Bravo List
Register
Go Back   > Bravo List > Source Code > Trackers > YSE
Reply
  #1  
Old 22-02-09, 21:02
rulebreaker's Avatar
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default Announcement Problem
I have just downloaded and installed the Yuna Scatari v2.2 PRE7 By kp380lv script and installed on my server but there is a problem with the announcement it shows

Code:
Tracker sending invalid data: <NULL>
whats the problem? how do i fix it?

Thanks,
Rulebreaker
Reply With Quote
  #2  
Old 22-02-09, 21:15
carphunter18's Avatar
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
read here my post : http://bvlist.com/yuna-scatari/2052-...rity-bugs.html

en then the 4th bug ;)
Reply With Quote
  #3  
Old 22-02-09, 21:22
rulebreaker's Avatar
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default
thanks for the help, do u know why when i go to my message.php its just a blank white page?
Reply With Quote
  #4  
Old 22-02-09, 21:31
carphunter18's Avatar
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
post your message php maybe i see something :)
Reply With Quote
  #5  
Old 22-02-09, 21:37
rulebreaker's Avatar
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default
PHP Code:
<?


require_once ("include/bittorrent.php");

gzip();
// +-------------BEGIN Language Hack By ANDiTKO ------------------------------+
global $defaultlanguage, $tracker_lang, $rootpath;
    if (file_exists($rootpath . 'languages/' . $lang . '/lang_message.php'))
        require_once($rootpath . 'languages/' . $lang . '/lang_message.php');
    else
        require_once($rootpath . 'languages/' . $defaultlanguage . '/lang_message.php');
// +-------------END Language Hack By ANDiTKO --------------------------------+
// Connect to DB & check login
dbconn();
loggedinorreturn();
parked();

// Define constants
define('PM_DELETED',0); // Message was deleted
define('PM_INBOX',1); // Message located in Inbox for reciever
define('PM_SENTBOX',-1); // GET value for sent box

// Determine action
$action = (string) $_GET['action'];
if (!$action)
{
        $action = (string) $_POST['action'];
        if (!$action)
        {
                $action = 'viewmailbox';
        }
}

// View Mail Box
if ($action == "viewmailbox") {
        // Get Mailbox Number
        $mailbox = (int) $_GET['box'];
        if (!$mailbox)
        {
                $mailbox = PM_INBOX;
        }
                if ($mailbox == PM_INBOX)
                {
                        $mailbox_name = $tracker_lang['inbox'];
                }
                else
                {
                        $mailbox_name = $tracker_lang['outbox'];
                }

        // Start Page

        stdhead($mailbox_name); ?>
        <script language="Javascript" type="text/javascript">
        <!-- Begin
        var checkflag = "false";
        var marked_row = new Array;
        function check(field) {
                if (checkflag == "false") {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = true;}
                                checkflag = "true";
                        }
                else {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = false; }
                                checkflag = "false";
                        }
                }
                //  End -->
        </script>
        <script language="javascript" type="text/javascript" src="js/functions.js"></script>
        <H1><?=$mailbox_name?></H1>
        <DIV align="right"><FORM action="message.php" method="get">
        <INPUT type="hidden" name="action" value="viewmailbox"><?=$tracker_lang['go_to'];?>: <SELECT name="box">
        <OPTION value="1"<?=($mailbox == PM_INBOX " selected" "")?>><?=$tracker_lang['inbox'];?></OPTION>
        <OPTION value="-1"<?=($mailbox == PM_SENTBOX " selected" "")?>><?=$tracker_lang['outbox'];?></OPTION>
        </SELECT> <INPUT type="submit" value="<?=$tracker_lang['go_go_go'];?>"></FORM>
        </DIV>
        <TABLE border="0" cellpadding="4" cellspacing="0" width="100%">
        <FORM action="message.php" method="post" name="form1">
        <INPUT type="hidden" name="action" value="moveordel">
        <TR>
        <TD width="2%" class="colhead">&nbsp;&nbsp;</TD>
        <TD width="51%" class="colhead"><?=$tracker_lang['subject'];?></TD>
        <?
        if ($mailbox == PM_INBOX )
                print ("<TD width=\"35%\" class=\"colhead\">".$tracker_lang['sender']."</TD>");
        else
                print ("<TD width=\"35%\" class=\"colhead\">".$tracker_lang['receiver']."</TD>");
        ?>
        <TD width="10%" class="colhead"><?=$tracker_lang['date'];?></TD>
        <TD width="2%" class="colhead"><INPUT type="checkbox" title="<?=$tracker_lang['mark_all'];?>" value="<?=$tracker_lang['mark_all'];?>" onClick="this.value=check(document.form1.elements);"></TD>
        </TR>
        <? if ($mailbox != PM_SENTBOX) {
                $res = sql_query("SELECT m.*, u.username AS sender_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.sender = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE receiver=" . sqlesc($CURUSER['id']) . " AND location=" . sqlesc($mailbox) . " ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
        } else {
                $res = sql_query("SELECT m.*, u.username AS receiver_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.receiver = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE sender=" . sqlesc($CURUSER['id']) . " AND saved='yes' ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
        }
        if (mysql_num_rows($res) == 0) {
                echo("<TD colspan=\"6\" align=\"center\">".$tracker_lang['no_messages'].".</TD>\n");
        }
        else
        {
                while ($row = mysql_fetch_assoc($res))
                {
                        // Get Sender Username
                        if ($row['sender'] != 0) {
                                $username = "<A href=\"userdetails.php?id=" . $row['sender'] . "\">" . $row["sender_username"] . "</A>";
                                $id = $row['sender'];
                                $friend = $row['sfid'];
                                if ($friend && $CURUSER['id'] != $row['sender']) {
                                        $username .= "&nbsp;<a href=friends.php?action=delete&type=friend&targetid=$id>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif ($CURUSER['id'] != $row['sender']) {
                                        $username .= "&nbsp;<a href=friends.php?action=add&type=friend&targetid=$id>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                $username = $tracker_lang['from_system'];
                        }
                        // Get Receiver Username
                        if ($row['receiver'] != 0) {
                                $receiver = "<A href=\"userdetails.php?id=" . $row['receiver'] . "\">" . $row["receiver_username"] . "</A>";
                                $id_r = $row['receiver'];
                                $friend = $row['rfid'];
                                if ($friend && $CURUSER['id'] != $row['receiver']) {
                                        $receiver .= "&nbsp;<a href=friends.php?action=delete&type=friend&targetid=$id_r>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif ($CURUSER['id'] != $row['receiver']) {
                                        $receiver .= "&nbsp;<a href=friends.php?action=add&type=friend&targetid=$id_r>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                $receiver = $tracker_lang['from_system'];
                        }
                        $subject = htmlspecialchars($row['subject']);
                        if (strlen($subject) <= 0) {
                                $subject = $tracker_lang['no_subject'];
                        }
                        if ($row['unread'] == 'yes' && $mailbox != PM_SENTBOX) {
                                echo("<TR>\n<TD ><IMG src=\"pic/pn_inboxnew.gif\" alt=\"".$tracker_lang['mail_unread']."\"></TD>\n");
                        }
                        else {
                                echo("<TR>\n<TD><IMG src=\"pic/pn_inbox.gif\" alt=\"".$tracker_lang['mail_read']."\"></TD>\n");
                        }
                        echo("<TD><A href=\"message.php?action=viewmessage&amp;id=" . $row['id'] . "\">" . $subject . "</A></TD>\n");
                        if ($mailbox != PM_SENTBOX) {
                            echo("<TD>$username</TD>\n");
                        }
                        else {
                            echo("<TD>$receiver</TD>\n");
                        }
                        echo("<TD nowrap>" . get_date_time($row['added']) . "</TD>\n");
                        echo("<TD><INPUT type=\"checkbox\" name=\"messages[]\" title=\"".$tracker_lang['mark']."\" value=\"" . $row['id'] . "\" id=\"checkbox_tbl_" . $row['id'] . "\"></TD>\n</TR>\n");
                }
        }
        ?>
        <tr class="colhead">
        <td colspan="6" align="right" class="colhead">
        <input type="hidden" name="box" value="<?=$mailbox?>">
        <input type="submit" name="delete" title="<?=$tracker_lang['delete_marked_messages'];?>" value="<?=$tracker_lang['delete'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_delete'];?>')">
        <input type="submit" name="markread" title="<?=$tracker_lang['mark_as_read'];?>" value="<?=$tracker_lang['mark_read'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_read'];?>')"></form>
        </td>
        </tr>
        </form>
        </table>
        <div align="left"><img src="pic/pn_inboxnew.gif" alt="<?=$message_lang['newmail'];?>" /> <?=$tracker_lang['mail_unread_desc'];?><br />
        <img src="pic/pn_inbox.gif" alt="<?=$message_lang['read'];?>" /> <?=$tracker_lang['mail_read_desc'];?></div>
        <?
        stdfoot();
}
// End View Mail Box


