Файл: msmenu/msmail.php
Строк: 243
<?php
//if($user['id'] == 1){
echo '<div class="content">
<img src="/img/pattern-left.png" alt="" />
<span>Почта</span>
<img src="/img/pattern-right.png" alt="" />
</div>';
if(isset($_GET['msdel_all']) && num($_GET['msdel_all'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_msmail` WHERE `id` = '".num($_GET['msdel_all'])."' LIMIT 1"),0)!=0){
$post = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_msmail` WHERE `id` = '".num($_GET['msdel_all'])."'"));
}elseif(isset($_GET['msnew']) && my_esc($_GET['msnew'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_user` WHERE `login` = '".my_esc($_GET['msnew'])."' LIMIT 1"),0)!=0){
$post = mysql_fetch_array(mysql_query("SELECT * FROM `ms_user` WHERE `login` = '".my_esc($_GET['msnew'])."'"));
if($user['id'] == $post['id']){
$text = 'Запрещено самому себе писать';
$_SESSION['msg'] = $text;
header('Location: ../UserMail;'.passgen().'');
exit;
}elseif(mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_msmail_msg` WHERE `userid` = '".num($post['id'])."' AND `user` = '".$user['id']."' LIMIT 1"),0)!=0){
$posta = mysql_fetch_array(mysql_query("SELECT * FROM `ms_msmail_msg` WHERE `userid` = '".num($post['id'])."' AND `user` = '".$user['id']."'"));
///////// Лог Пользователя ///// By MyStyle
$text = 'Сообщение с данным пользователем';
$_SESSION['msg'] = $text;
header('Location: ../UserMail;'.$posta['type_id'].';'.passgen().'');
exit;
}else{
if(isset($_POST['msg']))
{
$name = my_esc($_POST['msg']);
if(preg_match("#(^ )|( $)#ui", $name)){
$text = 'Запрещено использовать пробел в начале и конце текста';
$_SESSION['msg'] = $text;
header('Location: ../UserMail;'.$post['id'].'');
exit;
}
elseif(strlen2($name)<5){
$text = 'Короткий текст';
$_SESSION['msg'] = $text;
header('Location: ../UserMail;'.$post['id'].'');
exit;
}
elseif(strlen2($name)>1000){
$text = 'Длина текста превышает 1000 символа';
$_SESSION['msg'] = $text;
header('Location: ../UserMail;'.$post['id'].'');
exit;
}
else
{
mysql_query("INSERT INTO `ms_msmail` SET `userid` = '".$post['id']."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(0)."', `user` = '".$user['id']."'");
$type1 = mysql_insert_id();
mysql_query("INSERT INTO `ms_msmail` SET `userid` = '".$user['id']."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(1)."', `user` = '".$post['id']."'");
$type2 = mysql_insert_id();
mysql_query("INSERT INTO `ms_msmail_msg` SET `sid` = '".$type1."', `userid` = '".$user['id']."', `who` = '".num(2)."', `type_id` = '".$type2."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(1)."', `user` = '".$post['id']."'");
mysql_query("INSERT INTO `ms_msmail_msg` SET `sid` = '".$type2."', `who` = '".num(1)."', `userid` = '".$post['id']."', `type_id` = '".$type1."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(0)."', `user` = '".$user['id']."'");
///////// Лог Пользователя ///// By MyStyle
$text = 'Сообщение отправлено';
$_SESSION['msg'] = $text;
header('Location: ../UserMail;'.$type1.';'.passgen().'');
exit;
}
}
echo '</div>';
echo '<div class="bg_user">Сообщение для: ';
