View file main.php

File size: 19.48Kb
<?php
// by mides, 1da.su

require_once 'system/sys.php';
require_once 'system/auth_u.php';
require_once 'system/header.php';

switch ($act) {
	default:
		if ($u['access'] > 0) { 
			tp('Мое меню (<a href="panel">+</a>)');
		} else {
			tp('Мое меню');
		}
		$private = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `private` WHERE `id_user` = '$u[id]' or `id_sender` = $u[id]"), 0);
		echo '<a href="profile.php?id='.$u['id'].'">Мой профиль</a> [<a href="?act=edit">ред</a>]<br />
		<a href="?act=my_topics">Мои темы</a>/<a href="?act=my_msg">сообщения</a><br />
		
		<a href="?act=private">Приватные сообщения</a> ('.$private.')<br />
		<a href="?act=send">Отправить письмо</a>';
		
		if ($u['karma'] > 0) {
			echo ', <a href="?act=karma">карму</a>';
		}
		echo '<br />
		<a href="?act=contact">Контакт-лист</a><br />
		<a href="?act=ignor">Игнор-лист</a><br />
		<a href="?act=set">Настройки</a><br />
		<a href="?act=pass">Email и пароль</a><br />
		<a href="?act=exit">Завершить сенс</a><br />';
		nav_main();
	break;
	
	case 'karma':
		if ($u['karma'] > 0) {
			if ($ok) {
				if (!empty($_POST['login']) and !empty($_POST['karma'])) {
					if (abs(intval($_POST['karma']))) {
						$login = check($_POST['login']);
						$karma = abs(intval($_POST['karma']));
						$whom = id($login);
						if ($whom > 0) {
							if ($whom != $u['id']) {
								if ($u['karma'] >= $karma) {
									mysql_query("UPDATE `users` SET `karma` = (`karma`-$karma) WHERE `id` = '$u[id]'");
									mysql_query("UPDATE `users` SET `karma` = (`karma`+$karma) WHERE `id` = '$whom'");
									
									$priv_r = mysql_query("SELECT `id` FROM `private` WHERE `id_user` = '$whom' and `id_sender` = -1");
									$priv = mysql_fetch_assoc($priv_r);
									if ($priv['id']) {
										$id_private = $priv['id'];
										mysql_query("UPDATE `private` SET `time` = '".TIME."' WHERE `id` = '$id_private'");
									} else {
										mysql_query("INSERT INTO `private` SET `id_user` = '$whom', `id_sender` = -1, `time` = '".TIME."'");
										$id_private = mysql_insert_id();
									}
									$text = 'Пользователь [url='.HTTPHOME.'/profile.php?id='.$u['id'].']'.$u['login'].'[/url] передал вам '.$karma.' единиц кармы.';
									mysql_query("INSERT INTO `private_msg` SET `id_private` = '$id_private', `id_user` = '$whom', `id_sender` = -1, `text` = '$text', `time` = '".TIME."'");
									$_SESSION['note'] = 'Передано.';
								} else {
									$_SESSION['note'] = 'Недостаточно кармы.';
								}
							} else {
								$_SESSION['note'] = '<img src="./inc/smiles/33.gif" alt=";/">';
							}
						} else {
							$_SESSION['note'] = 'Такого юзера нет.';
						}
					} else {
						$_SESSION['note'] = 'Только цифры больше 0.';
					}
				} else {
					$_SESSION['note'] = 'Не заполнены поля.';
				}
				redirect('?act=karma');
			} else {
				tp('Передать свою карму');
				note();
				echo '<form action="?act=karma&amp;ok=1" method="post" name="form">
				Кому(max12)<br /><input name="login" type="text" maxlength="12" /><br />
				Как много(max'.$u['karma'].')<br /><input name="karma" type="text" /><br />
				<input name="submit" type="submit" value="Okay" />
				</form>';
				nav('?');
			}
		} else {
			redirect('?');
		}
	break;
	
