From fbe7a7e8e469990bf6e117fe994105aab1563ec4 Mon Sep 17 00:00:00 2001
From: lopar <lopar.4ever@gmail.com>
Date: Sun, 24 Jun 2018 02:12:30 +0300
Subject: [PATCH] =?UTF-8?q?=D0=A4=D0=B0=D0=B9=D0=BB=20=D0=BF=D0=B5=D1=80?=
 =?UTF-8?q?=D0=B5=D0=BF=D0=B8=D1=81=D0=B0=D0=BD=20=D1=81=20=D0=BD=D1=83?=
 =?UTF-8?q?=D0=BB=D1=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 post.php | 339 +++++++++++++------------------------------------------
 1 file changed, 80 insertions(+), 259 deletions(-)

diff --git a/post.php b/post.php
index 117e857..a18415f 100644
--- a/post.php
+++ b/post.php
@@ -13,73 +13,55 @@ if ($user['battle'] != 0) {
     die();
 }
 
+$razdelId = filter_input(INPUT_GET, 'razdel');
 $receiverName = filter_input(INPUT_POST, 'receiverName');
+$receiverId = null;
+$queryItems = null;
+$allowOperations = false;
 
-$step = 1;
-if ($step == 1) $idkomu = 0;
-
-if (!$_REQUEST['razdel']) {
-    $_REQUEST['razdel'] = 1;
-}
 if ($receiverName) {
-    $receiver = db::c()->query('SELECT `id`, `level`, `room`, `align`, (SELECT `id` FROM `online` WHERE `date` >= ?i AND `id` = users.`id`) AS `online`,`login` FROM `users` WHERE `login` = "?s"', (time() - 60), $receiverName)->fetch_assoc();
-    $tologin = $receiver['login'];
-    $step = 3;
-}
-if ($_REQUEST['to_id']) {
-    $res = mysql_fetch_array(mysql_query("SELECT `id`, `level`,`in_tower`, `room`, `align`, (SELECT `id` FROM `online` WHERE `online`.`date` >= " . (time() - 60) . " AND `online`.`id` = users.`id`),`login` AS `online` FROM `users` WHERE `id` ='" . mysql_escape_string($_REQUEST['to_id']) . "';"));
-    $tologin = $res['login'];
-    $step = 3;
-}
-if ($step == 3) {
-    $step = 0;
-    $id_person_x = $res['id'];
-    if (!$id_person_x) $mess = 'Персонаж не найден';
-    elseif ($id_person_x == $user['id']) $mess = 'Незачем передавать самому себе';
-    elseif ($res['level'] < 4) $mess = 'К персонажам до 4-го уровня передачи предметов запрещены';
-    elseif ($user['level'] < 4) $mess = 'Персонажам до 4-го уровня передачи предметов запрещены';
-    elseif ($res['in_tower'] > 0) $mess = 'Персонаж находится в Башне Смерти';
+    $receiver = db::c()->query('SELECT `id`, `level`, `login` FROM `users` WHERE `login` = "?s"', $receiverName)->fetch_assoc();
+    if (!$receiver['id']) err('Персонажа не существует!');
+    elseif ($receiver['level'] < 4) err('Персонажей ниже 4-го уровня не обслуживаем!');
     else {
-        $idkomu = $id_person_x;
-        $komu = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` ='" . $idkomu . "';"));
-        $mess = $_REQUEST['FindLogin'];
-        $step = 3;
-    }
-} else $mess = 'К персонажам до 4-го уровня передачи предметов запрещены';
+        $allowOperations = true;
+        $receiverId = $receiver['id'];
+        $submit = filter_input(INPUT_POST, 'action');
 
-if ($step == 3) {
-    if ($_REQUEST['sendMessage'] && $_REQUEST['to_id'] && $_REQUEST['sd4'] == $user['id'] && $user['money'] >= 1) {
-        $_REQUEST['message'] = htmlentities($_POST['title'], ENT_NOQUOTES);
-        db::c()->query('UPDATE `users` SET `money` = `money` - 1 WHERE id=?i', $user['id']);
-        db::c()->query(');');
-        mysql_query("INSERT INTO `inventory` (`owner`,`name`,`type`,`massa`,`cost`,`img`,`letter`,`maxdur`,`isrep`)VALUES('" . $idkomu . "','Сообщение телеграфом','200',1,0,'paper100.gif','От персонажа \"{$user['login']}\": \n " . $_POST['message'] . "',1,0) ;");
-        tele_check($komu['login'], $_POST['message']);
-        $mess = 'Сообщение персонажу "' . $komu['login'] . '" будет доставлено.';
-    } elseif ((is_numeric($_REQUEST['setobject']) && $_REQUEST['setobject'] > 0) && (is_numeric($_REQUEST['to_id']) && $_REQUEST['to_id'] > 0) && !$_REQUEST['gift'] && $_REQUEST['sd4'] == $user['id']) {