echo msuser($post['id']);
echo '</div>';
echo '<div class="create_post create_post_extra create_message">
<form id="write_form" action="" method="post">';
?>
<div id="mcont" class="mcont"><div class="pcont">
<div class="create_post create_post_extra create_post_page">
<form id="feed_add_form" action="" method="post">
<div class="iwrap"><textarea name="msg" class="textfield" rows="5" placeholder="Введите текст сообщения.."></textarea></div>
<div class="ibwrap">
<div class="cp_attached_wrap" id="attached_wrap"></div>
<div class="cp_buttons_block">
<input class="btni" type="submit" value="Написать" /><span class="cp_icon_btn cp_attach_btn cp_inline_attach_btn" id="attach_photo_btn">
<?php
echo '<a href="../UserMail;'.$post['login'].'">Обновить</a>
';
?></span><span id="geo_btn" class="cp_icon_btn cp_geo_btn" onclick="checkin.add();" style="display:none">
<i class="i_icon"></i></span><span id="geo_waiting" class="cp_icon_btn cp_geo_waiting">
<i class="i_icon_loading"></i></span>
</div>
</form>
</div>
</div></div></div>
<?php
echo '</div>';
}
}elseif(isset($_GET['msid']) && num($_GET['msid'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_msmail` WHERE `id` = '".num($_GET['msid'])."' AND `user` = '".$user['id']."' LIMIT 1"),0)!=0){
$post = mysql_fetch_array(mysql_query("SELECT * FROM `ms_msmail` WHERE `user` = '".$user['id']."' AND `id` = '".num($_GET['msid'])."'"));
$post_user = mysql_fetch_array(mysql_query("SELECT * FROM `ms_msmail_msg` WHERE `user` = '".$user['id']."' AND `type_id` = '".num($_GET['msid'])."'"));
$q=mysql_query("SELECT * FROM `ms_msmail_msg` WHERE `type` = '".num(1)."' AND `user` = '".$user['id']."' AND `type_id` = '".num($_GET['msid'])."' ORDER BY `id` DESC LIMIT 100");
while($postw=mysql_fetch_array($q))
{
mysql_query("UPDATE `ms_msmail_msg` SET `type` = '".num(0)."' WHERE `user` = '".$user['id']."' AND `id` = '".num($postw['id'])."'");
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_msmail_msg` WHERE `user` = '".$user['id']."' AND `type_id` = '".num($_GET['msid'])."' ORDER BY `id` DESC"),0);
if ($k_post==0){
echo '<div class="text_panel">Нет переписки с данным пользователем!</div>';
}
if(isset($_POST['msg']))
{
$name = my_esc($_POST['msg']);
if(strlen2($name)<1){
$text = 'Короткий текст';
$_SESSION['msg'] = $text;
header("Location: ./?msmail&msid=".num($_GET['msid'])."");
exit;
}
elseif(isset($_COOKIE['mstimemsg'])){
$text = 'Отправка сообщений превышена на 30 сек.';
$_SESSION['msg'] = $text;
header("Location: ./?msmail&msid=".num($_GET['msid'])."");
exit;
}elseif(strlen2($name)>1000){
$text = 'Длина текста превышает 1000 символа';
$_SESSION['msg'] = $text;
header("Location: ./?msmail&msid=".num($_GET['msid'])."");
exit;
}
else
{
setcookie('mstimemsg',1,time()+10);
mysql_query("UPDATE `ms_msmail` SET `time` = '".$time."' WHERE `user` = '".$user['id']."' AND `id` = '".num($post['id'])."'");
mysql_query("UPDATE `ms_msmail` SET `time` = '".$time."' WHERE `user` = '".$post['userid']."' AND `id` = '".num($post['id'])."'");
