Файл: xteem.ru/user/mail/mail.php
Строк: 206
<?php
require_once ('../../system/function.php');
if (!isset($_GET['id'])){header("Location: /");exit;}
$ank=mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".intval($_GET['id'])."'"));
if (!$ank){header("Location: /");exit;}
// помечаем сообщения как прочитанные
mysql_query("UPDATE `mail` SET `read` = '1' WHERE `id_kont` = '$user[id]' AND `id_user` = '$ank[id]'");
$title = 'Переписка с '.$ank['login'].'';
require_once ('../../system/header.php');
echo '<div class="title">'.$title.'</div>';
// добавляем в контакты
if ($user['add_konts']==2 && mysql_result(mysql_query("SELECT COUNT(*) FROM `users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"),0)==0)
mysql_query("INSERT INTO `users_konts` (`id_user`, `id_kont`, `time`) VALUES ('$user[id]', '$ank[id]', '$time')");
// обновление сведений о контакте
mysql_query("UPDATE `users_konts` SET `new_msg` = '0' WHERE `id_kont` = '$ank[id]' AND `id_user` = '$user[id]' LIMIT 1");
if (isset($_POST['refresh']))
{
header("Location: /user/mail/mail.php?id=$ank[id]");
exit;
}
if (isset($_POST['msg']) && $ank['id']!=0)
{
$msg=$_POST['msg'];
if(mb_strlen($_POST['msg'])<3 OR (mb_strlen($_POST['msg'])>1024)){
/* Проверка кол-ва симоволов */
?><div class="podmenu">Допустимое количество символов в сообщении от 2-ух до 1024. Вы ввели: <?=mb_strlen(strong($_POST['msg'])); echo '<div class="menu"><a href="/user/mail/mail.php?id='.$ank['id'].'">Назад</a></div>';?></div> <?php
require_once ('../../system/footer.php');
exit;
}
if (!isset($err) && mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' AND `time` > '".($time-360)."' AND `msg` = '".strong($msg)."'"),0)==0)
{
$maxsize = 25; // Максимальный размер файла,в мегабайтах
$size = $_FILES['filename']['size']; // Вес файла
if(@file_exists($_FILES['filename']['tmp_name'])) {
if($size > (1048576 * $maxsize)) {
echo err($title, 'Максимальный размер файла '.$maxsize.'мб!');
require_once ('../../system/footer.php'); exit;
}
$filetype = array ( 'jpg', 'gif', 'png', 'jpeg', 'bmp', 'zip', 'rar', 'mp4','mp3','amr','3gp','avi','flv', 'jar', 'jad', 'apk', 'sis', 'sisx', 'ipa' );
$upfiletype = substr($_FILES['filename']['name'], strrpos( $_FILES['filename']['name'], ".")+1);
if(!in_array($upfiletype,$filetype)) {
echo err($title, 'Такой формат запрещено загружать!');
require_once ('../../system/footer.php'); exit;
}
$files = $_SERVER['HTTP_HOST'].'_'.rand(1234,5678).'_'.rand(1234,5678).'_'.$_FILES['filename']['name'];
move_uploaded_file($_FILES['filename']['tmp_name'], "../../files/mail/".$files."");
mysql_query("INSERT INTO `mail_file` SET `post_id` = '0', `name_file` = '".$files."'");
$f_id = mysql_insert_id();
}
// отправка сообщения
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$ank[id]', '".strong($msg)."', '$time')");
$p_id = mysql_insert_id();
mysql_query("UPDATE `mail_file` SET `post_id` = '".$p_id."' WHERE `id` = '".$f_id."' LIMIT 1");
// добавляем в контакты
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"),0)==0)
mysql_query("INSERT INTO `users_konts` (`id_user`, `id_kont`, `time`) VALUES ('$user[id]', '$ank[id]', '".time()."')");
// обновление сведений о контакте
mysql_query("UPDATE `users_konts` SET `time` = '".time()."' WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'");
header("Location: ?id=$ank[id]");
exit;
}
}
if (isset($_GET['delete']) && $_GET['delete']!='add')
{
$mess = mysql_fetch_assoc(mysql_query("SELECT * FROM `mail` WHERE `id` = '".intval($_GET['delete'])."' limit 1"));
if ($mess['id_user']==$user['id'] || $mess['id_kont']==$user['id'])
{
if ($mess['unlink']!=$user['id'] && $mess['unlink']!=0)
mysql_query("DELETE FROM `mail` WHERE `id` = '".$mess['id']."'");
else
mysql_query("UPDATE `mail` SET `unlink` = '$user[id]' WHERE `id` = '$mess[id]' LIMIT 1");
header("Location: ?id=$ank[id]");
exit;
}
}
if (isset($_GET['delete']) && $_GET['delete']=='add')
{
mysql_query("DELETE FROM `mail` WHERE `unlink` = '$ank[id]' AND `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]' AND `unlink` = '$ank[id]' ");
mysql_query("UPDATE `mail` SET `unlink` = '$user[id]' WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]'");
header("Location: ?id=$ank[id]");
exit;
}
$rt=time()-300;
if($ank['viz']<$rt){
echo "<div class='podmenu'>";
echo "Пользователь ".nick($ank['id'])." вышел из сети. Дождитесь его возвращения.";
echo "</div>";
}else{
echo "<div class='podmenu'>";
echo "Переписка с ".nick($ank['id'])."
