safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $stop_pm = FALSE; if( isset( $_REQUEST['doaction'] ) ) $doaction = $_REQUEST['doaction']; else $doaction = ""; if( ! $is_logged or ! $user_group[$member_id['user_group']]['allow_pm'] ) { msgbox( $lang['all_err_1'], $lang['pm_err_1'] ); $stop_pm = TRUE; } $tpl->load_template( 'pm.tpl' ); $tpl->set( '[inbox]', "" ); $tpl->set( '[/inbox]', "" ); $tpl->set( '[outbox]', "" ); $tpl->set( '[/outbox]', "" ); $tpl->set( '[new_pm]', "" ); $tpl->set( '[/new_pm]', "" ); $tpl->copy_template = " " . $tpl->copy_template; if( isset( $_POST['send'] ) and ! $stop_pm ) { $name = $db->safesql( $parse->process( trim( $_POST['name'] ) ) ); $subj = $db->safesql( $parse->process( trim( $_POST['subj'] ) ) ); $stop = ""; if( $user_group[$member_id['user_group']]['allow_url'] ) $parse->ParseFilter( Array ('div', 'a', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol' ), Array (), 0, 1 ); else $parse->ParseFilter( Array ('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol' ), Array (), 0, 1 ); $comments = $db->safesql( $parse->BB_Parse( $parse->process( trim( $_POST['comments'] ) ), false ) ); if( empty( $name ) or $comments == "" ) $stop .= $lang['pm_err_2']; if ($subj == ""){$subj = "Без темы";} if( strlen( $subj ) > 250 ) {$stop .= $lang['pm_err_3'];} if( $parse->not_allowed_tags ) {$stop .= "

" .$lang['news_err_33']. "

";} if( $parse->not_allowed_text ) {$stop .= "

" . $lang['news_err_37']. "

";} $db->query( "SELECT email, name, user_id, pm_all, user_group, mail_lc FROM " . USERPREFIX . "_users where name = '$name'" ); if( ! $db->num_rows() ) $stop .= $lang['pm_err_4']; if($name == $member_id['name']){$stop .= $lang['pm_err_10'];} $row = $db->get_row(); $db->free(); if( ! $stop ) { $_SESSION['sec_code_session'] = 0; $time = time() + ($config['date_adjust'] * 60); $member_id['name'] = $db->safesql($member_id['name']); $db->query( "INSERT INTO " . USERPREFIX . "_pm (subj, text, user, user_from, date, pm_read, folder) values ('$subj', '$comments', '{$row['user_id']}', '{$member_id['name']}', '$time', 'no', 'inbox')" ); $db->query( "UPDATE " . USERPREFIX . "_users set pm_all=pm_all+1, pm_unread=pm_unread+1 where user_id='{$row['user_id']}'" ); if( intval( $_REQUEST['outboxcopy'] ) ) { $db->query( "INSERT INTO " . USERPREFIX . "_pm (subj, text, user, user_from, date, pm_read, folder) values ('$subj', '$comments', '{$row['user_id']}', '{$member_id['name']}', '$time', 'yes', 'outbox')" ); $db->query( "UPDATE " . USERPREFIX . "_users set pm_all=pm_all+1 where user_id='$member_id[user_id]'" ); } $replyid = intval( $_GET['replyid'] ); if( $replyid ) {$db->query( "UPDATE " . USERPREFIX . "_pm SET reply=1 WHERE id= '$replyid'" );} if($config['mail_pm'] AND $row['mail_lc'] != 0) { include_once SYSTEM_DIR . '/classes/mail.class.php'; $mail = new dle_mail( $config ); $mail_template = $db->super_query( "SELECT template FROM " . PREFIX . "_email WHERE name='pm' LIMIT 0,1" ); $mail_template['template'] = stripslashes( $mail_template['template'] ); $mail_template['template'] = str_replace( "{%username%}", $row['name'], $mail_template['template'] ); $mail_template['template'] = str_replace( "{%date%}", langdate( "j F Y H:i", $_TIME ), $mail_template['template'] ); $mail_template['template'] = str_replace( "{%fromusername%}", $member_id['name'], $mail_template['template'] ); $mail_template['template'] = str_replace( "{%title%}", strip_tags( stripslashes( $subj ) ), $mail_template['template'] ); $body = str_replace( '\n', "", $comments ); $body = str_replace( '\r', "", $body ); $body = stripslashes( stripslashes( $body ) ); $body = str_replace( "
", "\n", $body ); $body = strip_tags( $body ); $mail_template['template'] = str_replace( "{%text%}", $body, $mail_template['template'] ); $mail->send( $row['email'], $lang['mail_pm'], $mail_template['template'] ); } msgbox( $lang['all_info'], $lang['pm_sendok'] . " " . $lang['pm_noch'] . " " . $lang['pm_or'] . " " . $lang['pm_main'] . "" ); $stop_pm = TRUE; } else msgbox( $lang['all_err_1'], "

