Вход Регистрация
Файл: private.php
Строк: 320
<?php
#############################
#       СКРИПТ ФОРУМА       #
#           КАК НА          #
#        http://ony.su      #
# Автор : ExPLOiT           #
# ICQ   : 949-38-99         #
#############################
/*
 ! Вы не имеете права распространять данный скрипт. !
*/
include_once("connect.php");
include_once(
"config.php");
include_once(
"functions.php");
include_once(
"users.php");
    if(
$authorize)
    {
        switch(
$_GET['p'])
        {
            default:
            if(!empty(
$_GET['new']))
            {
                
$new "AND new=1 ";
            }
            if(
$version == "xhtml")
            {
                
$thisPageSize 700;
            }
            else
            {
                
$thisPageSize 500;
            }
            if(
$version == "wml")
            {
                
header("content-type: text/vnd.wap.wml; charset=utf-8");
                echo(
doctype("Приват - ".$username).$tag);
                echo(
'<a href="private.php?p=1&amp;sid='.$sid.'&amp;v=wml">Сказать</a><br />
<a href="private.php?v=wml&amp;sid='
.$sid.'&amp;rnd='.$ref."">В начало</a><br /><br />rn");
                if( isset(
$_GET['clear']) )
                {
                    echo("
Вы уверенычто хотите удалить все сообщения?rn");
                    echo("
<a href='private.php?p=4&amp;v=wml&amp;sid=$sid'>Да</a> | <a href='private.php?v=wml&amp;sid=$sid'>Нет</a><br />rn");
                }
                
$sql =                "SELECT *
                                    
FROM private
                                    
WHERE name  '".$username."'
                                    ".
$new."
                                    
GROUP BY id
                                    ORDER BY id DESC 
";
                
$count = mysql_num_rows(mysql_query($sql));
                
$start = intval($_GET['s']);
                if(!empty(
$start))
                {
                    
$limit = "LIMIT ".$start."".abs($count - $start);
                    
$int = $start;
                }
                else
                {
                    
$int = 0;
                }
                
$sql .= $limit;
                
$query = mysql_query($sql);
                while(
$mess = mysql_fetch_assoc($query))
                {
                    static 
$s;
                    if(
$mess['new'] == 1 AND $mess['mod'] == 'i')
                    {
                        echo('*');
                    }
                    echo(date("
d.m H:i", $mess['time']).']');
                    if(
$mess['mod'] == "o" AND preg_match("|^$username|iu", $mess['name']))
                    {
                        echo("
<b>Я&gt;<a href="" $_SERVER['PHP_SELF'] . "?v=wml&amp;sid=".$sid."&amp;uid=".username2id($mess['tname'])."&amp;p=1">".$mess['tname']."</a></b><br />rn");
                    }
                    else
                    {
                        echo("
<b><a href="" $_SERVER['PHP_SELF'] . "?v=wml&amp;sid=".$sid."&amp;p=1&amp;uid=".username2id($mess['tname'])."">".$mess['tname']."</a></b><br />rn");
                    }
                    echo(nl2br(
$mess['mess'])."<br />rn");
                    
$int++;
                    
$s += strlen($mess['time'].$mess['name'].$mess['tname'].$mess['mess']);
                    if(
$s + $thisPageSize + (110 * abs($int - $start)) > $pageSize)
                    {
                        if(
$int != $count)
                        {
                            