-        $res = mysql_fetch_array(mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `id` = '{$_REQUEST['setobject']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 LIMIT 1;"));
-        if (!$res['id']) {
-            $mess = "Предмет не найден в рюкзаке";
-        } elseif ($user['money'] < 1) {
-            $mess = 'Недостаточно денег на оплату передачи';
-        } else {
-            if (mysql_query("UPDATE `inventory` SET `owner` = " . $komu['id'] . " WHERE `id`='" . $res['id'] . "' AND `owner`= '" . $user['id'] . "';")) {
-                mysql_query("UPDATE `users` SET `money`=`money`-1 WHERE `id`='" . $user['id'] . "'");
-                mysql_query("INSERT INTO `delo`(`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$_SESSION['uid']}','Почтой передан предмет \"" . $res['name'] . "\" id:(cap" . $res['id'] . ") [" . $res['duration'] . "/" . $res['maxdur'] . "] от \"" . $user['login'] . "\" к \"" . $komu['login'] . "\", налог 1 кр.','1','" . time() . "');");
-                mysql_query("INSERT INTO `delo`(`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$idkomu}','Почтой передан предмет \"" . $res['name'] . "\" id:(cap" . $res['id'] . ") [" . $res['duration'] . "/" . $res['maxdur'] . "] от \"" . $user['login'] . "\" к \"" . $komu['login'] . "\", налог 1 кр.','1','" . time() . "');");
-                $mess = 'Удачно передано "' . $res['name'] . '" к персонажу ' . $komu['login'];
-                $user['money'] -= 1;
-                $us = mysql_fetch_array(mysql_query("select `id` from `online` WHERE `date` >= " . (time() - 60) . " AND `id` = '{$komu['id']}' LIMIT 1;"));
-                if ($us[0]) {
-                    addchp('<font color=red>Внимание!</font> Вам почтой передан предмет <b>' . $res['name'] . '</b> от <span oncontextmenu=OpenMenu()>' . $user['login'] . '</span>   ', '{[]}' . $_POST['to_login'] . '{[]}');
-                } else {
-                    // если в офе
-                    mysql_query("INSERT INTO `telegraph` (`receiver`,`date`,`text`) VALUES ('" . $to['id'] . "','','" . '<font color=red>Внимание!</font> Вам почтой передан предмет <b>' . $res['name'] . '</b> от <span oncontextmenu=OpenMenu()>' . $user['login'] . '</span>  ' . "');");
+        if ($submit == 'sendMessage' && $user['money'] >= 1) {
+            $telegraphText = filter_input(INPUT_POST, 'message');
+            if ($telegraphText) {
+                db::c()->query('UPDATE `users` SET `money` = `money` - 1 WHERE id=?i', $user['id']);
+                db::c()->query('INSERT INTO `telegraph` (`receiver`,`text`) VALUES (?i,"?s")', $receiverId, $telegraphText);
+                $statusMessage = 'Сообщение отправлено.';
+            } else err('Сообщение было оставлено пустым!');
+        } elseif ((is_numeric($_REQUEST['setobject']) && $_REQUEST['setobject'] > 0) && (is_numeric($_REQUEST['to_id']) && $_REQUEST['to_id'] > 0) && !$_REQUEST['gift'] && $_REQUEST['sd4'] == $user['id']) {
+            /* post.php?to_id=<?= $idkomu ?>&id_th=<?= $row['id'] ?>&setobject=<?= $row['id'] ?>&sd4=<?= $user['id'] ?> */
+            $res = mysql_fetch_array(mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `id` = '{$_REQUEST['setobject']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 LIMIT 1;"));
+            if (!$res['id']) {
+                $mess = "Предмет не найден в рюкзаке";
+            } elseif ($user['money'] < 1) {
+                $mess = 'Недостаточно денег на оплату передачи';
+            } else {
+                if (mysql_query("UPDATE `inventory` SET `owner` = " . $komu['id'] . " WHERE `id`='" . $res['id'] . "' AND `owner`= '" . $user['id'] . "';")) {
+                    mysql_query("UPDATE `users` SET `money`=`money`-1 WHERE `id`='" . $user['id'] . "'");
