View file main.php

File size: 23.58Kb
<?php
// by Mike O. (mides), coolcms.mobi

require_once 'system/sys.php';
require_once 'system/auth_u.php';
require_once 'system/header.php';

switch ($act) {
    default:
        if ($u['access'] > 0) { 
            tp('<b>'.$u['username'].'</b> ('.$u['name'].') [<a href="panel">+</a>]');
        } else {
            tp('Мое меню');
        }
        $pm_conv = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = '$u[id]'"), 0);
        echo '<a href="profile.php?id='.$u['id'].'">'.$lang['my_profile'].'</a> [<a href="?act=edit">'.$lang['edit'].'</a>]<br />
        <a href="profile.php?act=f_topics&amp;id='.$u['id'].'">'.$lang['my_topics'].'</a> | <a href="profile.php?act=f_posts&amp;id='.$u['id'].'">'.$lang['messages'].'</a><br />

        <a href="?act=pm">'.$lang['private_messages'].'</a> ('.$pm_conv.')<br />
        <a href="?act=send">'.$lang['send_a_pm'].'</a>';

        if ($u['karma'] > 0) {
            echo ', <a href="?act=karma">'.$lang['karma_acc'].'</a>';
        }
        echo '<br />
        <a href="?act=my_friends">'.$lang['my_friends'].'</a><br />
        <a href="?act=blacklist">'.$lang['blacklist'].'</a><br />
        <a href="?act=set">'.$lang['settings'].'</a><br />
        <a href="?act=pass">'.$lang['email_n_pass'].'</a><br />
        <a href="?act=signout">'.$lang['signout'].'</a><br />';
        nav_main();
    break;
    
    case 'blacklist':
        tp($lang['blacklist']);
        $total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `blacklist` WHERE `blacklisted_by` = '$u[id]'"), 0);
        if ($total > 0) {
            $pages = ceil($total / $config['onpage']);
            if ($page > $pages or $page == 0) {
                $page = 1;
            }
            $begin = ($page - 1) * $config['onpage'];

            $blacklist_r = mysql_query("SELECT * FROM `blacklist` WHERE `blacklisted_by` = '$u[id]' ORDER BY `id` DESC LIMIT $begin, $config[onpage]");
            while ($blacklist = mysql_fetch_assoc($blacklist_r)) {
                echo '<a href="profile.php?id='.$blacklist['id_user'].'">'.username($blacklist['id_user']).'</a> (<a href="?act=blacklist&amp;del='.$blacklist['id'].'">DEL</a>)<br />';
            }
            navig($page, '?act=blacklist&amp;', $pages);
            
            if (isset($_GET['del'])) {
                $id_blacklisted = abs(intval($_GET['del']));
                $blacklisted_r = mysql_query("SELECT `id` FROM `blacklist` WHERE `id` = '$id_blacklisted' and `blacklisted_by` = '$u[id]'");
                if (mysql_num_rows($blacklisted_r)) {
                    mysql_query("DELETE FROM `blacklist` WHERE `id` = '$id_blacklisted'");
                }
                redirect('?act=blacklist');
            }
        } else {
            echo $lang['no_one'].'<br />';
        }
        nav('?');
    break;
	
