Файл: mail.php
Строк: 414
<?
session_start();
include("header.php");
$urlpage='Внутреняя почта';
if (isset($_COOKIE['id']) and isset($_COOKIE['hash']))
{
$query = mysql_query("SELECT *,INET_NTOA(login_ip) as login_ip FROM ".$db_pref."users WHERE id = '".intval($_COOKIE['id'])."' LIMIT 1");
$userdata = mysql_fetch_assoc($query);
if(($userdata['hash'] !== $_COOKIE['hash']) or ($userdata['id'] !== $_COOKIE['id'])
or (($userdata['login_ip'] !== $_SERVER['REMOTE_ADDR']) and ($userdata['login_ip'] !== "0.0.0.0")))
{
echo "<div align='center'><font color='red'><br><b>".$lang['error16']."</b></font><br><br></div>"; }
else
{
$create=$_REQUEST["create"];
$delete=$_REQUEST["delete"];
$send=$_POST["send"];
$code=$_POST["code"];
$mess=$_POST["mess"];
$tema=$_POST["tema"];
$tem=$_POST["tem"];
$to=$_POST["to"];
$to_user=$_POST["to_user"];
$show=$_GET["show"];
$id=$_GET["id"];
if(isset($create)):
if(isset($id)):
$sql=mysql_query("select*from ".$db_pref."mess where id='".intval($id)."'");
$row=mysql_fetch_array($sql);
$us=$row['to_user'];
if($us!=$user):
include("inc/usermenu.inc.php");
?><br><div align="center">
<table class="<?=$moduletablehilite3;?>" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center" class="<?=$moduletable;?>"><h3><i><?=$lang['error6'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="red"><?=$lang['mail3'];?></font></b></td>
</tr>
</table>
<?
echo "<script language='Javascript'>function reload() {location = "mail.php"}; setTimeout('reload()', 3000);</script>";
include("footer.php");
exit;
endif;endif;
$sql=mysql_query("select*from ".$db_pref."mess where id='".intval($id)."'");
$row=mysql_fetch_array($sql);
$to1=$row['from_user'];
$tem=$row['tema'];
include("inc/usermenu.inc.php");
$to = $_GET['to'];
?>
<br><div align="center">
<table class="form" width="100%" border="0" align="center" cellpadding="3" cellspacing="5">
<tr>
<td colspan="2" align="center"><h2><i><?=$lang['mail4'];?></i></h2><br></td>
</tr>
<form METHOD=POST ACTION="mail.php">
<tr>
<td align="left"><font color="red">*</font><?=$lang['mail5'];?> </td>
<td align="left"><input class="form6" TYPE="text" NAME="to_user" maxlength="10"
<?if(isset($to)): echo "value='$to'";endif;?>
<?if(isset($to1)): echo "value='$to1'";endif;?>
></td>
</tr>
<tr>
<td align="left"><font color="red">*</font><?=$lang['mail6'];?> :</td>
<td align="left"><input class="form6" TYPE="text" NAME="tema" size="40" maxlength="40" <?if(isset($tem)): echo "value='$tem'";endif;?>></td>
</tr>
<tr>
<td align="left"><font color="red">*</font><?=$lang['mail7'];?> </td>
<td align="left"><textarea class="form6" NAME="mess" ROWS="7" COLS="55" wrap="hard"></textarea></td>
</tr>
<tr>
<td align="left"><font color="red">*</font> <?=$lang['reg5'];?></td>
<td align="left"><img src="turimg.php"> <input class="form6" TYPE="text" NAME="code" maxlength="4" size="8"></td>
</tr>
<tr>
<td colspan="2" align="center"><input class="button" TYPE="submit" name="send" value=".:: <?=$lang['mail10'];?> ::."></td>
</tr>
</form>
</table>
<br><center><b><?=$lang['reg7'];?></b></center>
<?