$next = $int;
                        }
                        break;
                    }
                }
                echo("
- - - - <br />rn");
                if(!empty(
$next))
                {
                    echo("
<a accesskey="3" href="" $_SERVER['PHP_SELF'] . "?v=wml&amp;sid=".$sid."&amp;s=".$next."">Дальше...(3)</a><br />rn");
                }
                echo("
<a href='private.php?sid=$sid&amp;v=wml&amp;clear=1'>Очистить приват</a><br />rn");
                echo("
<a href="".$forumdir."v=wml&amp;sid=".$sid."" accesskey="1">В форум (1)</a>rn");
                echo(
$tagC."</p></card></wml>");
            } elseif(
$version == "xhtml")
            {
                header("
Content-typetext/htmlcharset=utf-8");
                echo('<html>
<head>
<title>Приват - '.
$username.'</title>
</head>
<body bgcolor="'.$style['
background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
<table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
<
tr><td align="center" bgcolor="'.$style['title'].'">
<
font color="#FFFFFF"><b>Приват '.$username.'</b></font>
</
td></tr>
<
tr><td bgcolor="'.$style['bottom'].'">'.$tag.'
<a href="private.php?v=xhtml&amp;sid='.$sid.'&amp;p=1">Сказать</a><br />
<
a href="private.php?v=xhtml&amp;sid='.$sid.'&amp;rnd='.$ref.'">В начало</a><br />');
if( isset($_GET['
clear']) )
{
    echo("Вы уверены, что хотите удалить все сообщения?rn");
    echo("<a href='
private.php?p=4&amp;v=html&amp;sid=$sid'>Да</a> | <a href='private.php?v=html&amp;sid=$sid'>Нет</a><br />rn");
}
echo($tagC.'
</td></tr>
<
tr bgcolor="'.$style['text'].'"><td>'.$tag);
                       $sql =          "SELECT *
                                    FROM private
                                    WHERE name  = '".
$username."'
                                    ".$new."
                                    GROUP BY id
                                    ORDER BY id DESC ";
                $count = mysql_num_rows(mysql_query($sql));
                $start = intval($_GET['
s']);
                if(!empty($start))
                {
                    $limit = "LIMIT ".$start.", ".abs($count - $start);
                    $int = $start;
                }
                else
                {
                    $int = 0;
                }
                $sql .= $limit;
                $query = mysql_query($sql);
                while($mess = mysql_fetch_assoc($query))
                {
                    static $s;
                    if($mess['
new'] == 1 AND $mess['mod'] == 'i')
                    {
                        echo('
*');
                    }
                    echo(date("d.m H:i", $mess['
time']).']');
                    if($mess['
mod'] == "o" AND preg_match("|^$username|iu", $mess['name']))
                    {
                        echo("<b>Я&gt;<a href="" . $_SERVER['
PHP_SELF'] . "?v=xhtml&amp;sid=".$sid."&amp;uid=".username2id($mess['tname'])."&amp;p=1">".$mess['tname']."</a></b><br />rn");
                    }
                    else
                    {
                        echo("<b><a href="" . $_SERVER['
PHP_SELF'] . "?v=xhtml&amp;sid=".$sid."&amp;p=1&amp;uid=".username2id($mess['tname'])."">".$mess['tname']."</a></b><br />rn");
                    }
                    echo(nl2br($mess['
mess'])."<br />rn");
                    $int++;
                    $s += strlen($mess['
time'].$mess['name'].$mess['tname'].$mess['mess']);
                    if($s + $thisPageSize + (110 * abs($int - $start)) > $pageSize)
                    {
                        if($int != $count)
                        {
                            $next = $int;
                        }
                        break;
                    }
                }
                echo($tagC.'
</td></tr>
<
tr bgcolor="'.$style['bottom'].'"><td>'.$tag);
                if(!empty($next))
                {
                    echo("<a href="" . $_SERVER['
PHP_SELF'] . "?v=xhtml&amp;sid=".$sid."&amp;s=".$next."">Дальше...</a><br />rn");
                }
                echo("<a href='
private.php?sid=$sid&amp;v=xhtml&amp;clear=1'>Очистить приват</a><br />rn");
                echo("<a href="".$forumdir."v=xhtml&amp;sid=".$sid."">В форум </a>rn");
echo($tagC.'
</td></tr></table>
</
body></html>');
            }
            mysql_query("UPDATE private SET new=0 WHERE name='".
$username."'");
            break;
            case 1:
            if($version == "wml")
            {
                header("content-type: text/vnd.wap.wml; charset=utf-8");
                echo(doctype("Приват - ".$username).$tag);
                echo("<a href='" . 
$_SERVER['PHP_SELF'] . "?p=3&amp;v=wml&amp;sid=$sid'>Игнор</a><br />rn");
                if(!empty($_GET['
uid']))
                {
                    $uid = intval($_GET['
uid']);
                    $username = mysql_query("SELECT username FROM users WHERE id=".$uid);
                }
                if(@mysql_num_rows($username) != 0)
                {
                    $link = mysql_fetch_assoc($username);
                    echo("Кому: [".$link['
username']."] <a href="".$forumdir."v=wml&amp;sid=".$sid."&amp;id=".$uid."&amp;mode=user">[Анкета]</a>rn".$tagC);
                    echo("<a href='" . 
$_SERVER['PHP_SELF'] . "?p=3&amp;uid=$uid&amp;v=wml&amp;sid=$sid'>[В игнор]</a>rn");
                    if( in_array($status, array('
admin', 'moderator')) )
                    {
                        echo("<a href='
ban.php?v=wml&amp;back=" . base64_encode(htmlspecialchars($_SERVER['REQUEST_URI'])) . "&amp;username=" . $link['username'] . "&amp;sid=$sid'>[Бан]</a> $tagC");
                    }
                }
                else
                {
                    echo("Кому: ".$tagC."<input type="text" name="to" />rn");
                }
                echo("<br />" . $tag."Сообщение:".$tagC." <input type="text" name="mess" /><br />
<anchor>[Сказать]
<go href="private.php?v=wml&amp;sid=".$sid."&amp;p=2&amp;uid=" . $_GET['
uid'] . "" method="post">
<postfield name="mess" value="$(mess)" />
<postfield name="to" value="$(to)".$link['
username']."" />
</go></anchor><br />
".$tag."
- - - - <br />
<anchor>Назад<prev /></anchor><br />
<a href="private.php?v=wml&amp;sid=".$sid."&amp;rnd=".$ref."">В приват</a>
".$tagC."</p>
</card></wml>");