    case 'edit':
        if ($ok) {
            $icq = abs(intval($_POST['icq']));
            $skype = check($_POST['skype']);
            $name = check($_POST['name']);
            $gender = abs(intval($_POST['gender']));
            $from = check($_POST['from']);
            $birthday = check($_POST['birthday']);
            $site = check($_POST['site']);
            $about = check($_POST['about']);
            mysql_query("UPDATE `users` SET `icq` = '$icq', `skype` = '$skype', `name` = '$name', `gender` = '$gender', `from` = '$from', `birthday` = '$birthday', `site` = '$site', `about` = '$about' WHERE `id` = '$u[id]'");
            $_SESSION['note'] = $lang['all_changes_saved'];
            redirect('?act=edit');
        } else {
            tp($lang['edit_profile']);
            note();
            echo '<form action="?act=edit&amp;ok=1" method="post">
            ICQ(max9):<br /><input name="icq" type="text" maxlength="9" value="'.$u['icq'].'" /><br />
            Skype(max32):<br /><input name="skype" type="text" maxlength="32" value="'.$u['skype'].'" /><br />
            '.$lang['name'].'(max20):<br /><input name="name" type="text" maxlength="20" value="'.$u['name'].'" /><br />
            '.$lang['gender'].': ';
            switch ($u['gender']) {
                case '1': echo $lang['male_s'].'<input name="gender" type="radio" value="1" checked /> <input name="gender" type="radio" value="2" />'.$lang['female_s']; break;
                case '2': echo $lang['male_s'].'<input name="gender" type="radio" value="1" /> <input name="gender" type="radio" value="2" checked />'.$lang['female_s']; break;
                default: echo $lang['male_s'].'<input name="gender" type="radio" value="1" /> <input name="gender" type="radio" value="2" />'.$lang['female_s']; break;
            }
            echo '<br />
            '.$lang['from'].'(max25):<br /><input name="from" type="text" maxlength="25" value="'.$u['from'].'" /><br />
            '.$lang['birthday'].' ('.$lang['bd_format'].'):<br /><input name="birthday" type="text" maxlength="25" value="'.$u['birthday'].'" /><br />
            Wap-site(<del>http://</del>, max20):<br /><input name="site" type="text" maxlength="20" value="'.$u['site'].'" /><br />
            '.$lang['about_myself'].'(max250):<br /><textarea name="about" cols="" rows="3">'.$u['about'].'</textarea>
            <input name="submit" type="submit" value="Ok" />
            </form>';
            nav('?');
        }
    break; 

    case 'email':
        if ($_POST['email'] and $_POST['currentpass']) {
            $email = check($_POST['email']);
            if (preg_match('/[0-9a-z_\-]+@[0-9a-z_\-^\.]+\.[a-z]{2,6}/i', $email)) {
                $currentpass = md5(md5(check($_POST['currentpass'])));
                if ($currentpass == $u['pass']) {
					mysql_query("UPDATE `users` SET `email` = '$email' WHERE `id` = '$u[id]'");
                    $_SESSION['note'] = $lang['all_changes_saved'];
                } else {
                    $_SESSION['note'] = $lang['passwords_is_incorrect'];
                }
            } else {
                $_SESSION['note'] = $lang['your_email_is_incorrect'];
            }
        } else {
            $_SESSION['note'] = $lang['the_fields_cant_be_blank'];
        }
        redirect('?act=pass');
    break;

    case 'karma':
        if ($u['karma'] > 0) {
            if ($ok) {
                $_SESSION['username'] = $_POST['username'];
                $_SESSION['karma'] = $_POST['karma'];     
                if (!empty($_POST['username']) and !empty($_POST['karma'])) {
                    if (abs(intval($_POST['karma']))) {
                        $username = check($_POST['username']);
                        $karma = abs(intval($_POST['karma']));
                        $whom = id($username);                    
                        if ($whom > 0) {
                            if ($whom != $u['id']) {
                                if ($u['karma'] >= $karma) {
                                    mysql_query("UPDATE `users` SET `karma` = (`karma`-$karma) WHERE `id` = '$u[id]'");
                                    mysql_query("UPDATE `users` SET `karma` = (`karma`+$karma) WHERE `id` = '$whom'");