+                    mysql_query("INSERT INTO `delo`(`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$_SESSION['uid']}','Почтой передан предмет \"" . $res['name'] . "\" id:(cap" . $res['id'] . ") [" . $res['duration'] . "/" . $res['maxdur'] . "] от \"" . $user['login'] . "\" к \"" . $komu['login'] . "\", налог 1 кр.','1','" . time() . "');");
+                    mysql_query("INSERT INTO `delo`(`id` , `author` ,`pers`, `text`, `type`, `date`) VALUES ('','0','{$idkomu}','Почтой передан предмет \"" . $res['name'] . "\" id:(cap" . $res['id'] . ") [" . $res['duration'] . "/" . $res['maxdur'] . "] от \"" . $user['login'] . "\" к \"" . $komu['login'] . "\", налог 1 кр.','1','" . time() . "');");
+                    $mess = 'Удачно передано "' . $res['name'] . '" к персонажу ' . $komu['login'];
+                    $user['money'] -= 1;
+                    $us = mysql_fetch_array(mysql_query("select `id` from `online` WHERE `date` >= " . (time() - 60) . " AND `id` = '{$komu['id']}' LIMIT 1;"));
+                    if ($us[0]) {
+                        addchp('<font color=red>Внимание!</font> Вам почтой передан предмет <b>' . $res['name'] . '</b> от <span oncontextmenu=OpenMenu()>' . $user['login'] . '</span>   ', '{[]}' . $_POST['to_login'] . '{[]}');
+                    } else {
+                        // если в офе
+                        mysql_query("INSERT INTO `telegraph` (`receiver`,`date`,`text`) VALUES ('" . $to['id'] . "','','" . '<font color=red>Внимание!</font> Вам почтой передан предмет <b>' . $res['name'] . '</b> от <span oncontextmenu=OpenMenu()>' . $user['login'] . '</span>  ' . "');");
+                    }
                 }
             }
         }
+        $queryItems = db::c()->query('SELECT * FROM `inventory` WHERE `owner` = ?i AND `dressed` = 0 AND `setsale` = 0 AND `present` = "?s" AND `artefact` = 0 ORDER BY `update` DESC', $_SESSION['uid'], null);
     }
 }
-
 ?>
 <!DOCTYPE html>
 <html>
@@ -87,224 +69,63 @@ if ($step == 3) {
     <meta charset="utf-8">
     <link href="css/main.css" rel="stylesheet"/>
     <script>
-        var Hint3Name = '';
-
-        // Заголовок, название скрипта, имя поля с логином
-        function findlogin(title, script, name) {
-            document.all("hint3").innerHTML = '<table width=100% cellspacing=1 cellpadding=0 bgcolor=CCC3AA><tr><td align=center><B>' + title + '</td><td width=20 align=right valign=top style="cursor: pointer" onclick="closehint3();"><BIG><B>x</td></tr><tr><td colspan=2>' +
-                '<form action="' + script + '" method=POST><table width=100% cellspacing=0 cellpadding=2 bgcolor=FFF6DD><tr><INPUT TYPE=hidden name=sd4 value="6"><td colspan=2>' +
-                'Укажите логин персонажа:<small><BR>(можно щелкнуть по логину в чате)</TD></TR><TR><TD width=50% align=right><INPUT TYPE=text NAME="' + name + '"></TD><TD width=50%><INPUT TYPE="submit" value=" »» "></TD></TR></TABLE></FORM></td></tr></table>';
-            document.all("hint3").style.visibility = "visible";
-            document.all("hint3").style.left = 100;
-            document.all("hint3").style.top = 100;
-            document.all(name).focus();
-            Hint3Name = name;
-            Hint3Closed = false;
-        }
-
-        function returned2(s) {
-            if (top.oldlocation != '') {
-                top.frames['main'].location = top.oldlocation + '?' + s + 'tmp=' + Math.random();
-                top.oldlocation = '';
-            }
-            else {
-                top.frames['main'].location = 'main.php?edit=' + Math.random()
-            }
-        }
-
-        function closehint3() {
-            document.all("hint3").style.visibility = "hidden";
