Файл: public_html/user/mail.php
Строк: 335
<?php
require '../system/sid.php';
require '../system/config.php';
include '../system/user.php';
include '../system/head.php';
include '../system/navigator.php';
whorm(0, 'privat');
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
/*
* Очистка всех писем
*/
case del_all:
$P = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0'");
if (mysql_num_rows($P) == 0) {
err('Ошибка!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0'";
if (mysql_query($del)) {
header('Location: mail.php?clean_ok');
} else {
err('Произошла ошибка!');
}
}
echo '<div class="menu"><a class="ssyl2" href="/user/mail.php?">Почта</a></div>';
break;
/*
* Очистка архива
*/
case del_all_ar:
$P = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '1'");
if (mysql_num_rows($P) == 0) {
err('Ошибка!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '1'";
if (mysql_query($del)) {
header('Location: mail.php?clean_ok');
} else {
err('Произошла ошибка!');
}
}
echo '<div class="menu"><a class="ssyl2" href="/user/mail.php?">Почта</a></div>';
break;
/*
* Удаление сообщения
*/
case del:
if (isset($_GET['x']) && !ctype_digit($_GET['x'])) {
header('Location: index.php?isset=403');
die();
}
$x = my_int($_GET['x']);
$P = mysql_query("SELECT id FROM `letters` WHERE `idwho` = '$user[id]' AND `id` = '$x' LIMIT 1");
if (mysql_num_rows($P) == 0) {
err('Ошибка!');
} else {
$del = "DELETE FROM `letters` WHERE `idwho` = '$user[id]' AND `id` = '$x' LIMIT 1";
if (mysql_query($del)) {
header('Location: mail.php?del_ok');
} else {
err('Произошла ошибка!');
}
}
echo '<div class="menu"><a class="ssyl2" href="/user/mail.php?">Почта</a></div>';
break;
/*
* Новое сообщение/Ответ
*/
case send:
echo '<div class="title">Новое сообщение</div>';
echo '<div class="menu">';
$adresat = (isset($_GET['nick'])) ? htmlspecialchars(addslashes(user_inf($_GET['nick'], 'user'))) : NULL;
echo '<FORM ENCTYPE="multipart/form-data" method="POST" action="mail.php?do=send_ok">
<label>Получатель:</label><br/>
<input type="text" name="nick" value="' . $adresat . '"/>
<br/>
<label>Сообщение:</label><br/>';
echo '<textarea name="message" rows="5" cols="20"></textarea>'.quickcode().'
<br/>
<input type="submit" name="send" value="Отправить"/>
</FORM>
</div><div class="menu"><a class="ssyl2" href="/user/mail.php?">В диалоги</a></div>';
break;
/*
* Отправка сообщения
*/
case send_ok:
if (!ctype_digit($_POST['nick'])) $nick = trim(mysql_real_escape_string(check($_POST['nick'])));
elseif (ctype_digit($_POST['nick'])) $nick = my_int($_POST['nick']);
$message = trim(mysql_real_escape_string(check($_POST['message'])));
$files = array('.gif', '.jpg', '.jpeg', '.png', '.zip', '.rar', '.gz', '.gzip', '.tar', '.txt');
$ext = strtolower(strrchr($_FILES['file']['name'], '.'));
$fnames = $_FILES['file']['name'];
if (isset($_POST['next'])) {
$code = my_int($_POST['code']);
if ($_SESSION['SendCaptcha'] != $code) {
err('Неверный проверочный код!');
} else {
unset($_SESSION['SendTimeOut']);
unset($_SESSION['SendCaptcha']);
header('Location: mail.php?do=send_ok');
}
}
if (!isset($_SESSION['SendTimeOut'])) $_SESSION['SendTimeOut'] = 0;
if ($_SESSION['SendTimeOut'] > time()) {
$_SESSION['SendCaptcha'] = mt_rand(100, 999);
echo '<FORM method="POST" action="mail.php?do=send_ok">
Введите код: <b>' . captcha($_SESSION['SendCaptcha']) . '</b><br/>
<input type="text" name="code" size="3"/>
<input type="hidden" name="nick" value="' . $nick . '"/>
<input type="hidden" name="file" value="' . $fnames . '"/>
<input type="hidden" name="message" value="' . $message . '"/>
<input type="submit" name="next" value="ok"/>
</FORM>';
include_once 'system/foot.php';
exit();
}
if (!user_inf($nick)) {
