Файл: mail.php
Строк: 299
<?php
require 'system/sid.php';
require 'system/config.php';
include 'system/user.php';
include 'system/head.php';
include 'system/navigator.php';
whorm(0, 'privat');
echo $div_title . $user['user'] . ' / Сообщения' . $div_end .
$div_menu . '
<a href="mail.php?do=send">Написать сообщение</a> /
<a href="mail.php?do=archive">Архив</a>' . $div_end;
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do)
{
/*
* Очистка всех писем
*/
case del_all:
$P = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0'");
if (mysql_num_rows($P) == 0) {
err('Нечего чистить!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0'";
if (mysql_query($del)) {
header('Location: mail.php?clean_ok');
} else {
err('Произошла ошибка!');
}
}
echo '« <a href="mail.php">Почта</a>';
break;
/*
* Очистка архива
*/
case del_all_ar:
$P = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '1'");
if (mysql_num_rows($P) == 0) {
err('Ошибка!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '1'";
if (mysql_query($del)) {
header('Location: mail.php?clean_ok');
} else {
err('Произошла ошибка!');
}
}
echo '« <a href="mail.php">Почта</a>';
break;
/*
* Удаление сообщения
*/
case del:
$x = my_int($_GET['x']);
$P = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `id` = '$x' LIMIT 1");
if (mysql_num_rows($P) == 0) {
err('Ошибка!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `id` = '$x' LIMIT 1";
if (mysql_query($del)) {
header('Location: mail.php?del_ok');
} else {
err('Произошла ошибка!');
}
}
echo '« <a href="mail.php">Почта</a>';
break;
/*
* Новое сообщение/Ответ
*/
case send:
$adresat = (isset($_GET['nick'])) ? htmlspecialchars(addslashes(user_inf($_GET['nick'], 'user'))) : NULL;
echo '<form ENCTYPE="multipart/form-data" method="post" action="mail.php?do=send_ok">
<label>Кому:</label><br/>
<input type="text" name="nick" value="' . $adresat . '"/>
<br/>
<label>Сообщение:</label><br/>
<textarea name="message" cols="50" rows="5" style="width: 99%;"></textarea>
<br/>
<label>Прикрепить файл: (*max: 500kb)</label><br/>
<input name="file" type="file"/>
<br/>
<input type="submit" name="send" value="Отправить"/>
</form>
« <a href="mail.php">Почта</a>';
break;
/*
* Отправка сообщения
*/
case send_ok:
if (!ctype_digit($_POST['nick'])) $nick = trim(mysql_real_escape_string(check($_POST['nick'])));
elseif (ctype_digit($_POST['nick'])) $nick = my_int($_POST['nick']);
$message = trim(mysql_real_escape_string(check($_POST['message'])));
$files = array('.gif', '.jpg', '.jpeg', '.png', '.zip', '.rar', '.gz', '.gzip', '.tar', '.txt');
$ext = strtolower(strrchr($_FILES['file']['name'], '.'));
$fnames = $_FILES['file']['name'];
if (isset($_POST['next'])) {
$code = my_int($_POST['code']);
if ($_SESSION['SendCaptcha'] != $code) {
err('Неверный проверочный код!');
} else {
unset($_SESSION['SendTimeOut']);
unset($_SESSION['SendCaptcha']);
header('Location: mail.php?do=send_ok');
}
}
if (!isset($_SESSION['SendTimeOut'])) $_SESSION['SendTimeOut'] = 0;
if ($_SESSION['SendTimeOut'] > time()) {
$_SESSION['SendCaptcha'] = mt_rand(100, 999);
echo '<form method="post" action="mail.php?do=send_ok">
Введите код: <b>' . captcha($_SESSION['SendCaptcha']) . '</b><br/>
<input type="text" name="code" size="3"/>
<input type="hidden" name="nick" value="' . $nick . '"/>
