Просмотр файла game/mail.php

Размер файла: 12.71Kb
<?php

include'inc/conf.php';
session_start();
$sql = mysql_query("SELECT * FROM `users` WHERE `id` = '".$_SESSION['id']."' ");
$row = mysql_fetch_array($sql);

$pass = mysql_real_escape_string(htmlspecialchars(stripslashes($_SESSION['pass'])));
$id = mysql_real_escape_string(htmlspecialchars(stripslashes($_SESSION['id'])));
$get= mysql_real_escape_string(htmlspecialchars(stripslashes($_GET['go'])));
$ids = mysql_real_escape_string(htmlspecialchars(stripslashes(intval($_GET['id']))));


if ($id == $row['id'] and md5($pass)==$row['pass']){

////////////////////////////////////////////////////////////////
if(empty($get)){
$title='Почта';
include'inc/up.php';
$er=htmlspecialchars(stripslashes($_GET['er']));
if($er=='big'){ echo'<div class="error">Сообщение слишком большое. Максимум 255 символов.</div>'; }
if($er=='small'){ echo'<div class="error">Сообщение слишком короткое. Минимум 2 символа.</div>'; }

echo'<div class="rek">Все | <a href="mail.php?go=in">Входящие</a> | <a href="mail.php?go=out">Отправленные</a></div>';

$sql2 = mysql_query("SELECT * FROM `mail` WHERE `id_pol` = '".$id."'AND `id_user2` = '".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");
$sql1 = mysql_query("SELECT * FROM `mail` WHERE `id_pol` = '".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");


$all=mysql_num_rows($sql2);  
$cou = mysql_fetch_array($sql1);
if($cou['id_pol']==$id){

$sql=mysql_query("UPDATE `mail` SET `status`='0' WHERE `id_pol` = '".$id."'") or die("Ошибка запроса!");

}

if($all == 0) 
{
echo'<div class="opis">Почта пуста.</div>';
}
while($mail = mysql_fetch_array($sql2)){

$sql3 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$mail['id_otp']."'");
$user = mysql_fetch_array($sql3);

///NAVIGATION////////
/*
$quantity=1;
$limit=3;
if(!is_numeric($page)) $page=1;
if ($page<1) $page=1;
$result2 = mysql_query("SELECT * FROM `mail` WHERE `id_otp` = '".$id."' OR `id_pol` = '".$id."' ORDER BY `time` DESC");
$num = mysql_num_rows($result2);
$pages = $num/$quantity;
$pages = ceil($pages);
$pages++; 
if ($page>$pages) $page = 1;
if (!isset($list)) $list=0;
$list=--$page*$quantity;

*/
$date=date("d.m",$mail['time']);
echo'<div class="post"><img class="ico" src="img/pics/mail.png" alt=""><a href="info.php?ids='.$user['id'].'"><strong>'.$user['login'].'</strong></a> ('.$date.'): ';
 
  echo''.$mail['msg'].'';
echo'<br/>';

//if($mail['id_otp']!=$_SESSION['id']) 
echo'<a href="mail.php?go=re&amp;ids='.$user['id'].'">Ответить</a>';

if($mail['id_pol']==$_SESSION['id']) {
echo' | <a href="mail.php?go=del&amp;ids='.$mail['id'].'">Удалить</a>


';
} echo'</div>';
}
echo'
<div class="under">
<img src="img/pics/mail.png" alt=""> <a href="mail.php?go=new">Написать</a>
</div>
';


}

if($get=='in'){


$title='Почта - Входящие';
include'inc/up.php';
$sql1 = mysql_query("SELECT * FROM `mail` WHERE `id_pol` = '".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");

 
$cou = mysql_fetch_array($sql1);
if($cou['id_pol']==$id){

$sql=mysql_query("UPDATE `mail` SET `status`='0' WHERE `id_pol` = '".$id."'") or die("Ошибка запроса!");

}
echo'<div class="rek"><a href="mail.php">Все</a> | Входящие | <a href="mail.php?go=out">Отправленные</a></div>';

$sql2 = mysql_query("SELECT * FROM `mail` WHERE `id_pol` = '".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");


$all=mysql_num_rows($sql2);  
if($all == 0) 
{
echo'<div class="opis">Почта пуста.</div>';
}
while($mail = mysql_fetch_array($sql2)){

$sql3 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$mail['id_otp']."'");
$user = mysql_fetch_array($sql3);

///NAVIGATION////////
/*
$quantity=1;
$limit=3;
if(!is_numeric($page)) $page=1;
if ($page<1) $page=1;
$result2 = mysql_query("SELECT * FROM `mail` WHERE `id_otp` = '".$id."' OR `id_pol` = '".$id."' ORDER BY `time` DESC");
$num = mysql_num_rows($result2);
$pages = $num/$quantity;
$pages = ceil($pages);
$pages++; 
if ($page>$pages) $page = 1;
if (!isset($list)) $list=0;
$list=--$page*$quantity;

