<?php defined('ACCESS') OR die('No direct script access...');
/**
* Author - koder_alex
* ISQ - 669906617
* VK - https://vk.com/koder_alex
* It is forbidden to give, sell, modify.
*/
if($_SERVER['REQUEST_METHOD'] != 'POST' || !(isset($_GET['to']) && is_numeric($_GET['to']) && (int)$_GET['to'] != 0) || !array_key_exists($from, $config['url']))
redirect('/mail/', 'Ошибка доступа.', 'error');
if(isset($_POST['attachments']) && $_POST['attachments'] == 'attachments')
{
$hash = md5(mt_rand() . (int)$_GET['to'] . mt_rand());
$_SESSION['attachments' . (int)$_GET['to']] = array(
'to' => (int)$_GET['to'],
'hash' => $hash,
'type' => $config['url'][$from],
'text' => (!empty($_POST['message']) ? my_esc($_POST['message']) : false)
);
redirect('/mail/?act=attachments&'.$config['url'][$from].'=' . (int)$_GET['to'] . '&hash=' . $hash);
}
$cnt_files = mysql_result(mysql_query("SELECT COUNT(id) FROM mail_files_vk WHERE `action` = 'prepare' AND `id_mail` = '0' AND `id_user` = '". $user['id'] ."' AND `id_kont` = '". (int)$_GET['to'] ."'"), 0);
if(!$cnt_files)
{
if(empty($_POST['message']) || !empty($_POST['message']) && strlen2($_POST['message']) > $config['max_length_text'])
redirect('/mail/?act=show&'.$config['url'][$from].'=' . (int)$_GET['to'], 'Сообщение должно быть длиной не менее '.des2num($config['min_length_text'], array('-го', '-х', '-ти')).' и не более '.des2num($config['max_length_text'], array('-го', '-х', '-ти')).' символов.', 'warning');
if(antimat($_POST['message']))
redirect('/mail/?act=show&'.$config['url'][$from].'=' . (int)$_GET['to'], 'В сообщении обнаружен мат.', 'warning');
}
if($config['url'][$from] == 'peer')
{
if($user['group_access'] <= 1 || $user['id'] != (int)$_GET['to'])
{
$uSet = mysql_fetch_assoc(mysql_query("SELECT us.privat_mail, IF (pf.user, 1, 0) AS frends FROM `user_set` as us
LEFT JOIN frends AS pf ON (pf.user = '$user[id]' AND pf.frend = '".(int)$_GET['to']."') OR (pf.user = '".(int)$_GET['to']."' AND pf.frend = '$user[id]')
WHERE us.id_user = '".(int)$_GET['to']."' LIMIT 1"));
if($uSet['privat_mail'] == 2 && !$uSet['frends'])
redirect('/mail/?act=show&'.$config['url'][$from].'=' . (int)$_GET['to'], 'По соображениям приватности, пользователю могут писать только друзья.', 'warning');
if ($uSet['privat_mail'] == 0)
redirect('/mail/?act=show&'.$config['url'][$from].'=' . (int)$_GET['to'], 'По соображениям приватности, пользователь запретил чтоб ему писали.', 'warning');
}
if($cnt_files >= 1 || !mysql_result(mysql_query("SELECT COUNT(*) FROM `mail` WHERE `id_user` = '".$user['id']."' AND `id_kont` = '".(int)$_GET['to']."' AND `time` > '".($time-360)."' AND `msg` = '".my_esc($_POST['message'])."'"),0))
if($cnt_files >= 1)
{
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`, `attachments`) values('".$user['id']."', '".(int)$_GET['to']."', '".my_esc($_POST['message'])."', '".$time."', '1')");
$id_mail = mysql_insert_id();
mysql_query("UPDATE `mail_files_vk` SET `action` = 'sent', `id_mail` = '".$id_mail."' WHERE `action` = 'prepare' AND `id_mail` = '0' AND `id_user` = '". $user['id'] ."' AND `id_kont` = '". (int)$_GET['to'] ."'");
}
else
mysql_query("INSERT INTO `mail` (`id_user`, `id_kont`, `msg`, `time`) values('".$user['id']."', '".(int)$_GET['to']."', '".my_esc($_POST['message'])."', '".$time."')");
if(!empty($_SESSION['attachments' . (int)$_GET['to']]))
unset($_SESSION['attachments' . (int)$_GET['to']]);
mysql_query("UPDATE `user` SET `vkTypingId` = '0', `vkTypingLastTime` = '0' WHERE `id` = '$user[id]'");
}
redirect('/mail/?act=show&'.$config['url'][$from].'=' . (int)$_GET['to'], 'Сообщение успешно отправлено.', 'ok');
?>