Файл: Krimos/private.php
Строк: 313
<?php
// Криме / Krime
include('common.php');
if(islogged())
{
$do = getarg('do');
$pm = getarg('pm');
$id = getarg('id');
$page = getarg('page', 1);
if($do == 'read')
{
echo theader($lang['pmread']);
$id = intval($id);
$query = mysql_query('SELECT * FROM `private` WHERE `to` = '' . getid() . '' AND `id` = '' . $id . '';');
if(mysql_num_rows($query) > 0)
{
@mysql_query('UPDATE `private` SET `read` = '1' WHERE `to` = '' . getid() . '' AND `id` = '' . $id . '';');
$pm = mysql_fetch_array($query);
$from = getusername($pm['from']);
$date = $pm['date'];
$message = $pm['message'];
$message = bbcode($message);
$message = smile($message);
echo ' <div class="left">' . "rn";
echo ' <div class="pm">' . "rn";
echo ' <span><a href="' . $s_siteurl . '/profile.php?lang=' . $language . '&id=' . $pm['from'] . '">' . $from . '</a>: (' . date('d/m/Y, H:i:s', $date) . ')</span><br />' . "rn";
echo ' <span>' . $message . '</span><br />' . "rn";
echo ' </div>' . "rn";
echo ' </div>' . "rn";
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '&do=write&id=' . $id . '">' . $lang['pmreply'] . '</a> | <a href="' . $s_siteurl . '/private.php?lang=' . $language . '&do=delete&id=' . $id . '">' . $lang['pmdelete'] . '</a></span><br />';
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['main'] . '</a></span><br /><br />' . "rn";
}
else
{
echo ' <span>' . $lang['pmnotexists'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['main'] . '</a></span><br /><br />' . "rn";
}
}
elseif($do == 'write')
{
echo theader($lang['pmnew']);
if($id == NULL)
{
if(isset($_POST['to']) && !empty($_POST['to']) && isset($_POST['message']) && !empty($_POST['message']))
{
$to = clean($_POST['to']);
$message = clean($_POST['message']);
$tid = @mysql_query('SELECT `id` FROM `users` WHERE `username` = '' . $to . '';');
$tid = intval(@mysql_result($tid, 0));
if($tid > 0)
{
@mysql_query('INSERT INTO `private` VALUES('0', '' . getid() . '', '' . $tid . '', '' . time() . '', '' . $message . '', '0');');
$message = bbcode($message);
$message = smile($message);
echo ' <span>' . $lang['pmsent'] . '</span><br />' . "rn";
echo ' <span>' . $message . '</span><br /><br />' . "rn";
}
else
{
echo ' <span>' . $lang['usernotexists'] . '</span><br />' . "rn";
}
}
else
{
echo ' <form method="post" action="' . $s_siteurl . '/private.php?lang=' . $language . '&do=write">' . "rn";
echo ' <span>' . $lang['pmto'] . ':</span><br />' . "rn";
echo ' <input type="text" name="to" value="' . getarg('to', '') . '" /><br />' . "rn";
echo ' <span>' . $lang['message'] . ':</span><br />' . "rn";
echo ' <textarea name="message" maxlength="5000"></textarea><br />' . "rn";
echo ' <input type="submit" value="' . $lang['send'] . '" /> <input type="reset" value="' . $lang['reset'] . '" /><br />' . "rn";
echo ' </form>' . "rn";
}
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['main'] . '</a></span><br /><br />' . "rn";
}
else
{
$id = intval($id);
$to = mysql_query('SELECT `from` FROM `private` WHERE `id` = '' . $id . '' AND `to` = '' . getid() . '';');
$to = intval(mysql_result($to, 0));
if($to > 0)
{
if(isset($_POST['message']) && !empty($_POST['message']))
{
$message = clean($_POST['message']);
@mysql_query('INSERT INTO `private` VALUES('0', '' . getid() . '', '' . $to . '', '' . time() . '', '' . $message . '', '0');');
$message = bbcode($message);
$message = smile($message);
echo ' <span>' . $lang['pmsent'] . '</span><br />' . "rn";
echo ' <span>' . $message . '</span><br /><br />' . "rn";
}
else
{
echo ' <form method="post" action="' . $s_siteurl . '/private.php?lang=' . $language . '&do=write&id=' . $id . '">' . "rn";