// View Message
if ($action == "viewmessage") {
        $pm_id = (int) $_GET['id'];
        if (!$pm_id)
        {
                newerr($tracker_lang['error'], $message_lang['norights']);
        }
        // Get the message
        $res = sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' . sqlesc($pm_id) . ' AND (receiver=' . sqlesc($CURUSER['id']) . ' OR (sender=' . sqlesc($CURUSER['id']). ' AND saved=\'yes\')) LIMIT 1') or sqlerr(__FILE__,__LINE__);
        if (mysql_num_rows($res) == 0)
        {
                newerr($tracker_lang['error'],$message_lang['norights']);
        }
        // Prepare for displaying message
        $message = mysql_fetch_assoc($res);
        if ($message['sender'] == $CURUSER['id'])
        {
                // Display to
                $res2 = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . sqlesc($message['receiver'])) or sqlerr(__FILE__,__LINE__);
                $sender = mysql_fetch_array($res2);
                $sender = "<A href=\"userdetails.php?id=" . $message['receiver'] . "\">" . $sender[0] . "</A>";
                $reply = "";
                $from = $message_lang['to'];
        }
        else
        {
                $from = $message_lang['from'];
                if ($message['sender'] == 0)
                {
                        $sender = $message_lang['sender'];
                        $reply = "";
                }
                else
                {
                        $res2 = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
                        $sender = mysql_fetch_array($res2);
                        $sender = "<A href=\"userdetails.php?id=" . $message['sender'] . "\">" . $sender[0] . "</A>";
                        $reply = " [ <A href=\"message.php?action=sendmessage&amp;receiver=" . $message['sender'] . "&amp;replyto=" . $pm_id . "\"> " . $message_lang['answer']."</A> ]";
                }
        }
        $body = format_comment($message['msg']);
        $added = get_date_time($message['added']);
        if (get_user_class() >= UC_MODERATOR && $message['sender'] == $CURUSER['id'])
        {
                $unread = ($message['unread'] == 'yes' ? "<SPAN style=\"color: #FF0000;\"><b>(" . $message_lang['new'] . ")</b></A>" : "");
        }
        else
        {
                $unread = "";
        }
        $subject = htmlspecialchars($message['subject']);
        if (strlen($subject) <= 0)
        {
                $subject = $message_lang['nosubject'] ;
        }
        // Mark message unread
        sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id=" . sqlesc($pm_id) . " AND receiver=" . sqlesc($CURUSER['id']) . " LIMIT 1");
        // Display message
        stdhead($message_lang['showmessagessdthead']." (".$message_lang['subject'].": $subject)"); ?>
        <TABLE width="660" border="0" cellpadding="4" cellspacing="0">
        <TR><TD class="colhead" colspan="2"><?=$message_lang['subject']?> <?=$subject?></TD></TR>
        <TR>
        <TD width="50%" class="colhead"><?=$from?></TD>
        <TD width="50%" class="colhead"><?=$message_lang['datesent']?></TD>
        </TR>
        <TR>
        <TD><?=$sender?></TD>
        <TD><?=$added?>&nbsp;&nbsp;<?=$unread?></TD>
        </TR>
        <TR>
        <TD colspan="2"><?=$body?></TD>
        </TR>
        <TR>
        <TD align="right" colspan=2>[ <A href="message.php?action=deletemessage&id=<?=$pm_id?>"><?=$message_lang['remove']?></A> ]<?=$reply?> [ <A href="message.php?action=forward&id=<?=$pm_id?>"><?=$message_lang['forward']?></A> ]</TD>
        </TR>
        </TABLE><?
        stdfoot();
}
// End View Message

// Message
if ($action == "sendmessage") {

        $receiver = $_GET["receiver"];
        if (!is_valid_id($receiver))
                newerr($tracker_lang['error'], $message_lang['incorectrecipient']);

        $replyto = $_GET["replyto"];
        if ($replyto && !is_valid_id($replyto))
                newerr($tracker_lang['error'], $message_lang['incorectrecipient']);

        $auto = $_GET["auto"];
        $std = $_GET["std"];

        if (($auto || $std ) && get_user_class() < UC_MODERATOR)
                newerr($tracker_lang['error'], $message_lang['noaccess']);

        $res = sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=$receiver") or die(mysql_error());
        $user = mysql_fetch_assoc($res);
        if (!$user)
                newerr($tracker_lang['error'], $message_lang['nouserid']);
        if ($auto)
                $body = $pm_std_reply[$auto];
        if ($std)
                $body = $pm_template[$std][1];

        if ($replyto) {
                $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$replyto") or sqlerr(__FILE__, __LINE__);
                $msga = mysql_fetch_assoc($res);
                if ($msga["receiver"] != $CURUSER["id"])
                        newerr($tracker_lang['error'], $message_lang['noaccess']);

