File size: 5.1Kb
<?php
require_once('system/config.php');
require_once('system/functions.php');
if ( ! $is_logged ) {
header('location: ' . $config['site']['home'] .'auth.php', true, 302);
}
$action = ! empty($_GET['action']) ? $_GET['action'] : '';
switch($action) {
default:
echo head();
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `mail_for` = '" . mysql_real_escape_string($user_data['login']) . "' "), 0);
if ( $all < 1 ) {
echo '<div class="menu">
» Входящих писем пока нет.<br />
» <a href="' . $_SERVER['PHP_SELF'] . '?action=write">Написать письмо</a></div>';
} else {
$pages = ceil($all / $config['site']['onpage']);
if ($p > $pages) $p = $pages;
if ($p < 1) $p = 1;
$start = ($p - 1) * $config['site']['onpage'];
$q = mysql_query("SELECT * FROM `mail` WHERE `mail_for` = '" . mysql_real_escape_string($user_data['login']) . "' ORDER BY `id` DESC LIMIT $start, " . intval($config['site']['onpage']) . " ");
// Пометка Новое
$new = '';
while( $mail = mysql_fetch_assoc($q) ) {
if ( $mail['status'] == 1 ) {
$new = '<font color="#ff0000"><b>[New]</b></font>';
}
echo '<div class="menu">
' . $new . ' <a href="' . $config['site']['home'] . 'users.php?action=info&id=' . $mail['uid'] . '"><b>' . htmlentities($mail['mail_from']) . '</b></a> [' . date('d.m.y в H:i', $mail['time']) . ']<br />';
echo mb_substr($mail['mess'], 0, 5);
echo '...<br />
Панель: <a href="' . $_SERVER['PHP_SELF'] . '?action=read&id=' . $mail['id'] . '">чит.</a> | <a href="' . $_SERVER['PHP_SELF'] . '?action=delete&id=' . $mail['id'] . '">уд.</a> | <a href="' . $_SERVER['PHP_SELF'] . '?action=write">нап.</a></div>';
}
echo navigation($p, $pages, $_SERVER['PHP_SELF'] . '?');
echo '<div class="rekl">Всего сообщении: <b>' . $all . '</b></div>';
}
echo foot();
break;
case 'read':
echo head();
$q = mysql_query("SELECT * FROM `mail` WHERE `mail_for` = '" . mysql_real_escape_string($user_data['login']) . "' AND `id` = '" . $id . "' ");
if ( mysql_num_rows($q) < 1 ) {
echo '<div class="menu">Сообщение не найдено.</div>';
} else {
$message = mysql_fetch_assoc($q);
if ( $message['status'] == 1 ) {
mysql_query("UPDATE `mail` SET `status` = '2' WHERE `id` = '" . $id . "' ");
}
echo '<div class="menu">
<a href="' . $config['site']['home'] . 'users.php?action=info&id=' . $message['uid'] . '"><b>' . htmlentities($message['mail_from']) . '</b></a> [' . date('d.m.y в H:i', $message['time']) . ']<br />
' . htmlentities($message['mess']) . '<br />
Панель: <a href="' . $_SERVER['PHP_SELF'] . '?action=write">нап.</a> | <a href="' . $_SERVER['PHP_SELF'] . '?action=delete&id=' . $message['id'] . '">удл.</a> </div>';
}
echo foot();
break;
case 'write':
$errors = array();
echo head();
if ( isset($_POST['action'])) {
if ( isset($_SESSION['mail_timeout']) && ($_SESSION['mail_timeout'] + 60 > $_SERVER['REQUEST_TIME']) ) {
$errors[] = 'Сообщения отправляются раз в минуту';
}
if ( empty($_POST['message']) ) {
$errors[] = 'Введите сообщение';
} else {
$message = $_POST['message'];
}
if ( empty($_POST['login']) || $_POST['login'] == $user_data['login'] ) {
$errors[] = 'Введите адресата и не пишите себе';
} else {
$q = mysql_query("SELECT * FROM `users` WHERE `login` = '" . mysql_real_escape_string($_POST['login']) . "'");
if ( mysql_num_rows($q) < 1) {
$errors[] = 'Пользователь не найден';
}
}
if ( empty($errors) ) {
$_SESSION['mail_timeout'] = $_SERVER['REQUEST_TIME'];
mysql_query("INSERT INTO `mail` SET
`mail_from` = '" . $user_data['login'] . "',
`uid` = '" . $user_data['user_id'] . "',
`mail_for` = '" . mysql_real_escape_string($_POST['login']) . "',
`mess` = '" . mysql_real_escape_string($message) . "',
`time` = '" . $_SERVER['REQUEST_TIME'] . "',
`status` = '1' ");
echo '<div class="menu">Сообщение успешно отправленно.</div>';
} else {
echo '<div>' . implode($errors, '<br />') . '</div>';
}
}
echo '<div class="menu">
Список <a href="' . $config['site']['home'] . 'users.php">пользователей.</a><br />
<form action="' . $_SERVER['PHP_SELF'] . '?action=write" method="post" />
Кому:<br />
<input type="text" name="login" class="input" /><br />
Сообщение:<br />
<input type="text" name="message" class="input" /><br />
<input type="submit" name="action" value="Отправить" class="submit" />
</form>
</div>';
echo foot();
break;
case 'delete':
echo head();
if ( $id > 0 ) {
$q = mysql_query("SELECT * FROM `mail` WHERE `mail_for` = '" . mysql_real_escape_string($user_data['login']) . "' AND `id` = '" . $id . "' ");
if ( mysql_num_rows($q) < 1 ) {
echo '<div class="menu">Сообщение не найдено.</div>';
} else {
mysql_query("DELETE FROM `mail` WHERE `id` = '" . $id . "' ");
echo '<div class="menu">Сообщение успешно удалено.</div>';
}
}
echo foot();
break;
}