Файл: waphero.ru/user/mail.php
Строк: 99
<?
require_once '../core/system.php';
echo ban();
if(isset($_GET['id'])) {
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = $_GET[id] LIMIT 1"));
mysql_query("UPDATE `users_konts` SET `new_msg` = '0' WHERE `id_kont` = '$ank[id]' AND `id_user` = '$user[id]' LIMIT 1");
$header = "Почта - $ank[nick]";
require_once '../core/head.php';
echo "<div class='player menuList'>";
echo "<li><a href='?id=$ank[id]'><img src='/images/icon/arrow.png'>Обновить</a></li>";
echo "</div>";
echo "<div class='mini-line'></div>";
echo "<div class='block_zero center'><form action='?id=$ank[id]' method='post'><div>Сообщение:<br/><textarea name='msg' class = 'text large' rows='4' cols='55'></textarea><br/><div class='center'><span class='btn'><span class='end'><input class='label' type='submit' value='Отправить'>Отправить</span></span></div><input type='hidden' name='r' value='68863272'/></div></form></div>";
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `unlink` != '$user[id]' AND `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]' AND `unlink` != '$user[id]'"),0);
$k_page = k_page($k_post,$set['p_str']);
$page = page($k_page);
$start = $set['p_str']*$page-$set['p_str'];
$q=mysql_query("SELECT * FROM `mail` WHERE `unlink` != '$user[id]' AND `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]' AND `unlink` != '$user[id]' ORDER BY id DESC LIMIT $start, $set[p_str]");
echo "<div class='mini-line'></div>";
while($post = mysql_fetch_assoc($q)) {
mysql_query("UPDATE `mail` SET `read` = '0' WHERE `id` = '$post[id]' AND `id_user` = '$ank[id]' LIMIT 1");
$ank2 = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = $post[id_user] LIMIT 1"));
if($ank2[prava] == 5 ){
$color = 'Admin';
}
if($ank2[prava] == 4 ){
$color = 'Moder';
}
if($ank2[prava] == 0 ){
$color = '';
}
echo "<div class='player'>";
echo online($ank2[id]);
echo " <a href='/user/$ank2[id]/'>$ank2[nick]</a>";
if($post[read] == 1){
echo "<span class='float-right dgreen'>".vremja($post[time])."</span>";
}else{
echo "<span class='float-right grey'>".vremja($post[time])."</span>";
}
echo "<br><span class='$color'>$post[msg]</span><br>";
echo "</div>";
echo "<div class='dot-line'></div>";
}
if(isset($_POST['msg'])){
if(mysql_result(mysql_query("SELECT count(id) from `ignor` where `kto` = '".$ank['id']."' and `kogo` = '".$user['id']."'"),0) >= 1){
echo'<div class="player">Вы находитесь в чёрном списке у данного пользователя!</div>';
exit;
}
$msg = check($_POST['msg']);
if(strlen($msg) < 1 or strlen($msg) > 5000) $err = 'Длина сообщения должна быть в пределах 1 - 5000 символов';
if(!isset($err)) {
$time = time();
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`, `read`) values('$user[id]', '$ank[id]', '$msg', '$time', '1')");
mysql_query("INSERT INTO `users_konts` (`id_user`, `id_kont`, `time`) VALUES ('$user[id]', '$ank[id]', '$time')");
mysql_query("INSERT INTO `users_konts` (`id_user`, `id_kont`, `time`) VALUES ('$ank[id]', '$user[id]', '$time')");
mysql_query("UPDATE `users_konts` SET `new_msg` = '1' WHERE `id_kont` = '$user[id]' AND `id_user` = '$ank[id]'");
header("Location: ?id=$ank[id]");
$_SESSION['message'] = 'Сообщение добавлено!';
exit();
}else{
header('Location: ?');
$_SESSION['err'] = $err;
// Вывод ошибки
exit();
}
}
if ($k_page>1)str('mail.php?id=' . intval($_GET['id']) . '&',$k_page,$page); // Вывод страниц
echo "<div class='mini-line'></div>";
echo "<div class='player menuList'>";
echo "<li><a href='newmsg.php'><img src='/images/icon/arrow.png'>Контакты</a></li>";
echo "</div>";
}
require_once '../core/foot.php';
?>