            } elseif($version == "xhtml")
            {
                header("Content-type: text/html; charset=utf-8");
                echo('
<html>
<
head>
<
title>Приват '.$username.'</title>
</
head>
<
body bgcolor="'.$style['background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
<
form action="private.php?v=xhtml&amp;sid='.$sid.'&amp;p=2&amp;uid=' . $_GET['uid'] . '" method="post">
<
table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
<
tr bgcolor="'.$style['title'].'"><td align="center" colspan="2">
<
font color="#FFFFFF"><b>Приват '.$username.'</b></font>
</
td></tr>
<
tr bgcolor="'.$style['bottom'].'">
<
td colspan="2">
<
a href="' . $_SERVER['PHP_SELF'] . '?p=3&amp;v=html&amp;sid=' . $sid . '">Игнор</a><br />
</
td></tr>
<
tr bgcolor="'.$style['text'].'"><td>');
                if(!empty($_GET['
uid']))
                {
                    $uid = intval($_GET['
uid']);
                    $username = mysql_query("SELECT username FROM users WHERE id=".$uid);
                }
                if(@mysql_num_rows($username) > 0)
                {
                    $link = mysql_fetch_assoc($username);
                    echo($tag."Кому:</td><td> [".$link['
username']."] <a href="".$forumdir."v=xhtml&amp;sid=".$sid."&amp;id=".$uid."&amp;mode=user">[Анкета]</a>");
                    echo("<a href='" . 
$_SERVER['PHP_SELF'] . "?p=3&amp;uid=$uid&amp;v=html&amp;sid=$sid'>[В игнор]</a>rn");
                    if( in_array($status, array('
admin', 'moderator')) )
                    {
                        echo("<a href='
ban.php?v=xhtml&amp;back=" . base64_encode(htmlspecialchars($_SERVER['REQUEST_URI'])) . "&amp;username=" . $link['username'] . "&amp;sid=$sid'>[Бан]</a></td></tr>rn $tagC");
                    }
                    $hidden = "<input type="hidden" name="to" value="".$link['
username']."" />rn";
                }
                else
                {
                    echo($tag."Кому:".$tagC."</td><td> <input type="text" name="to" /></td></tr>rn");
                }
                echo("<tr bgcolor="".$style['
text'].""><td>
".$tag."Сообщение:".$tagC."</td><td><textarea name="mess" cols="30" rows="5"></textarea></td></tr>
<tr bgcolor="".$style['
text'].""><td align="center" colspan="2">
".$hidden."
<input type="submit" value="Сказать" /></td></tr>
<tr bgcolor="".$style['
bottom'].""><td colspan="2">
$tag
<a href='
javascript:history.back(1)'>Назад</a><br/>
<a href="private.php?v=xhtml&amp;sid=".$sid."&amp;rnd=".$ref."">В приват</a>  $tagC
</td></tr></table>
</form>
</body></html>");