                                    $pm_r = mysql_query("SELECT `id` FROM `pm` WHERE `id_user` = '$whom' and `id_sender` = '$u[id]'");
                                    $pm = mysql_fetch_assoc($pm_r);
                                    if ($pm['id']) {
                                        $id_pm = $pm['id'];
                                        mysql_query("UPDATE `pm` SET `time` = '".TIME."' WHERE `id` = '$id_pm'");
                                    } else {
                                        mysql_query("INSERT INTO `pm` SET `id_user` = '$whom', `id_sender` = '$u[id]', `time` = '".TIME."'");
                                        $id_pm = mysql_insert_id();
                                    }
                                    $text = str_replace('%karma%', $karma, $lang['i_just_sent_you_some_karma']);                               
                                    mysql_query("INSERT INTO `pm_msg` SET `id_pm` = '$id_pm', `id_user` = '$whom', `id_sender` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
                                    $_SESSION['note'] = $lang['done'];
                                } else {
                                    $_SESSION['note'] = $lang['insufficient_karma'];
                                }
                            } else {
                                $_SESSION['note'] = '<img src="./inc/smiles/33.gif" alt=";/">';
                            }
                        } else {
                            $_SESSION['note'] = $lang['the_recipient_doesnt_exist'];
                        }
                    } else {
                        $_SESSION['note'] = $lang['above_zero_numbers_only'];
                    }
                } else {
                    $_SESSION['note'] = $lang['the_fields_cant_be_blank'];
                }
                redirect('?act=karma');
            } else {
                tp($lang['send_my_karma']);
                note();
                echo '<form action="?act=karma&amp;ok=1" method="post" name="form">
                '.$lang['username'].'(max12)<br /><input name="username" type="text" maxlength="12" /><br />
                Сколько?(max'.$u['karma'].')<br /><input name="karma" type="text" /><br />
                <input name="submit" type="submit" value="Okay" />
                </form>';
                nav('?');
            }
        } else {
            redirect('?');
        }
    break;
    
    case 'my_friends':
        tp($lang['my_friends']);
        $total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `my_friends` WHERE `is_friend_of` = '$u[id]'"), 0);
        if ($total > 0) {
            $pages = ceil($total / $config['onpage']);
            if ($page > $pages or $page == 0) {
                $page = 1;
            }
            $begin = ($page - 1) * $config['onpage'];

            $friend_r = mysql_query("SELECT * FROM `my_friends` WHERE `is_friend_of` = '$u[id]' ORDER BY `id` DESC LIMIT $begin, $config[onpage]");
            while ($friend = mysql_fetch_assoc($friend_r)) {
                echo '<a href="profile.php?id='.$friend['id_user'].'">'.username($friend['id_user']).'</a> (<a href="?act=send&amp;id='.$friend['id_user'].'">'.$lang['pm'].'</a>, <a href="?act=my_friends&amp;del='.$friend['id'].'">уд</a>)<br />';
            }
            navig($page, '?act=my_friend&amp;', $pages);
            if (isset($_GET['del'])) {
                $id_friend = abs(intval($_GET['del']));
                $friend_r  = mysql_query("SELECT `id` FROM `my_friends` WHERE `id` = '$id_friend' and `is_friend_of` = '$u[id]'");
                if (mysql_num_rows($friend_r)) {
                    mysql_query("DELETE FROM `my_friends` WHERE `id` = '$id_friend'");
                }
                redirect('?act=my_friends');
            }
        } else {
            echo 'Тут еще никого нет<br />';
        }
        nav('?');
    break;
	
    case 'pass':
        if ($ok) {
            if ($_POST['newpass'] and $_POST['newpass_confirm'] and $_POST['oldpass']) {
                $newpass = check($_POST['newpass']);
                $newpass_confirm = check($_POST['newpass_confirm']);
                $oldpass = md5(md5(check($_POST['oldpass'])));
                if ($oldpass == $u['password']) {
                    if ($newpass == $newpass_confirm) {
                        mysql_query("UPDATE `users` SET `password` = '".md5(md5($newpass))."' WHERE `id` = '$u[id]'");
                        $_SESSION['note2'] = $lang['all_changes_saved'];
                    } else {
                        $_SESSION['note2'] = $lang['passwords_dont_match'];
                    }
                } else {
                    $_SESSION['note2'] = $lang['old_pass_incorrect'];
                }
            } else {
                $_SESSION['note2'] = $lang['the_fields_cant_be_blank'];
            }
            header('location: ?act=pass');
        } else {
            tp($lang['email_n_pass']);
            note();
            echo '<i>'.$lang['changing_email'].'</i>:<form action="?act=email&amp;ok=1" method="post">
            E-mail(max50):<br /><input name="email" type="text" maxlength="50" value="'.$u['email'].'" /><br />
            '.$lang['current_pass'].':<br /><input name="currentpass" type="password" maxlength="20" /><br />
            <input name="submit" type="submit" value="Ok" />
            </form>';

