Administrator / extrem

<?  // Ïîäêëþ÷åíèå
	include_once($_SERVER['DOCUMENT_ROOT']."/account/mods/autorizator_admin.php");

	// ============================== 
	// ======== Îáðàáîòêà ===========
	// ==============================





/*
$sql = "SELECT * FROM zlo_users_message ORDER BY `date` DESC";
$result = mysql_query($sql) or die(mysql_error());	
while ($message=mysql_fetch_assoc($result)) {
$result3 = @mysql_query("SELECT * FROM `links` WHERE `main`='".$message['id']."' LIMIT 1;") or die(mysql_error());	
$messagess=@mysql_fetch_assoc($result3);

if($message['to']=="1") $message['to'] = $message['from'];

if(!@$messagess['main'])
@mysql_query("INSERT INTO `links` (`main`,`chil`,`type`,`uid`) VALUES ('".$message['id']."','".$message['id']."','".$message['type']."','".$message['to']."');") or die(mysql_error());	
}
*/







$uuu = array();

if(trim(@$_REQUEST['them'])=="j")
$uuu[0]="font-weight:bold;";
else if(trim(@$_REQUEST['them'])=="v")
$uuu[1]="font-weight:bold;";
else $uuu[2]="font-weight:bold;";


$v_no = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM zlo_users_message WHERE type='v' AND status=1 LIMIT 1;"));
$v = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM zlo_users_message WHERE type='v' AND status=2 LIMIT 1;"));
$j_no = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM zlo_users_message WHERE type='j' AND status=1 LIMIT 1;"));
$j = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM zlo_users_message WHERE type='j' AND status=2 LIMIT 1;"));








	echo "
	<table width=\"300px\">
	<tr>
	<td>".(($_SESSION['admin']['id']!=2)?"<a style=\"".trim(@$uuu[0])."\" href=\"/admin.php/messages/?them=j\">Æàëîáû&nbsp;(".$j[0]."/".$j_no[0].")</a>":"")."</td>
		<td><a style=\"".trim(@$uuu[1])."\" href=\"/admin.php/messages/?them=v\">Âîïðîñû&nbsp;(".$v[0]."/".$v_no[0].")</a></td>
		<td><a style=\"".trim(@$uuu[2])."\" href=\"/admin.php/messages/\">Âñå</a></td>
	</tr>
	</table><br/>
	
	<br/>
	";
	
	if ((isset($_POST["send"])) && ($_POST["send"] == "ok")) {
		
		// Äîáàâëÿåì ïîëüçîâàòåëÿ
		$sql = sprintf("INSERT INTO zlo_users_message (`date`, `from`, `to`, `text`, `status`, `type`) VALUES (NOW(), %s, %s, %s, 3, '".trim(@$_REQUEST['toz'])."') ",
						   GetSQLValueString($_SESSION['admin']['id'], "text"),
						   GetSQLValueString($_GET['user'], "text"),
						   GetSQLValueString($_POST['text'], "text"));
		$result = mysql_query($sql) or die(mysql_error());	


        if(trim(@$_REQUEST['pid'])!='') $piddddddrrr = trim(@$_REQUEST['pid']);
else $piddddddrrr = mysql_insert_id();

$sql = "INSERT INTO links (`main`,`chil`,`type`,`uid`) VALUES ('".$piddddddrrr."','".mysql_insert_id()."','".trim(@$_REQUEST['toz'])."','".trim($_GET['user'])."');";
 $result0 = mysql_query($sql) or die(mysql_error());	


        // Øëåì ïèñüìà
        eMailing('MessageToUser', $_GET['user']);
		echo "<script language=\"JavaScript\">{ location.href=\"/admin.php/messages/\"; self.focus(); } </script>";        

	}
    
	if ((isset($_GET["action"])) && ($_GET["action"] == "del")) {


if($_SESSION['admin']['group']=="1" || $_SESSION['admin']['id']=='6'){
		$sql = "DELETE FROM zlo_users_message WHERE id='".$_GET['message']."'";
		$result = mysql_query($sql) or die(mysql_error());		
}
		echo "<script language=\"JavaScript\">{ location.href=\"/admin.php/messages/\"; self.focus(); } </script>";
		
	}	
							
	// ============================== 
	// ========== Âûâîä =============
	// ==============================
	
    
	// ============= 
	// ==== All ====
	// =============
    
	if (!isset($_GET["action"])) { 
	
	echo"<div class='message'>";
	
		// Âûâîä message
		$tttttt = "";
if(trim(@$_REQUEST['them'])!="")
	$tttttt = " WHERE `type`='".trim(@$_REQUEST['them'])."'";



$sql0 = "SELECT DISTINCT main FROM `links`".$tttttt." ORDER BY `main` DESC";
$pager['sql']= $sql0;
        $pager = pagerGetRun($pager,30,15);

$result0 = mysql_query($pager['sql']) or die(mysql_error());
while ($message0=mysql_fetch_assoc($result0)){
	$sql1 = "SELECT * FROM `links` WHERE `main`='".$message0['main']."' ORDER BY `id` ASC;";
$result1 = mysql_query($sql1) or die(mysql_error());
$elmario = 0;
while ($message1=mysql_fetch_assoc($result1)){



		$sql = "SELECT * FROM zlo_users_message WHERE `id`='".$message1['chil']."' ORDER BY `date` DESC";
        $result = mysql_query($sql) or die(mysql_error());	
		if (mysql_affected_rows()!=0) { $i=0; $j=0;
		

