Файл: soc-set/moduls/mail/index.php
Строк: 90
<?php
require_once('../../core/start.php');
check_auth();
switch ($select) {
default:
$id = abs(num($_GET['user']));
if (!empty($id)) {
$ank = DB::$dbs->queryFetch("SELECT * FROM ".USERS." WHERE `user_id` = ? ", array($id));
if (DB::$dbs->querySingle("SELECT COUNT(*) FROM ".BLACKUSERS." WHERE `user_id` = ? && `black_id` = ?", array($ank['user_id'], $user['user_id'])) == TRUE) {
head('Ошибка доступа!');
echo DIV_TITLE . 'Ошибка доступа!' . CLOSE_DIV;
echo DIV_BLOCK . 'Вы не можете написать пользователю '.$ank['nick'].'. Вы находитесь в его(её) чёрном списке!' . CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <b>Ошибка доступа!</b>' . CLOSE_DIV;
require_once('../../core/stop.php');
exit();
}
if ($ank['user_id'] == $user['user_id']) {
head('Вы не можете написать себе');
echo DIV_TITLE . 'Вы не можете написать себе' . CLOSE_DIV;
echo DIV_BLOCK . 'Ошибка!' . CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <b>Вы не можете написать себе</b>' . CLOSE_DIV;
require_once('../../core/stop.php');
exit();
}
$sql = DB::$dbs->queryFetch("SELECT * FROM ".DIALOG." WHERE (`user_id` = ? AND `friend_id` = ?) OR (`user_id` = ? AND `friend_id` = ?) ", array($user['user_id'],$ank['user_id'], $ank['user_id'], $user['user_id']));
if (!empty($sql)) {
header("Location: ".HOME."/mail/dialog/".$sql['id']."/");
} else {
DB::$dbs->query("INSERT INTO ".DIALOG." SET `user_id` = ?, `friend_id` = ? ",array($user['user_id'], $ank['user_id']));
$last = DB::$dbs->lastInsertId();
header("Location: ".HOME."/mail/dialog/".$last."/");
}
} else {
head('Мои диалоги');
panel();
$all = DB::$dbs->querySingle("SELECT * FROM ".DIALOG." WHERE `user_id` = ? || `friend_id` = ? ", array($user['user_id'], $user['user_id']));
if (empty($all)) {
echo DIV_BLOCK . 'Диалогов нет' . CLOSE_DIV;
} else {
$sql = DB::$dbs->query("SELECT * FROM ".DIALOG." WHERE `user_id` = ? || `friend_id` = ? ORDER BY `prioritet` DESC", array($user['user_id'], $user['user_id']));
while($dialog = $sql -> fetch()){
if ($dialog['friend_id'] == $user['user_id']) {
$dialog['friend_id'] = $dialog['user_id'];
}
$us = DB::$dbs->queryFetch("SELECT `nick` FROM ".USERS." WHERE `user_id` = ?", array($dialog['friend_id']));
$count_msg = DB::$dbs->querySingle("SELECT COUNT(*) FROM ".DIALOG_MSG." WHERE `dialog_id` = ? AND `delet` != ?", array($dialog['id'], $user['user_id']));
$count_msg_new = DB::$dbs->querySingle("SELECT COUNT(*) FROM ".DIALOG_MSG." WHERE `dialog_id` = ? AND `delet` != ? AND `user_friend` = ? AND `status` = ? ", array($dialog['id'], $user['user_id'], $user['user_id'], 1));
echo DIV_LI . '<a href="'.HOME.'/mail/dialog/'.$dialog['id'].'/">Диалог с <b>' . $us['nick'] . '</b> ['.$count_msg . ($count_msg_new > 0 ? ' / <b>+'.$count_msg_new.'</b>' : NULL) . ']</a>' . CLOSE_DIV;
}
}
$array = array();
nav($array);
require_once('../../core/stop.php');
exit();
}
break;
case 'dialog':