<input type="hidden" name="file" value="' . $fnames . '"/>
<input type="hidden" name="message" value="' . $message . '"/>
<input type="submit" name="next" value="ok"/>
</form>';
include_once 'system/foot.php';
exit();
}
if (!user_inf($nick)) {
err('Получатель не найден!');
include 'system/foot.php';
exit();
}
if (is_numeric($nick) && $nick == $user['id'])
{
err('Получатель не найден!');
include 'system/foot.php';
exit();
}
if (!is_numeric($nick) && $nick == $user['user'])
{
err('Получатель не найден!');
include 'system/foot.php';
exit();
}
if (ignor(user_inf($nick), $user['id']) == 1) {
err('Вы находитесь в черном списке у этого пользователя');
include 'system/foot.php';
exit();
}
if (!empty($fnames) && preg_match('/(.php|.pl|.htaccess)/i', $fnames) || !empty($fnames) && !in_array($ext, $files)) {
err('Запрещенный формат файла!');
include 'system/foot.php';
exit();
}
if (!empty($fnames) && $_FILES['file']['size'] > 1024 * 500) {
err('Большой размер файла!');
include 'system/foot.php';
exit();
}
$fr = mysql_query("SELECT COUNT(id) FROM `friends` WHERE
`user` = '$user[id]'
AND
`who` = '" . user_inf($nick, 'id') . "'
AND
`zajavka` = '1'
OR
`user` = '" . user_inf($nick, 'id') . "'
AND
`who` = '$user[id]'
AND
`zajavka` = '1'");
$countLimit = mysql_result(mysql_query("SELECT COUNT(id) FROM letters WHERE idwho = '" . user_inf($nick, 'id') . "' AND save = '0'"), 0);
if ($countLimit > 100)
{
$mess = cvetnik($user['id']) . ' пытался написать вам в почту. Очистите ненужные письма.';
mysql_query("INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'0','" . user_inf($nick, 'id') . "','$mess','" . time() . "','0','i')");
err('У пользователя переполнена почта, Вы не можете ему писать!');
include 'system/foot.php';
exit();
}
if (user_inf($nick, 'p_mail') == 0 && mysql_result($fr, 0) == FALSE && $user['level'] < 5) {
err('Писать письма этому пользователю могут только друзья!');
include 'system/foot.php';
exit();
}
if (user_inf($nick, 'p_mail') == 2 && $user['level'] < 5) {
err('Пользователь запретил писать ему!');
echo $div_menu . '<b>Причина:</b> ' . smiles(user_inf($nick, 'cause')) . $div_end;
include 'system/foot.php';
exit();
}
if (empty($message)) {
err('Пустое поле сообщения!');
} else {
if (!empty($fnames))
{
$path = 'mail/file_' . mt_rand(100000, 999999) . $ext;
copy($_FILES['file']['tmp_name'], $path);
}
// Антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$message = ($ant[0] == 1) ? mat($message) : $message;
// Транслит
if ($user['translit'] == 1) {
$message = trun_to_rus($message);
}
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1 && filesize($_SERVER['DOCUMENT_ROOT'] . '/domains.dat') > 0) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $message)) {
$message = preg_replace("/(ws|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $message);
}
}
}
$send_1 = "INSERT INTO `letters` (`id`, `who`, `idwho`, `message`, `data`, `read`, `mod`, `file`)
VALUES (0, '" . $user['id'] . "', '" . user_inf($nick, 'id') . "', '$message', '" . time() . "', '0', 'i', '$path')";
$send_2 = "INSERT INTO `letters` (`id`, `who`, `idwho`, `message`, `data`, `read`, `mod`, `file`)
VALUES (0, '" . user_inf($nick, 'id') . "', '" . $user['id'] . "', '$message', '" . time() . "', '1', 'o', '$path')";
if (mysql_query($send_1) && mysql_query($send_2)) {
