Файл: 4mast/profmas.ru/data/mail/index.msg.php
Строк: 82
<?php
require_once('../../includes/Headers.php');
require_once('../../includes/PDO_func.php');
if ($us == false) {
header ('location: /login/auth');
exit;
}
if (!isset ($_GET['u'])) {
header ('location: /mail');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `us` WHERE (`id`=?)", array ((int) $_GET['u']));
if ($query -> rowCount ()==0) {
header ('location: /mail');
exit;
}
$u = $query -> fetch ();
if ($u['id']==$us['id']) {
header ('location: /mail');
exit;
}
H ('Диалог', '<a href="/mail" style="color: white;">Мои диалоги</a> | <b style="color:white;">'.$u['nick'].'</b>');
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `poch` WHERE (`us`='" . $us['id'] . "') AND (`kem`='" . $u['id'] . "')") == 0) {
DB :: $dbs -> query ("INSERT INTO `poch` (`us`,`kem`,`last`) VALUES ('" . $us['id'] . "','" . $u['id'] . "','" . time () . "')");
echo '<div class="access">Контакт успешно добавлен...</div>';
}
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `poch` WHERE (`kem`='" . $us['id'] . "') AND (`us`='" . $u['id'] . "')") == 0) {
DB :: $dbs -> query ("INSERT INTO `poch` (`us`,`kem`,`last`) VALUES ('" . $u['id'] . "','" . $us['id'] . "','" . time () . "')");
}
if ($us['online']<3600) {
echo '<div class="error">Для того, чтобы писать личные сообщение нужно провести на сайте 1 час!</div>';
}
else {
$query = DB::$dbs->query ("SELECT * FROM `ignor` WHERE (`us`='" . $u['id'] . "') AND (`kem`='" . $us['id'] . "')");
if ($query -> rowCount () != 0) {
echo '<div class="error">Вы не можете писать ' . uNick ($u['id']) . ' т.к он добавил Вас в свой игнор-лист!</div>';
}
else {
$query = DB::$dbs->query ("SELECT * FROM `ignor` WHERE (`us`='" . $us['id'] . "') AND (`kem`='" . $u['id'] . "')");
if ($query -> rowCount () != 0) {
echo '<div class="error"><b style="red">Пользователь находится в вашем игнор-листе!</b></div>';
}
if (isset ($_GET['ignor'])) {
if ($query -> rowCount () != 0) {
DB :: $dbs -> query ("DELETE FROM `ignor` WHERE (`us`='" . $us['id'] . "') AND (`kem`='" . $u['id'] . "')");
header ('location: /mail' . $u['id']);
exit;
}
else{
echo '<div class="error">';
echo 'Вы уверены что хотите добавить ' . Nick ($u['id']) . ' в игнор-лист?<br/>';
echo '<a href="/mail' . $u['id'] . '?ignor=1"><img src="/images/yes.png" alt=""/></a> | <a href="/mail' . $u['id'] . '"><img src="/images/stop_2.png" alt=""/></a>';
echo '</div>';
if ($_GET['ignor'] == 1) {
DB :: $dbs -> query ("insert into `ignor` (`us`,`kem`) values ('" . $us['id'] . "','" . $u['id'] . "')");
echo '<div class="access">' . Nick ($u['id']) . ' добавлен в ваш игнор-лист!</div>';
}
}
}
if($us['msg'] == 0) echo '<div class="lst">';
if (isset ($_POST['send'])) {
$_POST['text'] = htmlspecialchars (addslashes (trim ($_POST['text'])));
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `msg` WHERE (`kem`='" . $us['id'] . "') AND (`time`>'" . (time () - 1) . "')") != 0) {
echo '<div class="error">Вы пишите слишком часто!</div>';
}
elseif (empty ($_POST['text'])) {
echo '<div class="error">Вы не ввели текст сообщения..</div>';
}
else {
$poch = DB :: $dbs -> queryFetch ("SELECT * FROM `poch` WHERE (`us`='" . $us['id'] . "') AND (`kem`='" . $u['id'] . "')");
//
$filename = '';
$ext = substr ($_FILES['filename']['name'], strrpos ($_FILES['filename']['name'], '.') + 1);
if (in_array ($ext, array ('jpg','gif','png','jpeg','bmp','zip','rar','7z','txt','mp3','avi','mp4','3gp'))) {
$filename = $us['id'] . '_' . passgen () . '.' . $ext;
copy ($_FILES['filename']['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . '/files/mail/' . $filename);