*/
echo'<div class="post"><img class="ico" src="img/pics/mail.png" alt=""><a href="info.php?ids='.$user['id'].'"><strong>'.$user['login'].'</strong></a>: ';
 
  echo''.$mail['msg'].'';
echo'<br/>';

//if($mail['id_otp']!=$_SESSION['id']) 
echo'<a href="mail.php?go=re&amp;ids='.$user['id'].'">Ответить</a>';

if($mail['id_pol']==$_SESSION['id']) {
echo' | <a href="mail.php?go=del&amp;ids='.$mail['id'].'">Удалить</a>


';} echo'</div>';
}
}



if($get=='out'){


$title='Почта - Отправленные';
include'inc/up.php';
echo'<div class="rek"><a href="mail.php">Все</a> | <a href="mail.php?go=in">Входящие</a> | Отправленные</div>';

$sql2 = mysql_query("SELECT * FROM `mail` WHERE `id_otp` = '".$id."' AND `id_user`='".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");


$all=mysql_num_rows($sql2);  
if($all == 0) 
{
echo'<div class="opis">Почта пуста.</div>';
}
while($mail = mysql_fetch_array($sql2)){

$sql3 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$mail['id_otp']."'");
$user = mysql_fetch_array($sql3);

$sql_user = mysql_query("SELECT * FROM `users` WHERE `id` = '".$mail['id_pol']."'");
$poz = mysql_fetch_array($sql_user);


///NAVIGATION////////
/*
$quantity=1;
$limit=3;
if(!is_numeric($page)) $page=1;
if ($page<1) $page=1;
$result2 = mysql_query("SELECT * FROM `mail` WHERE `id_otp` = '".$id."' OR `id_pol` = '".$id."' ORDER BY `time` DESC");
$num = mysql_num_rows($result2);
$pages = $num/$quantity;
$pages = ceil($pages);
$pages++; 
if ($page>$pages) $page = 1;
if (!isset($list)) $list=0;
$list=--$page*$quantity;

*/
echo'<div class="post"><img class="ico" src="img/pics/mail.png" alt=""><strong>Вы</strong> -> <a href="info.php?ids='.$user['id'].'"><strong>'.$poz['login'].'</strong></a>:<br/> ';
 
  echo''.$mail['msg'].'';
echo'<br/>';

//if($mail['id_otp']!=$_SESSION['id']) 
echo'<a href="mail.php?go=re&amp;ids='.$user['id'].'">Ответить</a>';

if($mail['id_pol']==$_SESSION['id']) {
echo' | <a href="mail.php?go=del&amp;ids='.$mail['id'].'">Удалить</a>


'; } echo'</div>';
}
}

$ids = abs(intval($_GET['ids']));
if($get=='msg' and !empty($ids)){
if(isset($_GET['ids']))
{
$ids = abs(intval($_GET['ids']));
}
else
{
$title='Почта';
include'inc/up.php';

echo '<div class="opis">Даанный игрок не существует.</div>';
include'inc/foot.php'; exit;
}
$id = htmlspecialchars(stripslashes($_GET['id']));

$sql2 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$id."' ");
$user = mysql_fetch_array($sql2);

$title='Почта для '.$user['login'].'';
include'inc/up.php';

echo'
<div class="opis">
<form method="POST" action="mail.php?go=go&amp;ids='.$id.'">
Сообщение:<br/>
<textarea name="text" rows="3"></textarea>
<br/>
<input type="submit" value="отправить"></form>
</div>

'; }

$ids = htmlspecialchars(stripslashes($_GET['ids']));


if($get=='re' and !empty($ids)){


$ids2 = mysql_real_escape_string(htmlspecialchars(stripslashes(intval($_GET['ids']))));

$id = mysql_real_escape_string(htmlspecialchars(stripslashes(intval($_GET['id']))));

$sql2 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$ids."' ");
$user = mysql_fetch_array($sql2);

$title='Ответ для '.$user['login'].'';
include'inc/up.php';

echo'
<div class="opis">
<form method="POST" action="mail.php?go=go&amp;ids='.$ids2.'">
Сообщение:<br/>
<textarea name="text" rows="3"></textarea>
<br/>
<input type="submit" value="отправить"></form>
</div>
<div class="rek">
<a href="mail.php">Назад
</div>
'; }


if($get=='new'){


$title='Написать письмо';
include'inc/up.php';

echo'<form method="POST" action="mail.php?go=new_go">
<div class="opis">Для кого (ник):<br/>
<input type="text" name="name">
<br/>
Сообщение:<br/>
<textarea name="text" rows="3"></textarea>
<br/>
<input type="submit" value="отправить"></form>
</div>
<div class="rek">
<a href="mail.php">Назад
</div>
'; }

