Файл: test.zfarm.mobi/msmail/msindex.php
Строк: 170
<?php
/////////////////////////
/*
Author MyStyle ZomBi.Biz
Год 2013 Автор Шехов Виталию Александровичу
http://vk.com/online_user
*/
/////////////////////////
what(0, 'mail');
if(isset($_GET['msdel_all']) && num($_GET['msdel_all'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_msmail` WHERE `user` = '".$user['id']."' AND `id` = '".num($_GET['msdel_all'])."' LIMIT 1"),0)!=0){
$post = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_msmail` WHERE `user` = '".$user['id']."' AND `id` = '".num($_GET['msdel_all'])."'"));
if(isset($_GET['msdelmail'])){
mysql_query("DELETE FROM `mystyle_msmail` WHERE `user` = '".$user['id']."' AND `id` = '".num($_GET['msdel_all'])."' LIMIT 1");
$msg = mysql_query("SELECT * FROM `mystyle_msmail_msg` WHERE `user` = '".$user['id']."' AND `type_id` = '".num($post['id'])."' ORDER BY `id` DESC");
while($del = mysql_fetch_array($msg))
{
mysql_query("DELETE FROM `mystyle_msmail_msg` WHERE `user` = '".$user['id']."' AND `type_id` = '".num($post['id'])."' LIMIT 1");
mysql_query("DELETE FROM `mystyle_msmail_msg` WHERE `who` = '".$user['id']."' AND `type_id` = '".num($post['id'])."' LIMIT 1");
mysql_query("DELETE FROM `mystyle_msmail` WHERE `user` = '".$user['id']."' LIMIT 1");
mysql_query("DELETE FROM `mystyle_msmail` WHERE `userid` = '".$user['id']."' LIMIT 1");
}
///////// Лог Пользователя ///// By MyStyle
$text = 'Переписка удалена';
$_SESSION['msg'] = $text;
header("Location: ./?msmail");
exit;
}
echo '<div>
<div class="feedbackPanel">Действительно удалить всю переписку с данным пользователем?
<div style="text-align: center;">
<div class="fl" style="width: 49%;">
<a class="btn" href="?msmail&msdel_all='.$post['id'].'&msdelmail">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>Уверен</span>
</a>
</div>
<div class="fr" style="width: 49%;">
<a class="btn" href="./?msmail">
<img width="16" height="16" alt="o" src="/images/icons/cross.png"/>
<span>На главную!</span>
</a>
</div>
<div style="clear: both;"></div>
</div>
</div>
</div>';
}elseif(isset($_GET['msnew']) && num($_GET['msnew'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_user` WHERE `id` = '".num($_GET['msnew'])."' LIMIT 1"),0)!=0){
$post = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_user` WHERE `id` = '".num($_GET['msnew'])."'"));
if($user['id'] == $post['id']){
///////// Лог Пользователя ///// By MyStyle
$text = 'Че хулиганим?';
$_SESSION['msg'] = $text;
header("Location: ./?msmail");
exit;
}elseif(mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_msmail_msg` WHERE `userid` = '".num($post['id'])."' AND `user` = '".$user['id']."' LIMIT 1"),0)!=0){
$posta = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_msmail_msg` WHERE `userid` = '".num($post['id'])."' AND `user` = '".$user['id']."'"));
///////// Лог Пользователя ///// By MyStyle
$text = 'Сообщение с данным пользователем';
$_SESSION['msg'] = $text;
header("Location: ./?msmail&msid=$posta[type_id]");
exit;
}else{
if(isset($_POST['msg']))
{
$name = my_esc($_POST['msg']);
if(preg_match("#[a-z]+#ui", $name) && preg_match("#[а-я]+#ui", $name))err_game('Разрешается использовать символы только русского или только английского алфавита');
elseif(preg_match("#(^ )|( $)#ui", $name))err_game('Запрещено использовать пробел в начале и конце текста');
elseif(strlen2($name)<5)err_game('Короткий текст');
elseif(strlen2($name)>255)err_game('Длина текста превышает 255 символа');
else
{
mysql_query("INSERT INTO `mystyle_msmail` SET `userid` = '".$post['id']."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(0)."', `user` = '".$user['id']."'");
$type1 = mysql_insert_id();
mysql_query("INSERT INTO `mystyle_msmail` SET `userid` = '".$user['id']."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(1)."', `user` = '".$post['id']."'");
