Файл: Dvig/mail.php
Строк: 86
<?php
####################
## Автор - DENIS-S##
## Copyright 2013 ##
####################
define('xcms_pro', 1);
include_once ( 'core/core.php' ) ;
$title='Сообщения';
include_once ( 'core/head.php' ) ;
######
switch ($act) {
case 'message':
$idss=(int)check(protect($_GET['id_user']));
$uses = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id`='.$idss.''));
if($uses){
if($users){
if(!empty($idss)){
echo'<div id="razd">Сообщение для '.$uses['name'].'</div><div id="body">
<form action="mail.php?act=send&id_user='.$idss.'" method="POST">
Собщение: <br />
<textarea name="text" rows="3" cols="25" id="text"></textarea><br />
<input type="submit" class="btn" value="Отправить" /></form></div>';}}else{echo'<div id="error">Авторизуйтесь</div>';}
}else{echo'<div id="error">Юзер не найден</div>';}
break;
case 'in':
echo'<div id="razd">Входящие</div>';
$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` where `komu` = '$users[id]' "),0); //Подсчет общего числа записей
$k_page=k_page($total,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
if ($total) {
$sel = mysql_query("SELECT * FROM `mail` where `komu` = '$users[id]' order by `time` DESC LIMIT $start, $set[p_str]");
while ($res = mysql_fetch_array($sel)) {
$temp = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id`='.$res['kto'].''));
if($res['status'] == '1')echo'<div id="l1">';
else
echo'<div id="body">';
echo'<table><tr><td><img src="'.$host.'/avatar/small/'.$temp['id'].'.png" /></td>
<td></td>
<td><strong><a href="/'.$temp['id'].'">'.$temp['name'].'</a></strong><br />
<a href="/mail.php?act=mess&id='.check($res['id']).'">';
if($res['status'] == '1')echo'<font color="#ADFF2F">'.clock($res['time']).' [Новое]</font></a>';
else
echo clock($res['time']).'</a>';
echo'</td></tr></table></div>';
}
if ($k_page>1)str('?act=in&',$k_page,$page); // Вывод страниц
} else {
if(!$users){echo'<div id="error">Авторизуйтесь</div>';}else{ echo '<div id="body">Сообщений нет</div>';}
}
break;
case 'dialog':
echo'<div id="razd"><a href="/mail.php">Сообщения</a> | <b>Диалог</b></div>';
$dialogs = mysql_result(mysql_query("SELECT COUNT(*) FROM `core_mail_dialog` where `kto_one` = '$id' AND `kto_two`='$users[id]' or `kto_one`='$users[id]' AND `kto_two`='$id'"),0);
if(!$dialogs['id']){mysql_query("INSERT INTO `core_mail_dialog` SET `kto_one`='$users[id]',`kto_two`='$id'");}
$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` where `kto` = '$id' AND `komu`='$users[id]' or `kto`='$users[id]' AND `komu`='$id'"),0);
$k_page=k_page($total,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
if ($total) {
$sel = mysql_query("SELECT * FROM `mail` where `kto` = '$id' AND `komu`='$users[id]' or `kto`='$users[id]' AND `komu`='$id' order by `time` DESC LIMIT $start, $set[p_str]");
while ($res = mysql_fetch_array($sel)) {
if($res['komu'] == $users['id']){mysql_query("UPDATE `mail` SET `status`='0' WHERE `komu`='$users[id]' AND `status`='1'");}
$temp = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id`='.$res['kto'].''));
echo'<div id="body">';
echo'<img src="'.$host.'/avatar/small/'.$temp['id'].'.png" width="15" /></td>
<a href="/usermain.php?id='.$temp['id'].'"><b>'.$temp['name'].'</b></a> '.clock($res['time']);
if($res['status'] == 1){echo' <font color="red">(Непрочитанное)</font>';}
echo'<br/>'.check($res['text']).'</div>';
}
}else{echo'<div id="body">Сообщений еще нет</div>';}
$uses = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id`='.$id.''));
if($uses){
if($users){
if(!empty($id)){
echo'<div id="body">
<form action="mail.php?act=send&id_user='.$id.'" method="POST">
Собщение: <br />
<textarea name="text" rows="3" cols="25" id="text"></textarea><br />
<input type="submit" class="btn" value="Отправить" /></form></div>';
}}else{echo'<div id="error">Авторизуйтесь</div>';}
}else{echo'<div id="error">Юзер не найден</div>';}
if ($k_page>1)str('?act=dialog&id='.$id.'&',$k_page,$page); // Вывод страниц
break;
case 'new':
echo'<div id="razd">'.$title.'</div>
<div id="body" ><a href="/mail.php">Все сообщения</a> | <a href="?act=new"><b>Новые сообщения</b></a></div>';
$time = time();
$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` where `komu` = '$users[id]' AND `time` > ($time-3600) "),0); //Подсчет общего числа записей
if ($total) {
$k_page=k_page($total,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
$sel = mysql_query("SELECT * FROM `mail` where `komu` = '$users[id]' AND `time` > ($time-3600) order by `time` DESC LIMIT $start, $set[p_str]");
while ($res = mysql_fetch_array($sel)) {
$temp = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id`='.$res['kto'].''));
echo '<div id="body"><table><tr>
<td><img src="'.$host.'/avatar/small/'.$temp['id'].'.png" /></td>
<td></td>
<td><strong><a href="/usermain.php?id='.$temp['id'].'">'.$temp['name'].'</a></strong><br />
<a href="/mail.php?act=dialog&id='.$temp['id'].'">'.clock($res['time']).'</a><br/>
'.check($res['text']).'</td></tr>