header('Location: mail-view-' . user_inf($nick, 'id'));
} else {
err('Произошла ошибка при отправке!');
}
}
$_SESSION['SendTimeOut'] = time() + 10;
echo '« <a href="mail.php">Почта</a><br/>';
break;
/*
* Просмотр истории переписки
*/
case view:
$adr = my_int($_GET['adr']);
$_test = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '$adr'");
if (mysql_num_rows($_test) == FALSE) {
header('Location: index.php');
die();
}
$all = mysql_result(mysql_query("SELECT COUNT(id) FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '$adr' AND `save` = '0'"), 0);
$n = new navigator($all, $user['onp_privats'], 'mail-view-'.$adr.'&');
$read = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '$adr' AND `save` = '0' ORDER BY `id` DESC {$n->limit}");
if ($all != false) {
$dv = 0;
$skem = (!user_inf($adr)) ? 'Система' : us($adr);
echo $div_razdel . 'Переписка с ' . $skem . $div_end;
echo '<form ENCTYPE="multipart/form-data" method="post" action="mail.php?do=send_ok" name="form">
<textarea name="message" id="msg" cols="50" rows="5" style="width: 99%;"></textarea>
<br/>
' . quickpaste('msg') . quickcode() . '
<label>Прикрепить файл: (*max: 500kb)</label><br/>
<input name="file" type="file"/>
<br/>
<input type="hidden" name="nick" value="' . $adr . '"/>
<input type="submit" name="sendmsg" value="Отправить"/>
</form>' . $block;
while($ot = mysql_fetch_assoc($read))
{
$your = mysql_fetch_array(mysql_query("SELECT `id`, `read` FROM `letters` WHERE
`idwho` = '$ot[who]'
AND
`who` = '$user[id]'
AND
`mod` = 'i'
AND
`id` = '" . ($ot['id'] - 1) . "'"));
if ($ot['who'] == 0)
{
$WHO = 'Система';
$bl = '';
$comp = '';
$del = '[<a href="dmail-del-'.$ot['id'].'">Уд</a>]';
$arch = '';
$_read = '';
} else {
if ($ot['idwho'] == $user['id'] && $ot['mod'] == 'o')
{
$WHO = '<b>Я</b> -> ' . cvetnik($ot['who']);
$bl = '';
$comp = '';
$del = '[<a href="dmail-del-'.$ot['id'].'">Уд</a>]';
$arch = '';
if (!empty($your[0]) && $your[1] == 0) $_read = ' <img src="ico/msg_close.gif" alt=""/>';
elseif (!empty($your[0]) && $your[1] == 1) $_read = ' <img src="ico/msg_open.gif" alt=""/>';
else $_read = ' <img src="ico/msg_open_broke.png" alt=""/>';
}
elseif ($ot['idwho'] == $user['id'] && $ot['mod'] == 'i')
{
$WHO = cvetnik($ot['who']) . ' -> <b>Я</b>';
$bl = '[<a href="bmail-add-'.$ot['who'].'">В ч/с</a>]';
$comp = ($user['level'] < 4) ? '[<a href="cpl-complaint-'.$ot['who'].'">Жалоба</a>]' : '';
$arch = '[<a href="ar-archive-'.$ot['id'].'">В архив</a>]';
$del = '[<a href="dmail-del-'.$ot['id'].'">Уд</a>]';
$_read = '';
}
}
if ($ot['read'] == 0) $NoRead = '<span style="color:#FF3030;">(new!)</span>';
else $NoRead = '';
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo $WHO . $_read . ' ' . $NoRead . '
<br/>
(' . itime($ot['data'], 0) . ')
<br/>
' . smiles(bb_code($ot['message'])) . '
<br/>
' . ($ot['file'] != '' ? '» <a href="'.$ot['file'].'"> <b>Скачать</b> (' . end(explode('.', $ot['file'])) . ')</a><br/>' : '') . '
' . $bl . $comp . $del . $arch . $div_end;
}
echo $n->navi();
} else {
echo 'История переписки пуста!<br/>';
}
/////////////////////
mysql_query("UPDATE `letters` SET `read` = '1' WHERE `idwho` = '$user[id]' AND `who` = '$adr'");
/////////////////////
echo '« <a href="mail.php">Почта</a>';
break;
/*
* Жалоба на письмо
*/
case complaint:
