View file pages/mail.php

File size: 7.43Kb
<?php
/*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//
// Sitchi CMS - Mobile Content Management System //
// The author:  Nikoloz Sitchinava [sitchi]      //
// Link:        http://sitchicms.num.ge          //
// Skype:       SitchiCMS                        //
// License:     LICENSE.txt (see attached file)  //
// Version:     VERSION.txt (see attached file)  //
//\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*/
define('_SITCHICMS', 1);
$root_path='../'; 
require $root_path.'includes/db_connect.php';
require $root_path.'includes/start.php';
require $root_path.'includes/header.php';
require $root_path.'includes/functions.php';
require $root_path.'includes/head.php'; // თავი
$lng_mail = load_lng('mail');
if (!isset($_GET['act']))$_GET['act']='';
$act=htmlspecialchars(trim($_GET['act']));
switch ($act) 
{
/***************** 
** სიის გამოტანა **
*****************/
default:
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id_user`='$user[id]'"),0);
$k_page=k_page($k_post,$set['p_count']);
$page=page($k_page);
$start=$set['p_count']*$page-$set['p_count'];
head(''.$lng_mail['1_1'].' | '.$user['login']); 
echo'<div class="hdr"><b>'.$lng_mail['1_1'].'</b></div>';
aut_off();
if (isset($_GET['yes']))
{
msg(''.$lng_mail['1_2'].'');
}else
if (isset($_GET['no']))
{
msg('<div class="menu">'.$lng_mail['1_3'].'</div>');
} 
if ($k_post==0)
{
echo'<div class="errmenu">';
echo''.$lng_mail['1_4'].'';
echo'</div>';
}
$q=mysql_query("SELECT * FROM `mail` WHERE `id_user`='$user[id]'  ORDER BY `time` DESC LIMIT $start, $set[p_count]");
while ($post = mysql_fetch_array($q))
{
$id_user2=mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id`='".$post['id_user2']."' LIMIT 1"));

echo'<div class="menu">';
echo'<img src="/themes/'.$set['set_them'].'/images/mail.png" alt="" width="16" height="16"  style="float: left;padding-right:3px;"/> <a href="/pages/mail.php?act=view_mail&amp;id_mail='.$post['id'].'">'.$post['them'].'</a> ('.timef($post['time']).')';
echo'<a href="mail.php?act=delete_mail&amp;id_mail='.$post['id'].'">[X]</a>';
if (mb_strlen($post['msg'])>64)
{
echo mb_substr(post($post['msg']), 0 ,48).'...<a href="/pages/mail.php?act=view_mail&amp;id_mail='.$post['id'].'"><span style="color:red;">&gt;</span></a><br/>'; 
}
else
{
echo'<br/>'.post($post['msg']).'<br/>';
}
echo''.$lng_mail['1_5'].': <a href="/pages/info.php?id='.$id_user2['id'].'">'.$id_user2['login'].'</a>';
echo'</div>';
}
if ($k_page>1)str('?',$k_page,$page); // გვერდების გამოტანა
echo'<a href="/pages/mail.php?act=create_mail">'.$lng_mail['1_6'].'</a>';
break;
/*********************
** წერილის წაკითხვა **
*********************/
case 'view_mail':
if (isset($_GET['id_mail']) && is_numeric($_GET['id_mail']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id` = '".intval($_GET['id_mail'])."' LIMIT 1",$dblink), 0)==1)
{
$id_mail=intval(abs($_GET['id_mail']));
$mail = mysql_fetch_assoc(mysql_query("SELECT * FROM `mail` WHERE `id` = '".$id_mail."' LIMIT 1"));
$id_user2=mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id`='".$mail['id_user2']."' LIMIT 1"));
}else{
header("Location: index.php?".SID);
}
head(''.$lng_mail['1_1'].' | '.$lng_mail['1_5'].' '.$id_user2['login']); 
echo'<div class="hdr"><b>'.$lng_mail['1_1'].'</b></div>';
aut_off();
mysql_query("UPDATE `mail` SET `read` = '1' WHERE `id`= '".$mail['id']."' ");
echo'<div class="menu">';
echo $mail['them'].'</a> ('.timef($mail['time']).')<br/>';
echo''.post($mail['msg']).'<br/>';
echo''.$lng_mail['1_5'].': '.$id_user2['login'].'';
echo'</div>';
