Файл: app/user/mail/chat.php
Строк: 42
<?php
Core::only('user');
if (filter_has_var(INPUT_GET, 'id'))
{
$filter = [
'id' => filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT)
];
$profile = $db->query("SELECT * FROM `users` WHERE `id` = '".$filter['id']."' LIMIT 1")->fetch();
}
if (empty($profile))
{
Core::go("/");
}
$smarty->header('Диалоги');
$db->query("UPDATE `users_mail` SET `read` = '1' WHERE `id_profile` = '$user[id]' AND `id_user` = '$profile[id]'");
if (filter_has_var(INPUT_GET, 'delete') && isset($user))
{
$filter = [
'delete' => filter_input(INPUT_GET, 'delete', FILTER_SANITIZE_NUMBER_INT)
];
$object = $db->query("SELECT `id` FROM `users_mail` WHERE `id` = '" . $filter['delete'] . "'")->fetch();
if (empty($object))
{
$error = 'Сообщение не найдено.';
}
else
{
if ($db->query("SELECT `id` FROM `users_mail` WHERE `delete` = '" . $profile['id'] . "' AND `id` = '" . $object['id'] . "'")->rowCount() != 0)
{
$db->query("DELETE FROM `users_mail` WHERE `id` = '" . $object['id'] . "'");
}
else
{
$db->query("UPDATE `users_mail` SET `delete` = '" . $user['id'] . "' WHERE `id` = '" . $object['id'] . "'");
}
Core::go('?id=' . $profile['id']);
}
}
if (filter_has_var(INPUT_POST, 'submit'))
{
$filter = [
'text' => filter_has_var(INPUT_POST, 'text')
? filter_input(INPUT_POST, 'text', FILTER_UNSAFE_RAW)
: null
];
if (Filter::strlen ($filter['text']) < 2 || Filter::strlen ($filter['text']) > 5000)
{
$error = 'Неверный формат сообщения.';
}
elseif ($db->query("SELECT `id` FROM `users_mail` WHERE `text` = '" . $filter['text'] . "' AND `delete` != '" . $user['id'] . "' AND `id_user` = '" . $user['id'] . "' AND `id_profile` = '" . $profile['id'] . "'")->rowCount() != 0)
{
$error = 'Сообщение уже существует.';
}
else
{
$stmt = $db->prepare('INSERT INTO `users_mail` (`text`, `time`, `id_user`, `id_profile`) VALUES (:text, :time, :id_user, :id_profile)');
$stmt->execute([
':text' => $filter['text'],
':time' => time(),
':id_user' => $user['id'],
':id_profile' => $profile['id']
]);
}
}
$elements[] = [
'type' => 'textarea',
'title' => Lang::word('Сообщение'),
'br' => 1,
'info' => [
'name' => 'text',
]
];
$elements[] = [
'type' => 'submit',
'info' => [
'name' => 'submit',
'value' => Lang::word('Отправить')
]
];
$listing = null;
if ($profile['time_last'] < time()-600)
{
$listing[] = [
'title' => Lang::word('Посл. посещение') . ': '.Core::time($profile['time_last']),
'div' => 'block'
];
}
$all = $db->query("SELECT `id` FROM `users_mail` WHERE (`id_user` = '$user[id]' AND `id_profile` = '$profile[id]' OR `id_user` = '$profile[id]' AND `id_profile` = '$user[id]') AND `delete` != '$user[id]'")->rowCount();
$pages = new Pages($all, $config['pages']);
$query = $db->query("SELECT * FROM `users_mail` WHERE (`id_user` = '$user[id]' AND `id_profile` = '$profile[id]' OR `id_user` = '$profile[id]' AND `id_profile` = '$user[id]') AND `delete` != '$user[id]' ORDER BY `id` DESC LIMIT " . $start . ", " . $config['pages']);
while ($list = $query->fetch())
{
$options = null;
$options[] = [
'url' => '?id=' . $profile['id'] . '&delete=' . $list['id'],
'title' => Lang::word('Удалить')
];
$posts[] = [
'div' => ($list['read'] == 0 ? 'listing2' : 'listing'),
'image' => User::photo($list['id_user']),
'title' => User::login($list['id_user']),
'post' => Filter::output($list['text']),
'time' => Core::time($list['time']),
'options' => $options
];
}
if ($all == 0)
$posts[] = [
'title' => Lang::word('Нет сообщений.')
];
Core::show('error');
$smarty->assign([
'method' => 'POST',
'action' => '?id=' . $profile['id'],
'el' => $elements,
'listing' => $listing,
'post' => $posts
]);
$smarty->display('form.tpl');
$smarty->display('listing.tpl');
$smarty->display('posts.tpl');
$pages->view('?id=' . $profile['id'] . '&');
$smarty->footer();