| rulebreaker |
22nd February 2009 21:37 |
PHP Code:
<?
require_once ("include/bittorrent.php");
gzip();
// +-------------BEGIN Language Hack By ANDiTKO ------------------------------+
global $defaultlanguage, $tracker_lang, $rootpath;
if (file_exists($rootpath . 'languages/' . $lang . '/lang_message.php'))
require_once($rootpath . 'languages/' . $lang . '/lang_message.php');
else
require_once($rootpath . 'languages/' . $defaultlanguage . '/lang_message.php');
// +-------------END Language Hack By ANDiTKO --------------------------------+
// Connect to DB & check login
dbconn();
loggedinorreturn();
parked();
// Define constants
define('PM_DELETED',0); // Message was deleted
define('PM_INBOX',1); // Message located in Inbox for reciever
define('PM_SENTBOX',-1); // GET value for sent box
// Determine action
$action = (string) $_GET['action'];
if (!$action)
{
$action = (string) $_POST['action'];
if (!$action)
{
$action = 'viewmailbox';
}
}
// View Mail Box
if ($action == "viewmailbox") {
// Get Mailbox Number
$mailbox = (int) $_GET['box'];
if (!$mailbox)
{
$mailbox = PM_INBOX;
}
if ($mailbox == PM_INBOX)
{
$mailbox_name = $tracker_lang['inbox'];
}
else
{
$mailbox_name = $tracker_lang['outbox'];
}
// Start Page
stdhead($mailbox_name); ?>
<script language="Javascript" type="text/javascript">
<!-- Begin
var checkflag = "false";
var marked_row = new Array;
function check(field) {
if (checkflag == "false") {
for (i = 0; i < field.length; i++) {
field[i].checked = true;}
checkflag = "true";
}
else {
for (i = 0; i < field.length; i++) {
field[i].checked = false; }
checkflag = "false";
}
}
// End -->
</script>
<script language="javascript" type="text/javascript" src="js/functions.js"></script>
<H1><?=$mailbox_name?></H1>
<DIV align="right"><FORM action="message.php" method="get">
<INPUT type="hidden" name="action" value="viewmailbox"><?=$tracker_lang['go_to'];?>: <SELECT name="box">
<OPTION value="1"<?=($mailbox == PM_INBOX ? " selected" : "")?>><?=$tracker_lang['inbox'];?></OPTION>
<OPTION value="-1"<?=($mailbox == PM_SENTBOX ? " selected" : "")?>><?=$tracker_lang['outbox'];?></OPTION>
</SELECT> <INPUT type="submit" value="<?=$tracker_lang['go_go_go'];?>"></FORM>
</DIV>
<TABLE border="0" cellpadding="4" cellspacing="0" width="100%">
<FORM action="message.php" method="post" name="form1">
<INPUT type="hidden" name="action" value="moveordel">
<TR>
<TD width="2%" class="colhead"> </TD>
<TD width="51%" class="colhead"><?=$tracker_lang['subject'];?></TD>
<?
