View file shcms/mails.php

File size: 16.22Kb
<?
/*
=============================================
Движок: SHCMS Engine
=============================================
Название файла: Почта
=============================================
Official website: http://shcms.ru
=============================================
*/
define('SHCMS', true);
include_once'../system/inc/basic_settings.php';
$shcmsengine['title'] = 'Почта пользователя '.$login.'';

include_once'../template/head.php';

registrat();

if ($user_id) {
    $msg = shcms_sh_shcms(trim($_POST['msg']));
    if ($_POST['msgtrans'] == 1) {
        $msg = trans($msg);
    }
    $foruser = shcms_sh_shcms(trim($_POST['foruser']));
    $tem = shcms_sh_shcms(trim($_POST['tem']));
    $idm = intval($_POST['idm']);
    $act = isset ($_GET['act']) ? $_GET['act'] : '';
	
	if(!$_GET['act'])
	{header('Refresh: 1; url=?act=inbox&' . $conservation . '&' );}
    switch ($act) {case 'send' :
$ign = mysql_query("select * from `mail` where me='" . $foruser . "' and ignor='" . $login . "';");
$ign1 = mysql_num_rows($ign);
            if ($ign1 != 0) {echo "Вы не можете отправить сообщение для пользователя $foruser ,поскольку находитесь в его бане!!!<br/>";exit;}
			
