<?php
include'inc/conf.php';
session_start();
$sql = mysql_query("SELECT * FROM `users` WHERE `id` = '".$_SESSION['id']."' ");
$row = mysql_fetch_array($sql);
$pass = mysql_real_escape_string(htmlspecialchars(stripslashes($_SESSION['pass'])));
$id = mysql_real_escape_string(htmlspecialchars(stripslashes($_SESSION['id'])));
$get= mysql_real_escape_string(htmlspecialchars(stripslashes($_GET['go'])));
$ids = mysql_real_escape_string(htmlspecialchars(stripslashes(intval($_GET['id']))));
if ($id == $row['id'] and md5($pass)==$row['pass']){
////////////////////////////////////////////////////////////////
if(empty($get)){
$title='Почта';
include'inc/up.php';
$er=htmlspecialchars(stripslashes($_GET['er']));
if($er=='big'){ echo'<div class="error">Сообщение слишком большое. Максимум 255 символов.</div>'; }
if($er=='small'){ echo'<div class="error">Сообщение слишком короткое. Минимум 2 символа.</div>'; }
echo'<div class="rek">Все | <a href="mail.php?go=in">Входящие</a> | <a href="mail.php?go=out">Отправленные</a></div>';
$sql2 = mysql_query("SELECT * FROM `mail` WHERE `id_pol` = '".$id."'AND `id_user2` = '".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");
$sql1 = mysql_query("SELECT * FROM `mail` WHERE `id_pol` = '".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");
$all=mysql_num_rows($sql2);
$cou = mysql_fetch_array($sql1);
if($cou['id_pol']==$id){
$sql=mysql_query("UPDATE `mail` SET `status`='0' WHERE `id_pol` = '".$id."'") or die("Ошибка запроса!");
}
if($all == 0)
{
echo'<div class="opis">Почта пуста.</div>';
}
while($mail = mysql_fetch_array($sql2)){
$sql3 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$mail['id_otp']."'");
$user = mysql_fetch_array($sql3);
///NAVIGATION////////
/*
$quantity=1;
$limit=3;
if(!is_numeric($page)) $page=1;
if ($page<1) $page=1;
$result2 = mysql_query("SELECT * FROM `mail` WHERE `id_otp` = '".$id."' OR `id_pol` = '".$id."' ORDER BY `time` DESC");
$num = mysql_num_rows($result2);
$pages = $num/$quantity;
$pages = ceil($pages);
$pages++;
if ($page>$pages) $page = 1;
if (!isset($list)) $list=0;
$list=--$page*$quantity;
*/
$date=date("d.m",$mail['time']);
echo'<div class="post"><img class="ico" src="img/pics/mail.png" alt=""><a href="info.php?ids='.$user['id'].'"><strong>'.$user['login'].'</strong></a> ('.$date.'): ';
echo''.$mail['msg'].'';
echo'<br/>';
//if($mail['id_otp']!=$_SESSION['id'])
echo'<a href="mail.php?go=re&ids='.$user['id'].'">Ответить</a>';
if($mail['id_pol']==$_SESSION['id']) {
echo' | <a href="mail.php?go=del&ids='.$mail['id'].'">Удалить</a>
';
} echo'</div>';
}
echo'
<div class="under">
<img src="img/pics/mail.png" alt=""> <a href="mail.php?go=new">Написать</a>
</div>
';
}
if($get=='in'){
$title='Почта - Входящие';
include'inc/up.php';
$sql1 = mysql_query("SELECT * FROM `mail` WHERE `id_pol` = '".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");
$cou = mysql_fetch_array($sql1);
if($cou['id_pol']==$id){
$sql=mysql_query("UPDATE `mail` SET `status`='0' WHERE `id_pol` = '".$id."'") or die("Ошибка запроса!");
}
echo'<div class="rek"><a href="mail.php">Все</a> | Входящие | <a href="mail.php?go=out">Отправленные</a></div>';
$sql2 = mysql_query("SELECT * FROM `mail` WHERE `id_pol` = '".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");
$all=mysql_num_rows($sql2);
if($all == 0)
{
echo'<div class="opis">Почта пуста.</div>';
}
while($mail = mysql_fetch_array($sql2)){
$sql3 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$mail['id_otp']."'");
$user = mysql_fetch_array($sql3);
///NAVIGATION////////
/*
$quantity=1;
$limit=3;
if(!is_numeric($page)) $page=1;
if ($page<1) $page=1;
$result2 = mysql_query("SELECT * FROM `mail` WHERE `id_otp` = '".$id."' OR `id_pol` = '".$id."' ORDER BY `time` DESC");
$num = mysql_num_rows($result2);
$pages = $num/$quantity;
$pages = ceil($pages);
$pages++;
if ($page>$pages) $page = 1;
if (!isset($list)) $list=0;
