<?php
// by Mike O. (mides), coolcms.org
$title = 'Личный кабинет';
require_once '../includes/sys.php';
require_once '../includes/auth_u.php';
require_once '../includes/header.php';
switch ($act) {
default:
if (!empty($u['name'])) {
tp('<a href="profile.php?id='.$u['id'].'"><b>'.username($u['id'], 2).'</b></a> ('.$u['name'].')');
} else {
tp('<a href="profile.php?id='.$u['id'].'"><b>'.username($u['id'], 2).'</b></a> - Личный кабинет');
}
$pm_conv = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = '$u[id]'"), 0);
$pm_new = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_user` = '$u[id]' and `read` = 0"), 0);
echo '<div class="row"><a href="?act=edit"><img src="../images/editprofile.png"> Изменить профиль</a></div>
<div class="row"><a href="?act=pm"><img src="../images/pm.png"> Приват ('.$pm_conv.' разгов.)';
if ($pm_new > 0) {
echo '<br />Новых сообщений: '.$pm_new;
}
echo '</a></div>
<div class="row"><a href="?act=send"><img src="../images/pm_new.png"> '.$lang['send_a_pm'].'</a></div>
<div class="row"><a href="?act=my_friends"><img src="../images/friends.png"> '.$lang['my_friends'].'</a></div>
<div class="row"><a href="?act=blacklist"><img src="../images/blacklist.png"> '.$lang['blacklist'].'</a></div>
<div class="row"><a href="?act=set"><img src="../images/settings.png"> '.$lang['settings'].'</a></div>
<div class="row"><a href="?act=pass"><img src="../images/password.png"> '.$lang['email_n_pass'].'</a></div>
<div class="row"><a href="?act=signout"><img src="../images/exit.gif"> '.$lang['signout'].'</a></div>';
break;
case 'blacklist':
tp('<a href="?">ЛК</a>» Черный список');
echo '<div class="body">';
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `blacklist` WHERE `blacklisted_by` = '$u[id]'"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$blacklist_r = mysql_query("SELECT * FROM `blacklist` WHERE `blacklisted_by` = '$u[id]' ORDER BY `id` DESC LIMIT $begin, $config[onpage]");
while ($blacklist = mysql_fetch_assoc($blacklist_r)) {
echo '<a href="profile.php?id='.$blacklist['id_user'].'">'.username($blacklist['id_user'], 2).'</a> (<a href="?act=blacklist&del='.$blacklist['id'].'">DEL</a>)<br />';
}
navig($page, '?act=blacklist&', $pages);
if (isset($_GET['del'])) {
$id_blacklisted = abs(intval($_GET['del']));
$blacklisted_r = mysql_query("SELECT `id` FROM `blacklist` WHERE `id` = '$id_blacklisted' and `blacklisted_by` = '$u[id]'");
if (mysql_num_rows($blacklisted_r)) {
mysql_query("DELETE FROM `blacklist` WHERE `id` = '$id_blacklisted'");
}
redirect('?act=blacklist');
}
} else {
echo 'Черный список пуст<br />';
}
echo '<br /><a href="?">ЛК</a>» Черный список
</div>';
break;
case 'edit':
if ($ok) {
$icq = abs(intval($_POST['icq']));
$skype = check($_POST['skype']);
$name = check($_POST['name']);
$gender = abs(intval($_POST['gender']));
$from = check($_POST['from']);
$birthday = check($_POST['birthday']);
$site = check($_POST['site']);
$about = check($_POST['about']);
mysql_query("UPDATE `users` SET `icq` = '$icq', `skype` = '$skype', `name` = '$name', `gender` = '$gender', `from` = '$from', `birthday` = '$birthday', `site` = '$site', `about` = '$about' WHERE `id` = '$u[id]'");
$_SESSION['note'] = $lang['all_changes_saved'];