".$stop."" ); } if( $doaction == "del" and ! $stop_pm ) { $delete_count = 0; if( $_REQUEST['dle_allow_hash'] == "" or $_REQUEST['dle_allow_hash'] != $dle_login_hash ) {die( "Hacking attempt! User ID not valid" ); } if( $_GET['pmid'] ) { $pmid = intval( $_GET['pmid'] ); $row = $db->super_query( "SELECT id, user, user_from, pm_read, folder FROM " . USERPREFIX . "_pm where id= '{$pmid}'" ); if( ($row['user'] == $member_id['user_id'] and $row['folder'] == "inbox") or ($row['user_from'] == $member_id['name'] and $row['folder'] == "outbox") ) { $db->query( "DELETE FROM " . USERPREFIX . "_pm WHERE id='{$row['id']}'" ); $delete_count ++; if( $row['pm_read'] != "yes" ) {$db->query( "UPDATE " . USERPREFIX . "_users set pm_unread=pm_unread-1 where user_id='{$member_id['user_id']}'" );} $db->query( "UPDATE " . USERPREFIX . "_users set pm_all=pm_all-1 where user_id='{$member_id['user_id']}'" ); } } elseif( count( $_REQUEST['selected_pm'] ) ) { foreach ( $_REQUEST['selected_pm'] as $pmid ) { $pmid = intval( $pmid ); $row = $db->super_query( "SELECT id, user, user_from, pm_read, folder FROM " . USERPREFIX . "_pm where id= '{$pmid}'" ); if( ($row['user'] == $member_id['user_id'] and $row['folder'] == "inbox") or ($row['user_from'] == $member_id['name'] and $row['folder'] == "outbox") ) { $db->query( "DELETE FROM " . USERPREFIX . "_pm WHERE id='{$row['id']}'" ); $delete_count ++; if( $row['pm_read'] != "yes" ) {$db->query( "UPDATE " . USERPREFIX . "_users set pm_unread=pm_unread-1 where user_id='{$member_id['user_id']}'" );} $db->query( "UPDATE " . USERPREFIX . "_users set pm_all=pm_all-1 where user_id='{$member_id['user_id']}'" ); }}} if( $delete_count ) msgbox( $lang['all_info'], $lang['pm_delok'] . " " . $lang['all_prev'] . "." ); else msgbox( $lang['all_err_1'], $lang['pm_err_5'] ); } elseif( $doaction == "readpm" and ! $stop_pm ) { $pmid = intval( $_GET['pmid'] ); $tpl->set( '[readpm]', "" ); $tpl->set( '[/readpm]', "" ); $tpl->set_block( "'\\[pmlist\\].*?\\[/pmlist\\]'si", "" ); $tpl->set_block( "'\\[newpm\\].*?\\[/newpm\\]'si", "" ); $db->query( "SELECT * FROM " . USERPREFIX . "_pm where id= '$pmid'" ); $row = $db->get_row(); if( $db->num_rows() < 1 ) { msgbox( $lang['all_err_1'], $lang['pm_err_6'] ); $stop_pm = TRUE; } elseif( $row['user'] != $member_id['user_id'] and $row['user_from'] != $member_id['name'] ) { msgbox( $lang['all_err_1'], $lang['pm_err_7'] ); $stop_pm = TRUE; } else { if( $row['user'] == $member_id['user_id'] and $row['pm_read'] != "yes" ) { $db->query( "UPDATE " . USERPREFIX . "_users set pm_unread=pm_unread-1 where user_id='{$member_id['user_id']}'" ); $db->query( "UPDATE " . USERPREFIX . "_pm set pm_read='yes' where id='{$row['id']}'" ); } $tpl->set( '{subj}', stripslashes( $row['subj'] ) ); $tpl->set( '{text}', stripslashes( $row['text'] ) ); $tpl->set( '{author}', "" . $row['user_from'] . "" ); $tpl->set( '[reply]', "" ); $tpl->set( '[/reply]', "" ); $tpl->set( '[del]', "" ); $tpl->set( '[/del]', "" ); $tpl->set( '[complaint]', "" ); $tpl->set( '[/complaint]', "" ); $tpl->compile( 'content' ); $tpl->clear(); } } elseif( $doaction == "newpm" and ! $stop_pm ) { $tpl->set( '[newpm]', "" ); $tpl->set( '[/newpm]', "" ); $tpl->set_block( "'\\[pmlist\\].*?\\[/pmlist\\]'si", "" ); $tpl->set_block( "'\\[readpm\\].*?