            echo '<hr />';
            if (isset($_SESSION['note2'])) {
                echo '<b>'.$_SESSION['note2'].'</b><br />';
                unset($_SESSION['note2']);
            }
            echo '<i>'.$lang['changing_pass'].'</i>:<form action="?act=pass&amp;ok=1" method="post">
            '.$lang['new_password'].' (max20):<br /><input name="newpass" type="password" maxlength="20" /><br />
            '.$lang['retype_new_pass'].':<br /><input name="newpass_confirm" type="password" maxlength="20" /><br />
            '.$lang['old_pass'].':<br /><input name="oldpass" type="password" maxlength="20" /><br />
            <input name="submit" type="submit" value="Ok" />
            </form>';
            nav('?');
        }
    break;

    case 'pm':
        tp($lang['private_messages']);
        note();
        $total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = $u[id]"), 0);
        if ($total > 0) {
            $pages = ceil($total / $config['onpage']);
            if ($page > $pages or $page == 0) {
                    $page = 1;
            }
            $begin = ($page - 1) * $config['onpage'];

            $pm_r = mysql_query("SELECT * FROM `pm` WHERE `id_user` = '$u[id]' or `id_sender` = $u[id] ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
            while ($pm = mysql_fetch_assoc($pm_r)) {
                $pm_msg = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_pm` = '$pm[id]'"), 0);
                $pm['id_sender'] == $u['id'] ? $id_partner = $pm['id_user'] : $id_partner = $pm['id_sender'];
                echo '<a href="?act=pm_view&amp;id='.$pm['id'].'">'.login($id_partner).'</a> ('.$pm_msg.')<br />';
            }
            navig($page, '?act=pm&amp;', $pages);
        } else {
            echo $lang['nothing_yet'].'<br />';
        }
        nav('?');
    break;
	
    case 'pm_view':
        $pm_r = mysql_query("SELECT * FROM `pm` WHERE `id` = '$id'");
        $pm = mysql_fetch_assoc($pm_r);
        if ($pm['id'] and ($u['id'] == $pm['id_user'] OR $u['id'] == $pm['id_sender'] OR access(3)) ) {
            if ($pm['id_sender'] == $u['id']) {
                    $id_user = $pm['id_user'];
            } else {
                    $id_user = $pm['id_sender'];

            }

            $pm_unread_r = mysql_query("SELECT `id` FROM `pm_msg` WHERE `id_pm` = '$id' and `id_user` = '$u[id]' and `read` = 0 ORDER BY `time`");
            while ($pm_id = mysql_fetch_assoc($pm_unread_r)) {
                    mysql_query("UPDATE `pm_msg` SET `read` = 1 WHERE `id` = '$pm_id[id]'");
            }

            echo '<div class="title">'.$lang['conversation_with'].' <a href="profile.php?id='.$id_user.'">'.username($id_user).'</a> <a href="?act=pm_view&amp;id='.$id.'">upd</a>, <a href="?act=pm_empty&amp;id='.$id.'">очистить</a>, <a href="?act=pm_del&amp;id='.$id.'">del</a></div>
            <div class="main">
            <form action="?act=send&amp;id='.$id_user.'&amp;ok=1" method="post">
            <input name="username" type="hidden" value="'.justusername($id_user).'" />
            <textarea name="text" cols="" rows="3"></textarea>';
            echo '<input name="" type="submit" value="Ok">
            </form>
            </div>';
            $total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `pm_msg` WHERE `id_pm` = '$pm[id]'"), 0);
            $pages = ceil($total / $config['onpage']);
            if ($page > $pages or $page == 0) {
                    $page = 1;
            }
            $begin = ($page - 1) * $config['onpage'];

            navig($page, '?act=pm_view&amp;id='.$id.'&amp;', $pages);

            echo '</div><div class="list">';