$ids = htmlspecialchars(stripslashes($_GET['ids']));

if($get=='go'){


$ids2 = mysql_real_escape_string(htmlspecialchars(intval(stripslashes($_GET['ids']))));
$msg = strip_tags(mysql_real_escape_string(htmlspecialchars(stripslashes($_POST['text']))));
$sql2 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$id."' ");
$user = mysql_fetch_array($sql2);

if (strlen($msg)>=255) { header("Location: mail.php?er=big"); exit; }
if (strlen($msg)<=2) { header("Location: mail.php?er=small"); exit; }
$msg=str_replace('|','',$msg);
$msg=str_replace('%','',$msg);
$msg=str_replace('*','',$msg);
$msg=str_replace('TABLE','',$msg);
$msg=str_replace('~','',$msg);
$msg=str_replace('}','',$msg);
$msg=str_replace('^','',$msg);
$msg=str_replace('FILE','',$msg);
$msg=str_replace('closed','',$msg);
$msg=str_replace('inc/','',$msg);
$msg=str_replace('.php','',$msg);
$sql2 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$ids."' ");
$use = mysql_fetch_array($sql2);

$title='Ответ для '.$use['login'].'';
include_once'inc/up.php';


$time=time();
$sql=mysql_query("INSERT INTO `mail` SET `id_otp`='".$_SESSION['id']."', `id_pol`='".$ids2."',`time`='".$time."', `type`='msg', `msg`='".$msg."',`status`='1', `id_user`='".$_SESSION['id']."',`id_user2`='".$ids2."'");

if($sql){

echo'<div class="opis">Ваше сообщение отправленно '.$use['login'].'<br/>
<a href="mail.php">Продолжить</a>
</div>';




}else{
echo'<div class="opis">Сообщение не отправленно...<br/>
<a href="mail.php">Продолжить</a>
</div>';


}

}


if($get=='new_go'){
$nick=htmlspecialchars(stripslashes($_POST['name']));


$c_sql = mysql_query("SELECT * FROM `users` WHERE `login`='".$nick."'"); 
$user_s=mysql_num_rows($c_sql); 
if($user_s==0){
$title='Почта';
include'inc/up.php';

echo '<div class="opis">Игрок <strong>'.$nick.'</strong> не существует.<br/>
<a href="mail.php?go=new">Написать еще раз</a>
</div>';
include'inc/foot.php'; exit;

}


///СТАНДАРТ ОТПРАВКА
$sql4 = mysql_query("SELECT * FROM `users` WHERE `login` = '".$nick."' ");
$users = mysql_fetch_array($sql4);

$msg = strip_tags(mysql_real_escape_string(htmlspecialchars(stripslashes($_POST['text']))));
if (strlen($msg)>=255) { header("Location: mail.php?er=big"); exit; }
if (strlen($msg)<=2) { header("Location: mail.php?er=small"); exit; }
$msg=str_replace('|','',$msg);
$msg=str_replace('%','',$msg);
$msg=str_replace('*','',$msg);
$msg=str_replace('TABLE','',$msg);
$msg=str_replace('~','',$msg);
$msg=str_replace('}','',$msg);
$msg=str_replace('^','',$msg);
$msg=str_replace('FILE','',$msg);
$msg=str_replace('closed','',$msg);
$msg=str_replace('inc/','',$msg);
$msg=str_replace('.php','',$msg);
$title='Почта для '.$users['login'].'';
include'inc/up.php';

$time=time();
$sql=mysql_query("INSERT INTO `mail` SET `id_otp`='".$_SESSION['id']."', `id_pol`='".$users['id']."',`time`='".$time."', `type`='msg', `msg`='".$msg."',`status`='1', `id_user`='".$_SESSION['id']."'");
if($sql){
echo'<div class="opis">Ваше сообщение отправленно '.$users['login'].'<br/>
<a href="mail.php">Продолжить</a>
</div>';
}


}



if($get=='del'){
$ids=mysql_real_escape_string(htmlspecialchars(stripslashes($_GET['ids'])));
$c_sql = mysql_query("SELECT * FROM `mail` WHERE `id`='".$ids."'"); 
$user_s=mysql_num_rows($c_sql); 
if($user_s==0 ){
$title='Почта - удаление';
include'inc/up.php';

echo '<div class="opis">Ошибка.<br/>
<a href="mail.php">Назад</a>
</div>';
include'inc/foot.php'; exit;

}
$sql2 = mysql_query("SELECT * FROM `mail` WHERE `id` = '".$ids."' ORDER BY `time` DESC") or die("Ошибка запроса!");
$mail=mysql_fetch_array($sql2);

if($mail['id_pol']!=$_SESSION['id']){

$title='Почта - удаление';
include'inc/up.php';

echo '<div class="opis">Ошибка.<br/>
<a href="mail.php">Назад</a>
</div>';
include'inc/foot.php'; exit;


}

$sql = mysql_query("DELETE FROM `mail` WHERE `id` = '".$ids."'") or die("Ошибка запроса!");

if($sql){

$title='Почта - удаление';
include'inc/up.php';

echo '<div class="opis">Сообщение удаленно<br/>
<a href="mail.php">Назад</a>
</div>';
include'inc/foot.php'; exit;
}}


}

include'inc/foot.php';


?>