            }
            break;
            case 2:
            $mess =   sql(htmlspecialchars(trim(substr($_POST['
mess'], 0, 500))));
                        $mess = preg_replace_callback("|&lt;(d{1,20})&gt;|", "smile", $mess);
            if($status == "admin" or $starus == "moderator")
                {
                    $mess = preg_replace("|[url=(.*)](.*)[/url]|is", "<a href="go/?\1">\2</a>", $mess);
                    $mess = preg_replace("|[b](.*)[/b]|i", "<b>\1</b>", $mess);
                    $mess = preg_replace("|[i](.*)[/i]|i", "<i>\1</i>", $mess);
                }
                else
                {
                    $mess = preg_replace("|(http://[^s]+)|i", "<a href="go/?\1">\1</a>", $mess);
                }
            $to   =   htmlspecialchars(trim(sql(substr($_POST['
to'], 0, 15))));
            if(!mysql_result(mysql_query("SELECT COUNT(*) FROM users WHERE username='".
$to."'"), 0))
            {
                if($version == "wml")
                {
                    header('
Content-typetext/vnd.wap.wmlcharset=utf-8');
                    echo(doctype("Ошибка").$tag.'
Пользователя не существует! <br />
- - - - <
br />
<
anchor>Назад<prev /></anchor><br />
<
a href="private.php?v=wml&amp;sid='.$sid.'">В приват</a>
'.$tag.'
</p></card></wml>');
                } elseif($version == "xhtml")
                {
                    header("Content-type: text/html; charset=utf-8");
                    echo('
<html>
<
head>
<
title>Ошибка</title>
</
head>
<
body bgcolor="'.$style['background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
<
table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
<
tr><td align="center" bgcolor="'.$style['title'].'">
<
font color="#FFFFFF"><b>Ошибка</b></font>
</
td></tr>
<
tr><td bgcolor="'.$style['text'].'">
'.$tag.'Пользователя не существует!'.$tagC.'
</td></tr>
<
tr><td bgcolor="'.$style['bottom'].'">
'.$tag.'<a href="private.php/?v=xhtml&amp;sid='.$sid.'">В приват</a>'.$tagC.'
</td></tr></table>
</
body></html>');
                }
            }
            else
            {
                if(!empty($_POST['
mess']) && $to != $username)
                {
                    if(mysql_result(mysql_query("SELECT COUNT(*) FROM private WHERE name='".
$username."' AND `mod`='o'"), 0) > 15)
                    {
                        mysql_query("DELETE FROM private WHERE name='".
$username."' AND `mod`='o' ORDER BY id LIMIT 1");
                    }
                    if(mysql_result(mysql_query("SELECT COUNT(*) FROM private WHERE name='".
$to."' AND `mod`='i'"), 0) > 15)
                    {
                        mysql_query("DELETE FROM private WHERE name='".
$to."' AND `mod`='i' ORDER BY id LIMIT 1");
                    }
                    $uid = (int)$_GET['
uid'];