echo ' <span>' . $lang['message'] . ':</span><br />' . "rn";
echo ' <textarea name="message" maxlength="5000"></textarea><br />' . "rn";
echo ' <input type="submit" value="' . $lang['send'] . '" /> <input type="reset" value="' . $lang['reset'] . '" /><br />' . "rn";
echo ' </form>' . "rn";
}
}
else
{
echo ' <span>' . $lang['pmnotexists'] . '</span><br />' . "rn";
}
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['main'] . '</a></span><br /><br />' . "rn";
}
}
elseif($do == 'delete')
{
echo theader($lang['pmdelete']);
if($id == 'all')
{
@mysql_query('DELETE FROM `private` WHERE `to` = '' . getid() . '' AND `read` = '1';');
echo ' <span>' . $lang['pmdeleted'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['main'] . '</a></span><br /><br />' . "rn";
}
else
{
$id = intval($id);
$query = mysql_query('SELECT * FROM `private` WHERE `id` = '' . $id . '' AND `to` = '' . getid() . '';');
if(mysql_num_rows($query) > 0)
{
@mysql_query('DELETE FROM `private` WHERE `to` = '' . getid() . '' AND `id` = '' . $id . '';');
echo ' <span>' . $lang['pmdeleted'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['main'] . '</a></span><br /><br />' . "rn";
}
else
{
echo ' <span>' . $lang['pmnotyours'] . '</span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['main'] . '</a></span><br /><br />' . "rn";
}
}
}
else
{
echo theader($lang['pminbox']);
echo ' <span>' . $lang['pminbox'] . '</span><br /><br />' . "rn";
{
$query = mysql_query('SELECT COUNT(*) FROM `private` WHERE `to` = '' . getid() . '';');
if(($npms = intval(mysql_result($query, 0))) > 0)
{
$ntpp = 10;
$npages = ceil($npms / $ntpp);
if($page == 'last')
$page = $npages;
$page = intval($page);
if($page == 0)
$page = 1;
if($page > $npages && $page != 1)
$page = $npages;
if($page > 1)
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '&page=1">' . $lang['firstpage'] . '</a></span><br />' . "rn";
if($npages > 1 && $page < $npages)
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '&page=' . $npages . '">' . $lang['lastpage'] . '</a></span><br />' . "rn";
$limit = ($page - 1) * $ntpp;
$pms = mysql_query('SELECT * FROM `private` WHERE `to` = '' . getid() . '' ORDER BY `date` DESC LIMIT ' . $limit . ', ' . $ntpp . ';');
if($npms > 0)
{
echo ' <div class="left">' . "rn";
while($pm = mysql_fetch_array($pms))
{
$id = $pm['id'];
$from = getusername($pm['from']);
$date = $pm['date'];
$read = (bool)$pm['read'];
if($read)
$bln = '';
else
$bln = '[N]';
echo ' <div class="pm">' . "rn";
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '&do=read&id=' . $id . '">' . $from . '</a> (' . date('d/m/Y, H:i:s', $date) . ')' . $bln . '</span><br />' . "rn";
echo ' </div>' . "rn";
}
echo ' </div>' . "rn";
}
if($page > 1)
{
$bp = $page - 1;
$bl = '<a href="' . $s_siteurl . '/private.php?lang=' . $language . '&page=' . $bp . '">< ' . $lang['backward'] . '</a>';
}
else
$bl = '< ' . $lang['backward'];
if($page < $npages)
{
$fp = $page + 1;
$fl = ' | <a href="' . $s_siteurl . '/private.php?lang=' . $language . '&page=' . $fp . '">' . $lang['forward'] . ' ></a>';
}
else
$fl = ' | ' . $lang['forward'] . ' >';
echo ' </div>' . "rn";
echo ' <span>' . $bl . $fl . '</span><br />' . "rn";
}
else
{
echo ' <span>' . $lang['pmempty'] . '</span><br /><br />' . "rn";
}
}
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '&do=write">' . $lang['pmnew'] . '</a></span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '&do=delete&id=all">' . $lang['pmdelete'] . '</a></span><br />' . "rn";
echo ' <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "rn";
}
echo tfooter();
}
else
{
header('Location: ' . $s_siteurl . '/index.php?lang=' . $language);
}
exit();
?>