                $res = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . $msga["sender"]) or sqlerr(__FILE__, __LINE__);
                $usra = mysql_fetch_assoc($res);
                $body .= "\n\n\n-------- $usra[username] wrote: --------\n".htmlspecialchars($msga['msg'])."\n";
                // Change
                $subject = "Re: " . htmlspecialchars($msga['subject']);
                // End of Change
        }

        stdhead($message_lang['sendingmessage']);
        ?>
        <table class=main border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>
        <form name=message method=post action=message.php>
        <input type=hidden name=action value=takemessage>
        <table class=message cellspacing=0 cellpadding=5>
        <tr><td colspan=2 class=colhead><?=$message_lang['messageto']?><a class=altlink_white href=userdetails.php?id=<?=$receiver?>><?=$user["username"]?></a></td></tr>
        <TR>
        <TD colspan="2"><B><?=$message_lang['subject']?>&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60" value="<?=$subject?>" maxlength="255"></TD>
        </TR>
        <tr><td<?=$replyto?" colspan=2":""?>>
        <?
        textbbcode("message","msg","$body");
        ?>
        </td></tr>
        <tr>
        <? if ($replyto) { ?>
        <td align=center><input type=checkbox name='delete' value='yes' <?=$CURUSER['deletepms'] == 'yes'?"checked":""?>><?=$message_lang['deletewhensent']?>
        <input type=hidden name=origmsg value=<?=$replyto?>></td>
        <? } ?>
        <td align=center><input type=checkbox name='save' value='yes' <?=$CURUSER['savepms'] == 'yes'?"checked":""?>><?=$message_lang['savewhensent']?></td></tr>
        <tr><td<?=$replyto?" colspan=2":""?> align=center><input type=submit value="<?=$message_lang['sendmessage-submitbutton']?>" class=btn></td></tr>
        </table>
        <input type=hidden name=receiver value=<?=$receiver?>>
        </form>
        </div></td></tr></table>
        <?
        stdfoot();
}
// End View Message


// Take Message
if ($action == 'takemessage') {

        $receiver = $_POST["receiver"];
        $origmsg = $_POST["origmsg"];
        $save = $_POST["save"];
        $returnto = $_POST["returnto"];
        if (!is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg)))
                newerr($tracker_lang['error'],$message_lang['incorrectid']);
        $msg = trim($_POST["msg"]);
        if (!$msg)
                newerr($tracker_lang['error'],$message_lang['entermessage']);
        $subject = trim($_POST['subject']);
        if (!$subject)
                newerr($tracker_lang['error'],$message_lang['entersubject']);
        // Change
        $save = ($save == 'yes') ? "yes" : "no";
        // End of Change
        $res = sql_query("SELECT email, acceptpms, notifs, parked, UNIX_TIMESTAMP(last_access) as la FROM users WHERE id=$receiver") or sqlerr(__FILE__, __LINE__);
        $user = mysql_fetch_assoc($res);
        if (!$user)
                newerr($tracker_lang['error'], $message_lang['nosuchuser']. " " .$receiver);
        //Make sure recipient wants this message
        if ($user["parked"] == "yes")
                newerr($tracker_lang['error'], $message_lang['accountparked'] );
        if (get_user_class() < UC_MODERATOR)
        {
                if ($user["acceptpms"] == "yes")
                {
                        $res2 = sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$receiver AND blockid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
                        if (mysql_num_rows($res2) == 1)
                                sttderr($tracker_lang['error'], $message_lang['addedtoblacklist']);
                }
                elseif ($user["acceptpms"] == "friends")
                {
                        $res2 = sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$receiver AND friendid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
                        if (mysql_num_rows($res2) != 1)
                                 newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
                }
                elseif ($user["acceptpms"] == "no")
                                 newerr($tracker_lang['error'], $message_lang['nopm']);
        }
        sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, msg, subject, saved, location) VALUES(" . $CURUSER["id"] . ", " . $CURUSER["id"] . ",
        $receiver, " . TIMENOW . ", " . sqlesc($msg) . ", " . sqlesc($subject) . ", " . sqlesc($save) . ", 1)") or sqlerr(__FILE__, __LINE__);
        $sended_id = mysql_insert_id();
        if (strpos($user['notifs'], '[pm]') !== false) {
                $username = $CURUSER["username"];
                $usremail = $user["email"];
$body = <<<EOD
$username sent you a personal massage!

Clcik the link below to read the massage.

$DEFAULTBASEURL/message.php?action=viewmessage&id=$sended_id

--

$SITENAME
EOD;
                $subj = "".$message_lang['user_sentyoupm']." $username!";
                sent_mail($usremail, 'You have received a new personal massage from $username!', $SITEMAIL, $subj, $body);
                //mail($usremail, $subj, $body, $SITEEMAIL);
        }
        $delete = $_POST["delete"];
        if ($origmsg)
        {
                if ($delete == "yes")
                {
                        // Make sure receiver of $origmsg is current user
                        $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
                        if (mysql_num_rows($res) == 1)
                        {
                                $arr = mysql_fetch_assoc($res);
                                if ($arr["receiver"] != $CURUSER["id"])
                                        newerr($tracker_lang['error'],"Sorry,can't delete other's massages!");
                                if ($arr["saved"] == "no")
                                        sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
                                elseif ($arr["saved"] == "yes")
                                        sql_query("UPDATE ".TABLE_MESSAGES." SET location = '0' WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
                        }
                }
                if (!$returnto)
                        $returnto = "$DEFAULTBASEURL/message.php";
        }
        if ($returnto) {
                header("Location: $returnto");
                die;
        }
        else {
                header ("Refresh: 2; url=message.php");
                newerr($tracker_lang['success'] , $message_lang['sendsucessfull']);
        }


}
// End Take Message


// Mass PM
if ($action == 'mass_pm') {
        if (get_user_class() < UC_MODERATOR)
                newerr($tracker_lang['error'], $tracker_lang['access_denied']);
        $n_pms = 0 + $_POST['n_pms'];['n_pms'];
        $pmees = $_POST['pmees'];
        $auto = $_POST['auto'];

        if ($auto)
                $body=$mm_template[$auto][1];

        stdhead($message_lang['masspm_stdhead']);
        ?>
        <table class=main border=0 cellspacing=0 cellpadding=0>
        <tr><td class=embedded><div align=center>
        <form method=post action=<?=$_SERVER['PHP_SELF']?> name=message>
        <input type=hidden name=action value=takemass_pm>
        <? if ($_SERVER["HTTP_REFERER"]) { ?>
        <input type=hidden name=returnto value="<?=htmlspecialchars($_SERVER["HTTP_REFERER"]);?>">
        <? } ?>
        <table border=1 cellspacing=0 cellpadding=5>
        <tr><td class=colhead colspan=2><?=$message_lang['masspm_distribution_for']?> <?=$n_pms?> User<?=($n_pms>1?"s":"")?></td></tr>