if ($mailbox == PM_INBOX )
print ("<TD width=\"35%\" class=\"colhead\">".$tracker_lang['sender']."</TD>");
else
print ("<TD width=\"35%\" class=\"colhead\">".$tracker_lang['receiver']."</TD>");
?>
<TD width="10%" class="colhead"><?=$tracker_lang['date'];?></TD>
<TD width="2%" class="colhead"><INPUT type="checkbox" title="<?=$tracker_lang['mark_all'];?>" value="<?=$tracker_lang['mark_all'];?>" onClick="this.value=check(document.form1.elements);"></TD>
</TR>
<? if ($mailbox != PM_SENTBOX) {
$res = sql_query("SELECT m.*, u.username AS sender_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.sender = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE receiver=" . sqlesc($CURUSER['id']) . " AND location=" . sqlesc($mailbox) . " ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
} else {
$res = sql_query("SELECT m.*, u.username AS receiver_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.receiver = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE sender=" . sqlesc($CURUSER['id']) . " AND saved='yes' ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
}
if (mysql_num_rows($res) == 0) {
echo("<TD colspan=\"6\" align=\"center\">".$tracker_lang['no_messages'].".</TD>\n");
}
else
{
while ($row = mysql_fetch_assoc($res))
{
// Get Sender Username
if ($row['sender'] != 0) {
$username = "<A href=\"userdetails.php?id=" . $row['sender'] . "\">" . $row["sender_username"] . "</A>";
$id = $row['sender'];
$friend = $row['sfid'];
if ($friend && $CURUSER['id'] != $row['sender']) {
$username .= " <a href=friends.php?action=delete&type=friend&targetid=$id>[".$message_lang['remove_from_friends']."]</a>";
}
elseif ($CURUSER['id'] != $row['sender']) {
$username .= " <a href=friends.php?action=add&type=friend&targetid=$id>[".$message_lang['add_to_friends']."]</a>";
}
}
else {
$username = $tracker_lang['from_system'];
}
// Get Receiver Username
if ($row['receiver'] != 0) {
$receiver = "<A href=\"userdetails.php?id=" . $row['receiver'] . "\">" . $row["receiver_username"] . "</A>";
$id_r = $row['receiver'];
$friend = $row['rfid'];
if ($friend && $CURUSER['id'] != $row['receiver']) {
$receiver .= " <a href=friends.php?action=delete&type=friend&targetid=$id_r>[".$message_lang['remove_from_friends']."]</a>";
}
elseif ($CURUSER['id'] != $row['receiver']) {
$receiver .= " <a href=friends.php?action=add&type=friend&targetid=$id_r>[".$message_lang['add_to_friends']."]</a>";
}
}
else {
$receiver = $tracker_lang['from_system'];
}
$subject = htmlspecialchars($row['subject']);
if (strlen($subject) <= 0) {
$subject = $tracker_lang['no_subject'];
}
if ($row['unread'] == 'yes' && $mailbox != PM_SENTBOX) {
echo("<TR>\n<TD ><IMG src=\"pic/pn_inboxnew.gif\" alt=\"".$tracker_lang['mail_unread']."\"></TD>\n");
}
else {
echo("<TR>\n<TD><IMG src=\"pic/pn_inbox.gif\" alt=\"".$tracker_lang['mail_read']."\"></TD>\n");
}
echo("<TD><A href=\"message.php?action=viewmessage&id=" . $row['id'] . "\">" . $subject . "</A></TD>\n");
if ($mailbox != PM_SENTBOX) {
echo("<TD>$username</TD>\n");
}
else {
echo("<TD>$receiver</TD>\n");
}
echo("<TD nowrap>" . get_date_time($row['added']) . "</TD>\n");
echo("<TD><INPUT type=\"checkbox\" name=\"messages[]\" title=\"".$tracker_lang['mark']."\" value=\"" . $row['id'] . "\" id=\"checkbox_tbl_" . $row['id'] . "\"></TD>\n</TR>\n");
}
}
?>
<tr class="colhead">
<td colspan="6" align="right" class="colhead">
<input type="hidden" name="box" value="<?=$mailbox?>">
<input type="submit" name="delete" title="<?=$tracker_lang['delete_marked_messages'];?>" value="<?=$tracker_lang['delete'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_delete'];?>')">
<input type="submit" name="markread" title="<?=$tracker_lang['mark_as_read'];?>" value="<?=$tracker_lang['mark_read'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_read'];?>')"></form>
</td>
</tr>
</form>
</table>
<div align="left"><img src="pic/pn_inboxnew.gif" alt="<?=$message_lang['newmail'];?>" /> <?=$tracker_lang['mail_unread_desc'];?>
<img src="pic/pn_inbox.gif" alt="<?=$message_lang['read'];?>" /> <?=$tracker_lang['mail_read_desc'];?></div>
<?