err('Получатель не найден!');
include 'system/foot.php';
exit();
}
if (is_numeric($nick) && $nick == $user['id'])
{
err('Получатель не найден!');
include 'system/foot.php';
exit();
}
if (!is_numeric($nick) && $nick == $user['user'])
{
err('Получатель не найден!');
include 'system/foot.php';
exit();
}
if (ignor(user_inf($nick), $user['id']) == 1) {
err('Вы находитесь в черном списке у этого пользователя');
include 'system/foot.php';
exit();
}
if (!empty($fnames) && preg_match('/(.php|.pl|.htaccess)/i', $fnames) || !empty($fnames) && !in_array($ext, $files)) {
err('Запрещенный формат файла!');
include 'system/foot.php';
exit();
}
if (!empty($fnames) && $_FILES['file']['size'] > 1024 * 500) {
err('Большой размер файла!');
include 'system/foot.php';
exit();
}
$fr = mysql_query("SELECT COUNT(id) FROM `friends` WHERE
`user` = '$user[id]'
AND
`who` = '" . user_inf($nick, 'id') . "'
AND
`zajavka` = '1'
OR
`user` = '" . user_inf($nick, 'id') . "'
AND
`who` = '$user[id]'
AND
`zajavka` = '1'");
if (user_inf($nick, 'p_mail') == 0 && mysql_result($fr, 0) == FALSE) {
err('Писать письма этому пользователю могут только друзья!');
include 'system/foot.php';
exit();
}
if (empty($message)) {
err('Пустое поле сообщения!');
} else {
if (!empty($fnames))
{
$path = 'mail/file_' . mt_rand(100000, 999999) . $ext;
if ($ext == '.png' || $ext == '.jpeg' || $ext == '.jpg') {
$imgc = @imagecreatefromstring(file_get_contents($_FILES['file']['tmp_name']));
$imgc = img_copyright($imgc); // наложение копирайта
imagejpeg($imgc, $path, 90);
} else {
copy($_FILES['file']['tmp_name'], $path);
}
$ins = $path;
}
// Антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$message = ($ant[0] == 1) ? mat($message) : $message;
// Транслит
if ($user['translit'] == 1) {
$message = trun_to_rus($message);
}
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1 && filesize($_SERVER['DOCUMENT_ROOT'] . '/domains.dat') > 0) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $message)) {
$message = preg_replace("/(w)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $message);
}
}
}
$send_1 = "INSERT INTO `letters` (`id`, `who`, `idwho`, `message`, `data`, `read`, `mod`, `file`)
VALUES (0, '" . $user['id'] . "', '" . user_inf($nick, 'id') . "', '$message', '" . time() . "', '0', 'i', '$ins')";
$send_2 = "INSERT INTO `letters` (`id`, `who`, `idwho`, `message`, `data`, `read`, `mod`, `file`)
VALUES (0, '" . user_inf($nick, 'id') . "', '" . $user['id'] . "', '$message', '" . time() . "', '1', 'o', '$ins')";
if (mysql_query($send_1) && mysql_query($send_2)) {
header('Location: mail.php?do=view&adr=' . user_inf($nick, 'id'));
} else {
err('Произошла ошибка при отправке!');
}
}
$_SESSION['SendTimeOut'] = time() + 10;
echo '<div class="menu"><a class="ssyl2" href="/user/mail.php?">Почта</a></div>';
break;
/*
* Просмотр истории переписки
*/
case view:
$adr = my_int($_GET['adr']);
$_test = mysql_query("SELECT `id` FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '$adr'");
if (mysql_num_rows($_test) == FALSE) {
header('Location: index.php?');
die();
}
$all = mysql_result(mysql_query("SELECT COUNT(id) FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '$adr' AND `save` = '0'"), 0);
$n = new navigator($all, $user['onp_privats'], '?do=view&adr='.$adr.'&');
$read = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `who` = '$adr' AND `save` = '0' ORDER BY `id` DESC {$n->limit}");
if ($all != false) {
$dv = 0;
$skem = (!user_inf($adr)) ? 'Система' : us($adr);
echo '<div class="title">Диалог с ' . $skem . '</div>';
echo '<form action="/user/mail.php?do=send_ok" method="post">
<div class="menu">
<textarea name="message" rows="3"></textarea><br /><br />