$type2 = mysql_insert_id();
mysql_query("INSERT INTO `mystyle_msmail_msg` SET `sid` = '".$type1."', `userid` = '".$user['id']."', `who` = '".num(2)."', `type_id` = '".$type2."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(1)."', `user` = '".$post['id']."'");
mysql_query("INSERT INTO `mystyle_msmail_msg` SET `sid` = '".$type2."', `who` = '".num(1)."', `userid` = '".$post['id']."', `type_id` = '".$type1."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(0)."', `user` = '".$user['id']."'");
///////// Лог Пользователя ///// By MyStyle
$text = 'Сообщение отправлено';
$_SESSION['msg'] = $text;
header("Location: ./?msmail");
exit;
}
}
echo '<form id="id1" action="" method="post">
<div>
<label><span class="btnp">Сообщение:</span> <a href="./?msmail&msnew='.$post['id'].'&sid='.passgen().'" class="btnp">Обновить</a><br /><br />
<textarea class="btn modalq-indexq" name="msg"></textarea></label>
</div>
<div>
<input type="submit" class="btn bold" style="width: 98%; font-size: 16px;" value="Отправить">
</div>
</form>
</div>';
echo '</div>';
echo '<div>
<div class="feedbackPanel">
<div style="text-align: center;">
<div class="fl" style="width: 49%;">
<a class="btn" href="?msmail">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>В почту</span>
</a>
</div>
<div class="fr" style="width: 49%;">
<a class="btn" href="./">
<img width="16" height="16" alt="o" src="/images/icons/cross.png"/>
<span>На главную!</span>
</a>
</div>
<div style="clear: both;"></div>
</div>
</div>
</div>';
}
}elseif(isset($_GET['msid']) && num($_GET['msid'])!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_msmail` WHERE `id` = '".num($_GET['msid'])."' AND `user` = '".$user['id']."' LIMIT 1"),0)!=0){
$post = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_msmail` WHERE `user` = '".$user['id']."' AND `id` = '".num($_GET['msid'])."'"));
$post_user = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_msmail_msg` WHERE `user` = '".$user['id']."' AND `type_id` = '".num($_GET['msid'])."'"));
$post_typer = mysql_fetch_array(mysql_query("SELECT * FROM `mystyle_msmail_msg` WHERE `type` = '".num(1)."' AND `user` = '".$user['id']."' AND `type_id` = '".num($_GET['msid'])."'"));
mysql_query("UPDATE `mystyle_msmail_msg` SET `type` = '".num(0)."' WHERE `user` = '".$user['id']."' AND `id` = '".num($post_typer['id'])."'");
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_msmail_msg` WHERE `user` = '".$user['id']."' AND `type_id` = '".num($_GET['msid'])."' ORDER BY `id` DESC"),0);
if ($k_post==0){
echo '<div class="feedbackPanel">Нет переписки с данным пользователем!</div>';
}
if(isset($_POST['msg']))
{
$name = my_esc($_POST['msg']);
if(preg_match("#(^ )|( $)#ui", $name))err_game('Запрещено использовать пробел в начале и конце текста');
elseif(strlen2($name)<5)err_game('Короткий текст');
elseif(strlen2($name)>255)err_game('Длина текста превышает 255 символа');
else
{
mysql_query("UPDATE `mystyle_msmail` SET `time` = '".$time."' WHERE `user` = '".$user['id']."' AND `id` = '".num($post['id'])."'");
mysql_query("UPDATE `mystyle_msmail` SET `time` = '".$time."' WHERE `user` = '".$post['userid']."' AND `id` = '".num($post['id'])."'");
mysql_query("INSERT INTO `mystyle_msmail_msg` SET `who` = '".num(2)."', `userid` = '".$user['id']."', `type_id` = '".$post_user['sid']."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(1)."', `user` = '".$post['userid']."'");
mysql_query("INSERT INTO `mystyle_msmail_msg` SET `who` = '".num(1)."', `userid` = '".$post['userid']."', `type_id` = '".num($_GET['msid'])."', `time` = '".$time."', `msg` = '".$name."', `type`= '".num(0)."', `user` = '".$user['id']."'");
///////// Лог Пользователя ///// By MyStyle