stdfoot();
}
// End View Mail Box
// View Message
if ($action == "viewmessage") {
$pm_id = (int) $_GET['id'];
if (!$pm_id)
{
newerr($tracker_lang['error'], $message_lang['norights']);
}
// Get the message
$res = sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' . sqlesc($pm_id) . ' AND (receiver=' . sqlesc($CURUSER['id']) . ' OR (sender=' . sqlesc($CURUSER['id']). ' AND saved=\'yes\')) LIMIT 1') or sqlerr(__FILE__,__LINE__);
if (mysql_num_rows($res) == 0)
{
newerr($tracker_lang['error'],$message_lang['norights']);
}
// Prepare for displaying message
$message = mysql_fetch_assoc($res);
if ($message['sender'] == $CURUSER['id'])
{
// Display to
$res2 = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . sqlesc($message['receiver'])) or sqlerr(__FILE__,__LINE__);
$sender = mysql_fetch_array($res2);
$sender = "<A href=\"userdetails.php?id=" . $message['receiver'] . "\">" . $sender[0] . "</A>";
$reply = "";
$from = $message_lang['to'];
}
else
{
$from = $message_lang['from'];
if ($message['sender'] == 0)
{
$sender = $message_lang['sender'];
$reply = "";
}
else
{
$res2 = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
$sender = mysql_fetch_array($res2);
$sender = "<A href=\"userdetails.php?id=" . $message['sender'] . "\">" . $sender[0] . "</A>";
$reply = " [ <A href=\"message.php?action=sendmessage&receiver=" . $message['sender'] . "&replyto=" . $pm_id . "\"> " . $message_lang['answer']."</A> ]";
}
}
$body = format_comment($message['msg']);
$added = get_date_time($message['added']);
if (get_user_class() >= UC_MODERATOR && $message['sender'] == $CURUSER['id'])
{
$unread = ($message['unread'] == 'yes' ? "<SPAN style=\"color: #FF0000;\"><b>(" . $message_lang['new'] . ")</b></A>" : "");
}
else
{
$unread = "";
}
$subject = htmlspecialchars($message['subject']);
if (strlen($subject) <= 0)
{
$subject = $message_lang['nosubject'] ;
}
// Mark message unread
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id=" . sqlesc($pm_id) . " AND receiver=" . sqlesc($CURUSER['id']) . " LIMIT 1");
// Display message
stdhead($message_lang['showmessagessdthead']." (".$message_lang['subject'].": $subject)"); ?>
<TABLE width="660" border="0" cellpadding="4" cellspacing="0">
<TR><TD class="colhead" colspan="2"><?=$message_lang['subject']?> <?=$subject?></TD></TR>
<TR>
<TD width="50%" class="colhead"><?=$from?></TD>
<TD width="50%" class="colhead"><?=$message_lang['datesent']?></TD>
</TR>
<TR>
<TD><?=$sender?></TD>
<TD><?=$added?> <?=$unread?></TD>
</TR>
<TR>
<TD colspan="2"><?=$body?></TD>
</TR>
<TR>
<TD align="right" colspan=2>[ <A href="message.php?action=deletemessage&id=<?=$pm_id?>"><?=$message_lang['remove']?></A> ]<?=$reply?> [ <A href="message.php?action=forward&id=<?=$pm_id?>"><?=$message_lang['forward']?></A> ]</TD>
</TR>
</TABLE><?