redirect('?act=edit');
} else {
tp('<a href="?">ЛК</a>» Изменить профиль');
echo '<div class="body">';
note();
echo '<a href="info.php?act=avatars">';
if ($u['avatar']) {
$avatar = mysql_fetch_assoc(mysql_query("SELECT * FROM `avatars` WHERE `id` = '$u[avatar]'"));
if (file_exists('../'.$avatar['path'])) {
echo '<img src="../'.$avatar['path'].'" />';
} else {
mysql_query("UPDATE `users` SET `avatar` = 0 WHERE `id` = '$u[id]'");
echo '<img src="../images/avatars/noavatar.gif" />';
}
} else {
echo '<img src="../images/avatars/noavatar.gif" />';
}
echo ' ред.</a><br />';
echo '<form name="form" action="?act=edit&ok=1" method="post">
ICQ(max9):<br /><input name="icq" type="text" maxlength="9" value="'.$u['icq'].'" /><br />
Skype(max32):<br /><input name="skype" type="text" maxlength="32" value="'.$u['skype'].'" /><br />
'.$lang['name'].'(max20):<br /><input name="name" type="text" maxlength="20" value="'.$u['name'].'" /><br />
'.$lang['gender'].': ';
switch ($u['gender']) {
case '1': echo $lang['male_s'].'<input name="gender" type="radio" value="1" checked /> <input name="gender" type="radio" value="2" />'.$lang['female_s']; break;
case '2': echo $lang['male_s'].'<input name="gender" type="radio" value="1" /> <input name="gender" type="radio" value="2" checked />'.$lang['female_s']; break;
default: echo $lang['male_s'].'<input name="gender" type="radio" value="1" /> <input name="gender" type="radio" value="2" />'.$lang['female_s']; break;
}
echo '<br />
'.$lang['from'].'(max25):<br /><input name="from" type="text" maxlength="25" value="'.$u['from'].'" /><br />
'.$lang['birthday'].' (дд.мм.гггг):<br /><input name="birthday" type="text" maxlength="25" value="'.$u['birthday'].'" /><br />
Wap-site(<del>http://</del>, max20):<br /><input name="site" type="text" maxlength="20" value="'.$u['site'].'" /><br />
'.$lang['about_myself'].'(max250):<br /> '.bbpanel('form', 'about').'<textarea name="about" cols="" rows="3">'.$u['about'].'</textarea>
<input name="submit" type="submit" value="Ok" /></form><br /><a href="?">ЛК</a>» Изменить профиль</div>';
}
break;
case 'email':
if ($_POST['email'] and $_POST['currentpass']) {
$email = check($_POST['email']);
if (preg_match('/[0-9a-z_\-]+@[0-9a-z_\-^\.]+\.[a-z]{2,6}/i', $email)) {
$currentpass = md5(md5(check($_POST['currentpass'])));
if ($currentpass == $u['pass']) {
mysql_query("UPDATE `users` SET `email` = '$email' WHERE `id` = '$u[id]'");
$_SESSION['note'] = $lang['all_changes_saved'];
} else {
$_SESSION['note'] = $lang['passwords_is_incorrect'];
}
} else {
$_SESSION['note'] = $lang['your_email_is_incorrect'];
}
} else {
$_SESSION['note'] = $lang['the_fields_cant_be_blank'];
}
redirect('?act=pass');
break;
case 'karma':
if ($u['karma'] > 0) {
if ($ok) {
$_SESSION['username'] = $_POST['username'];
$_SESSION['karma'] = $_POST['karma'];
if (!empty($_POST['username']) and !empty($_POST['karma'])) {
if (abs(intval($_POST['karma']))) {
$username = check($_POST['username']);
$karma = abs(intval($_POST['karma']));
$whom = id($username);
if ($whom > 0) {
if ($whom != $u['id']) {
if ($u['karma'] >= $karma) {
mysql_query("UPDATE `users` SET `karma` = (`karma`-$karma) WHERE `id` = '$u[id]'");
