Файл: mail.php
Строк: 340
<?php
require 'lang_inc.php';
require 'sid.php';
require 'config.php';
$link = connect_db();
list($user, $id, $ps) = check_login($link);
include 'head.php';
include 'navigator.php';
whorm(0, 'privat');
echo $div_left . $div_title . $user['user'] . ' / '.$lang['Сообщения'].'' . $div_end .
$div_menu . '
<a href="mail.php?do=send&lg='.$lg.'">'.$lang['Написать сообщение'].'</a> /
<a href="mail.php?do=archive&lg='.$lg.'">'.$lang['Архив'].'</a>' . $div_end . $div_end;
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
/*
* Очистка всех писем
*/
case del_all:
$P = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0'");
if (mysql_num_rows($P) == 0) {
err(''.$lang['Ошибка'].'!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0'";
if (mysql_query($del)) {
header('Location: mail.php?clean_ok&lg='.$lg.'');
} else {
err(''.$lang['Произошла ошибка'].'!');
}
}
echo '<a href="mail.php?lg='.$lg.'&'.$ref.'">'.$lang['Почта'].'</a>';
break;
/*
* Очистка архива
*/
case del_all_ar:
$P = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '1'");
if (mysql_num_rows($P) == 0) {
err(''.$lang['Ошибка'].'!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '1'";
if (mysql_query($del)) {
header('Location: mail.php?clean_ok&lg='.$lg.'');
} else {
err(''.$lang['Произошла ошибка'].'!');
}
}
echo '<a href="mail.php?lg='.$lg.'&'.$ref.'">'.$lang['Почта'].'</a>';
break;
/*
* Удаление сообщения
*/
case del:
if (isset($_GET['x']) && !ctype_digit($_GET['x'])) {
header('Location: index.php?isset=403&lg='.$lg.'');
die();
}
$x = (int)$_GET['x'];
$P = mysql_fetch_assoc(mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `id` = '$x'"));
if (mysql_affected_rows() == 0) {
err(''.$lang['Ошибка'].'!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `id` = '$x' LIMIT 1";
if (mysql_query($del)) {
header('Location: mail.php?del_ok&lg='.$lg.'');
} else {
err(''.$lang['Произошла ошибка'].'!');
}
}
echo '<a href="mail.php?lg='.$lg.'&'.$ref.'">'.$lang['Почта'].'</a>';
break;
/*
* Новое сообщение/Ответ
*/
case send:
$adresat = (isset($_GET['nick'])) ? htmlspecialchars(addslashes(user_inf($_GET['nick'], 'user'))) : NULL;
echo $div_left . '
<FORM method="POST" action="mail.php?do=send_ok&lg='.$lg.'">
<label>'.$lang['Кому'].':</label><br/>
<input type="text" name="nick" value="'.$adresat.'"/>
<br/>
<label>'.$lang['Сообщение'].':</label><br/>
<textarea name="message" cols="50" rows="5" style="width: 99%;"></textarea>
<br/>
<input type="submit" name="send" value="'.$lang['Отправить'].'"/>
</FORM>
' . $div_aut . '
'.$lang['Администрация сайта'].' <b>'.$lang['никогда НЕ попросит Вас'].'</b>: '.$lang['выслать пароль, отправить смс, зайти на какой-либо сайт'].'.<br/>
<b>'.$lang['Не сообщайте свой пароль'].'</b> '.$lang['третьим лицам, а так же'].' <b>'.$lang['никогда не вписывайте чужие e-mail адреса'].'</b> '.$lang['в свою анкету'].'!<br/>
'.$lang['Все сообщения такого типа являются мошеничеством или рекламой'].'.