stdfoot();
}
// End View Message
// Message
if ($action == "sendmessage") {
$receiver = $_GET["receiver"];
if (!is_valid_id($receiver))
newerr($tracker_lang['error'], $message_lang['incorectrecipient']);
$replyto = $_GET["replyto"];
if ($replyto && !is_valid_id($replyto))
newerr($tracker_lang['error'], $message_lang['incorectrecipient']);
$auto = $_GET["auto"];
$std = $_GET["std"];
if (($auto || $std ) && get_user_class() < UC_MODERATOR)
newerr($tracker_lang['error'], $message_lang['noaccess']);
$res = sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=$receiver") or die(mysql_error());
$user = mysql_fetch_assoc($res);
if (!$user)
newerr($tracker_lang['error'], $message_lang['nouserid']);
if ($auto)
$body = $pm_std_reply[$auto];
if ($std)
$body = $pm_template[$std][1];
if ($replyto) {
$res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$replyto") or sqlerr(__FILE__, __LINE__);
$msga = mysql_fetch_assoc($res);
if ($msga["receiver"] != $CURUSER["id"])
newerr($tracker_lang['error'], $message_lang['noaccess']);
$res = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . $msga["sender"]) or sqlerr(__FILE__, __LINE__);
$usra = mysql_fetch_assoc($res);
$body .= "\n\n\n-------- $usra[username] wrote: --------\n".htmlspecialchars($msga['msg'])."\n";
// Change
$subject = "Re: " . htmlspecialchars($msga['subject']);
// End of Change
}
stdhead($message_lang['sendingmessage']);
?>
<table class=main border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>
<form name=message method=post action=message.php>
<input type=hidden name=action value=takemessage>
<table class=message cellspacing=0 cellpadding=5>
<tr><td colspan=2 class=colhead><?=$message_lang['messageto']?><a class=altlink_white href=userdetails.php?id=<?=$receiver?>><?=$user["username"]?></a></td></tr>
<TR>
<TD colspan="2"><B><?=$message_lang['subject']?> </B>
<INPUT name="subject" type="text" size="60" value="<?=$subject?>" maxlength="255"></TD>
</TR>
<tr><td<?=$replyto?" colspan=2":""?>>
<?
textbbcode("message","msg","$body");
?>
</td></tr>
<tr>
<? if ($replyto) { ?>
<td align=center><input type=checkbox name='delete' value='yes' <?=$CURUSER['deletepms'] == 'yes'?"checked":""?>><?=$message_lang['deletewhensent']?>
<input type=hidden name=origmsg value=<?=$replyto?>></td>
<? } ?>
<td align=center><input type=checkbox name='save' value='yes' <?=$CURUSER['savepms'] == 'yes'?"checked":""?>><?=$message_lang['savewhensent']?></td></tr>
<tr><td<?=$replyto?" colspan=2":""?> align=center><input type=submit value="<?=$message_lang['sendmessage-submitbutton']?>" class=btn></td></tr>
</table>
<input type=hidden name=receiver value=<?=$receiver?>>
</form>
</div></td></tr></table>
<?
stdfoot();
}
// End View Message
// Take Message
if ($action == 'takemessage') {
$receiver = $_POST["receiver"];
$origmsg = $_POST["origmsg"];
$save = $_POST["save"];
$returnto = $_POST["returnto"];
if (!is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg)))
newerr($tracker_lang['error'],$message_lang['incorrectid']);
$msg = trim($_POST["msg"]);
if (!$msg)
newerr($tracker_lang['error'],$message_lang['entermessage']);
$subject = trim($_POST['subject']);
if (!$subject)
newerr($tracker_lang['error'],$message_lang['entersubject']);
// Change
$save = ($save == 'yes') ? "yes" : "no";
// End of Change
$res = sql_query("SELECT email, acceptpms, notifs, parked, UNIX_TIMESTAMP(last_access) as la FROM users WHERE id=$receiver") or sqlerr(__FILE__, __LINE__);
$user = mysql_fetch_assoc($res);
if (!$user)
newerr($tracker_lang['error'], $message_lang['nosuchuser']. " " .$receiver);
//Make sure recipient wants this message
if ($user["parked"] == "yes")
newerr($tracker_lang['error'], $message_lang['accountparked'] );
if (get_user_class() < UC_MODERATOR)
{
if ($user["acceptpms"] == "yes")
{
$res2 = sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$receiver AND blockid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res2) == 1)
sttderr($tracker_lang['error'], $message_lang['addedtoblacklist']);
}
elseif ($user["acceptpms"] == "friends")
{
$res2 = sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$receiver AND friendid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res2) != 1)
newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
}
elseif ($user["acceptpms"] == "no")
newerr($tracker_lang['error'], $message_lang['nopm']);
}
sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, msg, subject, saved, location) VALUES(" . $CURUSER["id"] . ", " . $CURUSER["id"] . ",
$receiver, " . TIMENOW . ", " . sqlesc($msg) . ", " . sqlesc($subject) . ", " . sqlesc($save) . ", 1)") or sqlerr(__FILE__, __LINE__);
$sended_id = mysql_insert_id();
if (strpos($user['notifs'], '[pm]') !== false) {
$username = $CURUSER["username"];
$usremail = $user["email"];
$body = <<<EOD
$username sent you a personal massage!