$nick = my_int($_REQUEST['nick']);
$empty = mysql_query("SELECT `id` FROM `letters` WHERE `who` = '$nick'");
if (mysql_num_rows($empty) == FALSE) {
header('Location: mail.php');
die();
}
if (isset($_POST['send'])) {
$type = my_int($_POST['type']);
$msg = trim(mysql_real_escape_string(check($_POST['msg'])));
if (empty($msg)) {
err('Заполните причину жалобы!');
include 'system/foot.php';
exit();
}
if ($type == 1) $why = 'Реклама';
elseif ($type == 2) $why = 'Мошеничество';
elseif ($type == 3) $why = 'Нецензурная брань';
elseif ($type == 4) $why = 'Сцены жестокости и насилия';
elseif ($type == 5) $why = 'Другое';
elseif ($type == 6) $why = 'Техническая проблема';
$sel_adm = mysql_query("SELECT `id` FROM `users` WHERE `level` = '5'");
while($send_adm = mysql_fetch_assoc($sel_adm)) {
$mes = '<b>Жалоба от ' . $user['user'] . ' на ' . user_inf($nick, 'user') . ':</b> ' . $msg . '. <b>В письмах было:</b> ' . $why;
mysql_query("INSERT INTO `letters` SET
`who` = '0',
`idwho` = '$send_adm[id]',
`message` = '$mes',
`data` = '" . time() . "',
`read` = '0',
`mod` = 'o'");
header('Location: mail.php?ok_comp');
}
}
echo $div_title . 'Жалоба на содержимое письма' . $div_end .
$div_razdel . 'Ложная информация может привести к блокировке ника.<br/>
Если вас постоянно достает один человек - пишет всякие гадости,<br/>
вы можете добавить его в черный список.
' . $div_end . '
<form method = "post" action = "mail.php?do=complaint">
<label>Причина:</label><br/>
<select name = "type">
<option value="1">Реклама</option>
<option value="2">Мошеничество</option>
<option value="3">Нецензурная брань</option>
<option value="4">Сцены жестокости и насилия</option>
<option value="5">Другое</option>
<option value="6">Техническая проблема</option>
</select>
<br/>
<label>Опишите жалобу</label>:<br/>
<textarea name = "msg" cols = "50" rows = "5" style = "width:99%"></textarea>
<br/>
<input type = "hidden" name = "nick" value = "' . $nick . '"/>
<input type = "submit" name = "send" value = "Отправить"/>
</form>';
break;
/*
* Архив сохраненных
*/
case archive:
// запись
if (isset($_GET['a'])) {
$a = my_int($_GET['a']);
$pr = mysql_query("SELECT `id` FROM `letters` WHERE `id` = '$a' AND `idwho` = '$user[id]' AND `who` != '0' AND `mod` = 'i' AND `save` = '0' LIMIT 1");
if (mysql_num_rows($pr) == FALSE) {
err('Сообщение не найдено!');
} else {
mysql_query("UPDATE `letters` SET `save` = '1' WHERE `id` = '$a' AND `mod` = 'i' AND `idwho` = '$user[id]' LIMIT 1");
header('Location: mail.php?do=archive');
}
}
// удаление
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$em = mysql_query("SELECT `id` FROM `letters` WHERE `id` = '$x' AND `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1' LIMIT 1");
if (mysql_num_rows($em) == FALSE) {
err('Сообщение не найдено!');
} else {
mysql_query("DELETE FROM `letters` WHERE `id` = '$x' AND `mod` = 'i' AND `save` = '1' AND `idwho` = '$user[id]' LIMIT 1");
header('Location: mail.php?do=archive');
}
}
// вывод
$all = mysql_result(mysql_query("SELECT COUNT(id) FROM `letters` WHERE `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1'"), 0);
if ($all != FALSE) {
$n = new navigator($all, $user['onp_privats'], '?do=archive&');
$read = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1' ORDER BY `data` DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($read)) {