	case 'edit':
		if ($ok) {
			$icq = abs(intval($_POST['icq']));
			$skype = check($_POST['skype']);
			$name = check($_POST['name']);
			$sex = abs(intval($_POST['sex']));
			$from = check($_POST['from']);
			$birthday = check($_POST['birthday']);
			$site = check($_POST['site']);
			$about = check($_POST['about']);
			mysql_query("UPDATE `users` SET `icq` = '$icq', `skype` = '$skype', `name` = '$name', `sex` = '$sex', `from` = '$from', `birthday` = '$birthday', `site` = '$site', `about` = '$about' WHERE `id` = '$u[id]'");
			header('location: ?act=edit');
			exit;
		} else {
			tp('Ред-ть профиль');
			echo '<form action="?act=edit&amp;ok=1" method="post">
			ICQ(max9):<br /><input name="icq" type="text" maxlength="9" value="'.$u['icq'].'" /><br />
			Skype(max32):<br /><input name="skype" type="text" maxlength="32" value="'.$u['skype'].'" /><br />
			Имя(max20):<br /><input name="name" type="text" maxlength="20" value="'.$u['name'].'" /><br />
			Пол: ';
			switch ($u['sex']) {
				case '1': echo 'муж<input name="sex" type="radio" value="1" checked /> <input name="sex" type="radio" value="2" />жен'; break;
				case '2': echo 'муж<input name="sex" type="radio" value="1" /> <input name="sex" type="radio" value="2" checked />жен'; break;
				default: echo 'муж<input name="sex" type="radio" value="1" /> <input name="sex" type="radio" value="2" />жен'; break;
			}
			echo '<br />
			Откуда(max25):<br /><input name="from" type="text" maxlength="25" value="'.$u['from'].'" /><br />
			Дата рождения (дд.мм.гггг):<br /><input name="birthday" type="text" maxlength="25" value="'.$u['birthday'].'" /><br />
			Wap-сайт(<del>http://</del>, max20):<br /><input name="site" type="text" maxlength="20" value="'.$u['site'].'" /><br />
			О себе(max250):<br /><textarea name="about" cols="" rows="3">'.$u['about'].'</textarea>
			<input name="submit" type="submit" value="Ok" />
			</form>';
			nav('?');
		}
	break;
	
	case 'my_topics':
		$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `forum_topics` WHERE `id_user` = '$u[id]'"), 0);
		if ($total > 0) {
			tp('Мои темы');
			$pages = ceil($total / $config['onpage']);
			if ($page > $pages or $page == 0) {
				$page = 1;
			}
			$begin = ($page - 1) * $config['onpage'];
			
			$topics_r = mysql_query("SELECT * FROM `forum_topics` WHERE `id_user` = '$u[id]' ORDER BY `last_time` DESC LIMIT $begin, $config[onpage]");
			while ($topic = mysql_fetch_assoc($topics_r)) {
				if ($topic['stuck']) echo '!';
				if ($topic['closed'] == 1 and empty($topic['stuck'])) echo '#';
				$t_msg = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `forum_msg` WHERE `id_topic` = '$topic[id]'"), 0);
				// getting last user id from forum_msg
				$last_user_r = mysql_query("SELECT `id_user` FROM `forum_msg` WHERE `id_topic` = '$topic[id]' ORDER BY `time` DESC LIMIT 1");
				$last_user = mysql_fetch_assoc($last_user_r);
				// getting last page
				$last_page = ceil($t_msg / $config['onpage']);
				// output
				echo '<a href="forum.php?act=topic&amp;id='.$topic['id'].'">'.$topic['title'].'</a> ('.$t_msg.') '.login($last_user['id_user']).'<a href="forum.php?act=topic&amp;id='.$topic['id'].'&amp;p='.$last_page.'">&raquo;</a><br />';
			}
			navig($page, '?act=my_topics&amp;', $pages);
		} else {
			error('Вы не создали ни одной темы на форуме :(');
		}
		nav('?');
	break;

	case 'my_msg':
		$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `forum_msg` WHERE `id_user` = '$u[id]'"), 0);
		if ($total > 0) {
			echo '<div class="title">Мои сообщения</div><div class="list">';
			$pages = ceil($total / $config['onpage']);
			if ($page > $pages or $page == 0) {
				$page = 1;
			}
			$begin = ($page - 1) * $config['onpage'];
			
			$msg_r = mysql_query("SELECT * FROM `forum_msg` WHERE `id_user` = '$u[id]' ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
			while ($msg = mysql_fetch_assoc($msg_r)) {
				if (!isset($num) ) $num = 1;  
				$num++;
				$row_class = (!($num % 2)) ? 'row1' : 'row2';
				echo '<div class="'.$row_class.'">'.bb($msg['text']).'<a href="forum.php?act=topic&amp;id='.$msg['id_topic'].'">&raquo;</a> </div>';
			}
			navig($page, '?act=my_msg&amp;', $pages);
		} else {
			error('Вы не создали ни одной темы на форуме :(');
		}
		nav('?');
	break;

	case 'private':
		tp('Приват');
		$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `private` WHERE `id_user` = '$u[id]' or `id_sender` = $u[id]"), 0);
		if ($total > 0) {
			$pages = ceil($total / $config['onpage']);
			if ($page > $pages or $page == 0) {
				$page = 1;
			}
			$begin = ($page - 1) * $config['onpage'];