Clcik the link below to read the massage.
$DEFAULTBASEURL/message.php?action=viewmessage&id=$sended_id
--
$SITENAME
EOD;
$subj = "".$message_lang['user_sentyoupm']." $username!";
sent_mail($usremail, 'You have received a new personal massage from $username!', $SITEMAIL, $subj, $body);
//mail($usremail, $subj, $body, $SITEEMAIL);
}
$delete = $_POST["delete"];
if ($origmsg)
{
if ($delete == "yes")
{
// Make sure receiver of $origmsg is current user
$res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 1)
{
$arr = mysql_fetch_assoc($res);
if ($arr["receiver"] != $CURUSER["id"])
newerr($tracker_lang['error'],"Sorry,can't delete other's massages!");
if ($arr["saved"] == "no")
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
elseif ($arr["saved"] == "yes")
sql_query("UPDATE ".TABLE_MESSAGES." SET location = '0' WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
}
}
if (!$returnto)
$returnto = "$DEFAULTBASEURL/message.php";
}
if ($returnto) {
header("Location: $returnto");
die;
}
else {
header ("Refresh: 2; url=message.php");
newerr($tracker_lang['success'] , $message_lang['sendsucessfull']);
}
}
// End Take Message
// Mass PM
if ($action == 'mass_pm') {
if (get_user_class() < UC_MODERATOR)
newerr($tracker_lang['error'], $tracker_lang['access_denied']);
$n_pms = 0 + $_POST['n_pms'];['n_pms'];
$pmees = $_POST['pmees'];
$auto = $_POST['auto'];
if ($auto)
$body=$mm_template[$auto][1];
stdhead($message_lang['masspm_stdhead']);
?>
<table class=main border=0 cellspacing=0 cellpadding=0>
<tr><td class=embedded><div align=center>
<form method=post action=<?=$_SERVER['PHP_SELF']?> name=message>
<input type=hidden name=action value=takemass_pm>
<? if ($_SERVER["HTTP_REFERER"]) { ?>
<input type=hidden name=returnto value="<?=htmlspecialchars($_SERVER["HTTP_REFERER"]);?>">
<? } ?>
<table border=1 cellspacing=0 cellpadding=5>
<tr><td class=colhead colspan=2><?=$message_lang['masspm_distribution_for']?> <?=$n_pms?> User<?=($n_pms>1?"s":"")?></td></tr>
<TR>
<TD colspan="2"><B>Subject: </B>
<INPUT name="subject" type="text" size="60" maxlength="255"></TD>
</TR>
<tr><td colspan="2"><div align="center">
<?=textbbcode("message","msg","$body");?>
</div></td></tr>
<tr><td colspan="2"><div align="center"><b>Comment: </b>
<input name="comment" type="text" size="70">
</div></td></tr>
<tr><td><div align="center"><b><?=$message_lang['from'];?> </b>
<?=$CURUSER['username']?>
<input name="sender" type="radio" value="self" checked>
System
<input name="sender" type="radio" value="system">
</div></td>
<td><div align="center"><b>Take snapshot:</b> <input name="snap" type="checkbox" value="1">
</div></td></tr>
<tr><td colspan="2" align=center><input type=submit value="Send!" class=btn>
</td></tr></table>
<input type=hidden name=pmees value="<?=$pmees?>">
<input type=hidden name=n_pms value=<?=$n_pms?>>
</form>
</div>
</td>
</tr>
</table>
<?