$text = 'Сообщение отправлено';
$_SESSION['msg'] = $text;
header("Location: ./?msmail&msid=".num($_GET['msid'])."");
exit;
}
}
echo '<div class="feedbackPanel"><span class="btnp">Сообщений ('.mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_msmail_msg` WHERE `user` = '".$user['id']."' AND `type_id` = '".num($_GET['msid'])."'"), 0).')</span>
<a href="./?msmail&msid='.num($_GET['msid']).'&sid='.passgen().'" class="btnp">Обновить</a> <a class="btnp" href="?smile">Смайлы</a> <a class="btnp" href="./?msmail&msdel_all='.num($_GET['msid']).'&sid='.passgen().'">Удалить переписку</a></div>
<form id="id1" action="" method="post">
<div style="clear:both"></div><div>
<label><textarea class="btn modalq-indexq" name="msg"></textarea></label>
</div>
<div>
<input type="submit" class="btn bold" style="width: 98%; font-size: 16px;" value="Отправить">
</div>
</form>
</div>';
$k_page=k_page($k_post,$user['set']);
$page=page($k_page);
$start=$user['set']*$page-$user['set'];
$q=mysql_query("SELECT * FROM `mystyle_msmail_msg` WHERE `user` = '".$user['id']."' AND `type_id` = '".num($_GET['msid'])."' ORDER BY `id` DESC LIMIT $start, $user[set]");
while($post=mysql_fetch_array($q))
{
if($post['who'] == 1)echo '<div class="modal-index"><div><div>
<span class="hidden-phone">';
if($post['who'] == 2)echo '<div class="modals-indexs"><div><div>
<span class="hidden-phone">';
echo ''.$type_no.'<div style="clear:both"></div>';
if($post['who'] == 1){
echo users($post['user']);
}else{
echo users($post['userid']);
}
echo '<br />'.mat(smile(bbcode(check($post['msg']))));
echo '<br /><span class="majorLink fr">'.vremja($post['time']).' </span><div style="clear:both"></div>';
echo '</span></div></div></div><div style="clear:both"></div><div style="clear:both"></div><br />';
}
echo '<div class="center">';
if ($k_page>1)str("?msmail&msid=".num($_GET['msid'])."&",$k_page,$page);
echo '</div>';
echo '<div>
<div class="feedbackPanel">
<div style="text-align: center;">
<div class="fl" style="width: 49%;">
<a class="btn" href="?msmail">
<img width="16" height="16" alt="o" src="/images/icons/tick.png"/>
<span>В почту</span>
</a>
</div>
<div class="fr" style="width: 49%;">
<a class="btn" href="./">
<img width="16" height="16" alt="o" src="/images/icons/cross.png"/>
<span>На главную!</span>
</a>
</div>
<div style="clear: both;"></div>
</div>
</div>
</div>';
}else{
echo '<div class="feedbackPanel">Почта</div>
';
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_msmail` WHERE `user` = '".$user['id']."' ORDER BY `id` DESC"),0);
if ($k_post==0){
echo '<div class="feedbackPanel">Ваша почта пустая!</div>';
}
$k_page=k_page($k_post,$user['set']);
$page=page($k_page);
$start=$user['set']*$page-$user['set'];
$q=mysql_query("SELECT * FROM `mystyle_msmail` WHERE `user` = '".$user['id']."' ORDER BY `time` DESC LIMIT $start, $user[set]");
while($post=mysql_fetch_array($q))
{
$sr = $start+1;
echo '<div class="btn">';
$mess = ''.(mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_msmail_msg` WHERE
`type_id` = '".$post['id']."' AND `user` = '".num($user['id'])."' AND `type` = '1'"),0)!=0?"
<span class='cook'>Новых: ".mysql_result(mysql_query("SELECT COUNT(*) FROM `mystyle_msmail_msg`
WHERE `type_id` = '".$post['id']."' AND `user` = '".num($user['id'])."' AND `type` = '1'"),0)."</span>":null).'';
echo '<span class="level fr">'.$mess.' '.vremja($post['time']).'</span>';
echo ' <a class="level" href="./?msmail&msid='.$post['id'].'&sid='.passgen().'">Переписка</a> с: ';
echo users($post['userid']);
echo '</div>';
$start++;
}
if ($k_page>1)str("?msmail&",$k_page,$page);
}
/////////////////////////
/*
Author MyStyle ZomBi.Biz
Год 2013 Автор Шехов Виталию Александровичу
http://vk.com/online_user
*/
/////////////////////////
?>