        <TR>
        <TD colspan="2"><B>Subject:&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60" maxlength="255"></TD>
        </TR>
        <tr><td colspan="2"><div align="center">
        <?=textbbcode("message","msg","$body");?>
        </div></td></tr>
        <tr><td colspan="2"><div align="center"><b>Comment:&nbsp;&nbsp;</b>
        <input name="comment" type="text" size="70">
        </div></td></tr>
        <tr><td><div align="center"><b><?=$message_lang['from'];?>&nbsp;&nbsp;</b>
        <?=$CURUSER['username']?>
        <input name="sender" type="radio" value="self" checked>
        &nbsp; System
        <input name="sender" type="radio" value="system">
        </div></td>
        <td><div align="center"><b>Take snapshot:</b>&nbsp;<input name="snap" type="checkbox" value="1">
         </div></td></tr>
        <tr><td colspan="2" align=center><input type=submit value="Send!" class=btn>
        </td></tr></table>
        <input type=hidden name=pmees value="<?=$pmees?>">
        <input type=hidden name=n_pms value=<?=$n_pms?>>
        </form><br /><br />
        </div>
        </td>
        </tr>
        </table>
        <?
        stdfoot();

}
//End Mass PM


//Take Mass PM
if ($action == 'takemass_pm') {
        if (get_user_class() < UC_MODERATOR)
                newerr($tracker_lang['error'], $tracker_lang['access_denied']);
        $msg = trim($_POST["msg"]);
        if (!$msg)
                newerr($tracker_lang['error'],$message_lang['entermessage']);
        $sender_id = ($_POST['sender'] == 'system' ? 0 : $CURUSER['id']);
        $from_is = unesc($_POST['pmees']);
        // Change
        $subject = trim($_POST['subject']);
        $query = "INSERT INTO ".TABLE_MESSAGES." (sender, receiver, added, msg, subject, location, poster) ". "SELECT $sender_id, u.id, '" . get_date_time(time()) . "', " .
        sqlesc($msg) . ", " . sqlesc($subject) . ", 1, $sender_id " . $from_is;
        // End of Change
        sql_query($query) or sqlerr(__FILE__, __LINE__);
        $n = mysql_affected_rows();
        $n_pms = 0 + $_POST['n_pms'];['n_pms'];
        $comment = $_POST['comment'];
        $snapshot = $_POST['snap'];
        // add a custom text or stats snapshot to comments in profile
        if ($comment || $snapshot)
        {
                $res = sql_query("SELECT u.id, u.uploaded, u.downloaded, u.modcomment ".$from_is) or sqlerr(__FILE__, __LINE__);
                if (mysql_num_rows($res) > 0)
                {
                        $l = 0;
                        while ($user = mysql_fetch_array($res))
                        {
                                unset($new);
                                $old = $user['modcomment'];
                                if ($comment)
                                        $new = $comment;
                                        if ($snapshot)
                                        {
                                                $new .= ($new?"\n":"") . "MMed, " . date("Y-m-d") . ", " .
                                                "UL: " . mksize($user['uploaded']) . ", " .
                                                "DL: " . mksize($user['downloaded']) . ", " .
                                                "r: " . (($user['downloaded'] > 0)?($user['uploaded']/$user['downloaded']) : 0) . " - " .
                                                ($_POST['sender'] == "system"?"System":$CURUSER['username']);
                                        }
                                        $new .= $old?("\n".$old):$old;
                                        sql_query("UPDATE ".TABLE_USERS." SET modcomment = " . sqlesc($new) . " WHERE id = " . $user['id']) or sqlerr(__FILE__, __LINE__);
                                        if (mysql_affected_rows())
                                                $l++;
                        }
                }
        }
        header ("Refresh: 3; url=message.php");
        newerr($tracker_lang['success'], (($n_pms > 1) ? "$n Massage $n_pms was" : "A message has been")." has been successfully sent!" . ($l ? " $l comment(s) in profile" . (($l>1) ? "" : "(s)") . " updated!" : ""));
}
//End Take Mass PM


//Move Or Delete
if ($action == "moveordel") {
        $pm_id = (int) $_POST['id'];
        $pm_box = (int) $_POST['box'];
        $pm_messages = $_POST['messages'];
        if ($_POST['move']) {
                if ($pm_id) {
                        // Move a single message
                        @sql_query("UPDATE ".TABLE_MESSAGES." SET location=" . sqlesc($pm_box) . ", saved = 'yes' WHERE id=" . sqlesc($pm_id) . " AND receiver=" . $CURUSER['id'] . " LIMIT 1");
                }
                else {
                        // Move multiple messages
                        @sql_query("UPDATE ".TABLE_MESSAGES." SET location=" . sqlesc($pm_box) . ", saved = 'yes' WHERE id IN (" . implode(", ", array_map("sqlesc", array_map("intval", $pm_messages))) . ') AND receiver=' . $CURUSER['id']);
                }
                // Check if messages were moved
                if (@mysql_affected_rows() == 0) {
                        newerr($tracker_lang['error'], $message_lang['not_possible_to_move_or_delete_message']);
                }
                header("Location: message.php?action=viewmailbox&box=" . $pm_box);
                exit();
        }
        elseif ($_POST['delete']) {
                if ($pm_id) {
                        // Delete a single message
                        $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        $message = mysql_fetch_assoc($res);
                        if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                                sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                                sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                                sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                                sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                } else {
                        // Delete multiple messages
                        if (is_array($pm_messages))
                        foreach ($pm_messages as $id) {
                                $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id));
                                $message = mysql_fetch_assoc($res);
                                if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                                        sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                                        sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                                        sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                                        sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                        }
                }
                // Check if messages were moved
                if (@mysql_affected_rows() == 0) {
                        newerr($tracker_lang['error'],$message_lang['nomove']);
                }
                else {
                        header("Location: message.php?action=viewmailbox&box=" . $pm_box);
                        exit();
                }
        }
        elseif ($_POST["markread"]) {
                //Mark Read
                if ($pm_id) {
                        sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                }
                //End Mark Read
                else {
                        if (is_array($pm_messages))
                        foreach ($pm_messages as $id) {
                                $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id));
                                $message = mysql_fetch_assoc($res);
                                sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                        }
                }
                if (@mysql_affected_rows() == 0) {
                        newerr($tracker_lang['error'], $message_lang['not_possible_to_mark_this_message_as_read']);
                }
                else {
                        header("Location: message.php?action=viewmailbox&box=" . $pm_box);
                        exit();
                }
        }

newerr($tracker_lang['error'],"There is no action");
}
//End Move Or Delete


//Foward
if ($action == "forward") {
        if ($_SERVER['REQUEST_METHOD'] == 'GET') {
                // Display form
                $pm_id = (int) $_GET['id'];

                // Get the message
                $res = sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' . sqlesc($pm_id) . ' AND (receiver=' . sqlesc($CURUSER['id']) . ' OR sender=' . sqlesc($CURUSER['id']) . ') LIMIT 1') or sqlerr(__FILE__,__LINE__);

                if (!$res) {
                        newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }
                if (mysql_num_rows($res) == 0) {
                        newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }
                $message = mysql_fetch_assoc($res);