stdfoot();
}
//End Mass PM
//Take Mass PM
if ($action == 'takemass_pm') {
if (get_user_class() < UC_MODERATOR)
newerr($tracker_lang['error'], $tracker_lang['access_denied']);
$msg = trim($_POST["msg"]);
if (!$msg)
newerr($tracker_lang['error'],$message_lang['entermessage']);
$sender_id = ($_POST['sender'] == 'system' ? 0 : $CURUSER['id']);
$from_is = unesc($_POST['pmees']);
// Change
$subject = trim($_POST['subject']);
$query = "INSERT INTO ".TABLE_MESSAGES." (sender, receiver, added, msg, subject, location, poster) ". "SELECT $sender_id, u.id, '" . get_date_time(time()) . "', " .
sqlesc($msg) . ", " . sqlesc($subject) . ", 1, $sender_id " . $from_is;
// End of Change
sql_query($query) or sqlerr(__FILE__, __LINE__);
$n = mysql_affected_rows();
$n_pms = 0 + $_POST['n_pms'];['n_pms'];
$comment = $_POST['comment'];
$snapshot = $_POST['snap'];
// add a custom text or stats snapshot to comments in profile
if ($comment || $snapshot)
{
$res = sql_query("SELECT u.id, u.uploaded, u.downloaded, u.modcomment ".$from_is) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) > 0)
{
$l = 0;
while ($user = mysql_fetch_array($res))
{
unset($new);
$old = $user['modcomment'];
if ($comment)
$new = $comment;
if ($snapshot)
{
$new .= ($new?"\n":"") . "MMed, " . date("Y-m-d") . ", " .
"UL: " . mksize($user['uploaded']) . ", " .
"DL: " . mksize($user['downloaded']) . ", " .
"r: " . (($user['downloaded'] > 0)?($user['uploaded']/$user['downloaded']) : 0) . " - " .
($_POST['sender'] == "system"?"System":$CURUSER['username']);
}
$new .= $old?("\n".$old):$old;
sql_query("UPDATE ".TABLE_USERS." SET modcomment = " . sqlesc($new) . " WHERE id = " . $user['id']) or sqlerr(__FILE__, __LINE__);
if (mysql_affected_rows())
$l++;
}
}
}
header ("Refresh: 3; url=message.php");
newerr($tracker_lang['success'], (($n_pms > 1) ? "$n Massage $n_pms was" : "A message has been")." has been successfully sent!" . ($l ? " $l comment(s) in profile" . (($l>1) ? "" : "(s)") . " updated!" : ""));
}
//End Take Mass PM
//Move Or Delete
if ($action == "moveordel") {
$pm_id = (int) $_POST['id'];
$pm_box = (int) $_POST['box'];
$pm_messages = $_POST['messages'];
if ($_POST['move']) {
if ($pm_id) {
// Move a single message
@sql_query("UPDATE ".TABLE_MESSAGES." SET location=" . sqlesc($pm_box) . ", saved = 'yes' WHERE id=" . sqlesc($pm_id) . " AND receiver=" . $CURUSER['id'] . " LIMIT 1");
}
else {
// Move multiple messages
@sql_query("UPDATE ".TABLE_MESSAGES." SET location=" . sqlesc($pm_box) . ", saved = 'yes' WHERE id IN (" . implode(", ", array_map("sqlesc", array_map("intval", $pm_messages))) . ') AND receiver=' . $CURUSER['id']);
}
// Check if messages were moved
if (@mysql_affected_rows() == 0) {
newerr($tracker_lang['error'], $message_lang['not_possible_to_move_or_delete_message']);
}
header("Location: message.php?action=viewmailbox&box=" . $pm_box);
exit();
}
elseif ($_POST['delete']) {
if ($pm_id) {
// Delete a single message
$res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
$message = mysql_fetch_assoc($res);
if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
}
elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
}
elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
}
elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
}
} else {
// Delete multiple messages
if (is_array($pm_messages))
foreach ($pm_messages as $id) {
$res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id));
$message = mysql_fetch_assoc($res);
if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
