<?php
require('inc/db.php');
require('inc/config.php');
require('inc/utils.php');
require('inc/auth.php');
$title = 'Hộp Thư - '.$copyright;
require('inc/head.php');
$login = $user['login'].'.'.$user['domain'];
$msg = check(trim($_POST['msg']));
$foruser = check(trim($_POST['foruser']));
$tem = check(trim($_POST['tem']));
$idm = intval($_POST['idm']);
$act = isset ($_GET['act']) ? $_GET['act'] : '';
switch ($act) {
case 'send' :
if(!empty($foruser) && !empty($msg)){
$forusers = explode(".", $foruser);
$m = mysql_query('SELECT * FROM `users` WHERE login="' . $forusers[0] . '" AND domain="'.$forusers[1].'.'.$forusers[2].'"');
$count = mysql_num_rows($m);
if ($count == 1) {
$messag = mysql_query('SELECT * FROM `users` WHERE login="' . $forusers[0] . '" AND domain="'.$forusers[1].'.'.$forusers[2].'"');
$us = mysql_fetch_array($messag);
$adres = $us['id'];
mysql_query("insert into `privat` values(0,'" . $foruser . "','" . $msg . "','" . $realtime . "','" . $login . "','in','no','" . $tem . "','0','','','');");
mysql_query("insert into `privat` values(0,'".$foruser."','".$msg."','".$realtime."','".$login."','out','no','".$tem."','0','','','');");
if(!empty ($idm)) {
mysql_query('UPDATE `privat` SET otvet="1" WHERE id="'.$idm.'";');
}
echo '<div class="a"><p>Gửi thư thành công!</p></div>';
}
}
break;
case 'write' :
if (!empty ($_GET['adr'])) {
$messages = mysql_query('SELECT * FROM `users` WHERE id="' . intval($_GET['adr']) . '"');
$user = mysql_fetch_array($messages);
$adresat = $user['login'].'.'.$user['domain'];
$tema = "Chào, $adresat!";
}else{
$tema = "Chào!";
}
if (!empty ($_GET['id'])) {
$id = intval($_GET['id']);
$messages2 = mysql_query('SELECT * FROM `privat` WHERE id="' . $id . '"');
$tm = mysql_fetch_array($messages2);
$thm = $tm['temka'];
if (stristr($thm, "Re:")) {
$thm = str_replace("Re:", "", $thm);
$tema = "Re[1]: $thm";
}
elseif (stristr($thm, "Re[")) {
$t1 = str_replace("Re[", "", $thm);
$t1 = strtok($t1, "]");
$t1 = $t1 + 1;
$o = explode(" ", $thm);
$thm = str_replace("$o[0]", "", $thm);
$tema = "Re[$t1]:$thm";
}
else {
$tema = "Re: $thm";
}
}
echo '<div class="a"><form action="pradd.php?'.strToHex('act=send').'" method="post" enctype="multipart/form-data">Tới: ';
if (!empty ($_GET['adr'])) {
echo '[<b>'.$adresat.'</b>]<br/>';
echo '<input type="hidden" name="foruser" value="'.$adresat. '"/>';
}
else {
echo '<br/><input type="text" name="foruser"/>';
}
echo ' <br/>Tiêu đề:<br/><input type="text" name="tem" value="' . $tema .