-            Hint3Name = '';
-        }
-
         function leave() {
             top.frames['main'].location = 'city.php?cp'
         }
-
-        var transfersale = true;
-
-        function reloadit() {
-            if (tologin != '') {
-                location = "post.php?FindLogin=0&to_id=<? echo $idkomu; ?>&sd4=<? echo $user['id']; ?>&0.760742158507544"
-            }
-        }
-
-        function getalign(al) {
-            al += "";
-            if (al.substring(0, 1) == "3") return ("Темное братство");
-            if (al.substring(0, 1) == "2") return ("Хаос");
-            if (al.substring(0, 1) == "1") return ("Белое братство");
-            if (al == "0.5" || al.substring(0, 1) == "7") return ("Нейтрал");
-            return ("");
-        }
-
-        function drwfl(name, id, level, align, klan) {
-            var s = "";
-
-            if (align != "0") s += "<IMG SRC='i/align_" + align + ".gif' WIDTH=12 HEIGHT=15 ALT=\"" + getalign(align) + "\">";
-            if (klan) s += "<IMG SRC='i/klan/" + klan + ".gif' WIDTH=24 HEIGHT=15 ALT=''>";
-            s += "<B>" + name + "</B> ";
-            if (level != -1) s += "[" + level + "]";
-            if (id != -1) s += "<A HREF=" + id + "'../inf.php?' target='_blank'><IMG SRC=i/inf.gif WIDTH=12 HEIGHT=11 ALT='Инф. о " + name + "'></A>";
-
-            document.write(s);
-        }
     </script>
 </head>
 <body>
-<div id=hint3 class=ahint></div>
-<div id=hint4 class=ahint></div>
 <h1>Почта</h1>
 <a href=# onclick=leave()> ← выйти на Центральную площадь</a>
 <br>
-<form method="post">
-    <input name='receiverName' placeholder="Логин получателя"> <input type=submit value='Применить'>
-</form>
-<table width=100% cellspacing=0 cellpadding=0>
-    <tr>
-        <td>
-            <?php if ($step == 3) { ?>
-                К кому передавать: <?=nick::id($receiver['id'])->full()?>
-
-            <INPUT TYPE=button value="Сменить" onClick="findlogin('Передача предметов','post.php','FindLogin')"><BR>
-            <? } else {
-                $roww = mysql_fetch_array(mysql_query("SELECT * FROM `trade` WHERE `baer` = {$user['id']} LIMIT 1;"));
-                mysql_query("DELETE FROM `trade` WHERE `baer` = {$user['id']} LIMIT 1;");
-                if (!$roww['id']) { ?><SCRIPT>findlogin('Передача предметов', 'post.php', 'FindLogin');</SCRIPT><? }
-                else { ?><SCRIPT>transfer(<?=$roww['to_id']?>, '<?=$roww['login']?>', '<?=str_replace("\r\n", "", $roww['txt'])?>', <?=$roww['kr']?>, <?=$roww['id']?>, '');</SCRIPT><? }
-            }
-            ?>
-        </td>
-    </tr>
-    <tr>
-        <td colspan=2 align=right>
-            <?php if ($step != 4): ?>
-                <B><?=$mess;?></B>
-            <? endif ?>
-        </td>
-    </tr>
-</table>
-
-<TABLE width=100% cellspacing=0 cellpadding=0>
-    <FORM ACTION="post.php" METHOD=POST>
-        <TR>
-            <TD valign=top align=left width=30%>
-                <?php if ($step == 3): ?>
-                    <INPUT TYPE=hidden name=to_id value="<? echo $idkomu; ?>">
-                    <INPUT TYPE=hidden name=sd4 value="<? echo $user['id']; ?>">
-                    <br/>
+<?php if (true == $allowOperations): ?>
+    Получатель: <?= nick::id($receiverId)->full() ?>
+    <a href="?change">Сменить</a>
+    <table width=100%>
+        <tr>
+            <td valign=top align=left width=30%>
+                <form METHOD=POST>
                     <fieldset>
                         <legend><b>Телеграф</b></legend>
                         Вы можете отправить короткое сообщение любому персонажу, даже если он находится в offline или
                         другом городе.<br/>
                         Услуга платная: <b>1 кр.</b> <br/>