mysql_query("INSERT INTO `ms_msmail_msg` SET `who` = '".num(2)."', `userid` = '".$user['id']."', `type_id` = '".$post_user['sid']."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(1)."', `user` = '".$post['userid']."'");
mysql_query("INSERT INTO `ms_msmail_msg` SET `who` = '".num(1)."', `userid` = '".$post['userid']."', `type_id` = '".num($_GET['msid'])."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(0)."', `user` = '".$user['id']."'");
///////// Лог Пользователя ///// By MyStyle
//$text = 'Сообщение отправлено';
$_SESSION['msg'] = $text;
header("Location: ./?msmail&msid=".num($_GET['msid'])."");
exit;
}
}
if(isset($_GET['sticker']) && num($_GET['sticker'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_sticker` WHERE `id` = '".num($_GET['sticker'])."' LIMIT 1"),0)!=0){
$postmsst = mysql_fetch_array(mysql_query("SELECT * FROM `ms_sticker` WHERE `id` = '".num($_GET['sticker'])."'"));
$name = '<img src="/msimages/stickers/'.$postmsst['img'].'" />';
setcookie('mstimemsg',1,time()+10);
mysql_query("UPDATE `ms_msmail` SET `time` = '".$time."' WHERE `user` = '".$user['id']."' AND `id` = '".num($post['id'])."'");
mysql_query("UPDATE `ms_msmail` SET `time` = '".$time."' WHERE `user` = '".$post['userid']."' AND `id` = '".num($post['id'])."'");
mysql_query("INSERT INTO `ms_msmail_msg` SET `who` = '".num(2)."', `userid` = '".$user['id']."', `type_id` = '".$post_user['sid']."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(1)."', `user` = '".$post['userid']."'");
mysql_query("INSERT INTO `ms_msmail_msg` SET `who` = '".num(1)."', `userid` = '".$post['userid']."', `type_id` = '".num($_GET['msid'])."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(0)."', `user` = '".$user['id']."'");
///////// Лог Пользователя ///// By MyStyle
$text = 'Стикер отправлен';
$_SESSION['msg'] = $text;
header('Location: ../UserMail;'.num($_GET['msid']).';'.passgen().'');
exit;
}
echo '<div class="create_post create_post_extra create_message">
<form id="write_form" action="" method="post">';
?>
<div id="mcont" class="mcont"><div class="pcont">
<div class="create_post create_post_extra create_post_page">
<form id="feed_add_form" action="" method="post">
<div class="iwrap"><textarea name="msg" id="message-text" class="textfield" rows="5" placeholder="Введите текст сообщения.."></textarea></div>
<div class="ibwrap">
<div class="cp_attached_wrap" id="attached_wrap"></div>
<div class="cp_buttons_block">
<input class="btni" type="submit" value="Отправить" />
<?php
echo '<a class="btni" onclick="toggleAndHideAnother('MysmilesPanel', 'bbCodesPanel');" style="margin:4px; padding:6px;">Мои Смайлы</a>
<a class="btni" onclick="toggleAndHideAnother('smilesPanel', 'bbCodesPanel');" style="margin:4px; padding:6px;">Смайлы</a>
<div class="content left" id="MysmilesPanel" style="display: none;">';
$k_post_smile = mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_my_smile` WHERE `user` = '".num($user['id'])."' ORDER BY `id` DESC"),0);
if ($k_post_smile==0){
echo '<div class="btnl">Смайлов нет.<br /> Для выбора личных смайлов зайдите в настройки и выберите из списка.<br /> Вы можете выбрать всего 25 штук.