}
elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
}
elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
}
elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
}
}
}
// Check if messages were moved
if (@mysql_affected_rows() == 0) {
newerr($tracker_lang['error'],$message_lang['nomove']);
}
else {
header("Location: message.php?action=viewmailbox&box=" . $pm_box);
exit();
}
}
elseif ($_POST["markread"]) {
//Mark Read
if ($pm_id) {
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
}
//End Mark Read
else {
if (is_array($pm_messages))
foreach ($pm_messages as $id) {
$res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id));
$message = mysql_fetch_assoc($res);
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
}
}
if (@mysql_affected_rows() == 0) {
newerr($tracker_lang['error'], $message_lang['not_possible_to_mark_this_message_as_read']);
}
else {
header("Location: message.php?action=viewmailbox&box=" . $pm_box);
exit();
}
}
newerr($tracker_lang['error'],"There is no action");
}
//End Move Or Delete
//Foward
if ($action == "forward") {
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
// Display form
$pm_id = (int) $_GET['id'];
// Get the message
$res = sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' . sqlesc($pm_id) . ' AND (receiver=' . sqlesc($CURUSER['id']) . ' OR sender=' . sqlesc($CURUSER['id']) . ') LIMIT 1') or sqlerr(__FILE__,__LINE__);
if (!$res) {
newerr($tracker_lang['error'], $message_lang['nopermissions']);
}
if (mysql_num_rows($res) == 0) {
newerr($tracker_lang['error'], $message_lang['nopermissions']);
}
$message = mysql_fetch_assoc($res);
// Prepare variables
$subject = "Fwd: " . htmlspecialchars($message['subject']);
$from = $message['sender'];
$orig = $message['receiver'];
$res = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . sqlesc($orig) . " OR id=" . sqlesc($from)) or sqlerr(__FILE__,__LINE__);
$orig2 = mysql_fetch_assoc($res);
$orig_name = "<A href=\"userdetails.php?id=" . $from . "\">" . $orig2['username'] . "</A>";
if ($from == 0) {
$from_name = $message_lang['systemsendername'];
$from2['username'] = $message_lang['systemsendername'];
}
else {
$from2 = mysql_fetch_array($res);
$from_name = "<A href=\"userdetails.php?id=" . $from . "\">" . $from2['username'] . "</A>";
}
$body = "-------- ". $message_lang['originalsender'] . $from2['username'] . ": --------<BR>" . format_comment($message['msg']);
stdhead($subject);?>
<FORM action="message.php" method="post">
<INPUT type="hidden" name="action" value="forward">
<INPUT type="hidden" name="id" value="<?=$pm_id?>">
<TABLE border="0" cellpadding="4" cellspacing="0">
<TR><TD class="colhead" colspan="2"><?=$subject?></TD></TR>
<TR>
<TD><?=$message_lang['to']?></TD>
<TD><INPUT type="text" name="to" value="<?=$message_lang['nameofrecipient']?>" size="83"></TD>
</TR>
<TR>
<TD><?=$message_lang['originalsender2']?></TD>
<TD><?=$orig_name?></TD>
</TR>
<TR>
<TD><?=$message_lang['from']?></TD>
<TD><?=$from_name?></TD>
</TR>
<TR>
<TD><?=$message_lang['subject']?></TD>
<TD><INPUT type="text" name="subject" value="<?=$subject?>" size="83"></TD>
</TR>
<TR>
<TD><?=$message_lang['message']?></TD>
<TD><TEXTAREA name="msg" cols="80" rows="8"></TEXTAREA><BR><?=$body?></TD>
</TR>
<TR>
<TD colspan="2" align="center"><?=$message_lang['savewhensent']?> <INPUT type="checkbox" name="save" value="1"<?=$CURUSER['savepms'] == 'yes'?" checked":""?>> <INPUT type="submit" value="<?=$message_lang['sendmessage-submitbutton']?>"></TD>
</TR>
</TABLE>
</FORM><?