<input type="submit" name="submit" value="Отправить" /> <span class="reload">
<a href="javascript:window.location.reload()">Обновить</a>
</span>
</div>
</form>';
while($ot = mysql_fetch_assoc($read)) {
/////////////////////
mysql_query("UPDATE `letters` SET `read` = '1' WHERE `idwho` = '$user[id]' AND `who` = '$adr'");
/////////////////////
$your = mysql_fetch_array(mysql_query("SELECT `id`, `read` FROM `letters` WHERE
`idwho` = '$ot[who]'
AND
`who` = '$user[id]'
AND
`mod` = 'i'
AND
`id` = '" . ($ot['id'] - 1) . "'"));
if (user_inf($ot['who'], 'onl') + 300 > time())
{
$online = ' <img src="/views/default/img/on.png" alt="on">';
}
else
{
$online = ' <img src="/views/default/img/off.png" alt="off">';
}
if (user_inf($ot['idwho'], 'onl') + 300 > time())
{
$onliner = ' <img src="/views/default/img/on.png" alt="on">';
}
else
{
$onliner = ' <img src="/views/default/img/off.png" alt="off">';
}
if ($ot['who'] == 0) {
$WHO = '<table><tr><td valign="top" text-align="center"><img src="/views/default/img/sys.png" width="35" height="35" alt="ава"></td><td><b>Система</b>'.$online.'';
$bl = '';
$comp = '';
$del = '[<a href="mail.php?do=del&x='.$ot['id'].'">Уд</a>]';
$arch = '';
$_read = '';
} else {
if ($ot['idwho'] == $user['id'] && $ot['mod'] == 'o') {
$WHO = '<td valign="top" text-align="center">'.uus($ot['idwho']).'<b>' . us($ot['idwho']) . '</b></a>'.$onliner.'';
$bl = '';
$comp = '';
$del = '[<a href="mail.php?do=del&x='.$ot['id'].'">Уд</a>]';
$arch = '';
if (!empty($your[0]) && $your[1] == 0) $_read = ' <img src="/ico/msg_close.gif" alt=""/>';
elseif (!empty($your[0]) && $your[1] == 1) $_read = ' <img src="/ico/msg_open.gif" alt=""/>';
else $_read = ' <img src="/ico/msg_open_broke.png" alt=""/>';
} elseif ($ot['idwho'] == $user['id'] && $ot['mod'] == 'i') {
$WHO = '<td valign="top" text-align="center">'.uus($ot['who']).'<b>' . us($ot['who']) . '</b></a>'.$online.'';
$bl = '[<a href="black.php?do=add&&nk='.$ot['who'].'">В ч/с</a>]';
$comp = '[<a href="mail.php?do=complaint&nick='.$ot['who'].'">Жалоба</a>]';
$del = '[<a href="mail.php?do=del&x='.$ot['id'].'">Уд</a>]';
$_read = '';
}
}
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<div class="menu">'.$WHO .''. $_read . '<br />' . date('d.m.Y H:i', $ot['data']) . '<br />' . smiles(bb_code($ot['message'])) . '</td>
</tr>
</table>
</div>';
}
echo $n->navi();
} else {
echo 'История переписки пуста!<br/>';
}
echo '<div class="menu"><a class="ssyl2" href="/user/mail.php?">Почта</a></div>';
break;
/*
* Жалоба на письмо
*/
case complaint:
$nick = my_int($_REQUEST['nick']);
$empty = mysql_query("SELECT `id` FROM `letters` WHERE `who` = '$nick'");
if (mysql_num_rows($empty) == FALSE) {
header('Location: mail.php?');
die();
}
if (isset($_POST['send'])) {
$type = my_int($_POST['type']);
$msg = trim(mysql_real_escape_string(check($_POST['msg'])));
if (empty($msg)) {
err('Заполните причину жалобы!');
include 'system/foot.php';
exit();
}
if ($type == 1) $why = 'Реклама';
elseif ($type == 2) $why = 'Мошеничество';
elseif ($type == 3) $why = 'Нецензурная брань';
elseif ($type == 4) $why = 'Сцены жестокости и насилия';
elseif ($type == 5) $why = 'Другое';
elseif ($type == 6) $why = 'Техническая проблема';
$sel_adm = mysql_query("SELECT `id` FROM `users` WHERE `level` = '5'");
while($send_adm = mysql_fetch_assoc($sel_adm)) {
$mes = '<b>Жалоба от ' . $user['user'] . ' на ' . user_inf($nick, 'user') . ':</b> ' . $msg . '. <b>В письмах было:</b> ' . $why;
mysql_query("INSERT INTO `letters` SET
`who` = '0',
`idwho` = '$send_adm[id]',
`message` = '$mes',
`data` = '" . time() . "',
`read` = '0',
`mod` = 'o'");
header('Location: mail.php?ok_comp');
}
}
echo $div_title . 'Жалоба на содержимое письма' . $div_end .