$list=--$page*$quantity;
*/
echo'<div class="post"><img class="ico" src="img/pics/mail.png" alt=""><a href="info.php?ids='.$user['id'].'"><strong>'.$user['login'].'</strong></a>: ';
echo''.$mail['msg'].'';
echo'<br/>';
//if($mail['id_otp']!=$_SESSION['id'])
echo'<a href="mail.php?go=re&ids='.$user['id'].'">Ответить</a>';
if($mail['id_pol']==$_SESSION['id']) {
echo' | <a href="mail.php?go=del&ids='.$mail['id'].'">Удалить</a>
';} echo'</div>';
}
}
if($get=='out'){
$title='Почта - Отправленные';
include'inc/up.php';
echo'<div class="rek"><a href="mail.php">Все</a> | <a href="mail.php?go=in">Входящие</a> | Отправленные</div>';
$sql2 = mysql_query("SELECT * FROM `mail` WHERE `id_otp` = '".$id."' AND `id_user`='".$id."' ORDER BY `time` DESC") or die("Ошибка запроса!");
$all=mysql_num_rows($sql2);
if($all == 0)
{
echo'<div class="opis">Почта пуста.</div>';
}
while($mail = mysql_fetch_array($sql2)){
$sql3 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$mail['id_otp']."'");
$user = mysql_fetch_array($sql3);
$sql_user = mysql_query("SELECT * FROM `users` WHERE `id` = '".$mail['id_pol']."'");
$poz = mysql_fetch_array($sql_user);
///NAVIGATION////////
/*
$quantity=1;
$limit=3;
if(!is_numeric($page)) $page=1;
if ($page<1) $page=1;
$result2 = mysql_query("SELECT * FROM `mail` WHERE `id_otp` = '".$id."' OR `id_pol` = '".$id."' ORDER BY `time` DESC");
$num = mysql_num_rows($result2);
$pages = $num/$quantity;
$pages = ceil($pages);
$pages++;
if ($page>$pages) $page = 1;
if (!isset($list)) $list=0;
$list=--$page*$quantity;
*/
echo'<div class="post"><img class="ico" src="img/pics/mail.png" alt=""><strong>Вы</strong> -> <a href="info.php?ids='.$user['id'].'"><strong>'.$poz['login'].'</strong></a>:<br/> ';
echo''.$mail['msg'].'';
echo'<br/>';
//if($mail['id_otp']!=$_SESSION['id'])
echo'<a href="mail.php?go=re&ids='.$user['id'].'">Ответить</a>';
if($mail['id_pol']==$_SESSION['id']) {
echo' | <a href="mail.php?go=del&ids='.$mail['id'].'">Удалить</a>
'; } echo'</div>';
}
}
$ids = abs(intval($_GET['ids']));
if($get=='msg' and !empty($ids)){
if(isset($_GET['ids']))
{
$ids = abs(intval($_GET['ids']));
}
else
{
$title='Почта';
include'inc/up.php';
echo '<div class="opis">Даанный игрок не существует.</div>';
include'inc/foot.php'; exit;
}
$id = htmlspecialchars(stripslashes($_GET['id']));
$sql2 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$id."' ");
$user = mysql_fetch_array($sql2);
$title='Почта для '.$user['login'].'';
include'inc/up.php';
echo'
<div class="opis">
<form method="POST" action="mail.php?go=go&ids='.$id.'">
Сообщение:<br/>
<textarea name="text" rows="3"></textarea>
<br/>
<input type="submit" value="отправить"></form>
</div>
'; }
$ids = htmlspecialchars(stripslashes($_GET['ids']));
if($get=='re' and !empty($ids)){
$ids2 = mysql_real_escape_string(htmlspecialchars(stripslashes(intval($_GET['ids']))));
$id = mysql_real_escape_string(htmlspecialchars(stripslashes(intval($_GET['id']))));
$sql2 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$ids."' ");
$user = mysql_fetch_array($sql2);
$title='Ответ для '.$user['login'].'';
include'inc/up.php';
echo'
<div class="opis">
<form method="POST" action="mail.php?go=go&ids='.$ids2.'">
Сообщение:<br/>
<textarea name="text" rows="3"></textarea>
<br/>
<input type="submit" value="отправить"></form>
</div>
<div class="rek">
<a href="mail.php">Назад
</div>
'; }
if($get=='new'){
$title='Написать письмо';
include'inc/up.php';
echo'<form method="POST" action="mail.php?go=new_go">
<div class="opis">Для кого (ник):<br/>
<input type="text" name="name">
<br/>
Сообщение:<br/>
<textarea name="text" rows="3"></textarea>
<br/>
<input type="submit" value="отправить"></form>
</div>
<div class="rek">
<a href="mail.php">Назад
</div>
'; }
$ids = htmlspecialchars(stripslashes($_GET['ids']));
if($get=='go'){
$ids2 = mysql_real_escape_string(htmlspecialchars(intval(stripslashes($_GET['ids']))));