            $msg_r = mysql_query("SELECT * FROM `pm_msg` WHERE `id_pm` = '$pm[id]' ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
            while ($msg = mysql_fetch_assoc($msg_r)) {
				if (!isset($num) ) $num = 1;  
				$num++;
				$row_class = (!($num % 2)) ? 'row1' : 'row2';	
				echo '<div class="'.$row_class.'">';
				$unread = '';
				if ($msg['read'] == 0) {
				   $unread = '<b>'.$lang['unread'].'</b>';
				}
				if ($msg['id_sender'] != $u['id']) {
						echo '<a href="profile.php?id='.$msg['id_sender'].'">'.username($msg['id_sender']).'</a>';
				} else {
						echo username($msg['id_sender']);
				}
				echo ' '.ccdate($msg['time'], $msg['id_sender']).' '.$unread.'<br />'.bb($msg['text']).'</div>';
            }
            navig($page, '?act=pm_view&amp;id='.$id.'&amp;', $pages);
            nav('?act=pm');
        } else {
            redirect('?');
        }
    break;
    
    case 'pm_empty':
        $pm_r = mysql_query("SELECT * FROM `pm` WHERE `id` = '$id'");
        $pm = mysql_fetch_assoc($pm_r);
        if ($pm['id'] and ($u['id'] == $pm['id_user'] or $u['id'] == $pm['id_sender']) ) {
            if ($ok) {
                mysql_query("DELETE FROM `pm_msg` WHERE `id_pm` = '$id'");
                redirect('?act=pm_view&id='.$id);
            } else {
                tp($lang['Confirm']);
                echo '<form action="?act=pm_empty&amp;id='.$id.'&amp;ok=1" method="post">
                <input name="" type="submit" value="Да, очистить">
                </form>';
                nav('?act=pm_view&amp;id='.$id);            
            }
        } else {
            redirect('?');
        }
    break;
    
    case 'pm_del':
        $pm_r = mysql_query("SELECT * FROM `pm` WHERE `id` = '$id'");
        $pm = mysql_fetch_assoc($pm_r);
        if ($pm['id'] and ($u['id'] == $pm['id_user'] or $u['id'] == $pm['id_sender']) ) {
            if ($ok) {
                mysql_query("DELETE FROM `pm_msg` WHERE `id_pm` = '$id'");
                mysql_query("DELETE FROM `pm` WHERE `id` = '$id'");
                $_SESSION['note'] = 'Диалог удален';
                redirect('?act=pm');
            } else {
                tp($lang['Confirm']);
                echo '<form action="?act=pm_del&amp;id='.$id.'&amp;ok=1" method="post">
                <input name="" type="submit" value="Да, удалить">
                </form>';
                nav('?act=pm_view&amp;id='.$id);            
            }
        } else {
            redirect('?');
        }
    break;
		