-                        <input type="text" name="message" id="message" size="52" placeholder="Сообщение: (Максимум 100 символов)">
-                        <input type="submit" id="sendMessage" name="sendMessage" value="Отправить"
+                        <input type="text" name="message" id="message" size="52"
+                               placeholder="Сообщение: (Максимум 100 символов)">
+                        <input type="hidden" name="action" value="telegraph">
+                        <input type="submit" value="Отправить"
                                onclick="if(!confirm('Послать сообщение?')) { return false; }">
                     </fieldset>
-
-
-                <? endif ?>
-            </TD>
-    </FORM>
-
-    <FORM ACTION="post.php" METHOD=POST>
-        <INPUT TYPE=hidden name=sd4 value="<?=$user['id']?>">
-        <TD valign=top align=right>
-
-            <?php if ($step == 3) {
-
-
-                if ($_GET['razdel'] == '0') {
-                    $_SESSION['razdel'] = 0;
-                }
-                if ($_GET['razdel'] == 1) {
-                    $_SESSION['razdel'] = 1;
-                }
-                if ($_GET['razdel'] == 2) {
-                    $_SESSION['razdel'] = 2;
-                }
-
-                ?>
-                <TABLE border=0 width=100% cellspacing="0" cellpadding="0" bgcolor="#A5A5A5">
-                <TR>
-                    <TD>
-                        <TABLE border=0 width=100% cellspacing="0" cellpadding="3" bgcolor=#d4d2d2>
-                            <TR>
-                                <TD align=center bgcolor="<?= ($_SESSION['razdel'] == null) ? "#A5A5A5" : "#C7C7C7" ?>">
-                                    <A HREF="?to_id=<? echo $idkomu; ?>&edit=1&razdel=0&sd4=<? echo $user['id']; ?>">Обмундирование</A>
-                                </TD>
-                                <TD align=center bgcolor="<?= ($_SESSION['razdel'] == 1) ? "#A5A5A5" : "#C7C7C7" ?>"><A
-                                            HREF="?to_id=<? echo $idkomu; ?>&edit=1&razdel=1&sd4=<? echo $user['id']; ?>">Заклятия</A>
-                                </TD>
-                                <TD align=center bgcolor="<?= ($_SESSION['razdel'] == 2) ? "#A5A5A5" : "#C7C7C7" ?>"><A
-                                            HREF="?to_id=<? echo $idkomu; ?>&edit=1&razdel=2&sd4=<? echo $user['id']; ?>">Прочее</A>
-                                </TD>
-                            </TR>
-                        </TABLE>
-                    </TD>
-                </TR>
-                <TR>
-                    <TD align=center><B>Рюкзак (масса: <?php
-
-                            $d = mysql_fetch_array(mysql_query("SELECT sum(`massa`) FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `dressed` = 0; "));
-
-                            echo $d[0];
-                            ?>/<?= $user['sila'] * 4 ?>)</B></TD>
-                </TR>
-                <TR>
-                    <TD align=center><!--Рюкзак-->
-                        <TABLE BORDER=0 WIDTH=100% CELLSPACING="1" CELLPADDING="2" BGCOLOR="#A5A5A5">
-                            <?php
-                            if ($_SESSION['razdel'] == null) {
-                                $data = mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 AND `type` < 12 ORDER by `update` DESC; ");
-                            }
-                            if ($_SESSION['razdel'] == 1) {
-                                $data = mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 AND `type` = 12 ORDER by `update` DESC; ");
-                            }
-                            if ($_SESSION['razdel'] == 2) {