mysql_query("UPDATE `users` SET `karma` = (`karma`+$karma) WHERE `id` = '$whom'");
$pm_r = mysql_query("SELECT `id` FROM `pm` WHERE (`id_user` = '$whom' and `id_sender` = '$u[id]') OR (`id_user` = '$u[id]' and `id_sender` = '$whom')");
$pm = mysql_fetch_assoc($pm_r);
if ($pm['id']) {
$id_pm = $pm['id'];
mysql_query("UPDATE `pm` SET `time` = '".TIME."' WHERE `id` = '$id_pm'");
} else {
mysql_query("INSERT INTO `pm` SET `id_user` = '$whom', `id_sender` = '$u[id]', `time` = '".TIME."'");
$id_pm = mysql_insert_id();
}
$text = str_replace('%karma%', $karma, $lang['i_just_sent_you_some_karma']);
mysql_query("INSERT INTO `pm_msg` SET `id_pm` = '$id_pm', `id_user` = '$whom', `id_sender` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
$_SESSION['note'] = 'Передано';
redirect('profile.php?id='.$whom);
} else {
$_SESSION['note'] = $lang['insufficient_karma'];
}
} else {
$_SESSION['note'] = '<img src="../images/smiles/33.gif" alt=";/">';
}
} else {
$_SESSION['note'] = $lang['the_recipient_doesnt_exist'];
}
} else {
$_SESSION['note'] = $lang['above_zero_numbers_only'];
}
} else {
$_SESSION['note'] = $lang['the_fields_cant_be_blank'];
}
redirect('?act=karma');
} else {
tp('<a hef="?">ЛК</a>» Передать кармы');
echo '<div class="body">';
note();
echo '<form name="form" action="?act=karma&ok=1" method="post" name="form">
'.$lang['username'].'(max12)<br /><input name="username" type="text" value="'.$_GET['user'].'" maxlength="12" /><br />
Сколько?(max'.$u['karma'].')<br /><input name="karma" type="text" /><br />
<input name="submit" type="submit" value="Okay" />
</form>';
nav('?');
}
} else {
redirect('?');
}
break;
case 'my_friends':
tp('<a href="?">ЛК</a>» Мои друзья');
echo '<div class="body">';
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `my_friends` WHERE `is_friend_of` = '$u[id]'"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$friend_r = mysql_query("SELECT * FROM `my_friends` WHERE `is_friend_of` = '$u[id]' ORDER BY `id` DESC LIMIT $begin, $config[onpage]");
while ($friend = mysql_fetch_assoc($friend_r)) {
echo '<a href="profile.php?id='.$friend['id_user'].'">'.username($friend['id_user'], 2).'</a> (<a href="?act=send&id='.$friend['id_user'].'">'.$lang['pm'].'</a>, <a href="?act=my_friends&del='.$friend['id'].'">уд</a>)<br />';
}
navig($page, '?act=my_friend&', $pages);
if (isset($_GET['del'])) {
$id_friend = abs(intval($_GET['del']));
$friend_r = mysql_query("SELECT `id` FROM `my_friends` WHERE `id` = '$id_friend' and `is_friend_of` = '$u[id]'");
if (mysql_num_rows($friend_r)) {
mysql_query("DELETE FROM `my_friends` WHERE `id` = '$id_friend'");
}
redirect('?act=my_friends');
}
} else {
echo 'Тут еще никого нет<br />';
}
echo '<br /><a href="?">ЛК</a>» Мои друзья
</div>';
break;
case 'pass':
if ($ok) {
if ($_POST['newpass'] and $_POST['newpass_confirm'] and $_POST['oldpass']) {
$newpass = check($_POST['newpass']);
$newpass_confirm = check($_POST['newpass_confirm']);
$oldpass = md5(md5(check($_POST['oldpass'])));
if ($oldpass == $u['password']) {
if ($newpass == $newpass_confirm) {
mysql_query("UPDATE `users` SET `password` = '".md5(md5($newpass))."' WHERE `id` = '$u[id]'");
$_SESSION['note2'] = $lang['all_changes_saved'];