\\[/readpm\\]'si", "" ); $replyid = intval( $_GET['replyid'] ); $user = intval( $_GET['user'] ); if( isset( $_REQUEST['username'] ) ) $username = $db->safesql( strip_tags( urldecode( $_GET['username'] ) ) ); else $username = ''; $text = ""; if( $replyid ) { $row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_pm where id= '$replyid'" ); if( ($row['user'] != $member_id['user_id']) and ($row['user_from'] != $member_id['name']) ) { msgbox( $lang['all_err_1'], $lang['pm_err_7'] ); $stop_pm = TRUE; } $text = $parse->decodeBBCodes( $row['text'], false ); $text = "[quote]" . $text . "[/quote]\n"; $tpl->set( '{author}', $row['user_from'] ); if (strpos ( $row['subj'], "RE:" ) === false) $tpl->set( '{subj}', "RE: " . stripslashes( $row['subj'] ) ); else $tpl->set( '{subj}', stripslashes( $row['subj'] ) ); $row = $db->super_query( "SELECT pm_all, user_group FROM " . USERPREFIX . "_users WHERE name = '" . $db->safesql( $row['user_from'] ) . "'" ); } elseif( $user or $username != "" ) { if( $user ) $row = $db->super_query( "SELECT name, pm_all, user_group FROM " . USERPREFIX . "_users where user_id = '$user'" ); elseif( $username != "" ) $row = $db->super_query( "SELECT name, pm_all, user_group FROM " . USERPREFIX . "_users where name='$username'" ); $tpl->set( '{author}', $row['name'] ); $tpl->set( '{subj}', "" ); } else { $tpl->set( '{author}', "" ); $tpl->set( '{subj}', "" ); } include_once SYSTEM_DIR . '/modules/bbcode.php'; $tpl->set( '{editor}', $bb_code ); $tpl->set( '{text}', $text ); $tpl->copy_template = ""; if( ! $stop_pm ) { $tpl->compile( 'content' ); $tpl->clear(); } else { $tpl->clear(); } } elseif( ! $stop_pm ) { $tpl->set( '[pmlist]', "" ); $tpl->set( '[/pmlist]', "" ); $tpl->set_block( "'\\[newpm\\].*?\\[/newpm\\]'si", "" ); $tpl->set_block( "'\\[readpm\\].*?\\[/readpm\\]'si", "" ); if( $member_id['pm_unread'] < 0 ) {$db->query( "UPDATE " . USERPREFIX . "_users SET pm_unread='0' WHERE user_id='{$member_id['user_id']}'" ); } $pmlist = << HTML; // добавлено if (isset($_REQUEST['cstart'])){$cstart = intval($_GET['cstart']);} else{$cstart = 0;} $config['news_number'] = '25'; if ($cstart){$cstart = $cstart - 1;$cstart = $cstart * $config['news_number'];} // добавлено if ($doaction == "outbox"){ $lang['pm_from'] = $lang['pm_to']; $sql = "SELECT id, subj, name as user_from, date, pm_read FROM " . USERPREFIX . "_pm LEFT JOIN " . USERPREFIX . "_users ON " . USERPREFIX . "_pm.user=" . USERPREFIX . "_users.user_id WHERE user_from = '{$member_id['name']}' AND folder = 'outbox' order by date desc LIMIT " . $cstart . "," . $config['news_number'];; $sql_count = "SELECT COUNT(*) as count FROM " . PREFIX . "_pm WHERE user = '{$member_id['user_id']}' AND folder = 'outbox'"; }else{ $sql = "SELECT id, subj, user_from, date, pm_read, reply FROM " . USERPREFIX . "_pm where user = '{$member_id['user_id']}' AND folder = 'inbox' ORDER BY date DESC LIMIT " . $cstart . "," . $config['news_number']; $sql_count = "SELECT COUNT(*) as count FROM " . PREFIX . "_pm WHERE user = '{$member_id['user_id']}' AND folder = 'inbox'"; } $pmlist .= ""; $db->query($sql); $i = 0; while ( $row = $db->get_row() ) { $i ++; if ($user_group[$user_color[$row['user_from']]['user_group']]['colour']){ $group_span = $user_group[$user_color[$row['user_from']]['user_group']]['colour']; $user = "".$row['user_from'].""; }else{ $user = $row['user_from']; } $user_from = "" . $user . ""; if( $row['pm_read'] == "yes" ) { $subj = "" . stripslashes( $row['subj'] ) . ""; $icon = "{THEME}/images/read.gif"; } else { $subj = "" . stripslashes( $row['subj'] ) . ""; $icon = "{THEME}/images/unread.gif"; } if( $row['reply'] ) $icon = "{THEME}/images/send.gif"; $pmlist .= ""; } $db->free(); $pmlist .= "