-                                $data = mysql_query("SELECT * FROM `inventory` WHERE `owner` = '{$_SESSION['uid']}' AND `dressed` = 0 AND `setsale` = 0 AND `present` = '' AND `artefact` = 0 AND `type` > 12 ORDER by `update` DESC; ");
-                            }
-
-                            while ($row = mysql_fetch_array($data)) {
-                                $row['count'] = 1;
-                                if (@$i == 0) {
-                                    $i = 1;
-                                    $color = '#C7C7C7';
-                                } else {
-                                    $i = 0;
-                                    $color = '#D5D5D5';
-                                }
-                                echo "<TR bgcolor={$color}><TD align=center ><IMG SRC=\"i/sh/{$row['img']}\" BORDER=0>";
-                                ?>
+                </form>
+            </td>
+            <td valign=top align=right>
+                <table class="zebra" WIDTH=100%">
+                    <?php while ($row = $queryItems->fetch_assoc()): ?>
+                        <tr>
+                            <td align=center>
+                                <IMG SRC="i/sh/<?= $row['img'] ?>" BORDER=0>";
                                 <BR>
-                                <? echo "<A HREF=\"post.php?to_id=" . $idkomu . "&id_th=" . $row['id'] . "&setobject=" . $row['id'] . "&sd4=" . $user['id'] . "&tmp=" . rand(0, 50000000) . "\"" . 'onclick="return confirm(\'Передать предмет ' . $row['name'] . '?\')">передать&nbsp;за&nbsp;1&nbsp;кр.</A>';
-                                //echo "<br><A HREF=\"post.php?to_id=".$idkomu."&id_th=".$row['id']."&setobject=".$row['id']."&gift=1&sd4=".$user['id']."&tmp=".rand(0,50000000)."\"".'onclick="return confirm(\'Подарить предмет '.$row['name'].'?\')">подарить</A>';
-                                // echo "<br><A HREF=#".' onClick="findmoney(\'Продажа предмета\',\'post.php\',\'cost\','.$row['id'].')">продать</A>';?>
-
-                                </TD>
-                                <?php
-                                echo "<TD valign=top>";
-                                showitem($row);
-                                echo "</TD></TR>";
-                            }
-                            if (mysql_num_rows($data) == 0) {
-                                echo "<tr><td align=center bgcolor=#C7C7C7>Пусто</td></tr>";
-                            }
-                            ?>
-
-
-                        </TABLE>
-                    </TD>
-                </TR>
-                </TABLE><?php
-            }
-            ?>
-
-
-        </TD>
-        </TR>
-    </FORM>
-</TABLE>
+                                <a href="post.php?to_id=<?= $receiverId ?>&id_th=<?= $row['id'] ?>&setobject=<?= $row['id'] ?>&sd4=<?= $user['id'] ?>&rnd=<?= mt_rand() ?>"
+                                   onclick="return confirm('Передать предмет<?= $row['name'] ?>?')">передать&nbsp;за&nbsp;1&nbsp;кр.</a>
+                            </td>
+                            <td valign=top>
+                                <?php showitem($row); ?>
+                            </td>
+                        </tr>
+                    <?php endwhile ?>
+                    <?php if ($queryItems->getNumRows() == 0): ?>
+                        <tr>
+                            <td align=center bgcolor=#C7C7C7>Нечего передавать...</td>
+                        </tr>
+                    <?php endif ?>
+                </table>
+            </td>
+        </tr>
+    </table>
+<?php else: ?>
+    <form method="post">
+        <input name='receiverName' placeholder="Логин получателя"> <input type=submit value='Применить'>
+    </form>
+<?php endif ?>
 </BODY>
 </HTML>