}
if (isset ($_POST['resend'])) {
if (!isset ($_POST['kom'])) {
header ('location: /mail' . $u['id']);
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `us` WHERE (`id`=?)", array ((int) $_POST['kom']));
if ($query -> rowCount () ==0 ) {
header ('location: /mail'.$u['id']);
exit;
}
$kom = $query -> fetch ();
if ($kom['id']==$us['id']) {
header ('location: /mail'.$u['id']);
exit;
}
DB :: $dbs -> query ("INSERT INTO `msg` (`us`,`kem`,`text`,`time`,`poch`, `file`) VALUES ('" . $kom['id'] . "', '" . $us['id'] . "','" . $_POST['text'] . "', '" . time () . "', '". $poch['id'] . "', '" . $filename . "')");
$msg = DB :: $dbs -> lastInsertId ();
foreach ($_POST['resend'] as $resend) {
DB :: $dbs -> query ("INSERT INTO `msg_resend` (`msg`, `resend`) VALUES ('" . $msg . "', '" . $resend . "')");
}
header ('location: /mail' . $kom['id']);
exit;
}
DB :: $dbs -> query ("INSERT INTO `msg` (`us`,`kem`,`text`,`time`,`poch`, `file`) VALUES ('" . $u['id'] . "', '" . $us['id'] . "','" . $_POST['text'] . "', '" . time () . "', '". $poch['id'] . "', '" . $filename . "')");
DB :: $dbs -> query ("UPDATE `poch` set `last`='" . time () . "' WHERE (`kem`='" . $us['id'] . "') AND (`us`='" . $u['id'] . "')");
DB :: $dbs -> query ("UPDATE `poch` set `last`='" . time () . "' WHERE (`us`='" . $us['id'] . "') AND (`kem`='" . $u['id'] . "')");
header ('location: /mail'.$u['id']);
exit;
}
}
}
}
$items = DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `msg` WHERE (`us`='" . $us['id'] . "') AND (`kem`='" . $u['id'] . "') OR (`kem`='" . $us['id'] . "') AND (`us`='" . $u['id'] . "')");
$items_per_page = 5;
$pages = ceil ($items/$items_per_page);
if ($page < 1)
$page = 1;
if ($page > $pages)
$page = $pages;
$start = $page * $items_per_page - $items_per_page;
if ($items == 0) {
echo '<div class="error">Сообщений нет..</div>';
}
else {
if (isset ($_POST['del'])) {
if ($us['level']<$us['level']) {
header ('location: /mail' . $u['id']);
exit;
}
foreach ($_POST['resend'] as $resend) {
DB :: $dbs -> query ("DELETE FROM `msg` WHERE (`id`='" . $resend . "')");
}
header ('location: /mail' . $u['id']);
}
$q = DB :: $dbs -> query ("SELECT * FROM `msg` WHERE (`us`='" . $us['id'] . "') AND (`kem`='" . $u['id'] . "') OR (`kem`='" . $us['id'] . "') AND (`us`='" . $u['id'] . "') ORDER BY `time` DESC LIMIT $start, $items_per_page");
while ($msg = $q -> fetch()) {
echo '<div class="block" href="/us'.$msg['kem'].'">'.Nick($msg['kem'],1).'<div class="flr">'.($msg['see'] == 1 ? ' <b style="color:red;">' . datef ($msg['time']) . ' </b> ':' ' . datef ($msg['time']) . ' ').'</div></div></a>';
echo '<div class="lst">'.tag($msg['text']);
if(!empty($msg['file'])){
echo '<br/>Файл: <a href="/files/mail/' . $msg['file'] . '"><b>' . $msg['file'] . '</b></a> (' . sizef(filesize(FILES.'/mail/'.$msg['file'].'')) . ')';
}
echo '</div>';
DB :: $dbs -> query ("UPDATE `msg` SET `see`='0' WHERE (`us`='" . $us['id'] . "') AND (`kem`='" . $u['id'] . "') AND (`see`='1')");
}
}
if($us['msg'] == 1) echo '<div class="lst">';
echo '<form action="/mail' . $u['id'] . '" method="post" enctype="multipart/form-data">';
echo 'Сообщение: (<a href="/mail' . $u['id'] . '">Обн</a> | игнор [<a href="/mail' . $u['id'] . '?ignor">' . ($query -> rowCount () != 0 ? 'выкл' : 'вкл') . '</a>] |<a href="/smiles">Смайлы</a> | <a href="/bbcode">BB</a>)<br/>';
echo '<textarea name="text"></textarea><br/>';
echo 'Файл:<br/><input type="file" name="filename"/><br/>';
echo '<input type="submit" value="Отправить" name="send"/>';
echo '</div>';
if($items>5) page('/mail' . $u['id']);
require_once('../../includes/Footers.php');
?>