' . $div_end . '
<a href="mail.php?lg='.$lg.'&'.$ref.'">'.$lang['Почта'].'</a>' . $div_end;
break;
/*
* Отправка сообщения
*/
case send_ok:
$nick = trim(mysql_real_escape_string(check($_POST['nick'])));
$message = trim(mysql_real_escape_string(check($_POST['message'])));
if (isset($_POST['next'])) {
$code = my_int($_POST['code']);
if ($_SESSION['SendCaptcha'] != $code) {
err(''.$lang['Неверный проверочный код'].'!');
} else {
unset($_SESSION['SendTimeOut']);
unset($_SESSION['SendCaptcha']);
header('Location: mail.php?do=send_ok&lg='.$lg.'');
}
}
if (!isset($_SESSION['SendTimeOut'])) $_SESSION['SendTimeOut'] = 0;
if ($_SESSION['SendTimeOut'] > time()) {
$_SESSION['SendCaptcha'] = mt_rand(100, 999);
echo $div_left . '<FORM method="POST" action="mail.php?do=send_ok&lg='.$lg.'">
'.$lang['Введите код'].': <b>' . captcha($_SESSION['SendCaptcha']) . '</b><br/>
<input type="text" name="code" size="3"/>
<input type="hidden" name="nick" value="' . $nick . '"/>
<input type="hidden" name="message" value="' . $message . '"/>
<input type="submit" name="next" value="ok"/>
</FORM>' . $div_end;
include_once 'foot.php';
exit();
}
if (!user_inf($nick)) {
err(''.$lang['Получатель не найден'].'!');
include 'foot.php';
exit();
}
if (ignor(user_inf($nick), $user['id']) == 1) {
err(''.$lang['Вы находитесь в черном списке у этого пользователя'].'');
include 'foot.php';
exit();
}
$fr = mysql_query("SELECT COUNT(*) FROM `friends` WHERE
`user` = '$user[id]'
AND
`who` = '" . user_inf($nick, 'id') . "'
AND
`zajavka` = '1'
OR
`user` = '" . user_inf($nick, 'id') . "'
AND
`who` = '$user[id]'
AND
`zajavka` = '1'");
if (user_inf($nick, 'p_mail') == 0 && mysql_result($fr, 0) == FALSE) {
err(''.$lang['Писать письма этому пользователю могут только друзья'].'!');
include 'foot.php';
exit();
}
if (empty($message)) {
err(''.$lang['Пустое поле сообщения'].'!');
} else {
// Антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$message = ($ant[0] == 1) ? mat($message) : $message;
// Транслит
if ($user['translit'] == 1) {
$message = trun_to_rus($message);
}
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $message)) {
$message = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $message);
}
}
}
$send_1 = "INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'" . $user['id'] . "','" . user_inf($nick, 'id') . "','$message','" . time() . "','0','i')";
$send_2 = "INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'" . user_inf($nick, 'id') . "','" . $user['id'] . "','$message','" . time() . "','1','o')";
if (mysql_query($send_1) && mysql_query($send_2)) {
header('Location: mail.php?do=view&lg='.$lg.'&adr=' . user_inf($nick, 'id'));
} else {
err(''.$lang['Произошла ошибка при отправке'].'!');
}
}
$_SESSION['SendTimeOut'] = time() + 10;
echo '<a href="mail.php?lg='.$lg.'&'.$ref.'">'.$lang['Почта'].'</a><br/>';
break;
/*
* Просмотр истории переписки
*/
case view:
$adr = my_int($_GET['adr']);
$_test = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '$adr'");
if (mysql_num_rows($_test) == FALSE) {
header('Location: index.php?&lg='.$lg.'&' . $ref);
die();
}
echo $div_left;
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '$adr' AND `save` = '0'"), 0);
$n = new navigator($all, $user['onp_privats'], '?do=view&adr='.$adr.'&lg='.$lg.'&');
$read = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '$adr' AND `save` = '0' ORDER BY `id` DESC {$n->limit}");
if ($all != false) {
$dv = 0;
$skem = (!user_inf($adr)) ? ''.$lang['Система'].'' : us($adr);
echo $div_razdel . ''.$lang['Переписка с'].' ' . $skem . $div_end;
echo '<FORM method="POST" action="mail.php?do=send_ok&lg='.$lg.'">