                // Prepare variables
                $subject = "Fwd: " . htmlspecialchars($message['subject']);
                $from = $message['sender'];
                $orig = $message['receiver'];

                $res = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . sqlesc($orig) . " OR id=" . sqlesc($from)) or sqlerr(__FILE__,__LINE__);

                $orig2 = mysql_fetch_assoc($res);
                $orig_name = "<A href=\"userdetails.php?id=" . $from . "\">" . $orig2['username'] . "</A>";
                if ($from == 0) {
                        $from_name = $message_lang['systemsendername'];
                        $from2['username'] = $message_lang['systemsendername'];
                }
                else {
                        $from2 = mysql_fetch_array($res);
                        $from_name = "<A href=\"userdetails.php?id=" . $from . "\">" . $from2['username'] . "</A>";
                }

                $body = "-------- ". $message_lang['originalsender'] . $from2['username'] . ": --------<BR>" . format_comment($message['msg']);

                stdhead($subject);?>

                <FORM action="message.php" method="post">
                <INPUT type="hidden" name="action" value="forward">
                <INPUT type="hidden" name="id" value="<?=$pm_id?>">
                <TABLE border="0" cellpadding="4" cellspacing="0">
                <TR><TD class="colhead" colspan="2"><?=$subject?></TD></TR>
                <TR>
                <TD><?=$message_lang['to']?></TD>
                <TD><INPUT type="text" name="to" value="<?=$message_lang['nameofrecipient']?>" size="83"></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['originalsender2']?></TD>
                <TD><?=$orig_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['from']?></TD>
                <TD><?=$from_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['subject']?></TD>
                <TD><INPUT type="text" name="subject" value="<?=$subject?>" size="83"></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['message']?></TD>
                <TD><TEXTAREA name="msg" cols="80" rows="8"></TEXTAREA><BR><?=$body?></TD>
                </TR>
                <TR>
                <TD colspan="2" align="center"><?=$message_lang['savewhensent']?> <INPUT type="checkbox" name="save" value="1"<?=$CURUSER['savepms'] == 'yes'?" checked":""?>>&nbsp;<INPUT type="submit" value="<?=$message_lang['sendmessage-submitbutton']?>"></TD>
                </TR>
                </TABLE>
                </FORM><?
                stdfoot();
        }

        else {

                // Forward the message
                $pm_id = (int) $_POST['id'];

                // Get the message
                $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id) . " AND (receiver=" . sqlesc($CURUSER['id']) . " OR sender=" . sqlesc($CURUSER['id']) . ") LIMIT 1") or sqlerr(__FILE__,__LINE__);  
                if (!$res) {
                        newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }

                if (mysql_num_rows($res) == 0) {
                        newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }

                $message = mysql_fetch_assoc($res);
                $subject = (string) $_POST['subject'];
                $username = strip_tags($_POST['to']);

                // Try finding a user with specified name

                $res = sql_query("SELECT id FROM ".TABLE_USERS." WHERE LOWER(username)=LOWER(" . sqlesc($username) . ") LIMIT 1");
                if (!$res) {
                        newerr($tracker_lang['error'], $message_lang['incorrectuser']);
                }
                if (mysql_num_rows($res) == 0) {
                        newerr($tracker_lang['error'], $message_lang['incorrectuser']);
                }

                $to = mysql_fetch_array($res);
                $to = $to[0];

                // Get Orignal sender's username
                if ($message['sender'] == 0) {
                        $from = $message_lang['systemsendername'];
                }
                else {
                        $res = sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=" . sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
                        $from = mysql_fetch_assoc($res);
                        $from = $from['username'];
                }
                $body = (string) $_POST['msg'];
                $body .= "\n-------- ". $message_lang['originalsender']. " " . $from . ": --------\n" . $message['msg'];
                $save = (int) $_POST['save'];
                if ($save) {
                        $save = 'yes';
                }
                else {
                        $save = 'no';
                }

                //Make sure recipient wants this message
                if (get_user_class() < UC_MODERATOR) {
                        if ($from["acceptpms"] == "yes") {
                                $res2 = sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$to AND blockid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
                                if (mysql_num_rows($res2) == 1)
                                        newerr($tracker_lang['error'], $message_lang['addedtoblacklist']);
                        }
                        elseif ($from["acceptpms"] == "friends") {
                                $res2 = sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$to AND friendid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
                                if (mysql_num_rows($res2) != 1)
                                        newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
                        }

                        elseif ($from["acceptpms"] == "no")
                                newerr($tracker_lang['error'], $message_lang['nopm']);
                }
                sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, subject, msg, location, saved) VALUES(" . $CURUSER["id"] . ", " . $CURUSER["id"] . ", $to, '" . TIMENOW . "', " . sqlesc($subject) . "," . sqlesc($body) . ", " . sqlesc(PM_INBOX) . ", " . sqlesc($save) . ")") or sqlerr(__FILE__, __LINE__);
                        newerr($message_lang['success'], $message_lang['sendsucessfull']);
        }
}


if ($action == "deletemessage") {
        $pm_id = (int) $_GET['id'];

        // Delete message
        $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        if (!$res) {
                newerr($tracker_lang['error'],$message_lang['noid']);
        }
        if (mysql_num_rows($res) == 0) {
                newerr($tracker_lang['error'],$message_lang['noid']);
        }
        $message = mysql_fetch_assoc($res);
        if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                $res2 = sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                $res2 = sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                $res2 = sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                $res2 = sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        if (!$res2) {
                newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        if (mysql_affected_rows() == 0) {
                newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        else {
                header("Location: message.php?action=viewmailbox&id=" . $message['location']);
                exit();
        }
}
?>
here
Reply With Quote
  #6  
Old 22-02-09, 21:44
carphunter18's Avatar
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
alright this will work ;)


PHP Code:
<?


require_once ("include/bittorrent.php");

gzip();
// +-------------BEGIN Language Hack By ANDiTKO ------------------------------+
global $defaultlanguage, $tracker_lang, $rootpath;
    if (file_exists($rootpath . 'languages/' . $lang . '/lang_message.php'))
        require_once($rootpath . 'languages/' . $lang . '/lang_message.php');
    else
        require_once($rootpath . 'languages/' . $defaultlanguage . '/lang_message.php');
// +-------------END Language Hack By ANDiTKO --------------------------------+
// Connect to DB & check login
dbconn();
loggedinorreturn();
parked();

// Define constants
define('PM_DELETED',0); // Message was deleted
define('PM_INBOX',1); // Message located in Inbox for reciever
define('PM_SENTBOX',-1); // GET value for sent box

// Determine action
$action = (string) $_GET['action'];
if (!$action)
{
        $action = (string) $_POST['action'];
        if (!$action)
        {
                $action = 'viewmailbox';
        }
}

