Просмотр файла mail.php

Размер файла: 2.55Kb 
<?php
include 'inc/db.php';
if (!$user)header("Location: /aut.php");
$time=time();
function hc($in){
return htmlspecialchars($in);
}
function me($in){
return mysql_escape_string($in);
}
if (!$_GET['p'])$_GET['p']=1;
$page=intval($_GET['p']);
$start=($page*15-15);
$id=intval($_GET['id']);
$ank11=gus($id);
mysql_query("UPDATE `mail` SET `read` = '1' WHERE `to` = '$user[id]' AND `from` = '$id'");
if ((mysql_num_rows(mysql_query("SELECT `id` FROM `user` WHERE `id` = '$id'"))==0) && ($id!=0)){
header("Location: /index.php");
exit;
}
if ($id==$user['id']){
header("Location: /index.php");
exit;
}
include 'inc/1.php';
$hier=str_replace("{name}", $user['name'], str_replace("{names}", $user['aname'], $ank11['hier']));
if ($ank11['hier'])msg("<center>".out($hier)."</center>");
if ($_POST['msg']){
$msg=me($_POST['msg']);
mysql_query("INSERT INTO `mail` (`from`, `to`, `msg`, `time`) values ('$user[id]', '$id', '$msg', '".time()."')");
$reply=str_replace("{name}", $ank11['name'], str_replace("{names}", $ank11['aname'], $ank11['reply']));
if (($ank11['reply_on']==1) && ((time()-$ank11['click'])>600))mysql_query("INSERT INTO `mail` (`from`, `to`, `msg`, `time`) values ('$id', '$user[id]', '$reply', '".time()."')");
echo "<div class='msg'>Отправлено</div>";
}
$q=mysql_query("SELECT * FROM `mail` WHERE (`to` = '$user[id]' AND `from` = '$id') OR (`to` = '$id' AND `from` = '$user[id]') ORDER BY `time` DESC LIMIT $start, 15");
echo "<div class='input'><form action='?id=$id&' method='POST'>Сообщение:<br><textarea name='msg'></textarea><br><input type='submit' name='OK' value='Отправить'></form></div>";
$a=1;
while ($f=mysql_fetch_assoc($q)){
$ank=gus($f['from']);
$ololo=out($f['msg']);
if ($f['read']==0)echo "<div class='p".($a%2)."'>".im($ank['id'])." <a href='ank.php?id=$ank[id]'>".hc($ank['name'])."</a>".on($ank['id'])." <font color='red'><b>[!]</b></font> (".vremja($f['time']).")<br>$ololo</div>";
else
echo "<div class='p".($a%2)."'>".im($ank['id'])." <a href='ank.php?id=$ank[id]'>".hc($ank['name'])."</a>".on($ank['id'])." (".vremja($f['time']).")<br>$ololo</div>";
$a++;
}
$q1=(mysql_num_rows(mysql_query("SELECT `to`, `from` FROM `mail` WHERE (`to` = '$user[id]' AND `from` = '$id') OR (`to` = '$id' AND `from` = '$user[id]')"))/15);
$q2=round(mysql_num_rows(mysql_query("SELECT `to`, `from` FROM `mail` WHERE (`to` = '$user[id]' AND `from` = '$id') OR (`to` = '$id' AND `from` = '$user[id]')"))/15);
if ($q1>$q2)$pages=($q2+1);
else
$pages=$q2;
pages($pages, $page, "?id=$id&p");
include_once 'inc/foot.php';
?>