			$private_r = mysql_query("SELECT * FROM `private` WHERE `id_user` = '$u[id]' or `id_sender` = $u[id] ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
			while ($priv = mysql_fetch_assoc($private_r)) {
				$private_msg = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `private_msg` WHERE `id_private` = '$priv[id]'"), 0);
				$priv['id_sender'] == $u['id'] ? $id_partner = $priv['id_user'] : $id_partner = $priv['id_sender'];
				echo '<a href="?act=private_view&amp;id='.$priv['id'].'">'.login($id_partner).'</a> ('.$private_msg.')<br />';
			}
			navig($page, '?act=private&amp;', $pages);
		} else {
			echo 'Приват пуст.<br />';
		}
		nav('?');
	break;
	
	case 'private_view':
		$priv_r = mysql_query("SELECT * FROM `private` WHERE `id` = '$id'");
		$priv = mysql_fetch_assoc($priv_r);
		if ($priv['id'] and $u['id'] == $priv['id_user'] or $u['id'] == $priv['id_sender']) {
			if ($priv['id_sender'] == $u['id']) {
				$id_user = $priv['id_user'];
			} else {
				$id_user = $priv['id_sender'];
				
			}

			$priv_seen_r = mysql_query("SELECT `id` FROM `private_msg` WHERE `id_private` = '$id' and `id_user` = '$u[id]' and `seen` = 0 ORDER BY `time`");
			while ($priv_s = mysql_fetch_assoc($priv_seen_r)) {
				mysql_query("UPDATE `private_msg` SET `seen` = 1 WHERE `id` = '$priv_s[id]'");
			}

			echo '<div class="title">Переписка с <a href="profile.php?id='.$id_user.'">'.login($id_user).'</a> (<a href="?act=private_view&amp;id='.$id.'">обнов.</a>)</div>
			<div class="main">Сообщение(max250):<br />
			<form action="?act=send&amp;id_user='.$id_user.'&amp;ok=1" method="post">
			<input name="login" type="hidden" value="'.login_simple($id_user).'" />
			<textarea name="text" cols="" rows="3"></textarea>';
			echo '<input name="" type="submit" value="Добавить">
			</form>
			</div>';
			$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `private_msg` WHERE `id_private` = '$priv[id]'"), 0);
			$pages = ceil($total / $config['onpage']);
			if ($page > $pages or $page == 0) {
				$page = 1;
			}
			$begin = ($page - 1) * $config['onpage'];
			
			navig($page, '?act=private_view&amp;id='.$id.'&amp;', $pages);
			
			echo '</div><div class="list">';
				
			$msg_r = mysql_query("SELECT * FROM `private_msg` WHERE `id_private` = '$priv[id]' ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
			while ($msg = mysql_fetch_assoc($msg_r)) {
				if (!isset($num) ) $num = 1;  
				$num++;
				$row_class = (!($num % 2)) ? 'row1' : 'row2';	
				echo '<div class="'.$row_class.'">';
				if ($msg['id_sender'] != $u['id']) {
					echo '<a href="profile.php?id='.$msg['id_sender'].'">'.login($msg['id_sender']).'</a> '.ccdate($msg['time'], $msg['id_sender']).'<br />'.bb($msg['text']).'</div>';
				} else {
					echo login($msg['id_sender']).' '.ccdate($msg['time'], $msg['id_sender']).'<br />'.bb($msg['text']).'</div>';
				}
			}
			navig($page, '?act=private_view&amp;id='.$id.'&amp;', $pages);
			nav('?act=private');
		} else {
			header('location: ?');
			exit;
		}
	break;
		
