'.$textl.'';
if ($id)
$user = $id;
else
$user = $_POST['user'];
$check = mysql_query("SELECT * FROM `users` WHERE (name='".htmlspecialchars($user)."' OR id='".intval($user)."')");
if ($ban['1'] || $ban['3']) {
echo functions::display_error('' . $lng['net_pis'] . ' ');
echo '';
require_once($rootpath.'incfiles/end.php');
exit;
}
$ignor = mysql_result(mysql_query("SELECT COUNT(*) FROM `ignor` WHERE user_ignor='$user_id' AND user='$id'"), 0);
if ($ignor) {
echo functions::display_error('' . $lng['spisok'] . '');
echo '';
require_once($rootpath.'incfiles/end.php');
exit;
}
$user = mysql_fetch_array($check);
if (isset($_POST['submit'])) {
$msg = mb_substr(trim($_POST['text']), 0, 5000);
$error = array();
if (!mysql_num_rows($check))
$error[] = '' . $lng['net_im'] . '';
if ($user_id == $user['id'])
$error[] .= '' . $lng['sebe'] . '';
// Проверяем, не повторяется ли сообщение?
$req = mysql_query("SELECT * FROM `mail` WHERE cont='$user_id' ORDER BY `time` DESC");
if (mysql_num_rows($req)) {
$res = mysql_fetch_array($req);
if ($msg == $res['text'])
$error[] .= '' . $lng['povt'] . '';
}
// Проверка на флуд
$flood = functions::antiflood();
if ($flood)
$error[] .= '' . $lng['flud'] . ' :' . $flood . '' . $lng['sek'] . ' ';
if (empty($msg))
$error[] .= '' . $lng['pol'] . '';
if ($foruser == 4)
$error[] .= '' . $lng['sist'] . '';
if ($error)
echo functions::display_error($error);
if (!$error) {
$cont_check = mysql_result(mysql_query("SELECT COUNT(*) FROM `mail_conts` WHERE user='$user_id' AND cont='$user[id]' OR user='$user[id]' AND cont='$user_id'"), 0);
if ($cont_check < 2) {
mysql_query("DELETE FROM `mail_conts` WHERE user='$user_id' AND cont='$user[id]'");
mysql_query("DELETE FROM `mail_conts` WHERE user='$user[id]' AND cont='$user_id'");
mysql_query("INSERT INTO `mail_conts` SET user='$user_id', cont='$user[id]', user_name='$login', cont_name='$user[name]', time='$realtime'");
mysql_query("INSERT INTO `mail_conts` SET user='$user[id]', cont='$user_id', user_name='$user[name]', cont_name='$login', time='$realtime'");
}
if (!$error) {
//Выгружаем файл
require_once ($rootpath.'incfiles/lib/class.upload.php');
$handle = new upload($_FILES['fail']);
$name_en = '';
$name_convert = '';
if ($handle->uploaded) {
$handle->file_max_size = 1024 * $set['flsz'];
$handle->no_script = false;
$handle->file_auto_rename = true;
$handle->process($rootpath.'files/mail/');
if ($handle->processed) {
$name_en = $handle->file_dst_name;
$ok_file = '';
$name_convert = $name_en;
} else {
$err_file = $handle->error;
}
}
}
$cont = mysql_fetch_array(mysql_query("SELECT * FROM `mail_conts` WHERE user='$user_id' AND cont='$user[id]'"));
$one = 1;
mysql_query("UPDATE `mail_conts` SET time='$realtime', `read`=(`read`+1) WHERE cont='$user[id]' AND user='$user_id'");
mysql_query("UPDATE `mail_conts` SET `time`='$realtime', `read`=(`read`+1) WHERE cont='$user_id' AND user='$user[id]'");
mysql_query("INSERT INTO `mail` SET user='$user[id]', text='" . mysql_real_escape_string($msg) . "',
`file`='" . mysql_real_escape_string($name_convert) . "',
time='$realtime', cont='$user_id', type='in'");
mysql_query("INSERT INTO `mail` SET user='$user[id]', text='" . mysql_real_escape_string($msg) . "', time='$realtime', cont='$user_id', type='out'");
mysql_query("UPDATE `users` SET `lastpost` = '$realtime' WHERE `id` = '$user_id'");
if($err_file) {
echo '';
}
if($ok_file) {
echo $ok_file;
}
header ('Location: ?act=read&id='.$cont['id'].'');
}
}
echo '';
echo '';
?>