'"/><br/> Nội dung:<br/><textarea rows="5" name="msg"></textarea><br/><input type="hidden" name="idm" value="' . $id . '"/><input type="submit" value="Gửi"/></form></div>';
break;
case 'delch' :
if (isset ($_GET['yes'])) {
$dc = $_SESSION['dc'];
$prd = $_SESSION['prd'];
foreach ($dc as $delid) {
mysql_query("DELETE FROM `privat` WHERE (`user` = '$login' OR `author` = '$login') AND `id`='" . intval($delid) . "'");
}
echo '<div class="a">Đã xóa thành công!<br/><a href="'.$prd.'">Quay lại</a></div>';
}
else {
if (empty ($_POST['delch'])) {
echo '<div class="a">Chưa chọn thư muốn xóa!<br/><a href="pradd.php?'.strToHex('act=in').'">Quay lại</a></div>';
require_once ("inc/foot.php");
exit;
}
foreach ($_POST['delch'] as $v) {
$dc[] = intval($v);
}
$_SESSION['dc'] = $dc;
$_SESSION['prd'] = htmlspecialchars(getenv("HTTP_REFERER"));
echo '<div class="a">Bạn có thực sự muốn xóa?<br/><a href="pradd.php?'.strToHex('act=delch&yes').'">Có</a> | <a href="'.htmlspecialchars(getenv("HTTP_REFERER")).'">Không</a></div>';
}
break;
case 'in' :
$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `privat` WHERE `user` = '$login' AND `type` = 'in'"), 0);
$req = mysql_query("SELECT * FROM `privat` WHERE `user` = '$login' AND `type` = 'in' ORDER BY `id` DESC LIMIT $start, $kmess");
echo '<div class="b"><b>Inbox</b></div>';
echo '<form action="pradd.php?'.strToHex('act=delch').'" method="post">';
while ($res = mysql_fetch_assoc($req)) {
if ($res['chit'] == "no") {
echo '<div class="a">';
}
else {
echo ($i % 2) ? '<div class="a">' : '<div class="a">';
}
echo '<input type="checkbox" name="delch[]" value="' . $res['id'] . '"/><a href="pradd.php?'.strToHex('id=' . $res['id'] . '&act=readmess').'">Từ: '.$res['author'].'</a>';
echo '<br/>(' . date("d.m.y H:i", $res['time']) . ')<br/>Tiêu đề: '.$res['temka'].'<br/>';
if ($res['otvet'] == 0) {
echo "Chưa trả lời<br/>";
}
echo '</div>';
++$i;
}
if ($total > 0) {
echo '<div class="b"><input type="submit" value="Xóa"/></div>';
}
echo '</form>';
echo '<div class="a">Tổng số: ' . $total . '</div>';
break;
case 'delread' :
$mess1 = mysql_query("select * FROM `privat` WHERE user='" . $login . "' and type='in' and chit='yes';");
while ($mas1 = mysql_fetch_array($mess1)) {
$delid = $mas1['id'];
mysql_query("delete FROM `privat` WHERE `id`='" . intval($delid) . "';");
}
echo "Đã xóa hết!<br/>";
break;
case 'delin' :
mysql_query("DELETE FROM `privat` WHERE `user` = '$login' AND `type` = 'in'");
echo "Đã xóa hết!<br/>";
break;
case 'readmess' :
$id = intval($_GET['id']);
$messages1 = mysql_query('SELECT * FROM `privat` WHERE user="'.$login.'" AND type="in" AND id="'.$id.'"');
$massiv1 = mysql_fetch_array($messages1);
if ($massiv1['chit'] == "no") {
mysql_query('UPDATE `privat` SET `chit`="yes" WHERE `id`="'.$massiv1['id'].'"');
}
$mas2 = mysql_fetch_array(@ mysql_query('SELECT * FROM `privat` WHERE `time`="'.$massiv1['time'].'" AND author="'.$massiv1['author'].'" AND type="out"'));
if ($mas2['chit'] == "no") {
mysql_query('UPDATE `privat` SET `chit`="yes" WHERE `id`="'.$mas2['id'].'"');
}
$newl = mysql_query('SELECT * FROM `privat` WHERE user = "'.$login.'" AND type = "in" AND chit = "no"');
$countnew = mysql_num_rows($newl);
if ($countnew > 0) {
echo '<div class="a" style="text-align: center"><a href="pradd.php?'.strToHex('act=in&new').'"><b><font color="red">Thư mới: '.$countnew.'</font></b></a></div>';
}
$forusers = explode(".", $massiv1['author']);
