View file action.php

File size: 3.26Kb
<?php
include 'sys/db.php';
include 'sys/conf.php';
include 'sys/start.php';
include 'sys/functions.php';
if(isset($_POST['addmsg'])){
	$id=intval($_POST['id']);
	$msg=strip($_POST['msg']);
	$query_send=mysql_query("SELECT id FROM `users` WHERE id = '$user[id]' LIMIT 1;")or die(mysql_error());
	if(mysql_num_rows($query_send)==0){
		header("location: mail.php?&re=nouser");
		exit;
	}elseif(strlen($msg)<2 && strlen($msg)<4048){
		header("location: mail.php?add=".$uid."&re=ermsg");
		exit;
	}else{
		$rec_id=intval(mysql_result($query_send,0,0));
		if($id==$rec_id){
			header("location: mail.php?add=".$uid."&re=selfmsg");
			exit;
		}else{
			mysql_query("INSERT INTO `mail` (send, rec, msg, time) VALUES('$id','$user[id]','$msg','".time()."') ;")or die(mysql_error());
			header("location: mail.php?re=send_ok");
			exit;
		};
	};
}elseif(isset($_GET['delsend']) && intval($_GET['delsend'])>0){
	$mid=intval($_GET['delsend']);
	$rand=intval($_GET['r']);
	if(mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE rec = '$user[id]' AND id = '$mid' AND outbox = '1';"),0)==0){
		unset($_SESSION['rand']);
		header("location: mail.php?send&re=404");
		exit;
	}elseif(!isset($rand) || $rand!=$_SESSION['rand']){
		unset($_SESSION['rand']);
		header("location: mail.php?send&re=vzlom");
		exit;
	}else{
		unset($_SESSION['rand']);
		mysql_query("UPDATE `mail` SET outbox = '0' WHERE id = '$mid' LIMIT 1;")or die(mysql_error());
		mysql_query("DELETE FROM `mail` WHERE inbox = '0' AND outbox = '0';")or die(mysql_error());
		header("location: mail.php?send&re=del_ok");
		exit;
	};
}elseif(isset($_GET['delallsend'])){
	$rand=intval($_GET['r']);
	if(!isset($rand) || $rand!=$_SESSION['rand']){
		unset($_SESSION['rand']);
		header("location: mail.php?send&re=vzlom");
		exit;
	}else{
		unset($_SESSION['rand']);
		mysql_query("UPDATE `mail` SET outbox = '0' WHERE send = '$id';")or die(mysql_error());
		mysql_query("DELETE FROM `mail` WHERE inbox = '0' AND outbox = '0';")or die(mysql_error());
		header("location: mail.php?send&re=del_ok");
		exit;
	};
}elseif(isset($_GET['delrec']) && intval($_GET['delrec'])>0){
	$mid=intval($_GET['delrec']);
	$rand=intval($_GET['r']);
	if(mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE send = '$user[id]' AND id = '$mid' AND inbox = '1';"),0)==0){
		unset($_SESSION['rand']);
		header("location: mail.php?re=404");
		exit;
	}elseif(!isset($rand) || $rand!=$_SESSION['rand']){
		unset($_SESSION['rand']);
		header("location: mail.php?re=vzlom");
		exit;
	}else{
		unset($_SESSION['rand']);
		mysql_query("UPDATE `mail` SET inbox = '0' WHERE id = '$mid' LIMIT 1;")or die(mysql_error());
		mysql_query("DELETE FROM `mail` WHERE inbox = '0' AND outbox = '0';")or die(mysql_error());
		header("location: mail.php?re=del_ok");
		exit;
	};
}elseif(isset($_GET['delallrec'])){
	$rand=intval($_GET['r']);
	if(!isset($rand) || $rand!=$_SESSION['rand']){
		unset($_SESSION['rand']);
		header("location: mail.php?re=vzlom");
		exit;
	}else{
		unset($_SESSION['rand']);
		mysql_query("UPDATE `mail` SET inbox = '0' WHERE rec = '$id';")or die(mysql_error());
		mysql_query("DELETE FROM `mail` WHERE inbox = '0' AND outbox = '0';")or die(mysql_error());
		header("location: mail.php?re=del_ok");
		exit;
	};
}
?>