    case 'send':
        if ($ok) {
            $_SESSION['username'] = $_POST['username'];
            $_SESSION['text'] = $_POST['text'];     
            if ($_POST['username'] and $_POST['text']) {
                $id_user = id(check($_POST['username']));
                $text = check($_POST['text']);
                if ($id_user > 0) {
                    if ($u['id'] != $id_user) {
						$blacklist_r = mysql_query("SELECT `id` FROM `blacklist` WHERE `id_user` = '$u[id]' and `blacklisted_by` = '$id_user'");
						if (!mysql_num_rows($blacklist_r) OR access(1) ) {
							$pm_r = mysql_query("SELECT `id` FROM `pm` WHERE (`id_user` = '$id_user' and `id_sender` = '$u[id]') OR (`id_user` = '$u[id]' and `id_sender` = '$id_user')");
							$pm = mysql_fetch_assoc($pm_r);
							if ($pm['id']) {
								$id_pm = $pm['id'];
								mysql_query("UPDATE `pm` SET `time` = '".TIME."' WHERE `id` = '$id_pm'");
							} else {
								mysql_query("INSERT INTO `pm` SET `id_user` = '$id_user', `id_sender` = '$u[id]', `time` = '".TIME."'");
								$id_pm = mysql_insert_id();
							}
							mysql_query("INSERT INTO `pm_msg` SET `id_pm` = '$id_pm', `id_user` = '$id_user', `id_sender` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
							session_destroy();
							redirect('?act=pm_view&id='.$id_pm);
						} else {
							$_SESSION['note'] = 'Вы в черном списке у адресата';
							redirect('?act=send');
						}
                    } else {
                        $_SESSION['note'] = $lang['you_cant_text_yourself'];
                        redirect('?act=send');
                    }
                } else {
                    $_SESSION['note'] = $lang['the_recipient_doesnt_exist'];                
                    redirect('?act=send');
                }
            } else {
                $_SESSION['note'] = $lang['the_fields_cant_be_blank'];
                redirect('?act=send');
            }
        } else {
            $ses_username = !empty($_SESSION['username']) ? $_SESSION['username'] : '';
            $ses_text = !empty($_SESSION['text']) ? $_SESSION['text'] : '';
            $username = !empty($id) ? justusername($id) : $ses_username;
            tp($lang['send_a_pm']);
            note();
            echo '<form action="?act=send&amp;ok=1" method="post" name="form">
            '.$lang['username'].'(max12):<br /><input name="username" type="text" value="'.$username.'" maxlength="12" /><br />
            '.$lang['message'].'(max250):<br /><textarea name="text" cols="" rows="4">'.$ses_text.'</textarea><br />
            <input name="submit" type="submit" value="Ok" />
            </form>';
        }
        nav('?');
    break;
    
    case 'set':
        if ($ok) {
            if ($_POST['onpage']) {
                $style = check($_POST['style']);
                $language = check($_POST['language']);
                $onpage = abs(intval($_POST['onpage']));
                mysql_query("UPDATE `users` SET `style` = '$style', `language` = '$language', `onpage` = '$onpage' WHERE `id` = '$u[id]'") or die(mysql_error());
                redirect('?act=set');
            } else {
                $_SESSION['note'] = $lang['the_fields_cant_be_blank'];
                redirect('?act=set');
            }
        } else {
            tp($lang['settings']);
            echo '<form action="?act=set&amp;ok=1" method="post">
            '.$lang['default_style'].':<br /><select name="style">';
            $styles = glob('inc/styles/*', GLOB_ONLYDIR);
            foreach ($styles as $style) {
                $selected = ($u['style'] == basename($style)) ? ' selected="selected"' : '';
                echo '<option value="'.basename($style).'"'.$selected.'>'.basename($style).'</option>';
            } 
            echo '</select><br />
                
            '.$lang['default_lang'].':<br /><select name="language">';
            $languages = glob('language/*.php');
            foreach ($languages as $language) {
                $lang_rename = str_replace('.php', '', basename($language));
                $selected = ($u['language'] == $lang_rename) ? ' selected="selected"' : '';
                echo '<option value="'.$lang_rename.'"'.$selected.'>'.$lang_rename.'</option>';
            } 
            echo '</select><br />
            '.$lang['elements_per_page'].'(1-99):<br /><input name="onpage" type="text" maxlength="2" value="'.$u['onpage'].'" /><br />
            <input name="submit" type="submit" value="Ok" />
            </form>';
            nav('?');
        }
    break;
    
    case 'signout':
        mysql_query("DELETE FROM `online` WHERE `id_user` = '$u[id]'");
        setcookie('cusername', '', time() - 86400*31);
        setcookie('cpassword', '', time() - 86400*31);
        redirect('./');
    break;

}

require_once 'system/tail.php';
?>