elseif(isset($send)):
$sql=mysql_query("select*from ".$db_pref."users where user='$to_user'");
$row=mysql_fetch_array($sql);
$us=$row['user'];
if($to_user!==$us):
include("inc/usermenu.inc.php");
$mail8=$lang['mail8'];
$mail8=str_replace("{to_user}",$to_user,$mail8);
?><div align="center">
<br>
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center"><h3><i><?=$lang['error6'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="red"><?=$mail8;?></font></td>
</tr>
</table>
<br><b><a href="javascript:history.back(1)"><?=$lang['error1'];?></a></b>
<?
else:
$sql=mysql_query("select*from ".$db_pref."users where user='$user'");
$row=mysql_fetch_array($sql);
$us=$row['user'];
if($to_user==$us):
include("inc/usermenu.inc.php");
?><div align="center">
<br>
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center" ><h3><i><?=$lang['error6'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="red"><?=$lang['mail9'];?></font></td>
</tr>
</table>
<br><b><a href="javascript:history.back(1)"><?=$lang['error1'];?></a></b>
<?
else:
$ulength=strlen($tema);
if (($ulength<'5') || ($ulength>'40')):
include("inc/usermenu.inc.php");
?>
<br><div align="center">
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center" ><h3><i><?=$lang['error6'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="red"><?=$lang['mail11'];?></font></td>
</tr>
</table>
<br><b><a href="javascript:history.back(1)"><?=$lang['error1'];?></a></b>
<?
else:
$ulength=strlen($mess);
if (($ulength<'10') || ($ulength>'500')):
include("inc/usermenu.inc.php");
?>
<br><div align="center">
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center"><h3><i><?=$lang['error6'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="red"><?=$lang['mail12'];?></font></td>
</tr>
</table>
<br><b><a href="javascript:history.back(1)"><?=$lang['error1'];?></a></b>
<?
else:
if( strtolower($_POST['code'])!= strtolower($_SESSION['texto'])):
include("inc/usermenu.inc.php");
?>
<br><div align="center">
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center"><h3><i><?=$lang['error6'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="red"><?=$lang['reg21'];?></font></td>
</tr>
</table>
<br><b><a href="javascript:history.back(1)"><?=$lang['error1'];?></a></b>
<?
else:
$date=date("d.m.Y H:i");
mysql_query("insert into ".$db_pref."mess values (null, 'NO', '$to_user', '$user','".mysql_real_escape_string($tema)."','".mysql_real_escape_string($mess)."','$date');");
include("inc/usermenu.inc.php");
?>
<br><div align="center">
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center"><h3><i><?=$lang['mail13'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="gren"><?=$lang['mail14'];?></font></td>
</tr>
</table>
<?
echo "<script language='Javascript'>function reload() {location = "mail.php"}; setTimeout('reload()', 3000);</script>";
endif;endif;endif;endif;endif;
elseif(isset($show)):
$sql=mysql_query("select*from ".$db_pref."mess where id='".intval($id)."'");
$row=mysql_fetch_array($sql);
$us=$row['to_user'];
if($us!=$user):
include("inc/usermenu.inc.php");
?>
<br><div align="center">
<table class="<?=$moduletablehilite3;?>" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center" class="<?=$moduletable;?>"><h3><i><?=$lang['error6'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="red"><?=$lang['mail3'];?></font></b></td>
</tr>
</table>
<?
echo "<script language='Javascript'>function reload() {location = "mail.php"}; setTimeout('reload()', 3000);</script>";
else:
$sql=mysql_query("select*from ".$db_pref."mess where id='".intval($id)."'");
$row=mysql_fetch_array($sql);
$from=$row['from_user'];
$tema=$row['tema'];
$date=$row['date'];
$mess=$row['mess'];
mysql_query("update ".$db_pref."mess set through='YES' where id='".intval($id)."'");
include("inc/usermenu.inc.php");
?>
<br><div align="center">
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="5">
<tr>
<td colspan="2" align="center" ><h2><i><?=$lang['mail15'];?></i></h2><br></td>
</tr>
<tr>
<td align="left"><?=$lang['mail16'];?> :</td>
<td align="left"><?=$from;?></td>
</tr>
<tr>
<td align="left"><?=$lang['mail6'];?> :</td>
<td align="left"><?=$tema;?></td>
</tr>
<tr>
<td align="left"><?=$lang['mail17'];?> :</td>
<td align="left"><?=$date;?></td>
</tr>
<tr>
<td align="left"><?=$lang['mail7'];?></td>
<td align="left"><textarea class="form" NAME="mess" ROWS="7" COLS="60" wrap="hard" READONLY><?=$mess;?></textarea></td>
</tr>
<form METHOD=POST ACTION="mail.php?id=<?=$id?>">
<tr>
<td colspan="2" align="center"><input class="button" TYPE="submit" name="create" value=".:: <?=$lang['mail18'];?> ::."> <input class="button" TYPE="submit" name="delete" value=".:: <?=$lang['mail19'];?> ::."></td>
</tr>
</form>
</table>
<?