	case 'send':
		if (isset($_GET['ok'])) {
			if ($_POST['login'] and $_POST['text']) {
				$id_user = get_id(check($_POST['login']));
				$text = check($_POST['text']);
				if ($id_user > 0) {
					if ($u['id'] != $id_user) {
						$priv_r = mysql_query("SELECT `id` FROM `private` WHERE `id_user` = '$id_user' and `id_sender` = '$u[id]' OR `id_user` = '$u[id]' and `id_sender` = '$id_user'");
						$priv = mysql_fetch_assoc($priv_r);
						if ($priv['id']) {
							$id_private = $priv['id'];
							mysql_query("UPDATE `private` SET `time` = '".time()."' WHERE `id` = '$id_private'");
						} else {
							mysql_query("INSERT INTO `private` SET `id_user` = '$id_user', `id_sender` = '$u[id]', `time` = '".time()."'");
							$id_private = mysql_insert_id();
						}
						mysql_query("INSERT INTO `private_msg` SET `id_private` = '$id_private', `id_user` = '$id_user', `id_sender` = '$u[id]', `text` = '$text', `time` = '".time()."'");
						header('location: ?act=private_view&id='.$id_private);
						exit;
					} else {
						error('Нельзя отправить письмо самому себе.');
					}
				} else {
					error('Пользователь, которому вы хотите отправить письмо, не существует.');
				}
			} else {
				error('Вы не заполнили поля.');
			}
		} else {
			$login = !empty($id) ? login_simple($id) : FALSE;
			tp('Отправить письмо');
			echo '<form action="?act=send&amp;ok=1" method="post" name="form">
			Кому(max12):<br /><input name="login" type="text" value="'.$login.'" maxlength="12" /><br />
			Сообщение(max250):<br /><textarea name="text" cols="" rows="4"></textarea><br />
			<input name="submit" type="submit" value="Ok" />
			</form>';
		}
		nav('?');
	break;
	
	case 'contact':
		tp('Мои контакты');
		$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `contacts` WHERE `is_contact_for` = '$u[id]'"), 0);
		if ($total > 0) {
			$pages = ceil($total / $config['onpage']);
			
			if ($page > $pages or $page == 0) {
				$page = 1;
			}
			$begin = ($page - 1) * $config['onpage'];
			
			$contact_r = mysql_query("SELECT * FROM `contacts` WHERE `is_contact_for` = '$u[id]' ORDER BY `id` DESC LIMIT $begin, $config[onpage]");
			while ($contact = mysql_fetch_assoc($contact_r)) {
				echo '<a href="profile.php?id='.$contact['id_user'].'">'.login($contact['id_user']).'</a> (<a href="?act=send&amp;id='.$contact['id_user'].'">приват</a>, <a href="?act=contact&amp;del='.$contact['id'].'">уд</a>)<br />';
			}
			navig($page, '?act=contact&amp;', $pages);
			if (isset($_GET['del'])) {
				$id_contact = abs(intval($_GET['del']));
				$contact_r = mysql_query("SELECT `id` FROM `contacts` WHERE `id` = '$id_contact' and `is_contact_for` = '$u[id]'");
				if (mysql_num_rows($contact_r)) {
					mysql_query("DELETE FROM `contacts` WHERE `id` = '$id_contact'");
				}
				header('location: ?act=contact');
				exit;
			}
		} else {
			echo 'Пусто.<br />';
		}
		nav('?');
	break;
	
	case 'ignor':
		tp('Игнор-лист');
		$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `ignores` WHERE `is_ignored_for` = '$u[id]'"), 0);
		if ($total > 0) {
			$pages = ceil($total / $config['onpage']);
			
			if ($page > $pages or $page == 0) {
				$page = 1;
			}
			$begin = ($page - 1) * $config['onpage'];
			
			$ignor_r = mysql_query("SELECT * FROM `ignores` WHERE `is_ignored_for` = '$u[id]' ORDER BY `id` DESC LIMIT $begin, $config[onpage]");
			while ($ignor = mysql_fetch_assoc($ignor_r)) {
				echo '<a href="profile.php?id='.$ignor['id_user'].'">'.login($ignor['id_user']).'</a> (<a href="?act=send&amp;id='.$ignor['id_user'].'">приват</a>, <a href="?act=ignor&amp;del='.$ignor['id'].'">уд</a>)<br />';
			}
			navig($page, '?act=contact&amp;', $pages);
			if (isset($_GET['del'])) {
				$id_ignored = abs(intval($_GET['del']));
				$ignor_r = mysql_query("SELECT `id` FROM `ignores` WHERE `id` = '$id_ignored' and `is_ignored_for` = '$u[id]'");
				if (mysql_num_rows($ignor_r)) {
					mysql_query("DELETE FROM `ignores` WHERE `id` = '$id_ignored'");
				}
				header('location: ?act=ignor');
				exit;
			}
		} else {
			echo 'Пусто.<br />';
		}
		nav('?');
	break;
		