			
            if (!empty ($foruser) and !empty ($msg)) { $m = mysql_query("select * from `users` where login='" . $foruser . "';");$count = mysql_num_rows($m);
                if ($count == 1) {$messag = mysql_query("select * from `users` where login='" . $foruser . "';");$us = mysql_fetch_array($messag);$adres = $us['id'];
                    mysql_query("insert into `mail` values(0,'" . $foruser . "','" . $msg . "','" . $time_date . "','" . $login . "','in','no','" . $tem . "','0','','','','" . mysql_real_escape_string($fname) . "');");
                    mysql_query("insert into `mail` values(0,'" . $foruser . "','" . $msg . "','" . $time_date . "','" . $login . "','out','no','" . $tem . "','0','','','','" . mysql_real_escape_string($fname) . "');");
                    if (!empty ($idm)) {mysql_query("update `mail` set otvet='1' where id='" . $idm . "';"); }
                    mysql_query("UPDATE `users` SET `lastpost` = '" . $time_date . "' WHERE `id` = '" . $user_id . "'");
                    echo "<p class='posts'>Ваше сообщение было успешно отправлено</p>";
                    if (!empty ($_SESSION['refpr'])) {echo "<a href='" . $_SESSION['refpr'] . "'>Вернуться откуда пришли</a><br/>";} $_SESSION['refpr'] = "";}
                else {echo "Вы собираетесь отправить сообщение для несуществующего пользователя<br/>";}}
				else {echo "Вы не ввели текст<br/>";}
            break;
        case 'message_wri' :
            include_once'../template/head.php';
			if(!$_GET['mail_id']){echo '<div class="errors">Вы неправильно зашли</div>';header('Refresh: 1; url=?act=inbox&' . $conservation . '&' );exit();}
if (!empty ($_GET['mail_id'])) {$messages = mysql_query("select * from `users` where id='" . intval($_GET['mail_id']) . "';");$user = mysql_fetch_array($messages);
                $posl_use = $user['login'];
                $ign = mysql_query("select * from `mail` where me='" . $posl_use . "' and ignor='" . $login . "';");
                $ign1 = mysql_num_rows($ign);
                if ($ign1 != 0) {echo "Вы не можете отправить письмо для $posl_use ,поскольку находитесь в его игнор-листе!!!<br/>"; header('Refresh: 1; url=?act=inbox&' . $conservation . '&' ); exit();}}
          if (!empty ($_GET['id'])) {$id = intval($_GET['id']);$messages2 = mysql_query("SELECT * FROM `mail` WHERE id='" . $id . "';");$tm = mysql_fetch_array($messages2);}
            echo "<div class='tit_str'><center>Переписка с пользователем: ".$posl_use."</center></div><hr/>";
            echo "<form action='mails.php?act=send' method='post' enctype='multipart/form-data' name='form'>";
            if (!empty ($_GET['mail_id'])) { echo "<br/><input type='hidden'  value='" . $posl_use . "'name='foruser'/>";}
			else{echo "<br/>Логин:<input type='text'  value='" . $posl_use . "'name='foruser'/>";}
			echo "<br/> Cообщение:<br/><textarea rows='5' name='msg'></textarea><br/><hr/>";
            echo "<input type='hidden' name='idm' value='" . $id . "'/><input type='submit' value='Написать сообщение' /></form>";
			include_once'../template/foot.php';
            break;
			/*
			------------------------------
			Удаляем выбранные сообщения
			-------------------------------
			*/
        case 'selected_selected' :
            include_once'../template/head.php';
            if (isset ($_GET['yes'])) {$dc = $_SESSION['dc'];$prd = $_SESSION['prd'];
                foreach ($dc as $delid) { mysql_query("DELETE FROM `mail` WHERE (`user` = '$login' OR `author` = '$login') AND `id`='" . intval($delid) . "'");}
                echo "<div class='posts_mail_no'>Выбранные вами сообщении были удалены успешно</div><div class='posts'><a href='" . $prd . "'>Назад</a></div>";header('Refresh: 1; url=?act=inbox&' . $conservation . '&' );}
            else {if (empty ($_POST['selected_selected'])) {echo "Вы не выбрали писем для удаления<br/><a href='mails.php?act=inbox'>Назад</a><br/>";header('Refresh: 1; url=?act=inbox&' . $conservation . '&' );  exit;}
                foreach ($_POST['selected_selected'] as $v) {$dc[] = intval($v);}
                $_SESSION['dc'] = $dc;
                $_SESSION['prd'] = htmlspecialchars(getenv("HTTP_REFERER"));
                echo "<div class='posts_mail_no'><center>Вы точно хотите удалить выбранные сообщения</center><center><a href='mails.php?act=selected_selected&amp;yes'>Да удалить</a> | <a href='" . htmlspecialchars(getenv("HTTP_REFERER")) . "'>Нет оставить</a></div></div>";}
include_once'../template/foot.php';           
		   break;
			/*
			----------------------------
			Все входящие сообщения
			-----------------------------
			*/
        case 'inbox' :
            include_once'../template/head.php';
            if (isset ($_GET['new'])) {$_SESSION['refpr'] = htmlspecialchars(getenv("HTTP_REFERER"));
			$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `user` = '$login' AND `type` = 'in' AND `chit` = 'no'"), 0);
			$mysqlsi = mysql_query("SELECT * FROM `mail` WHERE `user` = '$login' AND `type` = 'in' AND `chit` = 'no' ORDER BY `id` ");
				 echo '<div class="tit_str"><center>Ваши новые входящие собщения</center></div><hr/>';}
            else {$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `user` = '$login' AND `type` = 'in'"), 0);
                $mysqlsi = mysql_query("SELECT * FROM `mail` WHERE `user` = '$login' AND `type` = 'in' ORDER BY `id` DESC ");
                echo '<div class="tit_str"><center>Все входящие сообщения</center></div><hr/>';
            }echo '<form action="mails.php?act=selected_selected" method="post">';
            while ($mysqls = mysql_fetch_assoc($mysqlsi)) {if ($mysqls['chit'] == "no") {echo '<div class="posts_mail_no">'; echo '<span style="float:right;">не прочитано</span>';}
                else {echo '<div class="posts_mail_yes">';echo '<span style="float:right;">прочитано</span>';}
                echo '<input type="checkbox" name="selected_selected[]" value="' . $mysqls['id'] . '"/><a href="mails.php?id=' . $mysqls['id'] . '&amp;act=messages_read">' . $mysqls['author'] . '</a>';
                $vrp = $mysqls['time'] + $set_user['sdvig'] * 3600;echo '</div>'; }
            if ($total > 0) {echo '<input type="submit" value="Удалить выбранные"/>';}
            echo '</form>';
