mysql_num_rows($arrContacts);
if ($k_post == 0) {
?>
<div class="list-group-item">Список сообщений пуст</div>
<?php
} else {
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
$q = mysql_query("SELECT * FROM `mail` AS e WHERE (`id_kont` = '$user[id]' AND `id_user` = '" . mysql_real_escape_string($contact['id']) . "' OR `id_kont` = '" . mysql_real_escape_string($contact['id']) . "' AND `id_user` = '$user[id]') AND (" . implode(' OR ', $listSort) . ") ORDER BY `id` DESC LIMIT $start, $set[p_str]");
echo "<div class='list-group-item'>";
while ($post = mysql_fetch_assoc($q)) {
$ank = ($post['id_user'] != $user['id'] ? $contact : $user);
$flags = ($post['id_kont'] == $user['id'] ? 'flaggedTo' : 'flaggedFrom');
if ($post['id_kont'] == $user['id']) {
$z1 = "mail";
$z2 = "mails";
} else {
$z1 = "mail";
$z2 = "mails";
}
echo "<ul class='media-list media-list-conversation m'>";
if ($post['id_kont'] == $user['id']) {
echo "<li class='media $z2'>";
echo "<a class='media-left' href='/info.php?id=$ank[id]'>";
avatars($ank['id'], '40');
echo "</a>";
echo "<div class='media-body'><div class='media-body-text'>";
echo toOutput($post['msg']);
if ($post['attachments'] == 1) {
$f = mysql_query("SELECT * FROM `mail_files` AS e WHERE `email_id` = '$post[id]' ORDER BY `id` DESC");
while ($file = mysql_fetch_assoc($f)) {
echo "<br /><a href='$post[time]/$file[md5]/" . retranslit($file['name']) . ".$file[ras]'><span class='fa fa-paperclip'></span> " . stripcslashes(htmlspecialchars($file['name'])) . ".$file[ras]</a> <small>(" . size_file($file['size']) . ")</small>";
}
}
echo "</div><div class='media-footer'>";
echo "<small class='text-muted'>";
echo user($ank['id']) . " <span data-toggle='tooltip' data-placement='right' title='" . date::time($post['time']) . "' style='color:grey;'>" . date::times($post['time']) . "</span> ";
if ($post[$flags] == 'favorite') {
$s = 'star';
} else {
$s = 'star-o';
}
echo "<a href='?s$flagged&page=$page&contact=" . urlencode($contact['id']) . "&message_id=$post[id]&fav=" . ($post[$flags] == 'favorite' ? '0' : '1') . "'><span class='fa fa-$s'></span></a>";
echo "</small>";
echo "</div></div>";
echo "</li>";
} else {
#Я пишу...
echo "<li class='media media-current-user $z1'>";
echo "<div class='media-body'><div class='media-body-text'>";
echo toOutput($post['msg']);
if ($post['attachments'] == 1) {
$f = mysql_query("SELECT * FROM `mail_files` AS e WHERE `email_id` = '$post[id]' ORDER BY `id` DESC");
while ($file = mysql_fetch_assoc($f)) {
echo "<br /><a href='$post[time]/$file[md5]/" . retranslit($file['name']) . ".$file[ras]'><span class='fa fa-paperclip'></span> " . stripcslashes(htmlspecialchars($file['name'])) . ".$file[ras]</a> <small>(" . size_file($file['size']) . ")</small>";
}
}
echo "</div><div class='media-footer'>";
echo "<small class='text-muted'>";
echo user($user['id']) . " <span data-toggle='tooltip' data-placement='right' title='" . date::time($post['time']) . "' style='color:grey;'>" . date::times($post['time']) . "</span> ";
if ($post[$flags] == 'favorite') {
$s = 'star';
} else {
$s = 'star-o';
}
echo "<a href='?s$flagged&page=$page&contact=" . urlencode($contact['id']) . "&message_id=$post[id]&fav=" . ($post[$flags] == 'favorite' ? '0' : '1') . "'><span class='fa fa-$s'></span></a>";
echo "</small>";
echo "</div></div>";
echo "<a class='media-right' href='/info.php?id=$user[id]'>";
avatars($user['id'], '40');
echo "</a>";
echo "</li>";
}
echo "</ul>";
}
echo "<br /><br /></div>";
if ($k_page > 1) {
echo "<div class='list-group-item'>";
str('?s=' . $flagged . '&contact=' . urlencode($contact['id']) . '&', $k_page, $page);
echo "</div>";
}
}
}
include_once H . 'sys/inc/tfoot.php';