Файл: bdls.ru/mail.php
Строк: 60
<?
include './system/common.php';
include './system/functions.php';
include './system/user.php';
if(!$user) {
header('location: /index.php');
exit;
}
$id = _string(_num($_GET['id']));
if($id) {
$ho = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = ''.$id.'''));
if(!$id OR !$ho OR $id == $user['id']) {
header('location: /mail.php');
exit;
}
$title = 'Диалог с '.$ho['login'];
include './system/h.php';
if(mysql_result(mysql_query('SELECT COUNT(*) FROM `contacts` WHERE `user` = ''.$user['id'].'' AND `ho` = ''.$ho['id'].'''),0) == 0) {
mysql_query('INSERT INTO `contacts` (`user`,
`ho`,
`time`) VALUES (''.$user['id'].'',
''.$ho['id'].'',
''.time().'')');
}
if(mysql_result(mysql_query('SELECT COUNT(*) FROM `contacts` WHERE `ho` = "'.$user['id'].'" AND `user` = "'.$ho['id'].'"'),0) == 0) {
mysql_query('INSERT INTO `contacts` (`ho`,
`user`,
`time`) VALUES (''.$user['id'].'',
''.$ho['id'].'',
''.time().'')');
}
if(isset($_POST['text'])){
$text = _string($_POST['text']);
if(strlen($text) < 1 or strlen($text) > 1000) {
echo '<div class="block center">Длина сообщения 1-1000 символов!<br>Вернуться в <a href="/mail.php">Почту</a></div>';
include ('./system/f.php');
exit;
}
if($user['level'] < 15) {
echo '<div class="block center">Отправлять почту разрешено с 15 уровня!<br>Вернуться в <a href="/mail.php">Почту</a></div>';
include ('./system/f.php');
exit;
}
if($ho['id'] == 2) {
echo '<div class="block center">Нельзя отправлять сообщения боту!<br>Вернуться в <a href="/mail.php">Почту</a></div>';
include ('./system/f.php');
exit;
}
mysql_query('INSERT INTO `mail` (`from`,
`to`,
`text`,
`time`) VALUES (''.$user['id'].'',
''.$ho['id'].'',
''.$text.'',
''.time().'')');
mysql_query('UPDATE `contacts` SET `time` = ''.time().'' WHERE `user` = ''.$user['id'].'' AND `ho` = ''.$ho['id'].''');
mysql_query('UPDATE `contacts` SET `time` = ''.time().'' WHERE `ho` = ''.$user['id'].'' AND `user` = ''.$ho['id'].''');
header('location: /mail.php?id='.$ho['id'].'');
}
echo '
<div class='block'>
<form action='/mail.php?id='.$ho['id'].'' method='post'>
Сообщение:<br/><input name='text' style='width: 97%;' class='text'></a>
<input type='submit' value='Отправить'> <a href='/smiles.php'><img src='/images/smiles/mini_ulibka.gif'></a>
</form>
</div>';
$max = 10;
$k_post = mysql_result(mysql_query('SELECT COUNT(*) FROM `mail` WHERE `from` = "'.$user['id'].'" AND `to` = "'.$ho['id'].'" OR `to` = "'.$user['id'].'" AND `from` = "'.$ho['id'].'"'),0);
$k_page = k_page($k_post,$max);
$page = page($k_page);
$start = $max*$page-$max;
if($k_post > 0) {
$q = mysql_query('SELECT * FROM `mail` WHERE `from` = ''.$user['id'].'' AND `to` = ''.$ho['id'].'' OR `to` = ''.$user['id'].'' AND `from` = ''.$ho['id'].'' ORDER BY `time` DESC LIMIT '.$start.', '.$max.'');
while($row = mysql_fetch_array($q)) {
$from = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = ''.$row['from'].'''));
echo '<div class='block' style='margin-bottom: 2px; margin-top: 2px;'><span style='float: right; color: '.(($row['read'] == 0) ? '#90c090':'orange').';'>'.date('d.m, H:i', $row['time']).'</span> <a href='/user/'.$from['id'].'/'>'.$from['login'].'</a><br/>'.smiles($row['text']).'</div>';
if($row['to'] == $user['id'] && $row['read'] == 0) mysql_query('UPDATE `mail` SET `read` = '1' WHERE `id` = ''.$row['id'].''');
}
if($k_page>1) echo str('?',$k_page,$page);
}
else
{
echo '<div class='block'><font color='#909090'>Сообщений нет!</font></div>';
}
echo '
<a href='/mail.php' class='link'><img src='/images/mail.png'> Почта</a>';
include './system/f.php';
}
else
{
$title = 'Почта';
include './system/h.php';
$max = 10;
$k_post = mysql_result(mysql_query('SELECT COUNT(*) FROM `contacts` WHERE `user` = ''.$user['id'].'''),0);
$k_page = k_page($k_post,$max);
$page = page($k_page);
$start = $max*$page-$max;
if($k_post > 0) {
$q = mysql_query('SELECT * FROM `contacts` WHERE `user` = ''.$user['id'].'' ORDER BY `time` DESC LIMIT '.$start.', '.$max.'');
while($row = mysql_fetch_array($q)) {
$ho = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = ''.$row['ho'].'''));
$new = mysql_result(mysql_query('SELECT COUNT(*) FROM `mail` WHERE `from` = ''.$ho['id'].'' AND `to` = ''.$user['id'].'' AND `read` = '0''),0);
echo '<a href='/mail.php?id='.$row['ho'].'' class='link'>Диалог с '.$ho['login'].'';
if($new > 0) echo '<font color='#90c090'> (+'.$new.')</font></a>';
if($new < 1) echo '</a>';
}
if($k_page>1) echo str('?',$k_page,$page);
}
else
{
echo '<div class='block'><font color='#909090'>Почта пуста!</font></div>';
}
include './system/f.php';
}
?>