<span style='float:right;'>";
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"), 0)==1)
{
$kont=mysql_fetch_array(mysql_query("SELECT * FROM `users_konts` WHERE `id_user` = '$user[id]' AND `id_kont` = '$ank[id]'"));
echo "<a href='/user/mail/index.php?type=$kont[type]&act=del&id=$ank[id]'><img src='../../images/cross_r.gif' alt='*'></a></span><br/></div>n";
}
else
{
echo "<a href='/user/mail/index.php?type=common&act=add&id=$ank[id]' class='k_menu'><img src='../../images/lj.gif' alt='*'></a></span><br/></div>n";
}
}
if ($ank['id']!=0 ){
echo "<div class='podmenu'>";
echo "<form method='post' name='message' action='/user/mail/mail.php?id=$ank[id]' enctype='multipart/form-data' >n";
echo "<textarea name='msg'></textarea><br />n";
echo 'Выберите файл:<br><input type="file" name="filename"/></br/>';
echo "<input type='submit' name='send' value='Отправить' />n";
echo "<input type='submit' name='refresh' value='Обновить' />";
echo "</form>";
echo'</div>';
}
echo "<div class='menudiv'>
<a href='/user/mail/?".(isset($kont)?'type='.$kont['type']:null)."' class='k_menu'>Все контакты</a></div>n";
echo "<table class='podmenu'>n";
if (empty($user['max'])) $user['max']=10;
$max = $user['max'];
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `unlink` != '$user[id]' AND `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]' AND `unlink` != '$user[id]'"),0);
$k_page = k_page($k_post,$max);
$page = page($k_page);
$start = $max*$page-$max;
$q=mysql_query("SELECT * FROM `mail` WHERE `unlink` != '$user[id]' AND `id_user` = '$user[id]' AND `id_kont` = '$ank[id]' OR `id_user` = '$ank[id]' AND `id_kont` = '$user[id]' AND `unlink` != '$user[id]' ORDER BY id DESC LIMIT $start, $max");
while ($post = mysql_fetch_array($q))
{
echo '<div class="podmenu">';
$ank2=mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$post['id_user']."'"));
if ($ank2 && $ank2['id'])
{
if($ank2['id']==$user['id']){
$what=' <font color=green>От меня</font> к </b>'.nick($ank['id']).'';
}else{
$what='
<b>'.nick($ank['id']).'</b> ';
}
echo ' '.$what.' ';
}
else if ($ank2['id']==0)
{
echo "<b>Система</b>n";
}
else
{
echo "[Удален!]n";
}
echo '<span style="float:right;color:#666;font-size:small;"> '.vremja($post['time']).'</span> ';
if ($post['read']==0)echo "(не прочитано)<br />n";
echo "<br/>".bb(smile($post['msg']))."n";
$count = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `mail_file` WHERE `post_id` = '".$post['id']."'"),0);
if($count) {
$load_s = mysql_query("SELECT * FROM `mail_file` WHERE `post_id`='".$post['id']."'");
echo '<br /><b>Приложение:</b><br/>';
while($a = mysql_fetch_array($load_s)){
echo '<a href="../../files/mail/'.$a['name_file'].'">'.$a['name_file'].'</a> ['.fsize('../../files/mail/'.$a['name_file']).'] ';
}
}
echo "<div style='text-align:right;'>";
echo "<a href="mail.php?id=$ank[id]&page=$page&delete=$post[id]"><font color='#79358c'>Delete</font></a>n";
echo " </div>n";
echo " </div>n";
}
echo "</table>n";
if ($k_page>1)str("mail.php?id=$ank[id]&",$k_page,$page); // Вывод страниц
require_once ('../../system/footer.php');
?>