	$elmario++;

			while ($message=mysql_fetch_assoc($result)) { $i++; $j++;
			$afa="";
			if($elmario >1) $afa = "padding-left:40px;";
			echo "<div style=\"padding-top:10px; ".$afa."\"><table>";
				if ($message['status']==1) { $unread='unread-by-admin'; $unread2='unread';
				} elseif ($message['status']==3) { $unread='unread-by-user'; } else { $unread=''; $unread2='';}
                
                if ($j==2) { $marked='marked'; } else { $marked=''; }
                
				echo"<tr class=\"$unread $marked \">";
					echo"<td class='num'>$i</td>";
					echo"<td><img src='/account/pic/mail_$unread2.png' width='18px' ></td>";
					echo"<td class='date'><a href='/admin.php/messages/?action=show&message=".$message['id']."'>".date("d-m-Y h:i:s",strtotime($message['date']))."</a></td>";
					echo"<td class='from'><a href=\"/admin.php/users/?action=edit&user=".$message['from']."\">".(($message['from']==7)?"<b style=\"color:red;\">".viewBook('zlo_users', $message['from'], 'id', 'username')."</b>":viewBook('zlo_users', $message['from'], 'id', 'username'))."</a></td>";
                    
                    if (strlen($message['text']) > 40 ) { $message['text']=substr(strip_tags($message['text']),0,40)."...";}
					echo"<td class='text'>".$message['text']."</td><td>";
                    echo"<td>";
                    
                    // ***** Àäìèí ðåæèì *****
					if (isset($_SESSION['admin']['edit']) || $_SESSION['admin']['group']=='4') {
                        if($message['from']!=$_SESSION['admin']['id']) {
                            // îòïèñàòü
                            echo"<a href='/admin.php/messages/?pid=".$message0['main']."&them=".trim(@$_REQUEST['them'])."&action=add&user=".$message['from']."'><img src='/account/pic/mail_reply.png' width='18px' title='îòïðàâèòü ñîîáùåíèå'></a>";
                        }
                    }
                    echo"</td>";
                    echo"<td>";
                    
                    // ***** Àäìèí ðåæèì *****
					if (isset($_SESSION['admin']['edit'])) {
                        // óäàëåíèå
						if($_SESSION['admin']['group']=="1" || $_SESSION['admin']['id']=='6')
                        echo"<div class='button-del' onClick=\"del('/admin.php/messages/?action=del&message=".$message['id']."')\"><img src='/account/pic/del.png' width='18px'></div>"; 
                    }
                    echo"</td>";
                    // ***********************
                    
                if ($j==2) { $j=0;}    
                    
				echo"</tr>";
				echo"</table></div>";
			}
		
		
        }}
          
        }
			// === Pager
	
		echo"<div class='grid-pager'>
			  ".str_replace("page","?them=".trim(@$_REQUEST['them'])."&page",pagerGetShow($pager))."
		  </div>";
	echo"</div>";
	
	}
    
    
	// ============= 
	// ====show ====
	// =============
	
	if ((isset($_GET["action"])) && ($_GET["action"] == "show")) { 
    
            // Èçìåíÿåì ñòàòóñ íà "ïðî÷èòàíî"
            
            $sql = "SELECT `from` FROM zlo_users_message WHERE id='".$_GET['message']."'";
            $result = mysql_query($sql) or die(mysql_error());
            if (mysql_affected_rows()!=0) { $i=0; $j=0;
                $message_from=mysql_fetch_assoc($result);
            }
            
            if ($message_from['from']!=1) { // $_SESSION['admin']['id'] â áóäóþùåì áóäåò
        
                $sql = "UPDATE zlo_users_message 
                        SET status=2 
                        WHERE id='".$_GET['message']."'";
                $result = mysql_query($sql) or die(mysql_error());
                
            }
    
    
	
	echo"<div class='message'>";
	
		// Âûâîä message
		
		$sql = "SELECT * FROM zlo_users_message WHERE id='".$_GET['message']."'";
		$result = mysql_query($sql) or die(mysql_error());
		if (mysql_affected_rows()!=0) {
			$message=mysql_fetch_assoc($result);
            echo"<div class='text-full'>
                   <div class='date'>".$message['date']."</div>
                   <div class='from'><label>Îò: </label>".viewBook('zlo_users', $message['from'], 'id', 'username')."</div>";

              echo"<div class='text'>".$message['text']."</div>
                </div>";
		}
	
	echo"</div>";
	
	}
    
	// ============= 
	// ==== add ====
	// =============
    
	if ((isset($_GET["action"])) && ($_GET["action"] == "add")) { 
	
	echo"<div class='message'>";
	
		// Âûâîä message
		
        echo"<div class='text-full'>
                <form method='post' action=''>
                    <div class='date'><input type='text' name='form[date]' value='".date('Y-m-d H:i:s')."' readonly='readonly' disabled='disabled' id='date'/></div>
                    <div class='to'><input type='text' name='form[to]' readonly='readonly' disabled='disabled' value='".viewBook('zlo_users', $_GET['user'], 'id', 'username')."' id='from'/></div>
                        <textarea name='text' cols='150' class='input_form' rows='15'></textarea>
                        <input type='hidden' name='send' value='ok'>
						<input type='hidden' name='toz' value='".trim(@$_REQUEST['them'])."'>
                        <input type='submit' name='button' class='button-send' value='Îòïðàâèòü'>
               </form>
            </div>";
		
	
	echo"</div>";
	
	}

?>