			echo '<form method="post" action="mails.php?mail_id='.$user_id.'&act=inbox&de=delet"><input type="submit" value="Другой способ"/></form>';
            if ($total > $kmess) {echo '<p class="link_reg">' . nav_c('mails.php?act=inbox&amp;', $start, $total, $kmess) . '</p>';}
			if($_GET['de'] =='delet')
			{if ($total > 0) {echo "<div class='posts'><a href='mails.php?act=remove_read'>Удалить прочитанные</a></div>";
			echo "<div class='posts'><a href='mails.php?act=remove_incoming'>Удалить все входящие</a></div>";}}
         include_once'../template/foot.php';
		 break;
/*
------------------------------------
Удаляем прочитанные вами сообщения
-------------------------------------
*/
        case 'remove_read' :
            include_once'../template/head.php';
            $mess1 = mysql_query("SELECT * FROM `mail` where user='" . $login . "' and type='in' and chit='yes';");
            while ($mas1 = mysql_fetch_array($mess1)) {
                $delid = $mas1['id'];
                $delfile = $mas1['attach'];
                if (!empty ($delfile)) {if (file_exists("../pratt/$delfile")) {unlink("../pratt/$delfile");}}mysql_query("delete from `mail` where `id`='" . intval($delid) . "';");}
            echo "Все ваши прочитанные сообщения были удалены.<br/>";
include_once'../template/foot.php';           
		   break;
/*
---------------------------
Удалить Входящие сообщения
---------------------------
*/
        case 'remove_incoming' :
            include_once'../template/head.php';
            $mess1 = mysql_query("select * from `mail` where user='$login' and type='in'");
            while ($mas1 = mysql_fetch_array($mess1)) {$delfile = $mas1['attach'];
                if (!empty ($delfile)) {if (file_exists("../pratt/$delfile")) {unlink("../pratt/$delfile");}}}mysql_query("DELETE FROM `mail` WHERE `user` = '$login' AND `type` = 'in'");
            echo "Все входящие сообщение удалены.<br/>";
            include_once'../template/foot.php';
			break;
/*
---------------------------
Читаем Входящие сообщения
---------------------------
*/
        case 'messages_read' :
            include_once'../template/head.php';
            $id = intval($_GET['id']);
			if(!$id){echo 'Вы не можете зайти';exit();}
            $messages1 = mysql_query("select * from `mail` where user='" . $login . "' and type='in' and id='" . $id . "';");
            $massiv1 = mysql_fetch_array($messages1);
            if ($massiv1['chit'] == "no") {mysql_query("update `mail` set `chit`='yes' where `id`='" . $massiv1['id'] . "';");}
            $newl = mysql_query("select * from `mail` where user = '" . $login . "' and type = 'in' and chit = 'no';");
            $countnew = mysql_num_rows($newl);
            $mass = mysql_fetch_array(@ mysql_query("select * from `users` where `login`='" . $massiv1['author'] . "';"));
            $text = $massiv1['text'];
            $text = handling_smileys($text);
            $vrp = $massiv1['time'] + $set_user['sdvig'] * 3600;
            echo "<div class='posts'><a href='change_view.php?id=" . $mass['id'] . "'>$massiv1[author]</a> (".date("d.m.y H:i", $vrp).")<hr/>$text</div>";
            echo "<p class='posts'><a href='mails.php?act=message_wri&amp;mail_id=" . $mass['id'] . "&amp;id=" . $massiv1['id'] . "'>Ответить</a></p><p  class='posts'><a href='mails.php?act=delmess&amp;del=" . $massiv1['id'] . "'>Удалить</a></p>";
            $mas2 = mysql_fetch_array(@ mysql_query("select * from `mail` where `time`='$massiv1[time]' and author='$massiv1[author]' and type='out';"));
            if ($mas2['chit'] == "no") {mysql_query("update `mail` set `chit`='yes' where `id`='" . $mas2['id'] . "';");}
            if ($massiv1['chit'] == "no") {mysql_query("update `mail` set `chit`='yes' where `id`='" . $massiv1['id'] . "';");}
			include_once'../template/foot.php';
            break;
/*
---------------------------
Удалить Отдельно сообщения
---------------------------
*/
        case 'delmess' :
            include_once ('../template/head.php');
            $mess1 = mysql_query("SELECT * FROM `mail` WHERE `user` = '$login' AND `id` = '" . intval($_GET['del']) . "' LIMIT 1");
            $mas1 = mysql_fetch_array($mess1);
            $delfile = $mas1['attach'];
            if (!empty ($delfile)) {if (file_exists("../pratt/$delfile")) {unlink("../pratt/$delfile");} }
				mysql_query("DELETE FROM `mail` WHERE (`user` = '$login' OR `author` = '$login') AND `id` = '" . intval($_GET['del']) . "' LIMIT 1");
            echo 'Сообщение удалено!<br/>';
       	include_once'../template/foot.php';
            break;
/*
---------------------------
Удалить Отправленные сообщения
---------------------------
*/
        case 'delout' :
            include_once'../template/head.php';
            $mess1 = mysql_query("select * from `mail` where author='$login' and type='out';");
            while ($mas1 = mysql_fetch_array($mess1)) {$delid = $mas1['id'];mysql_query("delete from `mail` where `id`='" . intval($delid) . "';");}
            echo "Все исходящие сообщения были удалены<br/>";
         	include_once'../template/foot.php';
            break;
/*
---------------------------
Список отправленных сообщений
---------------------------
*/
        case 'out' :
            include_once'../template/head.php';
            $total = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `author` = '$login' AND `type` = 'out'"), 0);
            $mysqlsi = mysql_query("SELECT * FROM `mail` WHERE `author` = '$login' AND `type` = 'out' ORDER BY `id` ");
            echo '<div class="tit_str"><center>Сообщение которые вы отправили</center></div><hr/>';
            echo "<form action='mails.php?act=selected_selected' method='post'>";
            while ($mysqls = mysql_fetch_assoc($mysqlsi)) {
                if ($mysqls['chit'] == "no") {
                    echo '<div class="posts_mail_no">';
					echo '<span style="float:right;">не прочитано</span>';
                }
                else {
                    echo '<div class="posts_mail_yes">';
					echo '<span style="float:right;">прочитано</span>';
                }
                echo '<input type="checkbox" name="selected_selected[]" value="' . $mysqls['id'] . '"/>Для: <a href="mails.php?id=' . $mysqls['id'] . '&amp;act=readout">' . $mysqls['user'] . '</a>';
                $vrp = $mysqls['time'] + $set_user['sdvig'] * 3600;
          
