Файл: private.php
Строк: 133
<?php
include('common.php');
if(islogged()){
$do = getarg('do');
$pm = getarg('pm');
$id = getarg('id');
$page = getarg('page', 1);
if($do == 'read'){
echo theader($lang['pmread']);
$id = intval($id);
$query=mysql_query("selct * from `private` where `to`='".getid()."' and `id`='$id'");
if(mysql_num_rows($query) > 0){
mysql_query("update `private` set `read`='1' where `to`='".getid()."' and `id`='$id'");
$pm = mysql_fetch_array($query);
$from = getusername($pm['from']);
$date = $pm['date'];
$message = $pm['message'];
$message = bbcode($message);
$message = smile($message);
echo '<div class="list2">
<a href="/profile.php?id=' . $pm['from'] . '">' . $from . '</a>: (' . date('d/m/Y, H:i:s', $date) . ')<br />
' . $message . '</div>
<div class="list2"><a href="/private.php?do=write&id=' . $id . '">' . $lang['pmreply'] . '</a> | <a href="/private.php?do=delete&id=' . $id . '">' . $lang['pmdelete'] . '</a></div>
<div class="list2"><a href="/private.php">' . $lang['back'] . '</a></div>
<div class="list2"><a href="/index.php">' . $lang['main'] . '</a></div>';
}else{
echo '<div class="list2">' . $lang['pmnotexists'] . '<br />
<a href="/private.php">' . $lang['back'] . '</a><br />
<a href="/index.php">' . $lang['main'] . '</a></div>';
}
}
elseif($do == 'write'){
echo theader($lang['pmnew']);
if($id == NULL){
if(isset($_POST['to']) && !empty($_POST['to']) && isset($_POST['message']) && !empty($_POST['message'])){
$to = clean($_POST['to']);
$message = clean($_POST['message']);
$tid=mysql_query("select `id` from `users` where `username`='$to'");
$tid = intval(@mysql_result($tid, 0));
if($tid > 0){
mysql_query("insert into `private` set `from`='".getid()."', `to`='$tid', `date`='".time()."',
`message`='$message', `read`='0'");
$message = bbcode($message);
$message = smile($message);
echo '<div class="list2">' . $lang['pmsent'] . '<br />
' . $message . '</div>';
}else{echo '<div class="list2">' . $lang['usernotexists'] . '</div>';}
}else{
echo '<form method="post" action="/private.php?do=write">
<div class="list2">
' . $lang['pmto'] . ':<br/><input type="text" name="to" value="' . getarg('to', '') . '" /><br />
' . $lang['message'] . ':<br/><textarea name="message" maxlength="5000"></textarea><br />
<input type="submit" value="' . $lang['send'] . '" /> <input type="reset" value="' . $lang['reset'] . '" />
</form></div>';
}
echo '<div class="list2"><a href="/private.php">' . $lang['back'] . '</a><br />
<a href="/index.php">' . $lang['main'] . '</a></div>';
}else{
$id = intval($id);
$to=mysql_query("select `from` from `private` where `id`='$id' and `to`='".getid()."'");
$to = intval(mysql_result($to, 0));
if($to > 0){
if(isset($_POST['message']) && !empty($_POST['message'])){
$message = clean($_POST['message']);
mysql_query("insert into `private` set `from`='".getid()."', `to`='$to', `date`='".time()."',
`message`='$message', `read`='0'");
$message = bbcode($message);
$message = smile($message);
echo '<div class="list2">' . $lang['pmsent'] . '<br />
' . $message . '</div>';
}else{
echo '<form method="post" action="/private.php?do=write&id=' . $id . '">
<div class="list2">' . $lang['message'] . ':<br />
<textarea name="message" maxlength="5000"></textarea><br />
<input type="submit" value="' . $lang['send'] . '" /> <input type="reset" value="' . $lang['reset'] . '" /></form></div>';
}
}else{echo '<div class="list2">' . $lang['pmnotexists'] . '</div>';}
echo '<div class="list2">
<a href="/private.php">' . $lang['back'] . '</a><br />
<a href="/index.php">' . $lang['main'] . '</a></div>';
}
}
elseif($do == 'delete'){
echo theader($lang['pmdelete']);
if($id == 'all'){
mysql_query("delete from `private` where `to`='".getid()."' and `read`='1'");
echo '<div class="list2">' . $lang['pmdeleted'] . '<br />
<a href="/private.php">' . $lang['back'] . '</a><br />
<a href="/index.php">' . $lang['main'] . '</a></div>';
}else{
$id = intval($id);
$query=mysql_query("select * from `private` where `id`='$id' and `to`='".getid()."'");
if(mysql_num_rows($query) > 0){
mysql_query("delete from `private` where `to`='".getid()."' and `id`='$id'");
echo '<div class="list2">' . $lang['pmdeleted'] . '<br />
<a href="/private.php">' . $lang['back'] . '</a><br />
<a href="/index.php">' . $lang['main'] . '</a></div>';
}else{
echo '<div class="list2">' . $lang['pmnotyours'] . '<br />
<a href="/private.php">' . $lang['back'] . '</a><br />
<a href="/index.php">' . $lang['main'] . '</a></div>';
}
}
}else{
echo theader($lang['pminbox']);
echo '<div class="list2">' . $lang['pminbox'] . '</div>';
$query=mysql_query("select count(*) from `private` where `to`='".getid()."'");
if(($npms = intval(mysql_result($query, 0))) > 0){
$ntpp = 10;
$npages = ceil($npms / $ntpp);
if($page == 'last')
$page = $npages;
$page = intval($page);
if($page == 0)
$page = 1;
if($page > $npages && $page != 1)
$page = $npages;
if($page > 1)
echo '<a href="/private.php?page=1">' . $lang['firstpage'] . '</a><br />';
if($npages > 1 && $page < $npages)
echo '<a href="/private.php?page=' . $npages . '">' . $lang['lastpage'] . '</a><br />';
$limit = ($page - 1) * $ntpp;
$pms=mysql_query("select * from `private` where `to`='".getid()."' order by `date` desc limit $limit, $ntpp");
if($npms > 0){
while($pm = mysql_fetch_array($pms)){
$id = $pm['id'];
$from = getusername($pm['from']);
$date = $pm['date'];
$read = (bool)$pm['read'];
if($read)
$bln = '';
else
$bln = '[N]';
echo '<div class="list2">
<a href="/private.php?do=read&id=' . $id . '">' . $from . '</a> (' . date('d/m/Y, H:i:s', $date) . ')' . $bln . '</div>';
}
}
if($page > 1){
$bp = $page - 1;
$bl = '<a href="/private.php?page=' . $bp . '">< ' . $lang['backward'] . '</a>';
}else
$bl = '< ' . $lang['backward'];
if($page < $npages){
$fp = $page + 1;
$fl = ' | <a href="/private.php?page=' . $fp . '">' . $lang['forward'] . ' ></a>';
}
else
$fl = ' | ' . $lang['forward'] . ' >';
echo '<div class="list2">>' . $bl . $fl . '</div>';
}else{echo '<div class="list2">>' . $lang['pmempty'] . '</div>';}
echo '<div class="list2"><a href="/private.php?do=write">' . $lang['pmnew'] . '</a><br />
<a href="/private.php?do=delete&id=all">' . $lang['pmdelete'] . '</a><br />
<a href="/index.php">' . $lang['back'] . '</a></div>';
}
echo tfooter();
}else{echo'<div class="list2">'.$lang['error'].'</div>';}
exit();
?>