</div>';
}
$mssmile_my_act = mysql_query("SELECT * FROM `ms_my_smile` WHERE `user` = '".num($user['id'])."' ORDER BY `id` LIMIT 25");
while($mssmile_my = mysql_fetch_array($mssmile_my_act))
{
$mssmile_my_id = mysql_fetch_array(mysql_query("SELECT * FROM `ms_smile` WHERE `id` = '".num($mssmile_my['smile'])."' LIMIT 1"));
echo '<span class="row-item btni smile" style="margin: 3px 1px;" onclick="addSmile("message-text", "'.$mssmile_my_id['name'].'");">
<img alt="" src="'.$mssmile_my_id['path'].'" /> <span>'.$mssmile_my_id['name'].'</span>
</span>';
}
echo '</div></span>
</div>
<div id="post_options_box" style="display:none"><div class="cp_option _ib" id="attached_flush" style="display:none;"></div></div>
</div>';
echo '<div class="content left" id="smilesPanel" style="display: none;">';
////////////////////// Смайлы В РАНД
$mssmile = mysql_query("SELECT * FROM `ms_smile` ORDER BY RAND() LIMIT 25");
while($mssms = mysql_fetch_array($mssmile))
{
echo '<span class="row-item btni smile" style="margin: 3px 1px;" onclick="addSmile("message-text", "'.$mssms['name'].'");">
<img alt="" src="'.$mssms['path'].'" /> <span>'.$mssms['name'].'</span>
</span>';
}
echo '</div></span>
</div>
<div id="post_options_box" style="display:none"><div class="cp_option _ib" id="attached_flush" style="display:none;"></div></div>
</div>';
?>
</form>
</div>
</div></div>
<?php
$k_page=k_page($k_post,$user['set']);
$page=page($k_page);
$start=$user['set']*$page-$user['set'];
$q=mysql_query("SELECT * FROM `ms_msmail_msg` WHERE `user` = '".$user['id']."' AND `type_id` = '".num($_GET['msid'])."' ORDER BY `id` DESC LIMIT $start, $user[set]");
while($post=mysql_fetch_array($q))
{
if($post['who'] == 1)echo '<div class="modal-index"><div><div>
<span class="hidden-phone">';
if($post['who'] == 2)echo '<div class="modals-indexs"><div><div>
<span class="hidden-phone">';
echo ''.@$type_no.'<div style="clear:both"></div>';
if($post['who'] == 1){
echo msuser($post['user']);
}else{
echo msuser($post['userid']);
}
echo '<br />'.mat(smile(bbcode($post['msg'])));
echo '<br /><span class="di_date">'.vremja($post['time']).' </span><div style="clear:both"></div>';
echo '</span></div></div></div><div style="clear:both"></div><div style="clear:both"></div><br />';
}
echo '</div><div class="text_panel">';
if ($k_page>1)msstr("../UserMail;".num($_GET['msid']).";".passgen()."/",$k_page,$page);
echo '<br /><br /></div>';
}else{
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_msmail` WHERE `user` = '".$user['id']."' ORDER BY `id` DESC"),0);
if ($k_post==0){
echo '<div class="content">Вы еще ни с кем не переписывались, используйте ссылки в профиле, чтобы написать личное
сообщение.
</div>';
}
echo '<div id="dialogs" class="messages">';
$k_page=k_page($k_post,$user['set']);
$page=page($k_page);
$start=$user['set']*$page-$user['set'];
$q=mysql_query("SELECT * FROM `ms_msmail` WHERE `user` = '".$user['id']."' ORDER BY `time` DESC LIMIT $start, $user[set]");
while($post=mysql_fetch_array($q))
{
$sr = $start+1;
$mess = ''.(mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_msmail_msg` WHERE
`type_id` = '".$post['id']."' AND `user` = '".num($user['id'])."' AND `type` = '1'"),0)!=0?"
<span class='cook'>Новых: ".mysql_result(mysql_query("SELECT COUNT(*) FROM `ms_msmail_msg`
WHERE `type_id` = '".$post['id']."' AND `user` = '".num($user['id'])."' AND `type` = '1'"),0)."</span>":null).'';
if ($sr ++ % 2)echo '<div class="btn">'; else echo '<div class="btn">';
echo '<div style="clear:both"></div><img src="/img/mail_outgoing.png" alt="" width="24" height="24" /> ';
echo msuser($post['userid']);
echo '<span class="thint"><span>'.time_left(time()-$post['time']).'</span></span>
<div class="di_body">
<div class="di_text">'.$mess.'</div>
</div><div class="message">
<a style="display: block;text-decoration: none;" href="../UserMail;'.$post['id'].';'.passgen().'">Читать переписку</a></div>
<div style="clear:both"></div></div>';
$start++;
}
echo '</div>';
echo '<div class="text_panel center">';
if ($k_page>1)msstr("../UserMail;/",$k_page,$page);
echo '<br /><br /></div>';
}
/*
}else{
$text = 'Ведутся тех работы!';
$_SESSION['msg'] = $text;
header('Location: ../');
exit;
}
*/
?>