	case 'set':
		if (isset($_GET['ok'])) {
			if ($_POST['onpage']) {
				$style = check($_POST['style']);
				$onpage = abs(intval($_POST['onpage']));
				mysql_query("UPDATE `users` SET `style` = '$style', `onpage` = '$onpage' WHERE `id` = '$u[id]'");
				header('location: ?act=set');
				exit;
			} else {
				error('Вы не заполнили поле.');
				nav('?act=set');
			}
		} else {
			tp('Настройки');
			echo '<form action="?act=set&amp;ok=1" method="post">
			Стиль по умочанию:<br /><select name="style">';
			$styles = glob('inc/styles/*', GLOB_ONLYDIR);
			foreach ($styles as $style) {
				$selected = ($u['style'] == basename($style)) ? ' selected="selected"' : '';
				echo '<option value="'.basename($style).'"'.$selected.'>'.basename($style).'</option>';
			} 
			echo '</select><br />
			Элементов на страницу(1-99):<br /><input name="onpage" type="text" maxlength="2" value="'.$u['onpage'].'" /><br />
			<input name="submit" type="submit" value="Ok" />
			</form>';
			nav('?');
		}
	break;

	case 'pass':
		if ($ok) {
			if ($_POST['newpass'] and $_POST['newpass_confirm'] and $_POST['oldpass']) {
				$newpass = check($_POST['newpass']);
				$newpass_confirm = check($_POST['newpass_confirm']);
				$oldpass = md5(md5(check($_POST['oldpass'])));
				if ($oldpass == $u['pass']) {
					if ($newpass == $newpass_confirm) {
						mysql_query("UPDATE `users` SET `pass` = '".md5(md5($newpass))."' WHERE `id` = '$u[id]'");
						$_SESSION['note2'] = 'Сохранено.';
					} else {
						$_SESSION['note2'] = 'Пароли не совпадают.';
					}
				} else {
					$_SESSION['note2'] = 'Неверный старый пароль.';
				}
			} else {
				$_SESSION['note2'] = 'Не заполнены поля.';
			}
			header('location: ?act=pass');
		} else {
			tp('Email и пароль');
			note();
			echo 'Изменение email:<form action="?act=email&amp;ok=1" method="post">
			E-mail(max50):<br /><input name="email" type="text" maxlength="50" value="'.$u['email'].'" /><br />
			Текущий пароль:<br /><input name="currentpass" type="password" maxlength="20" /><br />
			<input name="submit" type="submit" value="Ok" />
			</form>';
			
			echo '<hr />';
			if (isset($_SESSION['note2'])) {
				echo '<b>'.$_SESSION['note2'].'</b><br />';
				unset($_SESSION['note2']);
			}
			echo 'Изменение пароля:<form action="?act=pass&amp;ok=1" method="post">
			Новый пароль (max20):<br /><input name="newpass" type="password" maxlength="20" /><br />
			Подтвердите пароль:<br /><input name="newpass_confirm" type="password" maxlength="20" /><br />
			Старый пароль:<br /><input name="oldpass" type="password" maxlength="20" /><br />
			<input name="submit" type="submit" value="Ok" />
			</form>';
			nav('?');
		}
	break;
	
	case 'email':
		if ($_POST['email'] and $_POST['currentpass']) {
			$email = check($_POST['email']);
			if (preg_match('/[0-9a-z_\-]+@[0-9a-z_\-^\.]+\.[a-z]{2,6}/i', $email)) {
				$currentpass = md5(md5(check($_POST['currentpass'])));
				if ($currentpass == $u['pass']) {
					mysql_query("UPDATE `users` SET `email` = '$email' WHERE `id` = '$u[id]'");
					$_SESSION['note'] = 'Сохранено.';
				} else {
					$_SESSION['note'] = 'Введенный пароль и Ваш текущий не совпадают.';
				}
			} else {
				$_SESSION['note'] = 'Неверный формат Email. Пример: [email protected]';
			}
		} else {
			$_SESSION['note'] = 'Не заполнены поля.';
		}
		header('location: ?act=pass');
	break;

	case 'exit':
		mysql_query("DELETE FROM `online` WHERE `id_user` = '$u[id]'");
		setcookie('ulogin', '', time() - 86400*31);
		setcookie('upassword', '', time() - 86400*31);
		header('location: ./');
		exit;
	break;

}

require_once 'system/tail.php';
?>