$id = abs(intval($_GET['id']));
$sql = DB::$dbs->queryFetch("SELECT * FROM ".DIALOG." WHERE `id` = ? ", array($id));
if (empty($sql)) {
head('Диалог не найден');
echo DIV_TITLE . 'Диалог не найден' . CLOSE_DIV;
echo DIV_BLOCK . 'Ошибка!' . CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <b>Диалог не найден</b>' . CLOSE_DIV;
require_once('../../core/stop.php');
exit();
}
if ($sql['user_id'] != $user['user_id'] && $sql['friend_id'] != $user['user_id']) {
header("Location: ".HOME."/mail/");
exit();
}
if ($sql['user_id'] == $user['user_id']) {
$user_friend = $sql['friend_id'];
} else {
$user_friend = $sql['user_id'];
}
$ank = DB::$dbs->queryFetch("SELECT * FROM ".USERS." WHERE `user_id` = ? ", array($user_friend));
head('Диалоги | Диалог с ' . $ank['nick']);
panel();
if (!empty($_POST['add']) && DB::$dbs->querySingle("SELECT COUNT(*) FROM ".BLACKUSERS." WHERE `user_id` = ? && `black_id` = ?", array($ank['user_id'], $user['user_id'])) == FALSE) {
$msg = html($_POST['msg']);
if (empty($msg)) {
echo DIV_ERROR . 'Пустое сообщение' . CLOSE_DIV;
} else {
DB::$dbs->query("INSERT INTO ".DIALOG_MSG." (`user`,`user_friend`,`msg`,`time`,`status`,`dialog_id`, `delet`) VALUE (?,?,?,?,?,?,?) ",array($user['user_id'], $user_friend, $msg, time(), 1, $id, 'no'));
$last = DB::$dbs->lastInsertId();
DB::$dbs->query("UPDATE ".DIALOG." SET `prioritet` = ? WHERE `id` = ? ", array(time(), $sql['id']));
/* Антиспам */
$spam = 0;
if (antiSpam($msg)) {
$spam = 1;
}
if (empty($spam) && antilink($msg)) {
$spam = 1;
}
if (!empty($spam)) {
/* Высылаем администрации жалобу на данный спам */
DB::$dbs->query("UPDATE ".DIALOG_MSG." SET `spam` = ? WHERE `id` = ?", array('spam', $last));
DB::$dbs->query("INSERT INTO ".SPAM." (`type`,`msg`,`spam_user`,`time`,`status`,`user_id`, `post_id`) VALUE (?,?,?,?,?,?,?) ",array('mail', $msg, $user['user_id'], time(), 1, 0, $last));
}
/* *** */
header("Location: ?");
}
}
if (!empty($_GET['del'])) {
$m = abs(intval($_GET['del']));
$msg = DB::$dbs->queryFetch("SELECT * FROM ".DIALOG_MSG." WHERE `id` = ? ", array($m));
$dialog = DB::$dbs->queryFetch("SELECT * FROM ".DIALOG." WHERE `id` = ? ", array($msg['dialog_id']));
if (empty($msg['id'])) {
header("Location: ".HOME."/mail/dialog/" . $id . "/");
}
if ($dialog['friend_id'] == $user['user_id']) {
$us = $dialog['user_id'];
} else {
$us = $dialog['friend_id'];
}
if ($msg['delet'] == 'no') {
DB::$dbs->query("UPDATE ".DIALOG_MSG." SET `delet` = ? WHERE `id` = ? ", array($user['user_id'], $msg['id']));
} else {
if ($user['user_id'] != $msg['delet']) {
DB::$dbs->query("DELETE FROM ".DIALOG_MSG." WHERE `id` = ? ", array($msg['id']));
}
}
header("Location: ".HOME."/mail/dialog/" . $id . "/");
}
if (DB::$dbs->querySingle("SELECT COUNT(*) FROM ".BLACKUSERS." WHERE `user_id` = ? && `black_id` = ?", array($ank['user_id'], $user['user_id'])) == FALSE) {