// View Mail Box
if ($action == "viewmailbox") {
        // Get Mailbox Number
        $mailbox = (int) $_GET['box'];
        if (!$mailbox)
        {
                $mailbox = PM_INBOX;
        }
                if ($mailbox == PM_INBOX)
                {
                        $mailbox_name = $tracker_lang['inbox'];
                }
                else
                {
                        $mailbox_name = $tracker_lang['outbox'];
                }

        // Start Page

        stdhead($mailbox_name); ?>
        <script language="Javascript" type="text/javascript">
        <!-- Begin
        var checkflag = "false";
        var marked_row = new Array;
        function check(field) {
                if (checkflag == "false") {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = true;}
                                checkflag = "true";
                        }
                else {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = false; }
                                checkflag = "false";
                        }
                }
                //  End -->
        </script>
        <script language="javascript" type="text/javascript" src="js/functions.js"></script>
        <H1><?=$mailbox_name?></H1>
        <DIV align="right"><FORM action="message.php" method="get">
        <INPUT type="hidden" name="action" value="viewmailbox"><?=$tracker_lang['go_to'];?>: <SELECT name="box">
        <OPTION value="1"<?=($mailbox == PM_INBOX " selected" "")?>><?=$tracker_lang['inbox'];?></OPTION>
        <OPTION value="-1"<?=($mailbox == PM_SENTBOX " selected" "")?>><?=$tracker_lang['outbox'];?></OPTION>
        </SELECT> <INPUT type="submit" value="<?=$tracker_lang['go_go_go'];?>"></FORM>
        </DIV>
        <TABLE border="0" cellpadding="4" cellspacing="0" width="100%">
        <FORM action="message.php" method="post" name="form1">
        <INPUT type="hidden" name="action" value="moveordel">
        <TR>
        <TD width="2%" class="colhead">&nbsp;&nbsp;</TD>
        <TD width="51%" class="colhead"><?=$tracker_lang['subject'];?></TD>
        <?
        if ($mailbox == PM_INBOX )
                print ("<TD width=\"35%\" class=\"colhead\">".$tracker_lang['sender']."</TD>");
        else
                print ("<TD width=\"35%\" class=\"colhead\">".$tracker_lang['receiver']."</TD>");
        ?>
        <TD width="10%" class="colhead"><?=$tracker_lang['date'];?></TD>
        <TD width="2%" class="colhead"><INPUT type="checkbox" title="<?=$tracker_lang['mark_all'];?>" value="<?=$tracker_lang['mark_all'];?>" onClick="this.value=check(document.form1.elements);"></TD>
        </TR>
        <? if ($mailbox != PM_SENTBOX) {
                $res = sql_query("SELECT m.*, u.username AS sender_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.sender = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE receiver=" . sqlesc($CURUSER['id']) . " AND location=" . sqlesc($mailbox) . " ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
        } else {
                $res = sql_query("SELECT m.*, u.username AS receiver_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.receiver = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE sender=" . sqlesc($CURUSER['id']) . " AND saved='yes' ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
        }
        if (mysql_num_rows($res) == 0) {
                echo("<TD colspan=\"6\" align=\"center\">".$tracker_lang['no_messages'].".</TD>\n");
        }
        else
        {
                while ($row = mysql_fetch_assoc($res))
                {
                        // Get Sender Username
                        if ($row['sender'] != 0) {
                                $username = "<A href=\"userdetails.php?id=" . $row['sender'] . "\">" . $row["sender_username"] . "</A>";
                                $id = $row['sender'];
                                $friend = $row['sfid'];
                                if ($friend && $CURUSER['id'] != $row['sender']) {
                                        $username .= "&nbsp;<a href=friends.php?action=delete&type=friend&targetid=$id>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif ($CURUSER['id'] != $row['sender']) {
                                        $username .= "&nbsp;<a href=friends.php?action=add&type=friend&targetid=$id>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                $username = $tracker_lang['from_system'];
                        }
                        // Get Receiver Username
                        if ($row['receiver'] != 0) {
                                $receiver = "<A href=\"userdetails.php?id=" . $row['receiver'] . "\">" . $row["receiver_username"] . "</A>";
                                $id_r = $row['receiver'];
                                $friend = $row['rfid'];
                                if ($friend && $CURUSER['id'] != $row['receiver']) {
                                        $receiver .= "&nbsp;<a href=friends.php?action=delete&type=friend&targetid=$id_r>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif ($CURUSER['id'] != $row['receiver']) {
                                        $receiver .= "&nbsp;<a href=friends.php?action=add&type=friend&targetid=$id_r>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                $receiver = $tracker_lang['from_system'];
                        }
                        $subject = htmlspecialchars($row['subject']);
                        if (strlen($subject) <= 0) {
                                $subject = $tracker_lang['no_subject'];
                        }
                        if ($row['unread'] == 'yes' && $mailbox != PM_SENTBOX) {
                                echo("<TR>\n<TD ><IMG src=\"pic/pn_inboxnew.gif\" alt=\"".$tracker_lang['mail_unread']."\"></TD>\n");
                        }
                        else {
                                echo("<TR>\n<TD><IMG src=\"pic/pn_inbox.gif\" alt=\"".$tracker_lang['mail_read']."\"></TD>\n");
                        }
                        echo("<TD><A href=\"message.php?action=viewmessage&amp;id=" . $row['id'] . "\">" . $subject . "</A></TD>\n");
                        if ($mailbox != PM_SENTBOX) {
                            echo("<TD>$username</TD>\n");
                        }
                        else {
                            echo("<TD>$receiver</TD>\n");
                        }
                        echo("<TD nowrap>" . get_date_time($row['added']) . "</TD>\n");
                        echo("<TD><INPUT type=\"checkbox\" name=\"messages[]\" title=\"".$tracker_lang['mark']."\" value=\"" . $row['id'] . "\" id=\"checkbox_tbl_" . $row['id'] . "\"></TD>\n</TR>\n");
                }
        }
        ?>
        <tr class="colhead">
        <td colspan="6" align="right" class="colhead">
        <input type="hidden" name="box" value="<?=$mailbox?>">
        <input type="submit" name="delete" title="<?=$tracker_lang['delete_marked_messages'];?>" value="<?=$tracker_lang['delete'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_delete'];?>')">
        <input type="submit" name="markread" title="<?=$tracker_lang['mark_as_read'];?>" value="<?=$tracker_lang['mark_read'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_read'];?>')"></form>
        </td>
        </tr>
        </form>
        </table>
        <div align="left"><img src="pic/pn_inboxnew.gif" alt="<?=$message_lang['newmail'];?>" /> <?=$tracker_lang['mail_unread_desc'];?><br />
        <img src="pic/pn_inbox.gif" alt="<?=$message_lang['read'];?>" /> <?=$tracker_lang['mail_read_desc'];?></div>
        <?
        stdfoot();
}
// End View Mail Box