endif;
elseif(isset($delete)):
$sql=mysql_query("select*from ".$db_pref."mess where id='".intval($id)."'");
$row=mysql_fetch_array($sql);
$us=$row['to_user'];
if($us!=$user):
include("inc/usermenu.inc.php");
?>
<br><div align="center">
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center"><h3><i><?=$lang['error6'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="red"><?=$lang['mail3'];?></font></b></td>
</tr>
</table>
<?
echo "<script language='Javascript'>function reload() {location = "mail.php"}; setTimeout('reload()', 3000);</script>";
else:
mysql_query("delete from ".$db_pref."mess where id='".intval($id)."'");
include("inc/usermenu.inc.php");
?>
<br><div align="center">
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td align="center" ><h3><i><?=$lang['mail20'];?></i></h3></td>
</tr>
<tr>
<td align="center"><font color="gren"><?=$lang['mail14'];?></font></td>
</tr>
</table>
<?
echo "<script language='Javascript'>function reload() {location = "mail.php"}; setTimeout('reload()', 3000);</script>";
endif;
else:
include("inc/usermenu.inc.php");
?>
<br><div align="center">
<table class="form" width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td colspan="4" align="center"><h2><i><?=$lang['mail21'];?></i></h2><br></td>
</tr>
<?
$sql=mysql_query("select*from ".$db_pref."mess where to_user='$user'");
$cols=mysql_num_rows($sql);
if($cols>0):
?>
<tr class="form_title">
<td align="center"><?=$lang['mail16'];?></td>
<td align="center"><?=$lang['mail22'];?></td>
<td align="center"><?=$lang['mail17'];?></td>
<td align="center"><?=$lang['mail23'];?></td>
</tr>
<?
endif;
$sql=mysql_query("select*from ".$db_pref."mess where to_user='$user' order by id desc");
$col=mysql_num_rows($sql);
if($col>0):
?>
<?
while($row=mysql_fetch_array($sql)) {
$id=$row['id'];
$through=$row['through'];
$from=$row['from_user'];
$tema=$row['tema'];
$date=$row['date'];
?>
<tr onMouseOver="this.style.background='#000000';" onMouseOut="this.style.background='';" >
<td align="center"><?=$from;?></td>
<td align="center"><? if($through==NO): ?><a href="mail.php?show&id=<?=$id;?>"><i><font color="gren"><?=$tema;?></font></i></a><? else: ?><a href="mail.php?show&id=<?=$id;?>"><?=$tema;?></a><? endif; ?></td>
<td align="center"><?=$date;?></td>
<td align="center"><a href="mail.php?delete&id=<?=$id;?>" title="<?=$lang['mail19'];?>"><img src="images/del.gif" alt="<?=$lang['mail19'];?>" width="22" height="18" border="0"></a></td>
</tr>
<?
}
else:
?>
<tr>
<td colspan="4" align="center"><font color="red"><?=$lang['mail24'];?></font></td>
</tr>
<?
endif;
?>
</table>
<form METHOD=POST ACTION="mail.php">
<br><input class="button" TYPE="submit" name=create value=".:: <?=$lang['mail25'];?> ::.">
</form>
<?
endif;?></div>
<?
}
}
else
{
print "<div align='center'><font color='red'><br><b>{$lang['error']}</b></font><br><br></div>";
}
include("footer.php");
?>