echo DIV_AUT . '<form action="#" method="post"><textarea name="msg"></textarea><br /><input type="submit" name="add" value="Отправить"></form>' . CLOSE_DIV;
} else {
echo DIV_AUT . 'Вы не можете написать пользователю '.$ank['nick'].'. Вы находитесь в его(её) чёрном списке!' . CLOSE_DIV;
}
bbsmile();
$all = DB::$dbs->querySingle("SELECT COUNT(*) FROM ".DIALOG_MSG." WHERE `dialog_id` = ? AND `delet` != ?", array($id, $user['user_id']));
if (empty($all)) {
echo DIV_BLOCK . 'Переписка пуста' . CLOSE_DIV;
} else {
/* Отмечаем сообщение как СПАМ */
if (isset($_GET['spam'])) {
/* Настройки */
$settMail['spamUser'] = FALSE; // Блокировать все сообщения нарушителя
$settMail['spamMsg'] = TRUE; // Блокировать все похожие сообщения
$spam = abs(num($_GET['spam']));
if (DB::$dbs->querySingle("SELECT COUNT(*) FROM ".DIALOG_MSG." WHERE `id` = ? ", array($spam)) == TRUE) {
/* Читаем информацию о сообщении */
$mail = DB::$dbs->queryFetch("SELECT * FROM ".DIALOG_MSG." WHERE `id` = ? ", array($spam));
/* Отмечаем сообщение как спам */
DB::$dbs->query("UPDATE ".DIALOG_MSG." SET `spam` = ? WHERE `id` = ? ", array('spam', $spam));
if ($settMail['spamMsg'] == TRUE) {
/* Отмечаем подобные сообщения как спам */
DB::$dbs->query("UPDATE ".DIALOG_MSG." SET `spam` = ? WHERE `msg` LIKE '%".$mail['msg']."%' && `user` = ?", array('spam', $mail['user']));
}
if ($settMail['spamUser'] == TRUE) {
/* Отмечаем все сообщения нарушителя как спам */
DB::$dbs->query("UPDATE ".DIALOG_MSG." SET `spam` = ? WHERE `user` = ? ", array('spam', $mail['user']));
echo $mail['user'];
}
/* Высылаем администрации жалобу на данный спам */
DB::$dbs->query("INSERT INTO ".SPAM." (`type`,`msg`,`spam_user`,`time`,`status`,`user_id`, `post_id`) VALUE (?,?,?,?,?,?,?) ",array('mail', $mail['msg'], $mail['user'], time(), 1, $user['user_id'], $mail['id']));
echo DIV_MSG . 'Сообщение отмечено как спам' . CLOSE_DIV;
}
}
$n = new Navigator($all,5,'select=dialog&id=' . $sql['id']);
$sql = DB::$dbs->query("SELECT * FROM ".DIALOG_MSG." WHERE `dialog_id` = ? AND `delet` != ? ORDER BY `time` DESC LIMIT {$n->start()}, 5", array($id, $user['user_id']));
while($msg = $sql -> fetch()){
/* Система спама */
if ($msg['spam'] == 'spam' && $msg['user'] != $user['user_id']) {
$msg['msg'] = 'Внимание! Сообщение заблокировано до проверки модератором.';
}
if ($msg['user_friend'] == $user['user_id'] && $msg['status'] == 1) {
DB::$dbs->query("UPDATE ".DIALOG_MSG." SET `status` = ? WHERE `id` = ? ", array(0,$msg['id']));
}
if ($msg['status'] == 1) {
echo '<b>';
}
echo DIV_BLOCK . '<p><a href="'.HOME.'/mail/dialog/'.$id.'/?del='.$msg['id'].'">[x]</a> ' . userLink($msg['user']) . ' [' . vrem($msg['time']) . ']' . ($msg['user'] != $user['user_id'] ? ' <a href="?spam='.$msg['id'].'">[Спам]</a> ' : NULL) . '</p><p>' . text($msg['msg']) . '</p>' . CLOSE_DIV;
if ($msg['status'] == 1) {
echo '</b>';
}
}
echo $n->navi();
}
$array = array('Диалоги');
nav($array);
break;
}
require_once('../../core/stop.php');
?>