$div_razdel . 'Ложная информация может привести к блокировке ника.<br/>
Если вас постоянно достает один человек - пишет всякие гадости,<br/>
вы можете добавить его в черный список.
' . $div_end . '
<FORM method = "POST" action = "mail.php?do=complaint">
<label>Причина:</label><br/>
<select name = "type">
<option value="1">Реклама</option>
<option value="2">Мошеничество</option>
<option value="3">Нецензурная брань</option>
<option value="4">Сцены жестокости и насилия</option>
<option value="5">Другое</option>
<option value="6">Техническая проблема</option>
</select>
<br/>
<label>Опишите жалобу</label>:<br/>
<textarea name = "msg" cols = "50" rows = "5" style = "width:99%"></textarea>
<br/>
<input type = "hidden" name = "nick" value = "' . $nick . '"/>
<input type = "submit" name = "send" value = "Отправить"/>
</FORM>';
break;
/*
* Архив сохраненных
*/
case archive:
// запись
if (isset($_GET['a'])) {
$a = my_int($_GET['a']);
$pr = mysql_query("SELECT `id` FROM `letters` WHERE `id` = '$a' AND `idwho` = '$user[id]' AND `who` != '0' AND `mod` = 'i' AND `save` = '0' LIMIT 1");
if (mysql_num_rows($pr) == FALSE) {
err('Сообщение не найдено!');
} else {
mysql_query("UPDATE `letters` SET `save` = '1' WHERE `id` = '$a' AND `mod` = 'i' AND `idwho` = '$user[id]' LIMIT 1");
header('Location: mail.php?do=archive');
}
}
// удаление
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$em = mysql_query("SELECT `id` FROM `letters` WHERE `id` = '$x' AND `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1' LIMIT 1");
if (mysql_num_rows($em) == FALSE) {
err('Сообщение не найдено!');
} else {
mysql_query("DELETE FROM `letters` WHERE `id` = '$x' AND `mod` = 'i' AND `save` = '1' AND `idwho` = '$user[id]' LIMIT 1");
header('Location: mail.php?do=archive');
}
}
// вывод
$all = mysql_result(mysql_query("SELECT COUNT(id) FROM `letters` WHERE `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1'"), 0);
if ($all != FALSE) {
$n = new navigator($all, $user['onp_privats'], '?do=archive&');
$read = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1' ORDER BY `data` DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($read)) {
$del = '[<a href="mail.php?do=archive&x='.$a['id'].'">Уд</a>]';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo cvetnik($a['who']) . '
<br/>
' . date('d.m.y H:i', $a['data']) . '
<br/>
' . smiles(bb_code($a['message'])) . '
<br/>
' . ($a['file'] != '' ? '» <a href="'.$a['file'].'">Файл <b>' . end(explode('.', $a['file'])) . '</b></a><br/>' : '') . '
' . $del . $div_end;
}
echo $n->navi();
} else {
echo 'Архив пуст.<br/>';
}
echo $div_menu . '<a href="mail.php?do=del_all_ar">Очистить архив</a>' . $div_end;
break;
/*
* Список контактов
*/
default:
echo $div_title . 'Диалоги' . $div_end;
echo '<div class="menu">
<a class="ssyl2" href="javascript:window.location.reload()">Обновить</a>
<a class="ssyl2" href="mail.php?do=send">Создать диалог</a></div>';
