Файл: app/user/mail/send.php
Строк: 37
<?php
Core::only('user');
$smarty->header('Написать сообщение');
if (filter_has_var(INPUT_POST, 'submit'))
{
$filter = [
'recipient' => filter_has_var(INPUT_POST, 'recipient')
? filter_input(INPUT_POST, 'recipient', FILTER_UNSAFE_RAW)
: null,
'text' => filter_has_var(INPUT_POST, 'text')
? filter_input(INPUT_POST, 'text', FILTER_UNSAFE_RAW)
: null
];
if ($db->query("SELECT `id` FROM `users` WHERE (`id` = '" . $filter['recipient'] . "' OR `login` = '" . $filter['recipient'] . "')")->rowCount() == 0)
{
$error = 'Получатель не найден.';
}
if (Filter::strlen ($filter['text']) < 2 || Filter::strlen ($filter['text']) > 5000)
{
$error = 'Неверный формат сообщения.';
}
else
{
$recipient = $db->query("SELECT `id` FROM `users` WHERE `id` = '" . $filter['recipient'] . "' OR `login` = '" . $filter['recipient'] . "'")->fetch();
$stmt = $db->prepare('INSERT INTO `users_mail` (`text`, `time`, `id_user`, `id_profile`) VALUES (:text, :time, :id_user, :id_profile)');
$stmt->execute([
':text' => $filter['text'],
':time' => time(),
':id_user' => $user['id'],
':id_profile' => $recipient['id']
]);
}
}
$elements[] = [
'type' => 'input',
'title' => Lang::word('Логин или ID'),
'br' => 1,
'info' => [
'name' => 'recipient',
]
];
$elements[] = [
'type' => 'textarea',
'title' => Lang::word('Сообщение'),
'br' => 1,
'info' => [
'name' => 'text',
]
];
$elements[] = [
'type' => 'submit',
'info' => [
'name' => 'submit',
'value' => Lang::word('Отправить')
]
];
Core::show('error');
$smarty->assign([
'method' => 'POST',
'action' => '?',
'el' => $elements
]);
$smarty->display('form.tpl');
$smarty->footer();