<textarea name="message" cols="50" rows="5" style="width: 99%;"></textarea>
<br/>
<input type="hidden" name="nick" value="' . $adr . '"/>
<input type="submit" name="sendmsg" value="'.$lang['Отправить'].'"/>
</FORM>' . $block;
while($ot = mysql_fetch_assoc($read)) {
/////////////////////
mysql_query("UPDATE `letters` SET `read` = '1' WHERE `idwho` = '$user[id]' AND `who` = '$adr'");
/////////////////////
$your = mysql_fetch_array(mysql_query("SELECT `id`, `read` FROM `letters` WHERE
`idwho` = '$ot[who]'
AND
`who` = '$user[id]'
AND
`mod` = 'i'
AND
`id` = '" . ($ot['id'] - 1) . "'"));
if ($ot['who'] == 0) {
$WHO = ''.$lang['Система'].'';
$bl = '';
$comp = '';
$del = '[<a href="mail.php?do=del&x='.$ot['id'].'&lg='.$lg.'">'.$lang['Уд'].'</a>]';
$arch = '';
$_read = '';
} else {
if ($ot['idwho'] == $user['id'] && $ot['mod'] == 'o') {
$WHO = '<b>'.$lang['Я'].'</b> > ' . user_inf($ot['who'], 'user');
$bl = '';
$comp = '';
$del = '[<a href="mail.php?do=del&x='.$ot['id'].'&lg='.$lg.'">'.$lang['Уд'].'</a>]';
$arch = '';
if (!empty($your[0]) && $your[1] == 0) $_read = ' <img src="ico/msg_close.gif" alt=""/>';
elseif (!empty($your[0]) && $your[1] == 1) $_read = ' <img src="ico/msg_open.gif" alt=""/>';
else $_read = ' <img src="ico/msg_open_broke.png" alt=""/>';
} elseif ($ot['idwho'] == $user['id'] && $ot['mod'] == 'i') {
$WHO = '<a href="anketa.php?nk='.$ot['who'].'&lg='.$lg.'">' . nik($ot['who']) . '</a>';
$bl = '[<a href="black.php?do=add&&nk='.$ot['who'].'&lg='.$lg.'">'.$lang['В ч/с'].'</a>]';
$comp = '[<a href="mail.php?do=complaint&nick='.$ot['who'].'&lg='.$lg.'">'.$lang['Жалоба'].'</a>]';
$arch = '[<a href="mail.php?do=archive&a='.$ot['id'].'&lg='.$lg.'">'.$lang['В архив'].'</a>]';
$del = '[<a href="mail.php?do=del&x='.$ot['id'].'&lg='.$lg.'">'.$lang['Уд'].'</a>]';
$_read = '';
}
}
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo $div_left . $WHO . $_read . '
<br/>
' . date('d.m.Y H:i', $ot['data']) . '
<br/>
' . smiles(bb_code($ot['message'])) . '
<br/>
' . $bl . $comp . $del . $arch . $div_end . $div_end;
}
echo $n->navi();
} else {
echo ''.$lang['История переписки пуста'].'!<br/>';
}
echo $div_end;
echo '<a href="mail.php?lg='.$lg.'&'.$ref.'">'.$lang['Почта'].'</a>';
break;
/*
* Жалоба на письмо
*/
case complaint:
$nick = my_int($_REQUEST['nick']);
$empty = mysql_query("SELECT `id` FROM `letters` WHERE `who` = '$nick'");
if (mysql_num_rows($empty) == FALSE) {
header('Location: mail.php?lg='.$lg.'');
die();
}
if (isset($_POST['send'])) {
$type = my_int($_POST['type']);
$msg = trim(mysql_real_escape_string(check($_POST['msg'])));
if (empty($msg)) {
err(''.$lang['Заполните причину жалобы'].'!');
include 'foot.php';
exit();
}
if ($type == 1) $why = ''.$lang['Реклама'].'';
elseif ($type == 2) $why = ''.$lang['Мошеничество'].'';
elseif ($type == 3) $why = ''.$lang['Нецензурная брань'].'';
elseif ($type == 4) $why = ''.$lang['Сцены жестокости и насилия'].'';
elseif ($type == 5) $why = ''.$lang['Другое'].'';
elseif ($type == 6) $why = ''.$lang['Техническая проблема'].'';
$sel_adm = mysql_query("SELECT `id` FROM `users` WHERE `level` = '5'");
while($send_adm = mysql_fetch_assoc($sel_adm)) {
$mes = '<b>'.$lang['Жалоба от'].' ' . $user['user'] . ' '.$lang['на'].' ' . user_inf($nick, 'user') . ':</b> ' . $msg . '. <b>'.$lang['В письмах было'].':</b> ' . $why;
mysql_query("INSERT INTO `letters` SET
`who` = '0',
`idwho` = '$send_adm[id]',
`message` = '$mes',
`data` = '" . time() . "',
`read` = '0',
`mod` = 'o'");
header('Location: mail.php?ok_comp&lg='.$lg.'');
}
}
echo $div_left . $div_title . ''.$lang['Жалоба на содержимое письма'].'' . $div_end .
