Файл: public_html/mail.php
Строк: 101
<?php
include './system/system.php';
$title = 'Почта';
include './system/head.php';
if(!$user) {
header('location: /index.php');
exit();
}
$id = _string(_num($_GET['id']));
if($id) {
$ho = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = ''.$id.'''));
if(!$id OR !$ho OR $id == $user['id']) {
header('location: /mail.php');
exit();
}
if(mysql_result(mysql_query('SELECT COUNT(*) FROM `contacts` WHERE `user` = ''.$user['id'].'' AND `ho` = ''.$ho['id'].'''),0) == 0) {
mysql_query('INSERT INTO `contacts` (`user`,
`ho`,
`time`) VALUES (''.$user['id'].'',
''.$ho['id'].'',
''.time().'')');
}
if(mysql_result(mysql_query('SELECT COUNT(*) FROM `contacts` WHERE `ho` = "'.$user['id'].'" AND `user` = "'.$ho['id'].'"'),0) == 0) {
mysql_query('INSERT INTO `contacts` (`ho`,
`user`,
`time`) VALUES (''.$user['id'].'',
''.$ho['id'].'',
''.time().'')');
}
if(isset($_POST['text']) && $user['ban_time'] < time()){
if($user['level'] < 10) {
echo '<div class="block small red center">Почта доступна с 10 уровня!</div>';
include ('./system/foot.php');
exit();
}
$text = _string($_POST['text']);
if(strlen($text) < 1 or strlen($text) > 5000) {
echo '<div class="block small red center">Длина сообщения 1-5000 символов!</div>
<a href="/mail.php?id='.$ho['id'].'" class="link"><img src="/images/icons/forward.png"> Вернуться</a>';
include ('./system/foot.php');
exit();
}
$ignor = mysql_result(mysql_query('SELECT COUNT(*) FROM `ignor` where `who` = "'.$user['id'].'" && `user` = "'.$ho['id'].'"'),0);
if($ignor > 0) {
echo '<div class="block small red center">Вы находитесь в чёрном списке!</div>
<a href="/mail.php?id='.$ho['id'].'" class="link"><img src="/images/icons/forward.png"> Вернуться</a>';
include ('./system/foot.php');
exit();
}
mysql_query('INSERT INTO `mail` (`from`,
`to`,
`text`,
`time`) VALUES (''.$user['id'].'',
''.$ho['id'].'',
''.$text.'',
''.time().'')');
mysql_query('UPDATE `contacts` SET `time` = ''.time().'' WHERE `user` = ''.$user['id'].'' AND `ho` = ''.$ho['id'].''');
mysql_query('UPDATE `contacts` SET `time` = ''.time().'' WHERE `ho` = ''.$user['id'].'' AND `user` = ''.$ho['id'].''');
header('location: /mail.php?id='.$ho['id'].'');
exit();
}
if(isset($_GET['edit'])) {
$msg = _string(_num($_GET['msg']));
if($msg) {
$msg = mysql_query('SELECT * FROM `mail` WHERE `id` = "'.$msg.'"');
$i = mysql_fetch_array($msg);
}
if(!$i) {
header('location: /mail.php?id='.$ho['id'].'');
exit();
}
if($i['read'] == 1) {
header('location: /mail.php?id='.$ho['id'].'');
exit();
}
if($i['time'] <= (time() - 180)) {
header('location: /mail.php?id='.$ho['id'].'');
exit();
}
if($i['from'] != $user['id']) {
header('location: /mail.php?id='.$ho['id'].'');
exit();
}
if(isset($_GET['save'])) {
$message = _string($_POST['message']);
if(strlen($message) < 1 or strlen($message) > 5000) {
echo '<div class="block small red center">Длина сообщения 1-5000 символов!</div>
<a href="/mail.php?id='.$ho['id'].'" class="link"><img src="/images/icons/forward.png"> Вернуться</a>';
include ('./system/foot.php');
exit();
}
mysql_query("update `mail` set `text` = '".$message."', `time` = '".time()."' where `id` = '".$i['id']."'");
header('location: /mail.php?id='.$ho['id'].'');
exit();
}
echo "<div class='block'>
<form method='post' action='/mail.php?id=$ho[id]&edit&msg=$i[id]&save'>
Сообщение: <br>
<textarea name='message' class='text' style='width: 97%'>$i[text]</textarea>
<input type='submit' class='submit' value='Изменить'></form> </div>";
echo '<a href="/mail.php?id='.$ho['id'].'" class="link"><img src="/images/icons/forward.png"> Вернуться</a>';
include ('./system/foot.php');
exit();
}
