<?php defined('ACCESS') OR die('No direct script access...');
/**
* Author - koder_alex
* ISQ - 669906617
* VK - https://vk.com/koder_alex
* It is forbidden to give, sell, modify.
*/
if (isset($_POST['to']) && is_numeric($_POST['to']) && mysql_result(mysql_query("SELECT COUNT(id) FROM user WHERE `id` = '".(int) $_POST['to']."'", $db), 0))
$peer = d_user((int) $_POST['to'], false);
else
$peer = d_user(0, false);
if($peer['id'] == 0 || !array_key_exists($from, $config['url']))
setData(array('msg_box' => 'Ошибка доступа.', 'type' => 'error'));
$cnt_files = mysql_result(mysql_query("SELECT COUNT(id) FROM mail_files_vk WHERE `action` = 'prepare' AND `id_mail` = '0' AND `id_user` = '". $user['id'] ."' AND `id_kont` = '". $peer['id'] ."'"), 0);
if(!$cnt_files)
{
if(antimat($_POST['message']))
setData(array('msg_box' => 'В сообщении обнаружен мат.', 'type' => 'warning'));
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id_user` = '".$user['id']."' AND `id_kont` = '".$peer['id']."' AND `time` > '".($time-60)."' AND `msg` = '".my_esc($_POST['message'])."'"),0))
setData(array('msg_box' => 'Ваше сообщение повторяет предыдущие.', 'type' => 'warning'));
}
if($config['url'][$from] == 'peer')
{
if($user['group_access'] <= 1 || $user['id'] != $peer['id'])
{
$uSet = mysql_fetch_assoc(mysql_query("SELECT us.privat_mail, IF (pf.user, 1, 0) AS frends FROM `user_set` as us
LEFT JOIN frends AS pf ON (pf.user = '$user[id]' AND pf.frend = '".$peer['id']."') OR (pf.user = '".$peer['id']."' AND pf.frend = '$user[id]')
WHERE us.id_user = '".$peer['id']."' LIMIT 1"));
if($uSet['privat_mail'] == 2 && !$uSet['frends'])
setData(array('msg_box' => 'По соображениям приватности, пользователю могут писать только друзья.', 'type' => 'warning'));
if ($uSet['privat_mail'] == 0)
setData(array('msg_box' => 'По соображениям приватности, пользователь запретил чтоб ему писали.', 'type' => 'warning'));
}
if($cnt_files >= 1)
{
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`, `attachments`) values('".$user['id']."', '".$peer['id']."', '".my_esc($_POST['message'])."', '".$time."', '1')");
$id_mail = mysql_insert_id();
mysql_query("UPDATE `mail_files_vk` SET `action` = 'sent', `id_mail` = '".$id_mail."' WHERE `action` = 'prepare' AND `id_mail` = '0' AND `id_user` = '". $user['id'] ."' AND `id_kont` = '". $peer['id'] ."'");
}
else
{
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`) values('".$user['id']."', '".$peer['id']."', '".my_esc($_POST['message'])."', '".$time."')");
$id_mail = mysql_insert_id();
}
if(!empty($_SESSION['attachments' . $peer['id']]))
unset($_SESSION['attachments' . $peer['id']]);
mysql_query("UPDATE `user` SET `vkTypingId` = '0', `vkTypingLastTime` = '0' WHERE `id` = '$user[id]'");
}
$dataContent = '';
$post = mysql_fetch_assoc(mysql_query("SELECT id, id_user, time, msg, attachments, (SELECT COUNT(id) FROM mail_important WHERE `id_user` = '$user[id]' and `id_mail` = mail.id LIMIT 1) as important FROM mail WHERE `id` = '$id_mail' AND `id_user` = '".$user['id']."' AND `id_kont` = '".$peer['id']."' ORDER BY `id` DESC LIMIT 1"));
$mi_unread = " mi_unread";
if($user['id'] == $peer['id'])
{
mysql_query("UPDATE `mail` SET `read` = '1' WHERE `id` = '$id_mail' AND `id_user` = '".$user['id']."' AND `id_kont` = '".$peer['id']."' LIMIT 1");
$mi_unread = "";
}
$dataContent['msg_box'] = 'Сообщение успешно отправлено.';
$dataContent['type'] = 'ok';
$dataContent['mess'] = array();
$dataContent['user'] = array();
if($post)
{
$d = d_user($post['id_user'], true, 'mi_img');
$dataContent['mess']['mi_unread'] = $mi_unread;
$dataContent['mess']['id'] = $post['id'];
$dataContent['mess']['time'] = vremja($post['time']);
$dataContent['mess']['msg'] = output_text($post['msg']);
$dataContent['user']['id_user'] = $d['id'];
$dataContent['user']['nick'] = $d['nick'];
$dataContent['user']['group'] = $d['group'];
$dataContent['user']['online'] = $d['online'];
$dataContent['user']['medal'] = $d['medal'];
$dataContent['user']['avatar'] = $d['avatar'];
if($post['attachments'])
{
ob_start();
showAttachments($post['id']);
$dataContent['mess']['attachments'] = ob_get_contents();
ob_end_clean();
}
}
setData($dataContent);