$div_razdel . ''.$lang['Ложная информация может привести к блокировке ника'].'.<br/>
'.$lang['Если вас постоянно достает один человек - пишет всякие гадости'].',<br/>
'.$lang['вы можете добавить его в черный список'].'.' . $div_end . '
<FORM method = "POST" action = "mail.php?do=complaint&lg='.$lg.'">
<fieldset>
<label>'.$lang['Причина'].':</label><br/>
<select name = "type">
<option value="1">'.$lang['Реклама'].'</option>
<option value="2">'.$lang['Мошеничество'].'</option>
<option value="3">'.$lang['Нецензурная брань'].'</option>
<option value="4">'.$lang['Сцены жестокости и насилия'].'</option>
<option value="5">'.$lang['Другое'].'</option>
<option value="6">'.$lang['Техническая проблема'].'</option>
</select>
<br/>
<label>'.$lang['Опишите жалобу'].'</label>:<br/>
<textarea name = "msg" cols = "50" rows = "5" style = "width:99%"></textarea>
<br/>
<input type = "hidden" name = "nick" value = "' . $nick . '"/>
<input type = "submit" name = "send" value = "'.$lang['Отправить'].'"/>
</fieldset>
</FORM>';
break;
/*
* Архив сохраненных
*/
case archive:
echo $div_left;
// запись
if (isset($_GET['a'])) {
$a = my_int($_GET['a']);
$pr = mysql_query("SELECT `id` FROM `letters` WHERE `id` = '$a' AND `idwho` = '$user[id]' AND `who` != '0' AND `mod` = 'i' AND `save` = '0' LIMIT 1");
if (mysql_num_rows($pr) == FALSE) {
err(''.$lang['Сообщение не найдено'].'!');
} else {
mysql_query("UPDATE `letters` SET `save` = '1' WHERE `id` = '$a' AND `mod` = 'i' AND `idwho` = '$user[id]' LIMIT 1");
header('Location: mail.php?do=archive&lg='.$lg.'');
}
}
// удаление
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$em = mysql_query("SELECT `id` FROM `letters` WHERE `id` = '$x' AND `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1' LIMIT 1");
if (mysql_num_rows($em) == FALSE) {
err(''.$lang['Сообщение не найдено'].'!');
} else {
mysql_query("DELETE FROM `letters` WHERE `id` = '$x' AND `mod` = 'i' AND `save` = '1' AND `idwho` = '$user[id]' LIMIT 1");
header('Location: mail.php?do=archive&lg='.$lg.'');
}
}
// вывод
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `letters` WHERE `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1'"), 0);
if ($all != FALSE) {
$n = new navigator($all, $user['onp_privats'], '?do=archive&lg='.$lg.'&');
$read = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1' ORDER BY `data` DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($read)) {
$del = '[<a href="mail.php?do=archive&x='.$a['id'].'&lg='.$lg.'">'.$lang['Уд'].'</a>]';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo nik($a['who']) . '
<br/>
' . date('d.m.y H:i', $a['data']) . '
<br/>
' . smiles(bb_code($a['message'])) . '
<br/>
' . $del . $div_end;
}
echo $n->navi();
} else {
echo ''.$lang['Архив пуст'].'.<br/>';
}
echo $div_menu . '<a href="mail.php?do=del_all_ar&lg='.$lg.'">'.$lang['Очистить архив'].'</a>' . $div_end . $div_end;
break;
/*
* Список контактов
*/
default:
echo $div_left;
if (isset($_GET['clean_ok'])) msg(''.$lang['История очищена'].'!');