if($user['ban_time'] < time()) {
echo '
<div class='block'>
<form action='/mail.php?id='.$ho['id'].'' method='post'>
<textarea name='text' style='width: 97%'></textarea>
<input type='submit' class='submit' value='Отправить'> <a href='/mail.php?id='.$ho['id'].''><img src='/images/icons/update.png'></a> <span style='float: right'><a href='/smiles.php'><img src='/images/icons/smiles.png'></a></span>
</form>
</div>';
}else{
echo '<div class="block small red center">Вам запрещено отправлять почту!</div>';
}
$max = 10;
$k_post = mysql_result(mysql_query('SELECT COUNT(*) FROM `mail` WHERE `from` = "'.$user['id'].'" AND `to` = "'.$ho['id'].'" OR `to` = "'.$user['id'].'" AND `from` = "'.$ho['id'].'"'),0);
$k_page = k_page($k_post,$max);
$page = page($k_page);
$start = $max*$page-$max;
if($k_post > 0) {
$q = mysql_query('SELECT * FROM `mail` WHERE `from` = ''.$user['id'].'' AND `to` = ''.$ho['id'].'' OR `to` = ''.$user['id'].'' AND `from` = ''.$ho['id'].'' ORDER BY `time` DESC LIMIT '.$start.', '.$max.'');
while($row = mysql_fetch_array($q)) {
$from = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = ''.$row['from'].'''));
if($from['access'] == 2) {
$access = " <b>[ADM]</b>";
}
if($from['access'] == 1) {
$access = " <b>[MD]</b>";
}
if($from['access'] == 0) {
$access = "";
}
echo '<div class='block'> <img src='/images/race/'.$from['race'].'.png'> <a href='/profile.php?id='.$from['id'].''>'.$from['login'].'</a>'.$access.': <img src='/images/icons/time.png'> <small>'.vremja(time() - $row['time']).' назад, </small>';
if($row['read'] == 0) echo '<small> <font color="red">(не прочитано)</font></small>';
if($row['read'] == 1) echo '<small> <font color="#909090">(прочитано)</font></small>';
$time = time() - 180;
if($row['time'] >= $time && $row['read'] == 0 && $from['id'] == $user['id']) {
$edit = '<a href="/mail.php?id='.$ho['id'].'&edit&msg='.$row['id'].'" class="none"><img src="/images/icons/edit.png"></a>';
}else{
$edit ='';
}
if($from['access'] != 0) {
echo '<font color="#f09050">';
echo '<br> '.smiles($row['text']).' </font> '.$edit.'';
}else{
echo '<br> '.smiles($row['text']).' '.$edit.'';
}
echo '</div>';
if($row['to'] == $user['id'] && $row['read'] == 0) mysql_query('UPDATE `mail` SET `read` = '1' WHERE `id` = ''.$row['id'].''');
}
if($k_page>1) echo str('/mail.php?id='.$ho['id'].'&',$k_page,$page);
}
else
{
echo '<div class='block small red center'>Почты нет!</div>';
}
echo '
<a href='/profile.php?id='.$ho['id'].'' class='link'><img src='/images/race/'.$ho['race'].'.png'> '.$ho['login'].' </a>';
echo '
<a href='/mail.php' class='link'><img src='/images/icons/mail.png'> Контакты</a>';
include ('./system/foot.php');
}
else
{
$max = 10;
$k_post = mysql_result(mysql_query('SELECT COUNT(*) FROM `contacts` WHERE `user` = ''.$user['id'].'''),0);
$k_page = k_page($k_post,$max);
$page = page($k_page);
$start = $max*$page-$max;
if($k_post > 0) {
$q = mysql_query('SELECT * FROM `contacts` WHERE `user` = ''.$user['id'].'' ORDER BY `time` DESC LIMIT '.$start.', '.$max.'');
while($row = mysql_fetch_array($q)) {
$ho = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = ''.$row['ho'].'''));
$new = mysql_result(mysql_query('SELECT COUNT(*) FROM `mail` WHERE `from` = ''.$ho['id'].'' AND `to` = ''.$user['id'].'' AND `read` = '0''),0);
echo '<a href='/mail.php?id='.$row['ho'].'' class='link'><img src='/images/race/'.$ho['race'].'.png'> '.$ho['login'].'';
if($new > 0) echo ' <font color='#10c010'>(+)</font></a>';
if($new < 1) echo '</a>';
}
if($k_page>1) echo str('?',$k_page,$page);
}
else
{
echo '<div class='block small red center'>Контактов нет!</div>';
}
include ('./system/foot.php');
}
?>