stdfoot();
}
else {
// Forward the message
$pm_id = (int) $_POST['id'];
// Get the message
$res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id) . " AND (receiver=" . sqlesc($CURUSER['id']) . " OR sender=" . sqlesc($CURUSER['id']) . ") LIMIT 1") or sqlerr(__FILE__,__LINE__);
if (!$res) {
newerr($tracker_lang['error'], $message_lang['nopermissions']);
}
if (mysql_num_rows($res) == 0) {
newerr($tracker_lang['error'], $message_lang['nopermissions']);
}
$message = mysql_fetch_assoc($res);
$subject = (string) $_POST['subject'];
$username = strip_tags($_POST['to']);
// Try finding a user with specified name
$res = sql_query("SELECT id FROM ".TABLE_USERS." WHERE LOWER(username)=LOWER(" . sqlesc($username) . ") LIMIT 1");
if (!$res) {
newerr($tracker_lang['error'], $message_lang['incorrectuser']);
}
if (mysql_num_rows($res) == 0) {
newerr($tracker_lang['error'], $message_lang['incorrectuser']);
}
$to = mysql_fetch_array($res);
$to = $to[0];
// Get Orignal sender's username
if ($message['sender'] == 0) {
$from = $message_lang['systemsendername'];
}
else {
$res = sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=" . sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
$from = mysql_fetch_assoc($res);
$from = $from['username'];
}
$body = (string) $_POST['msg'];
$body .= "\n-------- ". $message_lang['originalsender']. " " . $from . ": --------\n" . $message['msg'];
$save = (int) $_POST['save'];
if ($save) {
$save = 'yes';
}
else {
$save = 'no';
}
//Make sure recipient wants this message
if (get_user_class() < UC_MODERATOR) {
if ($from["acceptpms"] == "yes") {
$res2 = sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$to AND blockid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res2) == 1)
newerr($tracker_lang['error'], $message_lang['addedtoblacklist']);
}
elseif ($from["acceptpms"] == "friends") {
$res2 = sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$to AND friendid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res2) != 1)
newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
}
elseif ($from["acceptpms"] == "no")
newerr($tracker_lang['error'], $message_lang['nopm']);
}
sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, subject, msg, location, saved) VALUES(" . $CURUSER["id"] . ", " . $CURUSER["id"] . ", $to, '" . TIMENOW . "', " . sqlesc($subject) . "," . sqlesc($body) . ", " . sqlesc(PM_INBOX) . ", " . sqlesc($save) . ")") or sqlerr(__FILE__, __LINE__);
newerr($message_lang['success'], $message_lang['sendsucessfull']);
}
}
if ($action == "deletemessage") {
$pm_id = (int) $_GET['id'];
// Delete message
$res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
if (!$res) {
newerr($tracker_lang['error'],$message_lang['noid']);
}
if (mysql_num_rows($res) == 0) {
newerr($tracker_lang['error'],$message_lang['noid']);
}
$message = mysql_fetch_assoc($res);
if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
$res2 = sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
}
elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
$res2 = sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
}
elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
$res2 = sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
}
elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
$res2 = sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
}
if (!$res2) {
newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
}
if (mysql_affected_rows() == 0) {
newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
}
else {
header("Location: message.php?action=viewmailbox&id=" . $message['location']);
exit();
}
}
?>
here
|