if (isset($_GET['del_ok'])) msg(''.$lang['Сообщение удалено'].'!');
if (isset($_GET['ok_comp'])) msg(''.$lang['Жалоба отправлена на рассмотрение'].'!');
$_count = mysql_num_rows(mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0' GROUP BY `who`"));
if ($_count != FALSE) {
echo '<b>'.$lang['Контакты'].'</b><br/>';
$n = new navigator($_count, 10, '?lg='.$lg.'');
$_read = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0' GROUP BY `who` ORDER BY `data` DESC {$n->limit}");
$dv = 0;
while($_r = mysql_fetch_assoc($_read)) {
$sql_1 = mysql_result(mysql_query("SELECT COUNT(*) FROM
`letters` WHERE
`who` = '$_r[who]'
AND
`read` = '0'
AND
`save` = '0'
AND
`idwho` = '$user[id]'"), 0);
$sql_2 = mysql_result(mysql_query("SELECT COUNT(*) FROM
`letters` WHERE
`who` = '$_r[who]'
AND
`read` = '1'
AND
`save` = '0'
AND
`idwho` = '$user[id]'"), 0);
$adresat = (empty($_r['who'])) ? ''.$lang['Система'].'' : us($_r['who'], 'user');
if ($user['avka'] == 1) {
if ($_r['who'] == 0) {
$foto = '<img src="ico/system.gif" alt=""/> ';
} else $foto = '';
}
######
echo '<form method="post" action="mail.php?lg='.$lg.'&'.$ref.'">';
######
$d = ' <a href="mail.php?delete_from&who='.$_r['who'].'&lg='.$lg.'"><img src="ico/delete.gif" alt="x"/></a>';
$msg_unread = ($sql_1 != 0) ? '<img src="ico/unread_msg.gif" alt=""/> ' : '<img src="ico/msg.gif" alt=""/> ';
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo $foto . ' ' . $adresat . '</a><br/>
' . $msg_unread . ' <a href="mail.php?do=view&adr='.$_r['who'].'&lg='.$lg.'">'.$lang['Сообщения'].' (<b>'.$sql_1.'</b>/'.$sql_2.')</a>
<input type="checkbox" name="block[]" value="'.$_r['who'].'"/>' . $d . $div_end;
######
}
######
echo $n->navi();
} else {
echo ''.$lang['Почта пуста'].'!<br/>';
}
if (isset($_POST['submitForm']))
{
if (empty($_POST['block'])) {
header('Location: mail.php?lg='.$lg.'&' . $ref);
die();
}
if ($_POST['d'] == 1) {
foreach($_POST['block'] as $value) {
mysql_query("DELETE FROM `letters` WHERE `who` = '$value' AND `save` = '0' AND `idwho` = '$user[id]'");
header('Location: mail.php?lg='.$lg.'&' . $ref);
}
}
if ($_POST['d'] == 2) {
foreach($_POST['block'] as $value) {
mysql_query("UPDATE `letters` SET `save` = '1' WHERE `who` = '$value' AND `idwho` = '$user[id]'");
header('Location: mail.php?lg='.$lg.'&' . $ref);
}
}
}
if (isset($_GET['delete_from'])) {
$who = my_int($_GET['who']);
mysql_query("DELETE FROM `letters` WHERE `who` = '$who' AND `save` = '0' AND `idwho` = '$user[id]'");
header('Location: mail.php?lg='.$lg.'&' . $ref);
}
echo $div_razdel . '
<select name="d">
<option value="0">'.$lang['с отмеченными'].'</option>
<option value="1">'.$lang['удалить'].'</option>
<option value="2">'.$lang['перенести в архив'].'</option>
</select>
<input type="submit" name="submitForm" value="OK"/>
</form>
' . $div_end . $div_menu . '
<a href="mail.php?do=del_all&lg='.$lg.'">'.$lang['Очистить историю'].'</a><br/>
<a href="black.php?lg='.$lg.'&'.$ref.'">'.$lang['Чёрный список'].'</a>' . $div_end . $div_end;
break;
}
include 'foot.php';
?>