Файл: pages/mail/index.php
Строк: 108
<?php
include '../../system/mysql.php';
include '../../system/sys_func.php';
if (!isset($user)) {
header('location: /');
exit;
}
switch($_GET['act']) {
default:
if (isset($_GET['name'])) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `users` WHERE `login` = '". filter($_GET['name']) ."'"), 0) == 0) {
$title = 'Ошибка';
include '../../system/head.php';
echo '<div class="title">Ошибка</div>';
echo '<div class="err">Нет такого пользователья</div>';
include '../../system/foot.php';
exit;
}
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `login` = '". filter($_GET['name']) ."' LIMIT 1"));
if (isset($_POST['reload'])) {
header('Location: ?name='. $ank['login']);
}
mysql_query("UPDATE `mail_msg` SET `chit` = '1' WHERE `user_1` = '". $ank['id'] ."' AND `user_2` = '". $user['id'] ."'");
$error = false;
$errort = '';
if (isset($_POST['submit'])) {
if (empty($_POST['msg'])) {
$error = true;
$errort .= '<div class="err">Вы не ввели сообщение</div>';
} elseif ($user['position'] != 'admin' && strlen($_POST['msg']) > 20000) {
$error = true;
$errort .= '<div class="err">Сообщение превышает лимит символов</div>';
} else {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `user_1` = '". $user['id'] ."' AND `user_2` = '". $ank['id'] ."' OR `user_1` = '". $ank['id'] ."' AND `user_2` = '". $user['id'] ."'"), 0) == 0) {
mysql_query("INSERT INTO `mail` (`user_1`, `user_2`, `time`) VALUES ('". $user['id'] ."', '". $ank['id'] ."', '".time()."')");
} else {
mysql_query("UPDATE `mail` SET `time` = '". time() ."' WHERE `user_1` = '". $user['id'] ."' AND `user_2` = '". $ank['id'] ."' OR `user_1` = '". $ank['id'] ."' AND `user_2` = '". $user['id'] ."' LIMIT 1");
}
mysql_query("INSERT INTO `mail_msg` (`user_1`, `user_2`, `msg`, `time`) VALUES ('". $user['id'] ."', '". $ank['id'] ."', '". filter($_POST['msg']) ."', '". time() ."')");
$bon_rand = rand(1, 5);
mysql_query("UPDATE `users` SET `bonus` = '". ($user['bonus']+$bon_rand) ."' WHERE `id` = '". $user['id'] ."'");
header('location: ?name='. $ank['login']);
}
}
$title = 'Кабинет/Контакты/Переписка с '.$ank['login'];
include '../../system/head.php';
echo '<div class="title"><a href="/pages/personal/">Кабинет</a> / <a href="/pages/mail/">Контакты</a> / '. $ank['login'] .'</div>';
echo $errort;
echo '<form method="post" name="message">';
include '../../system/bbcodes.php';
echo '<textarea class="resize" name="msg">'. (isset($_POST['msg']) ? ''. $_POST['msg'] .'' : NULL) .'</textarea><br>';
include '../../system/smiles.php';
echo '<input type="submit" name="submit" value="Отправить"/>
<input type="submit" name="reload" value="Обновить">
</form>';
$c_p = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_msg` WHERE `user_1` = '". $user['id'] ."'
AND `user_2` = '". $ank['id'] ."' OR `user_1` = '". $ank['id'] ."'
AND `user_2` = '". $user['id'] ."'"), 0);
$k_page = k_page($c_p, $user['p_page']);
$page = page($k_page);
$start = $user['p_page']*$page-$user['p_page'];
if ($c_p == 0) {
echo '<div class="post">Нет сообщений</div>';
}
$query = mysql_query("SELECT * FROM `mail_msg` WHERE `user_1` = '". $user['id'] ."' AND `user_2` = '". $ank['id'] ."' OR `user_1` = '". $ank['id'] ."' AND `user_2` = '". $user['id'] ."' ORDER BY `id` DESC LIMIT $start, ". $user['p_page']);
while($post = mysql_fetch_assoc($query)) {
$ot = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '". $post['user_1'] ."' LIMIT 1"));
echo '<div class="post">
<span class="c_date">'. ptime($post['time']) .'</span>
<table cellpadding="0" cellspacing="0">
<tr>
<td>';
avatar($ot['id'], 'b');
echo ' </td>
<td>';
echo online($ot['id']) .'<a href="/pages/users/user.php?name='. $ot['login'] .'">'. $ot['login'] .'</a>';
echo user($ot['id']);
echo '<br>'. ($post['chit'] == 0 ? ' (<span class="new">Не прочитано</span>)' : NULL);
echo '</td>
</tr>
</table>
<hr>';
echo output($post['msg']);
echo '</div>';
}
if ($k_page > 1) str('?name='. $ank['login'] .'&', $k_page, $page);
echo '<a class="link" href="/pages/mail/"><img src="/design/imgs/arr_b.png" align="center"> Назад</a>';
include '../../system/foot.php';
exit;
}
$title = 'Кабинет / Контакты';
include '../../system/head.php';
echo '<div class="title"><a href="/pages/personal/">Кабинет</a> / Контакты</div>';
$c_p = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `user_1` = '". $user['id'] ."' OR `user_2` = '". $user['id'] ."'"),0);
$k_page = k_page($c_p, $user['p_page']);
$page = page($k_page);
$start = $user['p_page']*$page-$user['p_page'];
if ($c_p == 0) {
echo '<div class="post">Нет диалогов</div>';
}
$query = mysql_query("SELECT * FROM `mail` WHERE `user_1` = '". $user['id'] ."' OR `user_2` = '". $user['id'] ."' ORDER BY `time` DESC LIMIT $start, ". $user['p_page']);
while($mail = mysql_fetch_assoc($query)) {
if ($mail['user_1'] == $user['id']) {
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '". $mail['user_2'] ."' LIMIT 1"));
} else {
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '". $mail['user_1'] ."' LIMIT 1"));
}
$new = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_msg` WHERE `user_1` = '". $ank['id'] ."' AND `user_2` = '". $user['id'] ."' AND `chit` = '0'"), 0);
$in = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_msg` WHERE `user_1` = '". $user['id'] ."' AND `user_2` = '". $ank['id'] ."'"), 0);
$out = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_msg` WHERE `user_1` = '". $ank['id'] ."' AND `user_2` = '". $user['id'] ."'"), 0);
echo '<a class="link" href="?name='. $ank['login'] .'">';
echo online($ank['id']).$ank['login'] .'
('. $in .'/'. $out .')'. ($new > 0 ?' <span class="new">+'. $new .'</span>' : NULL) .'
</a>';
}
if ($k_page > 1) str('?', $k_page, $page);
echo '<a class="link" href="/pages/personal/"><img src="/design/imgs/arr_b.png" align="center"> Кабинет</a>';
break;
}
include '../../system/foot.php';
?>