	" . $lang['pm_subj'] . "	" . $lang['pm_from'] . "	" . $lang['pm_date'] . "
$\"\"$	{$subj}	{$user_from}	" . langdate( "j.m.Y H:i", $row['date'] ) . "

"; if ($i) $tpl->set( '{pmlist}', $pmlist ); else $tpl->set( '{pmlist}', $lang['no_message'] ); $tpl->compile( 'content' ); $tpl->clear(); // добавлено if (!isset($view_template)){ $count_all = $db->super_query($sql_count); $count_all = $count_all['count']; }else{$count_all = 0;} $url_page = $PHP_SELF. "?do=pm&doaction=".$doaction; if( ! isset( $view_template ) and $count_all ) { $tpl->load_template('navigation.tpl'); $no_prev = false; $no_next = false; if (isset($cstart) and $cstart != "" and $cstart > 0) // ссылка "назад" { $prev = $cstart / $config['news_number']; $prev_page = $url_page . "&cstart=" . $prev; $tpl->set_block( "'\[prev-link\](.*?)\[/prev-link\]'si", "\\1" ); } else { $tpl->set_block( "'\[prev-link\](.*?)\[/prev-link\]'si", "\\1" ); $no_prev = TRUE; } if ($config['news_number'] > 0) // ссылка на страницы { if ($count_all > $config['news_number']) { $enpages_count = @ceil($count_all / $config['news_number']); $pages = ""; $cstart = ($cstart / $config['news_number']) + 1; if ($enpages_count <= 8) { for ($j = 1; $j <= $enpages_count; $j ++) { if ($j != $cstart) { $pages .= "$j $pge "; } else { $pages .= "$j $pge "; } } } else { $start = 1; $end = 8; $nav_prefix = "--- "; if ($cstart > 0) { if ($cstart > 6) { $start = $cstart - 2; $end = $start + 5; if ($end >= $enpages_count) { $start = $enpages_count - 7; $end = $enpages_count - 1; $nav_prefix = ""; } else { $nav_prefix = "--- "; } } } if ($start >= 2) { $pages .= "1 $pge --- "; } for ($j = $start; $j <= $end; $j ++) { if ($j != $cstart) { $pages .= "$j $pge "; } else { $pages .= "$j $pge "; } } if ($cstart != $enpages_count) { $pages .= $nav_prefix . "{$enpages_count} $pge"; } else { $pages .= "{$enpages_count} $pge "; } } } $tpl->set('{pages}', $pages); } if ($config['news_number'] < $count_all and $i < $count_all) // ссылка "вперёд" { $next_page = $i / $config['news_number'] + 1; $next = $url_page . '&cstart=' . $next_page; $tpl->set_block( "'\[next-link\](.*?)\[/next-link\]'si", "\\1" ); } else { $tpl->set_block( "'\[next-link\](.*?)\[/next-link\]'si", "\\1" ); $no_next = TRUE; } if (!$no_prev or !$no_next) { $tpl->compile('content'); } $tpl->clear(); }} ?>