if (isset($_GET['clean_ok'])) msg('История очищена!');
if (isset($_GET['del_ok'])) msg('Сообщение удалено!');
if (isset($_GET['ok_comp'])) msg('Жалоба отправлена на рассмотрение!');
$_count = mysql_num_rows(mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0' GROUP BY `who`"));
if ($_count != FALSE) {
$n = new navigator($_count, 7, '?');
if (user_inf($_r['who'], 'onl') + 300 > time())
{
$online = ' <img src="/views/default/img/on.png" alt="on">';
}
else
{
$online = ' <img src="/views/default/img/off.png" alt="off">';
}
$_read = mysql_query("SELECT DISTINCT who, who AS w,
(SELECT COUNT(id) FROM `letters` WHERE `read` = '0' AND `save` = '0' AND `idwho` = '$user[id]' AND `who` = w) AS n,
(SELECT COUNT(id) FROM `letters` WHERE `read` = '1' AND `save` = '0' AND `idwho` = '$user[id]' AND `who` = w) AS a
FROM `letters` WHERE `idwho` = '$user[id]' AND `save` = '0' ORDER BY `id`, `data` DESC {$n->limit}");
while($_r = mysql_fetch_assoc($_read)) {
$readg = mysql_query("SELECT * FROM `letters` WHERE `idwho` = '$user[id]' AND `mod` = 'i' AND `save` = '1' ORDER BY `data` DESC LIMIT 1");
$msg_unread = ($_r['n'] != 0) ? '<img src="/ico/unread_msg.gif" alt=""/> ' : '<img src="/ico/msg.gif" alt=""/> ';
$adresat = (empty($_r['who'])) ? '<div class="menu"><table><tr><td valign="top" text-align="center"><img src="/views/default/img/sys.png" widht="35" height="35" alt="no ava"/></td><td><b>Система </b><img src="/views/default/img/off.png" alt="off">' : '<div class="menu"><td valign="top" text-align="center">'.uus($_r['who']).'<b>'.us($_r['who'], 'user').'</b>'.$online.'';
echo '<form method="post" action="mail.php?">';
$d = ' <a href="/user/mail.php?delete_from&who='.$_r['who'].'"><img src="/ico/delete.gif" alt="x"/></a>';
echo '' . $adresat . '</a><br>';
echo '<a href="/user/mail.php?do=view&adr='.$_r['who'].'"><div id="message_box">' . $msg_unread . ' Диалоги</a></div>
</td>
</tr>
</table>
</div>';
######
}
######
echo $n->navi();
} else {
echo 'Почта пуста!<br/>';
}
if (isset($_POST['submitForm']))
{
if (empty($_POST['block'])) {
header('Location: mail.php?');
die();
}
if ($_POST['d'] == 1) {
foreach($_POST['block'] as $value) {
mysql_query("DELETE FROM `letters` WHERE `who` = '$value' AND `save` = '0' AND `idwho` = '$user[id]'");
header('Location: mail.php?');
}
}
if ($_POST['d'] == 2) {
foreach($_POST['block'] as $value) {
mysql_query("UPDATE `letters` SET `save` = '1' WHERE `who` = '$value' AND `idwho` = '$user[id]'");
header('Location: mail.php?');
}
}
}
if (isset($_GET['delete_from'])) {
$who = my_int($_GET['who']);
mysql_query("DELETE FROM `letters` WHERE `who` = '$who' AND `save` = '0' AND `idwho` = '$user[id]'");
header('Location: mail.php?');
}
echo $div_menu . '
</div><div class="menu"><a class="ssyl2" href="mail.php?do=del_all">Очистить историю</a></div>
<div class="menu"><a class="ssyl2" href="black.php?">Чёрный список</a></div>';
break;
}
echo '</div>';
include '../system/foot.php';
?>