$msg = strip_tags(mysql_real_escape_string(htmlspecialchars(stripslashes($_POST['text']))));
$sql2 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$id."' ");
$user = mysql_fetch_array($sql2);
if (strlen($msg)>=255) { header("Location: mail.php?er=big"); exit; }
if (strlen($msg)<=2) { header("Location: mail.php?er=small"); exit; }
$msg=str_replace('|','',$msg);
$msg=str_replace('%','',$msg);
$msg=str_replace('*','',$msg);
$msg=str_replace('TABLE','',$msg);
$msg=str_replace('~','',$msg);
$msg=str_replace('}','',$msg);
$msg=str_replace('^','',$msg);
$msg=str_replace('FILE','',$msg);
$msg=str_replace('closed','',$msg);
$msg=str_replace('inc/','',$msg);
$msg=str_replace('.php','',$msg);
$sql2 = mysql_query("SELECT * FROM `users` WHERE `id` = '".$ids."' ");
$use = mysql_fetch_array($sql2);
$title='Ответ для '.$use['login'].'';
include_once'inc/up.php';
$time=time();
$sql=mysql_query("INSERT INTO `mail` SET `id_otp`='".$_SESSION['id']."', `id_pol`='".$ids2."',`time`='".$time."', `type`='msg', `msg`='".$msg."',`status`='1', `id_user`='".$_SESSION['id']."',`id_user2`='".$ids2."'");
if($sql){
echo'<div class="opis">Ваше сообщение отправленно '.$use['login'].'<br/>
<a href="mail.php">Продолжить</a>
</div>';
}else{
echo'<div class="opis">Сообщение не отправленно...<br/>
<a href="mail.php">Продолжить</a>
</div>';
}
}
if($get=='new_go'){
$nick=htmlspecialchars(stripslashes($_POST['name']));
$c_sql = mysql_query("SELECT * FROM `users` WHERE `login`='".$nick."'");
$user_s=mysql_num_rows($c_sql);
if($user_s==0){
$title='Почта';
include'inc/up.php';
echo '<div class="opis">Игрок <strong>'.$nick.'</strong> не существует.<br/>
<a href="mail.php?go=new">Написать еще раз</a>
</div>';
include'inc/foot.php'; exit;
}
///СТАНДАРТ ОТПРАВКА
$sql4 = mysql_query("SELECT * FROM `users` WHERE `login` = '".$nick."' ");
$users = mysql_fetch_array($sql4);
$msg = strip_tags(mysql_real_escape_string(htmlspecialchars(stripslashes($_POST['text']))));
if (strlen($msg)>=255) { header("Location: mail.php?er=big"); exit; }
if (strlen($msg)<=2) { header("Location: mail.php?er=small"); exit; }
$msg=str_replace('|','',$msg);
$msg=str_replace('%','',$msg);
$msg=str_replace('*','',$msg);
$msg=str_replace('TABLE','',$msg);
$msg=str_replace('~','',$msg);
$msg=str_replace('}','',$msg);
$msg=str_replace('^','',$msg);
$msg=str_replace('FILE','',$msg);
$msg=str_replace('closed','',$msg);
$msg=str_replace('inc/','',$msg);
$msg=str_replace('.php','',$msg);
$title='Почта для '.$users['login'].'';
include'inc/up.php';
$time=time();
$sql=mysql_query("INSERT INTO `mail` SET `id_otp`='".$_SESSION['id']."', `id_pol`='".$users['id']."',`time`='".$time."', `type`='msg', `msg`='".$msg."',`status`='1', `id_user`='".$_SESSION['id']."'");
if($sql){
echo'<div class="opis">Ваше сообщение отправленно '.$users['login'].'<br/>
<a href="mail.php">Продолжить</a>
</div>';
}
}
if($get=='del'){
$ids=mysql_real_escape_string(htmlspecialchars(stripslashes($_GET['ids'])));
$c_sql = mysql_query("SELECT * FROM `mail` WHERE `id`='".$ids."'");
$user_s=mysql_num_rows($c_sql);
if($user_s==0 ){
$title='Почта - удаление';
include'inc/up.php';
echo '<div class="opis">Ошибка.<br/>
<a href="mail.php">Назад</a>
</div>';
include'inc/foot.php'; exit;
}
$sql2 = mysql_query("SELECT * FROM `mail` WHERE `id` = '".$ids."' ORDER BY `time` DESC") or die("Ошибка запроса!");
$mail=mysql_fetch_array($sql2);
if($mail['id_pol']!=$_SESSION['id']){
$title='Почта - удаление';
include'inc/up.php';
echo '<div class="opis">Ошибка.<br/>
<a href="mail.php">Назад</a>
</div>';
include'inc/foot.php'; exit;
}
$sql = mysql_query("DELETE FROM `mail` WHERE `id` = '".$ids."'") or die("Ошибка запроса!");
if($sql){
$title='Почта - удаление';
include'inc/up.php';
echo '<div class="opis">Сообщение удаленно<br/>
<a href="mail.php">Назад</a>
</div>';
include'inc/foot.php'; exit;
}}
}
include'inc/foot.php';
?>