// View Message
if ($action == "viewmessage") {
        $pm_id = (int) $_GET['id'];
        if (!$pm_id)
        {
                newerr($tracker_lang['error'], $message_lang['norights']);
        }
        // Get the message
        $res = sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' . sqlesc($pm_id) . ' AND (receiver=' . sqlesc($CURUSER['id']) . ' OR (sender=' . sqlesc($CURUSER['id']). ' AND saved=\'yes\')) LIMIT 1') or sqlerr(__FILE__,__LINE__);
        if (mysql_num_rows($res) == 0)
        {
                newerr($tracker_lang['error'],$message_lang['norights']);
        }
        // Prepare for displaying message
        $message = mysql_fetch_assoc($res);
        if ($message['sender'] == $CURUSER['id'])
        {
                // Display to
                $res2 = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . sqlesc($message['receiver'])) or sqlerr(__FILE__,__LINE__);
                $sender = mysql_fetch_array($res2);
                $sender = "<A href=\"userdetails.php?id=" . $message['receiver'] . "\">" . $sender[0] . "</A>";
                $reply = "";
                $from = $message_lang['to'];
        }
        else
        {
                $from = $message_lang['from'];
                if ($message['sender'] == 0)
                {
                        $sender = $message_lang['sender'];
                        $reply = "";
                }
                else
                {
                        $res2 = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
                        $sender = mysql_fetch_array($res2);
                        $sender = "<A href=\"userdetails.php?id=" . $message['sender'] . "\">" . $sender[0] . "</A>";
                        $reply = " [ <A href=\"message.php?action=sendmessage&amp;receiver=" . $message['sender'] . "&amp;replyto=" . $pm_id . "\"> " . $message_lang['answer']."</A> ]";
                }
        }
        $body = format_comment($message['msg']);
        $added = get_date_time($message['added']);
        if (get_user_class() >= UC_MODERATOR && $message['sender'] == $CURUSER['id'])
        {
                $unread = ($message['unread'] == 'yes' ? "<SPAN style=\"color: #FF0000;\"><b>(" . $message_lang['new'] . ")</b></A>" : "");
        }
        else
        {
                $unread = "";
        }
        $subject = htmlspecialchars($message['subject']);
        if (strlen($subject) <= 0)
        {
                $subject = $message_lang['nosubject'] ;
        }
        // Mark message unread
        sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id=" . sqlesc($pm_id) . " AND receiver=" . sqlesc($CURUSER['id']) . " LIMIT 1");
        // Display message
        stdhead($message_lang['showmessagessdthead']." (".$message_lang['subject'].": $subject)"); ?>
        <TABLE width="660" border="0" cellpadding="4" cellspacing="0">
        <TR><TD class="colhead" colspan="2"><?=$message_lang['subject']?> <?=$subject?></TD></TR>
        <TR>
        <TD width="50%" class="colhead"><?=$from?></TD>
        <TD width="50%" class="colhead"><?=$message_lang['datesent']?></TD>
        </TR>
        <TR>
        <TD><?=$sender?></TD>
        <TD><?=$added?>&nbsp;&nbsp;<?=$unread?></TD>
        </TR>
        <TR>
        <TD colspan="2"><?=$body?></TD>
        </TR>
        <TR>
        <TD align="right" colspan=2>[ <A href="message.php?action=deletemessage&id=<?=$pm_id?>"><?=$message_lang['remove']?></A> ]<?=$reply?> [ <A href="message.php?action=forward&id=<?=$pm_id?>"><?=$message_lang['forward']?></A> ]</TD>
        </TR>
        </TABLE><?
        stdfoot();
}
// End View Message

// Message
if ($action == "sendmessage") {

        $receiver = $_GET["receiver"];
        if (!is_valid_id($receiver))
                newerr($tracker_lang['error'], $message_lang['incorectrecipient']);

        $replyto = $_GET["replyto"];
        if ($replyto && !is_valid_id($replyto))
                newerr($tracker_lang['error'], $message_lang['incorectrecipient']);

        $auto = $_GET["auto"];
        $std = $_GET["std"];

        if (($auto || $std ) && get_user_class() < UC_MODERATOR)
                newerr($tracker_lang['error'], $message_lang['noaccess']);

        $res = sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=$receiver") or die(mysql_error());
        $user = mysql_fetch_assoc($res);
        if (!$user)
                newerr($tracker_lang['error'], $message_lang['nouserid']);
        if ($auto)
                $body = $pm_std_reply[$auto];
        if ($std)
                $body = $pm_template[$std][1];

        if ($replyto) {
                $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$replyto") or sqlerr(__FILE__, __LINE__);
                $msga = mysql_fetch_assoc($res);
                if ($msga["receiver"] != $CURUSER["id"])
                        newerr($tracker_lang['error'], $message_lang['noaccess']);

                $res = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . $msga["sender"]) or sqlerr(__FILE__, __LINE__);
                $usra = mysql_fetch_assoc($res);
                $body .= "\n\n\n-------- $usra[username] wrote: --------\n".htmlspecialchars($msga['msg'])."\n";
                // Change
                $subject = "Re: " . htmlspecialchars($msga['subject']);
                // End of Change
        }

        stdhead($message_lang['sendingmessage']);
        ?>
        <table class=main border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>
        <form name=message method=post action=message.php>
        <input type=hidden name=action value=takemessage>
        <table class=message cellspacing=0 cellpadding=5>
        <tr><td colspan=2 class=colhead><?=$message_lang['messageto']?><a class=altlink_white href=userdetails.php?id=<?=$receiver?>><?=$user["username"]?></a></td></tr>
        <TR>
        <TD colspan="2"><B><?=$message_lang['subject']?>&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60" value="<?=$subject?>" maxlength="255"></TD>
        </TR>
        <tr><td<?=$replyto?" colspan=2":""?>>
        <?
        textbbcode("message","msg","$body");
        ?>
        </td></tr>
        <tr>
        <? if ($replyto) { ?>
        <td align=center><input type=checkbox name='delete' value='yes' <?=$CURUSER['deletepms'] == 'yes'?"checked":""?>><?=$message_lang['deletewhensent']?>
        <input type=hidden name=origmsg value=<?=$replyto?>></td>
        <? } ?>
        <td align=center><input type=checkbox name='save' value='yes' <?=$CURUSER['savepms'] == 'yes'?"checked":""?>><?=$message_lang['savewhensent']?></td></tr>
        <tr><td<?=$replyto?" colspan=2":""?> align=center><input type=submit value="<?=$message_lang['sendmessage-submitbutton']?>" class=btn></td></tr>
        </table>
        <input type=hidden name=receiver value=<?=$receiver?>>
        </form>
        </div></td></tr></table>
        <?
        stdfoot();
}
// End View Message