          
                echo '</div>';
                ++$i;
            }
            if ($total > 0) {
                echo '<input type="submit" value="Удалить выбранные"/>';
            }
            echo '</form>';
        
            if ($total > $kmess) {
                echo '<p class="link_reg">' . nav_c('mails.php?act=out&amp;', $start, $total, $kmess) . '</p>';
            }
			
     
            	include_once'../template/foot.php';
            break;
/*
---------------------------
Все Исходящие сообщения
---------------------------
*/
        case 'readout' :
            include_once'../template/head.php';
            $messages1 = mysql_query("select * from `mail` where author='" . $login . "' and type='out' and id='" . $id . "';");
            $massiv1 = mysql_fetch_array($messages1);
            $mass = mysql_fetch_array(@ mysql_query("select * from `users` where `login`='$massiv1[user]';"));
            $text = $massiv1['text'];
            $text = handling_smileys($text);
            $vrp = $massiv1['time'] + $set_user['sdvig'] * 3600;
            echo "<div class='posts'><a href='change_view.php?id=" . $mass['id'] . "'>$massiv1[user]</a> (" . date("d.m.y H:i", $vrp) . ")<hr />$text</div>";
            echo "<p class='posts'><a href='mails.php?act=delmess&amp;del=" . $massiv1['id'] . "'>Удалить</a></p>";
           	include_once'../template/foot.php';
            break;
    }

}

	include_once'../template/foot.php';

?>