Файл: backup/user/mail.php
Строк: 116
<?
require_once('../core/start.php');
func::is_auth();
$title = 'Личная почта';
require_once(root.'core/header.php');
switch($do){
default:
echo '<div class="wizart">Контакты</div>';
func::head_menu();
$posts = core::$dbs->querySingle("SELECT count(id) FROM `privat_contact` where `who` = ?",array($user['id']));
if($posts !=0){
func::nav($posts,$num);
$mail = core::$dbs->query("SELECT * from `privat_contact` where `who` = ? order by `time` desc limit $start,$num",array($user['id']));
while($m = $mail->fetch()){
echo '<div class="main">'.func::nick($m['ho']).' [<a href="?do=dia&id='.$m['ho'].'">переписка</a>] (<b>'.core::$dbs->querySingle("SELECT count(id) from `privat` where `who` = ? and `ho` = ? and `read` = ?",array($m['ho'],$user['id'],0)).'</b>/'.core::$dbs->querySingle("SELECT count(id) from `privat` where `who` = ? and `ho` = ? or `ho` = ? and `who` = ?",array($user['id'],$m['ho'],$user['id'],$m['ho'])).') ('.func::times($m['time']).')</div>';
}
} else {
func::error('Контактов нет...');
}
func::navig('?');
break;
case 'dia':
if(!$user['id'] or $id==$user['id'] or core::$dbs->querySingle("SELECT count(id) from users where id = ? limit 1",array($id))==0){
header('location:/');exit;}
$title = 'Переписка с '.func::user_inf($id, 'login');
require_once(root.'core/header.php');
echo '<div class="wizart"><a href="/user/mail.php">Контакты</a> / '.$title.'</div>';
func::head_menu();
if($id==$user['id'] || func::user_inf($id, 'my_mail')==2){
func::error(func::nick($id).' запретил'.($sex == 2 ? 'a':NULL).' писать '.($sex == 1 ? 'ему':'ей'));
func::footer_menu();
require_once(root.'core/footer.php');
die();
}
if(core::$dbs->querySingle("SELECT count(id) from privat_contact where who = ? and ho = ?",array($user['id'],$id))==0){
core::$dbs->query("INSERT INTO privat_contact set who = ?, ho = ?, time = ?",array($user['id'],$id,time()));
}
if(core::$dbs->querySingle("SELECT count(id) from privat_contact where who = ? and ho = ?",array($id,$user['id']))==0){
core::$dbs->query("INSERT INTO privat_contact set who = ?, ho = ?, time = ?",array($id,$user['id'],time()));
}
echo '<form action="?do=dia&id='.$id.'" method="post" enctype="multipart/form-data">
Сообщение:[<a href="javascript:window.location.reload()">Обновить</a>]<br/><textarea name="text"></textarea><br/>Файл:<br/><input type="file" name="file"/><br/><input type="submit" value="Отправить" name="submit"/></form>';
if(isset($_POST['submit'])){
$text = func::check($_POST['text']);
if(empty($text)) $err = 'Сообщение осталось пустым...';
$pm = core::$dbs->query("SELECT * FROM privat WHERE who = ? and ho = ? ORDER BY time desc",array($user['id'],$id));
while($pm2 = $pm->fetch()){
if((time()-$pm2['time']) < 10) $err = 'Писать можно только раз в 10 секунд...';
}
$FileName = $_FILES['file']['name'];
$FileSize = $_FILES['file']['size'];
$GetExt = array('.bmp','.gif','.jpeg','.jpg','.png','.amr','.mp3','.pdf','.swf','.txt', '.zip','.txt','.rar','.tar','.gz','.gzip','.3gp','.avi','.mp4','.wmv','.flv');
$ext = strtolower(strrchr($_FILES['file']['name'], '.'));
if (!empty($FileName) && ($FileSize > 1024 * 15 * 1024)){
func::error('Размер файла более 15 Мб!');
func::footer_menu();
require_once(root.'core/footer.php');
exit();
}
if (!empty($FileName) && (preg_match('/(.php|.pl|.htaccess)/i', $FileName) || !in_array($ext, $GetExt))){
func::error('Запрещенный формат файла!');
func::footer_menu();
require_once(root.'core/footer.php');
exit();
}
$file = 'file_'.mt_rand(10000, 99999).$ext;
if(!isset($err)){
core::$dbs->query("INSERT INTO `privat` SET `who` = ?, `ho` = ?, `text` = ?, `time` = ?, `read` = ?",array($user['id'],$id,$text,time(),0));
$idl = core::$dbs->lastInsertId();
core::$dbs->query("UPDATE privat_contact SET time=? WHERE who = ? and ho=? limit 1",array(time(),$user['id'],$id));
core::$dbs->query("UPDATE privat_contact SET time=? WHERE ho = ? and who=? limit 1",array(time(),$user['id'],$id));
if(!empty($FileName)){
copy($_FILES['file']['tmp_name'], root . '/files/mail/'.$file);
$files = 'mail/'.$file;
core::$dbs->query("UPDATE `privat` SET `file` = ?, `file_name` = ? WHERE `id` = ? LIMIT 1",array($files,$file,$idl));
}
header('Location: ?do=dia&id='.$id);
exit();
} else {
func::error($err);
}
}
$count = core::$dbs->querySingle("SELECT COUNT(*) FROM privat WHERE who=? and ho = ? or who = ? and ho = ?",array($user['id'],$id,$id,$user['id']));
if($count == 0){
func::error('Сообщений нет!');
}
func::nav($count,$num);
$privat = core::$dbs->query("SELECT * FROM privat WHERE who= ? and ho = ? or who = ? and ho = ? ORDER BY time DESC LIMIT $start,$num",array($user['id'],$id,$id,$user['id']));
while($privat2 = $privat->fetch()){
$us = core::$dbs->queryFetch("SELECT * FROM users WHERE id = ? LIMIT 1",array($privat2['who']));
echo '<div class="main">'.func::nick($us['id']).'</a> '.($privat2['read'] == 0 ? '[<font color="red">непрочитано</font>]':NULL).' ('.func::times($privat2['time']).')<br/>'.func::out($privat2['text']);
if(!empty($privat2['file'])){
echo '<br/><b>Прикрепленные файлы:</b><br/>';
echo '<a href="http://'.HTTPHOME.'/files/'.$privat2['file'].'">'.$privat2['file_name'].'</a> ('.func::size(filesize(root.'files/'.$privat2['file'])).')<br/>';
}
echo '</div>';
if($privat2['ho'] == $user['id'] && $privat2['read'] == 0){
core::$dbs->query("UPDATE `privat` SET `read` = ? WHERE `id` =? limit 1",array(1,$privat2['id']));
}
}
func::navig('?do=dia&id='.$id.'&');
break;
}
func::footer_menu();
require_once(root.'core/footer.php');
?>