</table></div>';
}
if ($k_page>1)str('?act=out&',$k_page,$page); // Вывод страниц
} else {
if(!$users){echo'<div id="error">Авторизуйтесь</div>';}else{ echo '<div id="body">Сообщений нет</div>';}
}
break;
case 'mess':
$query = mysql_query("select * FROM `mail` WHERE `id`='$id'");
$total = mysql_result(mysql_query("select count(*) FROM `mail` WHERE `id`='$id'"),0);
if(!$total){echo '<div id="body">Сообщений нет</div>';}
else
{while ($row = mysql_fetch_assoc($query)){
$temp = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` LIKE '$row[kto]'"));
$temps = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` LIKE '$row[komu]'"));
if($row['komu'] == $users['id']){
mysql_query("UPDATE `mail` SET `status`= '0' WHERE `id`='$id'");}
if($row['kto'] == $users['id'] or $row['komu'] == $users['id']){
echo '<div id="body">
От :<br><a href="'.$row['kto'].'">'.$temp['name'].'</a></div><div id="body">
Кому :<br><a href="'.$row['komu'].'">'.$temps['name'].'</a></div><div id="body">
Отправлено :<br>'.clock($row['time']).'</div><div id="body">
Сообщение :<br>'.$row['text'].'</div>';
if($row['komu'] == $users['id'])echo'<a id="nav" href="?act=message&id_user='.check($row['kto']).'">Ответить</a>';
}
echo'</div>';}}
break;
case 'send':
$blackls = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `core_black_list` WHERE `kto`='$id' AND `kogo`='$users[id]'"), 0);
if(!$blackls){
$time = time(); //время
if(eregi('mail.php',$_SERVER['HTTP_REFERER'])){
$text = check($_POST['text']);
if($text){
$id=(int)check(protect($_GET['id_user']));
if(preg_match('/[a-z0-9а-я)=]/i',$text)){
$themes = mysql_query("SELECT * FROM `users` WHERE `id` = '$id'") or my_error();
$theme = mysql_fetch_array($themes);
if(mysql_num_rows($themes)!=0){
$time = time(); //время
if(mysql_query("INSERT INTO `mail` SET `kto`='$users[id]',`komu` = '$id',`text`='$text',`time`='$time',`status`='1' ")==true){
echo'<meta http-equiv="refresh" content="0;url=mail.php?act=dialog&id='.$id.'" />';}
else{echo '<div id="body">Ошибка добавления!<br />Попоробуйте позже!</div>';}
}else{echo '<div id="body">Такого юзера нет у нас</div>';}}
else{echo '<div id="body">Используйте только символы кирилицы , латиницы и цифры!</div>';}}
else{echo '<div id="body">Введите текст!</div>';}}
}else{echo'<div id="error">Вы не можете писать этому пользователю</div>';}
break;
default:
if($users){
echo'<div id="razd">'.$title.'</div>
<div id="body" ><a href="/mail.php"><b>Все сообщения</b></a> | <a href="?act=new">Новые сообщения</a></div>';
$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `core_mail_dialog` where `kto_one`='$users[id]' or `kto_two`='$users[id]'"),0);
$k_page=k_page($total,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
if ($total) {
$sel = mysql_query("SELECT * FROM `core_mail_dialog` where `kto_one`='$users[id]' or `kto_two`='$users[id]' order by `id` DESC LIMIT $start, $set[p_str]");
while ($res = mysql_fetch_array($sel)) {
echo'<div id="body">';
$temp = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id`='.$res['kto_one'].''));
if($res['kto_one'] == $users['id'])
{
$temp = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id`='.$res['kto_two'].''));
$time = time();
$on = $time-$temp['time'];
if ( $on <= 180 )
{$on = ' <img src="'.$host.'/img/online.png"/> ';}
else
{$on = ' <img src="'.$host.'/img/offline.png"/> ';}
$kols = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` where `kto`='$users[id]' AND `komu`='$temp[id]'"),0);
$kols[2] = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` where `kto`='$temp[id]' AND `komu`='$users[id]'"),0);
$kolse = ($kols+$kols[2]);
echo'
<table><tr><td><img src="'.$host.'/avatar/small/'.$res['kto_two'].'.png" width="20"/></td>
<td><b><a href="/usermain.php?id='.$temp['id'].'">'.$temp['login'].'</a>'.$on.'</b><br/>
<a href="/mail.php?act=dialog&id='.$temp['id'].'"> Сообщений : <b>'.$kolse.'</b></a>
</td></tr></table>';
}
else
{
$temp = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id`='.$res['kto_one'].''));
$time = time();
$on = $time-$temp['time'];
if ( $on <= 180 )
{$on = ' <img src="'.$host.'/img/online.png"/> ';}
else
{$on = ' <img src="'.$host.'/img/offline.png"/> ';}
$kols = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` where `kto`='$temp[id]' AND `komu`='$users[id]'"),0);
$kols[2] = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` where `kto`='$users[id]' AND `komu`='$temp[id]'"),0);
$kolse = ($kols+$kols[2]);
echo'
<table><tr><td><img src="'.$host.'/avatar/small/'.$res['kto_one'].'.png" width="20"/></td>
<td><b><a href="/usermain.php?id='.$temp['id'].'">'.$temp['login'].'</a> '.$on.'</b><br/>
<a href="/mail.php?act=dialog&id='.$temp['id'].'"> Сообщений : <b>'.$kolse.'</b></a>
</td></tr></table>';
}
echo'</div>';
}
if ($k_page>1)str('?act=in&',$k_page,$page); // Вывод страниц
} else {echo '<div id="body">Сообщений нет</div>';
}
}else{echo'<div id="error">Вы не авторизованны</div>';}}
######
include_once ( 'core/foot.php' ) ;
?>