echo'<a href="/pages/mail.php?act=create_mail&amp;login='.$id_user2['login'].'">'.$lng_mail['1_7'].'</a>';
if (isset($user) && $user['level']>=2 && $user['level']>$id_user2['level'] || $user['id']==$id_user2['id']){
echo'<a href="mail.php?act=delete_mail&amp;id_mail='.$mail['id'].'">'.$lng_mail['1_8'].'</a>';}
break;
/***********************
** წერილის დაწერა **
***********************/
case 'create_mail':
if(isset($_POST['msg']) && isset($_POST['theme']) && isset($_POST['login']))
{
$msg = stripslashes(htmlspecialchars(trim($_POST['msg'])));
$login = stripslashes(htmlspecialchars(trim($_POST['login'])));
$theme = stripslashes(htmlspecialchars(trim($_POST['theme'])));
if(mb_strlen($msg)<2)
{
$err[] = '<div class="errmenu">'.$lng_mail['1_10'].'.min 2</div>';
}
else
if(mb_strlen($theme)>128)
{
$err[] = '<div class="errmenu">'.$lng_mail['1_10'].'. max 128</div>';
}
else
if(mb_strlen($theme)<3)
{
$err[] = '<div class="errmenu">'.$lng_mail['1_11'].' min 3</div>';
}
if(mysql_num_rows(mysql_query('SELECT * FROM `users` WHERE `login`="'.mres($login).'" LIMIT 1')))
{
$id_user2=mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `login`='".mres($login)."' LIMIT 1"));
}
else
{
$err[] = '<div class="errmenu">'.$lng_mail['1_12'].'</div>';
}
if(!isset($err))
{
mysql_query("INSERT INTO `mail` (id_user, id_user2, time, them, msg) values('$id_user2[id]', '$user[id]', '$time', '$theme', '$msg')");
echo mysql_error();
$id_mail= mysql_insert_id();
header("Location: mail.php?yes&".SID);
}
else
{
head(''.$lng_mail['1_1'].' | '.$lng['1_61'].''); 
echo'<div class="hdr"><b>'.$lng_mail['1_1'].'</b></div>';
aut_off();
err();
echo'<a href="/pages/profile.php">'.$lng['1_4'].'</a>';
if (isset($_SERVER['HTTP_REFERER']))echo'<a href="'.htmlspecialchars($_SERVER['HTTP_REFERER']).'"> '.$lng['1_50'].'</a>';
require $root_path.'includes/end.php'; // დასასრული
}
}
if(isset($_GET['login']) && mysql_num_rows(mysql_query('SELECT * FROM `users` WHERE `login`="'.mres($_GET['login']).'" LIMIT 1')))
{
$login=stripslashes(htmlspecialchars(trim($_GET['login'])));
}else{
$login='';
} 
head(''.$lng_mail['1_1'].' | '.$lng_mail['1_6'].''); 
echo'<div class="hdr"><b>'.$lng_mail['1_1'].'</b></div>';
aut_off();
err();
echo'<form method="POST" action="mail.php?act=create_mail"><div class="egmenu">' .
''.$lng_mail['1_13'].':<br/><input type="text" name="login" maxlength="32" value="'.$login.'" /><br/>' .
''.$lng_mail['1_14'].'(max 128):<br/><input type="text" name="theme" value="HI)" maxlength="128" /><br/>' .
''.$lng_mail['1_15'].'(max 1280):<br/><textarea name="msg" maxlength="1280"></textarea><br/>' .
'<input type="submit" name="save" value="'.$lng_mail['1_16'].'" /></div></form>';
echo'<a href="'.$root_path.'modules/smiles/">'.$lng['1_48'].'</a><br/>';
echo'<a href="bb-code.php">'.$lng['1_49'].'</a>';
break;
/** წერილის წაშლა **/
case 'delete_mail':
if (isset($_GET['id_mail']) && is_numeric($_GET['id_mail']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id` = '".intval($_GET['id_mail'])."' LIMIT 1",$dblink), 0)==1)
{
$id_mail=intval(abs($_GET['id_mail']));
$post = mysql_fetch_assoc(mysql_query("SELECT * FROM `mail` WHERE `id` = '".$id_mail."' LIMIT 1"));
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$post['id_user2']."' LIMIT 1"));
}else{
header("Location: index.php?".SID);
}
mysql_query("DELETE FROM `mail` WHERE `id` = '$post[id]'");
header("Location: mail.php?no&".SID);
break;
}
echo'<br/><a href="/pages/profile.php">'.$lng['1_4'].'</a>';
if (isset($_SERVER['HTTP_REFERER']))
echo'<br/><a href="'.htmlspecialchars($_SERVER['HTTP_REFERER']).'"> '.$lng['1_50'].'</a>';
require $root_path.'includes/end.php'; // დასასრული
?>