$mass = mysql_fetch_array(@ mysql_query('SELECT * FROM `users` WHERE login="' . $forusers[0] . '" AND domain="'.$forusers[1].'.'.$forusers[2].'"'));
$text = $massiv1['text'];
$text = tags($text);
echo '<div class="a">Từ <a href="http://'.$massiv1['author'].'">'.$massiv1[author].'</a><br/>';
echo '('.date('d.m.y H:i', $massiv1['time']) . ')</div><div class="a">Тiêu đề: '.$massiv1[temka].'<hr/>Nội dung: '.$text.'</div>';
echo '<div class="a"><a href="pradd.php?'.strToHex('act=write&adr='.$mass['id'].'&id=' . $massiv1['id']).'">Trả lời</a></div>';
break;
case 'delout' :
$mess1 = mysql_query('SELECT * FROM `privat` WHERE author="$login" and type="out"');
while ($mas1 = mysql_fetch_array($mess1)) {
$delid = $mas1['id'];
mysql_query('DELETE FROM `privat` WHERE `id`="'.intval($delid).'"');
}
echo '<div class="a">Đã xóa thành công!<div>';
break;
case 'out' :
$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `privat` WHERE `author` = '$login' AND `type` = 'out'"), 0);
$req = mysql_query("SELECT * FROM `privat` WHERE `author` = '$login' AND `type` = 'out' ORDER BY `id` DESC LIMIT $start,$kmess");
echo '<div class="b"><b>Outbox</b></div>';
echo '<form action="pradd.php?'.strToHex('act=delch').'" method="post">';
while ($res = mysql_fetch_assoc($req)) {
if ($res['chit'] == "no") {
echo '<div class="a">';
}
else {
echo ($i % 2) ? '<div class="a">' : '<div class="a">';
}
echo '<input type="checkbox" name="delch[]" value="' . $res['id'] . '"/>Đến: <a href="pradd.php?'.strToHex('id='.$res['id'].'&act=readout').'">'.$res['user'].'</a><br/>';
echo '(' . date("d.m.y H:i", $res['time']) . ')<br/>Tiêu đề: '.$res['temka'].'</div>';
++$i;
}
if ($total > 0) {
echo '<div class="b"><input type="submit" value="Xóa"/></div>';
}
echo '</form>';
echo '<div class="a">Tổng số: ' . $total . '</div>';
break;
case 'readout' :
$id = intval($_GET['id']);
$messages1 = mysql_query('SELECT * FROM `privat` WHERE author="'.$login.'" AND type="out" AND id="'.$id.'"');
$massiv1 = mysql_fetch_array($messages1);
$forusers = explode(".", $massiv1['user']);
$mass = mysql_fetch_array(@ mysql_query('SELECT * FROM `users` WHERE login="' . $forusers[0] . '" AND domain="'.$forusers[1].'.'.$forusers[2].'"'));
$text = $massiv1['text'];
$text = tags($text);
echo '<div class="a">Đến: <a href="http://'.$massiv1['user'].'">'.$massiv1[user].'</a><br/>';
echo '('.date('d.m.y H:i', $massiv1['time']) . ')</div><div class="a">Тiêu đề: '.$massiv1[temka].'<hr/>Nội dung: '.$text.'</div>';
break;
default:
echo '<div class="a"><li><a href="pradd.php?'.strToHex('act=write').'">Soạn Thư</a></li>';
$count_mail = mysql_result(mysql_query("SELECT COUNT(*) FROM `privat` WHERE `user` = '$login' AND `type` = 'in'"), 0);
$count_newmail = mysql_result(mysql_query("SELECT COUNT(*) FROM `privat` WHERE `user` = '".$login."' AND `type` = 'in' AND `chit` = 'no'"), 0);
echo '<li><a href="pradd.php?'.strToHex('act=in').'">Inbox</a> (' . $count_mail . ($count_newmail ? ' / <font color="red"><a href="pradd.php?'.strToHex('act=in&new').'">+' . $count_newmail . '</a></font>' : '') . ')</li>';
$count_sentmail = mysql_result(mysql_query("SELECT COUNT(*) FROM `privat` WHERE `author` = '$login' AND `type` = 'out'"), 0);
$count_sentunread = mysql_result(mysql_query("SELECT COUNT(*) FROM `privat` WHERE `author` = '$login' AND `type` = 'out' AND `chit` = 'no'"), 0);
echo '<li><a href="pradd.php?'.strToHex('act=out').'">Outbox</a> (' . $count_sentmail . ($count_sentunread ? ' / <font color="red">' . $count_sentunread . '</font>' : '') . ')</li></div>';
break;
}
require_once ('inc/foot.php');
?>