                    if( !mysql_result(mysql_query("SELECT COUNT(*) FROM `ignore` WHERE uid = $uid AND `ignore_user` = '
$username'"), 0))
                    {
                        mysql_query("INSERT INTO private VALUES(0, '".
$mess."', '".$to."', 'i', '".$username."', 1, ".time().")");
                        mysql_query("INSERT INTO private VALUES(0, '".
$mess."', '".$username."', 'o', '".$to."', 1, ".time().")");
                    }
                }
                header("Location: ".$_SERVER['
PHP_SELF'].'?v='.$version.'&sid='.$sid.'&rnd='.$ref);
            }
            break;

            case 3:

            if( isset($_GET['
uid']) )
            {
                if(  mysql_result(
                     mysql_query("SELECT COUNT(*) FROM `users` WHERE `id` = " . intval($_GET['
uid'])), 0))
                {
                    $uid2name = mysql_fetch_assoc(mysql_query("SELECT username FROM users WHERE id = " . intval($_GET['
uid'])));
                    if( !mysql_result(mysql_query("SELECT COUNT(*) FROM `ignore` WHERE uid = $infoUserRows[id] AND `ignore_user` = '
$uid2name[username]'"), 0))
                    {
                        mysql_query("INSERT INTO `ignore` VALUES(0, $infoUserRows[id], '" . 
$uid2name['username'] . "')");
                    }
                }
            }

            if( isset($_GET['
del']) )
            {
                $id = (int)$_GET['
id'];
                if( mysql_result(mysql_query(
                     "SELECT COUNT(*) FROM `ignore` WHERE id = $id AND uid = $infoUserRows[id]"), 0) )
                 {
                     mysql_query("DELETE FROM `ignore` WHERE id = $id");
                 }
             }

            $sql = mysql_query("SELECT * FROM `ignore` WHERE `uid` = $infoUserRows[id]");

            if( !mysql_num_rows($sql) )
            {
                $print[] = "Список игнорируемых контактов пуст!";
            }
            else
            {
                while($contacts = mysql_fetch_assoc($sql))
                {
                    $print[] = $contacts['
ignore_user'] . " - <a href='" . $_SERVER['PHP_SELF'] . "?del=1&amp;sid=$sid&amp;p=3&amp;id=" . $contacts['id'] . "&amp;v=" . $version . "'>Удалить</a><br />rn";
                }
            }
            if($version == "wml")
            {
                header('
Content-typetext/vnd.wap.wmlcharset=utf-8');
                echo(doctype("Игнор") . $tag .
                " <br /> rn" .
                join($print) . "
- - - - <br />
<anchor>Назад<prev /></anchor><br />
<a href='
private.php?v=wml&amp;sid=$sid'>В приват</a>
".$tag."
</p></card></wml>");
                } elseif($version == "xhtml")
                {
                    header("Content-type: text/html; charset=utf-8");
                    echo('
<html>
<
head>
<
title>Игнор</title>
</
head>
<
body bgcolor="'.$style['background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
<
table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
<
tr><td align="center" bgcolor="'.$style['title'].'">
<
font color="#FFFFFF"><b>Игнор</b></font>
</
td></tr>
<
tr><td bgcolor="'.$style['text'].'">
'.$tag . join($print) . $tagC.'
</td></tr>
<
tr><td bgcolor="'.$style['bottom'].'">
'.$tag.'<a href="private.php/?v=xhtml&amp;sid='.$sid.'">В приват</a>'.$tagC.'
</td></tr></table>
</
body></html>');
                }

                break;
                case 4:

                mysql_query("DELETE FROM private WHERE name = '
$username'");
                header("Location: ".$_SERVER['
PHP_SELF'].'?v='.$version.'&sid='.$sid.'&rnd='.$ref);

                break;
        }
    }
?>
Онлайн: 1
Реклама