} else {
$_SESSION['note2'] = $lang['passwords_dont_match'];
}
} else {
$_SESSION['note2'] = $lang['old_pass_incorrect'];
}
} else {
$_SESSION['note2'] = $lang['the_fields_cant_be_blank'];
}
redirect('?act=pass');
} else {
tp('<a href="?">ЛК</a>» '.$lang['email_n_pass']);
note();
echo '<div class="body">';
echo '<i>'.$lang['changing_email'].'</i>:<form name="form" action="?act=email&ok=1" method="post">
E-mail(max50):<br /><input name="email" type="text" maxlength="50" value="'.$u['email'].'" /><br />
'.$lang['current_pass'].':<br /><input name="currentpass" type="password" maxlength="20" /><br />
<input name="submit" type="submit" value="Ok" />
</form>';
echo '<hr />';
if (isset($_SESSION['note2'])) {
echo '<b>'.$_SESSION['note2'].'</b><br />';
unset($_SESSION['note2']);
}
echo '<i>'.$lang['changing_pass'].'</i>:<form name="form" action="?act=pass&ok=1" method="post">
'.$lang['new_password'].' (max20):<br /><input name="newpass" type="password" maxlength="20" /><br />
'.$lang['retype_new_pass'].':<br /><input name="newpass_confirm" type="password" maxlength="20" /><br />
'.$lang['old_pass'].':<br /><input name="oldpass" type="password" maxlength="20" /><br />
<input name="submit" type="submit" value="Ok" /></form><br />
<a href="?">ЛК</a>» Email & пароль
</div>';
}
break;
case 'pm':
$pm_conv = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = '$u[id]'"), 0);
tp('<a href="?">ЛК</a>» Приват ('.$pm_conv.' разгов.)');
note();
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = $u[id]"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$pm_r = mysql_query("SELECT * FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = $u[id] ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($pm = mysql_fetch_assoc($pm_r)) {
$pm_msg = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_pm` = '$pm[id]'"), 0);
$pm['id_sender'] == $u['id'] ? $id_partner = $pm['id_user'] : $id_partner = $pm['id_sender'];
echo '<div class="row"><a href="?act=pm_view&id='.$pm['id'].'">'.username($id_partner, 2).' ('.$pm_msg.')</a></div>';
}
} else {
echo $lang['nothing_yet'].'<br />';
}
echo '<div class="body">';
navig($page, '?act=pm&', $pages);
echo '<a href="?">ЛК</a>» Приват</div>';
break;
case 'pm_view':
$pm_r = mysql_query("SELECT * FROM `pm` WHERE `id` = '$id'");
$pm = mysql_fetch_assoc($pm_r);
if ($pm['id'] and ($u['id'] == $pm['id_user'] OR $u['id'] == $pm['id_sender'] OR access(3)) ) {
if ($pm['id_sender'] == $u['id']) {
$id_user = $pm['id_user'];
} else {
$id_user = $pm['id_sender'];
}
$pm_unread_r = mysql_query("SELECT `id` FROM `pm_msg` WHERE `id_pm` = '$id' and `id_user` = '$u[id]' and `read` = 0 ORDER BY `time`");
while ($pm_id = mysql_fetch_assoc($pm_unread_r)) {
mysql_query("UPDATE `pm_msg` SET `read` = 1 WHERE `id` = '$pm_id[id]'");
}
echo '<div class="title"><a href="?act=pm">←</a> Разговор с <a href="profile.php?id='.$id_user.'">'.username($id_user, 2).'</a> <a href="?act=pm_view&id='.$id.'"><img src="../images/pm_upd.png"></a> <a href="?act=pm_empty&id='.$id.'"><img src="../images/pm_clean.png"></a> <a href="?act=pm_del&id='.$id.'"><img src="../images/pm_del.png"></a></div>
<div class="body">'.bbpanel('form', 'text').'