$del = '[<a href="dmail-archive-'.$a['id'].'">Уд</a>]';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo cvetnik($a['who']) . '
<br/>
' . itime($a['data'], 0) . '
<br/>
' . smiles(bb_code($a['message'])) . '
<br/>
' . ($a['file'] != '' ? '» <a href="'.$a['file'].'">Файл <b>' . end(explode('.', $a['file'])) . '</b></a><br/>' : '') . '
' . $del . $div_end;
}
echo $n->navi();
} else {
echo 'Архив пуст.<br/>';
}
echo $div_menu . '<a href="mail.php?do=del_all_ar">Очистить архив</a>' . $div_end;
break;
/*
* Список контактов
*/
default:
if (isset($_GET['clean_ok'])) msg('История очищена!');
if (isset($_GET['del_ok'])) msg('Сообщение удалено!');
if (isset($_GET['ok_comp'])) msg('Жалоба отправлена на рассмотрение!');
$_count = mysql_num_rows(mysql_query("SELECT id FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0' GROUP BY who"));
if ($_count != FALSE) {
echo '<b>Контакты</b><br/>';
$n = new navigator($_count, 10, '?');
$_read = mysql_query("SELECT who, who AS w,
(SELECT COUNT(id) FROM `letters` WHERE
`read` = '0'
AND
`save` = '0'
AND
`idwho` = '$user[id]'
AND
`who` = w) AS n,
(SELECT COUNT(id) FROM `letters` WHERE
`read` = '1'
AND
`save` = '0'
AND
`idwho` = '$user[id]'
AND
`who` = w) AS a
FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0' GROUP BY who ORDER BY MIN(`read`), MAX(data) DESC {$n->limit}");
while($_r = mysql_fetch_assoc($_read))
{
$adresat = (empty($_r['who'])) ? 'Система' : us($_r['who'], 'user');
if ($user['avka'] == 1) {
if ($_r['who'] == 0) {
$foto = '<img src="ico/sys.png" alt=""/> ';
} else $foto = '';
}
######
echo '<form method="post" action="mail.php">';
######
$d = ' <a href="dall-delete_from-'.$_r['who'].'"><img src="ico/delete.png" alt="x"/></a>';
$msg_unread = ($_r['n'] != 0) ? '<img src="ico/unread_msg.gif" alt=""/> ' : '<img src="ico/msg.gif" alt=""/> ';
echo $div_razdel . $foto . ' ' . $adresat . '</a>' . $div_end . '
' . $div_tworazdel . $msg_unread . ' <a href="mail-view-'.$_r['who'].'">Сообщения (<b>'.$_r['n'].'</b>/'.$_r['a'].')</a>
<input type="checkbox" name="block[]" value="'.$_r['who'].'"/>' . $d . $div_end;
######
}
######
echo $n->navi();
} else {
echo 'Почта пуста!<br/>';
}
if (isset($_POST['submitForm']))
{
if (empty($_POST['block']))
{
header('Location: mail.php');
die();
}
if ($_POST['d'] == 1) {
foreach($_POST['block'] as $value) {
mysql_query("DELETE FROM `letters` WHERE `who` = '$value' AND `save` = '0' AND `idwho` = '$user[id]'");
header('Location: mail.php');
}
}
if ($_POST['d'] == 2) {
foreach($_POST['block'] as $value) {
mysql_query("UPDATE `letters` SET `save` = '1' WHERE `who` = '$value' AND `idwho` = '$user[id]'");
header('Location: mail.php');
}
}
}
if (isset($_GET['delete_from']))
{
$who = my_int($_GET['who']);
mysql_query("DELETE FROM `letters` WHERE `who` = '$who' AND `save` = '0' AND `idwho` = '$user[id]'");
header('Location: mail.php');
}
echo $div_razdel . '
<select name="d">
<option value="0">с отмеченными</option>
<option value="1">удалить</option>
<option value="2">перенести в архив</option>
</select>
<input type="submit" name="submitForm" value="OK"/>
</form>
' . $div_end . $div_menu . '
<a href="mail.php?do=del_all">Очистить историю</a><br/>
<a href="black.php">Чёрный список</a>' . $div_end;
break;
}
include 'system/foot.php';
?>