<form name="form" action="?act=send&id='.$id_user.'&ok=1" method="post">
<input name="username" type="hidden" value="'.username($id_user, 0).'" />
<textarea name="text" cols="" rows="3"></textarea>';
echo '<input name="" type="submit" value="Ok">
</form>';
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_pm` = '$pm[id]'"), 0);
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
navig($page, '?act=pm_view&id='.$id.'&', $pages);
$msg_r = mysql_query("SELECT * FROM `pm_msg` WHERE `id_pm` = '$pm[id]' ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($msg = mysql_fetch_assoc($msg_r)) {
if (!isset($num) ) $num = 1;
$num++;
$row_class = (!($num % 2)) ? 'row1' : 'row2';
//echo '<div class="'.$row_class.'">';
$unread = '';
if ($msg['read'] == 0) {
$unread = '<b>'.$lang['unread'].'</b>';
}
if ($msg['id_sender'] != $u['id']) {
echo '<a href="profile.php?id='.$msg['id_sender'].'">'.username($msg['id_sender'], 2).'</a>';
} else {
echo username($msg['id_sender'], 2);
}
echo ' '.ccdate($msg['time'], $msg['id_sender']).' '.$unread.'<br />'.bb($msg['text']).'<hr>';
}
navig($page, '?act=pm_view&id='.$id.'&', $pages);
echo '<a href="?act=pm">PM</a>» разговор с <a href="profile.php?id='.$id_user.'">'.username($id_user, 2).'</a></div>';
} else {
redirect('?');
}
break;
case 'pm_empty':
$pm_r = mysql_query("SELECT * FROM `pm` WHERE `id` = '$id'");
$pm = mysql_fetch_assoc($pm_r);
if ($pm['id'] and ($u['id'] == $pm['id_user'] or $u['id'] == $pm['id_sender']) ) {
if ($ok) {
mysql_query("DELETE FROM `pm_msg` WHERE `id_pm` = '$id'");
redirect('?act=pm_view&id='.$id);
} else {
tp($lang['Confirm']);
echo '<form name="form" action="?act=pm_empty&id='.$id.'&ok=1" method="post">
<input name="" type="submit" value="Да, очистить">
</form>';
nav('?act=pm_view&id='.$id);
}
} else {
redirect('?');
}
break;
case 'pm_del':
$pm_r = mysql_query("SELECT * FROM `pm` WHERE `id` = '$id'");
$pm = mysql_fetch_assoc($pm_r);
if ($pm['id'] and ($u['id'] == $pm['id_user'] or $u['id'] == $pm['id_sender']) ) {
if ($ok) {
mysql_query("DELETE FROM `pm_msg` WHERE `id_pm` = '$id'");
mysql_query("DELETE FROM `pm` WHERE `id` = '$id'");
$_SESSION['note'] = 'Диалог удален';
redirect('?act=pm');
} else {
tp($lang['Confirm']);
echo '<form name="form" action="?act=pm_del&id='.$id.'&ok=1" method="post">
<input name="" type="submit" value="Да, удалить">
</form>';
nav('?act=pm_view&id='.$id);
}
} else {
redirect('?');
}
break;
case 'send':
if ($ok) {
$_SESSION['username'] = $_POST['username'];
$_SESSION['text'] = $_POST['text'];
$text = check($_POST['text']);
if ($_POST['username'] and $text) {
$id_user = id(check($_POST['username']));
if ($id_user > 0) {
if ($u['id'] != $id_user) {
$blacklist_r = mysql_query("SELECT `id` FROM `blacklist` WHERE `id_user` = '$u[id]' and `blacklisted_by` = '$id_user'");
if (!mysql_num_rows($blacklist_r) OR access(1) ) {
$pm_r = mysql_query("SELECT `id` FROM `pm` WHERE (`id_user` = '$id_user' and `id_sender` = '$u[id]') OR (`id_user` = '$u[id]' and `id_sender` = '$id_user')");
$pm = mysql_fetch_assoc($pm_r);
if ($pm['id']) {
$id_pm = $pm['id'];
mysql_query("UPDATE `pm` SET `time` = '".TIME."' WHERE `id` = '$id_pm'");
} else {
mysql_query("INSERT INTO `pm` SET `id_user` = '$id_user', `id_sender` = '$u[id]', `time` = '".TIME."'");
$id_pm = mysql_insert_id();
}
mysql_query("INSERT INTO `pm_msg` SET `id_pm` = '$id_pm', `id_user` = '$id_user', `id_sender` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
session_destroy();
redirect('?act=pm_view&id='.$id_pm);
} else {
$_SESSION['note'] = 'Вы в черном списке у адресата';
redirect('?act=send');
}
} else {
$_SESSION['note'] = $lang['you_cant_text_yourself'];
redirect('?act=send');
}
} else {
$_SESSION['note'] = $lang['the_recipient_doesnt_exist'];
redirect('?act=send');
}
} else {
$_SESSION['note'] = $lang['the_fields_cant_be_blank'];
redirect('?act=send');
}
} else {
$ses_username = !empty($_SESSION['username']) ? $_SESSION['username'] : '';
$ses_text = !empty($_SESSION['text']) ? $_SESSION['text'] : '';
$username = !empty($id) ? username($id, 0) : $ses_username;
tp('<a href="?">ЛК</a>» '.$lang['send_a_pm']);
echo '<div class="body">';
note();
echo '<form name="form" action="?act=send&ok=1" method="post" name="form">
'.$lang['username'].'(max12):<br /><input name="username" type="text" value="'.$username.'" maxlength="12" /><br />
'.$lang['message'].'(max250):<br /><textarea name="text" cols="" rows="4">'.$ses_text.'</textarea><br />
<input name="submit" type="submit" value="Ok" />
</form>
</div>';
}
break;
case 'set':
if ($ok) {
if ($_POST['onpage']) {
$style = check($_POST['style']);
$language = check($_POST['language']);
$onpage = abs(intval($_POST['onpage']));
mysql_query("UPDATE `users` SET `style` = '$style', `language` = '$language', `onpage` = '$onpage' WHERE `id` = '$u[id]'") or die(mysql_error());
$_SESSION['note'] = 'Сохранено';
redirect('?act=set');
} else {
$_SESSION['note'] = $lang['the_fields_cant_be_blank'];
redirect('?act=set');
}
} else {
tp('<a href="?">ЛК</a>» '.$lang['settings']);
echo '<div class="body">';
note();
echo '<form name="form" action="?act=set&ok=1" method="post">
'.$lang['default_style'].':<br /><select name="style">';
$styles = glob('../styles/*', GLOB_ONLYDIR);
foreach ($styles as $style) {
$selected = ($u['style'] == basename($style)) ? ' selected="selected"' : '';
echo '<option value="'.basename($style).'"'.$selected.'>'.basename($style).'</option>';
}
echo '</select><br />
'.$lang['default_lang'].':<br /><select name="language">';
$languages = glob('../language/*.php');
foreach ($languages as $language) {
$lang_rename = str_replace('.php', '', basename($language));
$selected = ($u['language'] == $lang_rename) ? ' selected="selected"' : '';
echo '<option value="'.$lang_rename.'"'.$selected.'>'.$lang_rename.'</option>';
}
echo '</select><br />
'.$lang['elements_per_page'].'(1-99):<br /><input name="onpage" type="text" maxlength="2" value="'.$u['onpage'].'" /><br />
<input name="submit" type="submit" value="Ok" />
</form><br />
<a href="?">ЛК</a>» Настройки';
echo '</div>';
}
break;
case 'signout':
mysql_query("DELETE FROM `online` WHERE `id_user` = '$u[id]'");
setcookie('cusername', '', TIME - 86400*31, '/', '');
setcookie('cpassword', '', TIME - 86400*31, '/', '');
redirect(HTTPHOME);
break;
}
require_once '../includes/tail.php';
?>