// Take Message
if ($action == 'takemessage') {

        $receiver = $_POST["receiver"];
        $origmsg = $_POST["origmsg"];
        $save = $_POST["save"];
        $returnto = $_POST["returnto"];
        if (!is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg)))
                newerr($tracker_lang['error'],$message_lang['incorrectid']);
        $msg = trim($_POST["msg"]);
        if (!$msg)
                newerr($tracker_lang['error'],$message_lang['entermessage']);
        $subject = trim($_POST['subject']);
        if (!$subject)
                newerr($tracker_lang['error'],$message_lang['entersubject']);
        // Change
        $save = ($save == 'yes') ? "yes" : "no";
        // End of Change
        $res = sql_query("SELECT email, acceptpms, notifs, parked, UNIX_TIMESTAMP(last_access) as la FROM users WHERE id=$receiver") or sqlerr(__FILE__, __LINE__);
        $user = mysql_fetch_assoc($res);
        if (!$user)
                newerr($tracker_lang['error'], $message_lang['nosuchuser']. " " .$receiver);
        //Make sure recipient wants this message
        if ($user["parked"] == "yes")
                newerr($tracker_lang['error'], $message_lang['accountparked'] );
        if (get_user_class() < UC_MODERATOR)
        {
                if ($user["acceptpms"] == "yes")
                {
                        $res2 = sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$receiver AND blockid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
                        if (mysql_num_rows($res2) == 1)
                                sttderr($tracker_lang['error'], $message_lang['addedtoblacklist']);
                }
                elseif ($user["acceptpms"] == "friends")
                {
                        $res2 = sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$receiver AND friendid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
                        if (mysql_num_rows($res2) != 1)
                                 newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
                }
                elseif ($user["acceptpms"] == "no")
                                 newerr($tracker_lang['error'], $message_lang['nopm']);
        }
        sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, msg, subject, saved, location) VALUES(" . $CURUSER["id"] . ", " . $CURUSER["id"] . ",
        $receiver, " . TIMENOW . ", " . sqlesc($msg) . ", " . sqlesc($subject) . ", " . sqlesc($save) . ", 1)") or sqlerr(__FILE__, __LINE__);
        $sended_id = mysql_insert_id();
        if (strpos($user['notifs'], '[pm]') !== false) {
                $username = $CURUSER["username"];
                $usremail = $user["email"];
$body = <<<EOD
$username sent you a personal massage!

Clcik the link below to read the massage.

$DEFAULTBASEURL/message.php?action=viewmessage&id=$sended_id

--

$SITENAME
EOD;
                $subj = "".$message_lang['user_sentyoupm']." $username!";
                sent_mail($usremail, 'You have received a new personal massage from $username!', $SITEMAIL, $subj, $body);
                //mail($usremail, $subj, $body, $SITEEMAIL);
        }
        $delete = $_POST["delete"];
        if ($origmsg)
        {
                if ($delete == "yes")
                {
                        // Make sure receiver of $origmsg is current user
                        $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
                        if (mysql_num_rows($res) == 1)
                        {
                                $arr = mysql_fetch_assoc($res);
                                if ($arr["receiver"] != $CURUSER["id"])
                                        newerr($tracker_lang['error'],"Sorry,can't delete other's massages!");
                                if ($arr["saved"] == "no")
                                        sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
                                elseif ($arr["saved"] == "yes")
                                        sql_query("UPDATE ".TABLE_MESSAGES." SET location = '0' WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
                        }
                }
                if (!$returnto)
                        $returnto = "$DEFAULTBASEURL/message.php";
        }
        if ($returnto) {
                header("Location: $returnto");
                die;
        }
        else {
                header ("Refresh: 2; url=message.php");
                newerr($tracker_lang['success'] , $message_lang['sendsucessfull']);
        }


}
// End Take Message


// Mass PM
if ($action == 'mass_pm') {
        if (get_user_class() < UC_MODERATOR)
                newerr($tracker_lang['error'], $tracker_lang['access_denied']);
        $n_pms = 0 + $_POST['n_pms'];
        $pmees = $_POST['pmees'];
        $auto = $_POST['auto'];

        if ($auto)
                $body=$mm_template[$auto][1];

        stdhead($message_lang['masspm_stdhead']);
        ?>
        <table class=main border=0 cellspacing=0 cellpadding=0>
        <tr><td class=embedded><div align=center>
        <form method=post action=<?=$_SERVER['PHP_SELF']?> name=message>
        <input type=hidden name=action value=takemass_pm>
        <? if ($_SERVER["HTTP_REFERER"]) { ?>
        <input type=hidden name=returnto value="<?=htmlspecialchars($_SERVER["HTTP_REFERER"]);?>">
        <? } ?>
        <table border=1 cellspacing=0 cellpadding=5>
        <tr><td class=colhead colspan=2><?=$message_lang['masspm_distribution_for']?> <?=$n_pms?> User<?=($n_pms>1?"s":"")?></td></tr>



        <TR>
        <TD colspan="2"><B>Subject:&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60" maxlength="255"></TD>
        </TR>
        <tr><td colspan="2"><div align="center">
        <?=textbbcode("message","msg","$body");?>
        </div></td></tr>
        <tr><td colspan="2"><div align="center"><b>Comment:&nbsp;&nbsp;</b>
        <input name="comment" type="text" size="70">
        </div></td></tr>
        <tr><td><div align="center"><b><?=$message_lang['from'];?>&nbsp;&nbsp;</b>
        <?=$CURUSER['username']?>
        <input name="sender" type="radio" value="self" checked>
        &nbsp; System
        <input name="sender" type="radio" value="system">
        </div></td>
        <td><div align="center"><b>Take snapshot:</b>&nbsp;<input name="snap" type="checkbox" value="1">
         </div></td></tr>
        <tr><td colspan="2" align=center><input type=submit value="Send!" class=btn>
        </td></tr></table>
        <input type=hidden name=pmees value="<?=$pmees?>">
        <input type=hidden name=n_pms value=<?=$n_pms?>>
        </form><br /><br />
        </div>
        </td>
        </tr>
        </table>
        <?
        stdfoot();

}
//End Mass PM


//Take Mass PM
if ($action == 'takemass_pm') {
        if (get_user_class() < UC_MODERATOR)
                newerr($tracker_lang['error'], $tracker_lang['access_denied']);
        $msg = trim($_POST["msg"]);
        if (!$msg)
                newerr($tracker_lang['error'],$message_lang['entermessage']);
        $sender_id = ($_POST['sender'] == 'system' ? 0 : $CURUSER['id']);
        $from_is = unesc($_POST['pmees']);
        // Change
        $subject = trim($_POST['subject']);
        $query = "INSERT INTO ".TABLE_MESSAGES." (sender, receiver, added, msg, subject, location, poster) ". "SELECT $sender_id, u.id, '" . get_date_time(time()) . "', " .
        sqlesc($msg) . ", " . sqlesc($subject) . ", 1, $sender_id " . $from_is;
        // End of Change
        sql_query($query) or sqlerr(__FILE__, __LINE__);
        $n = mysql_affected_rows();
        $n_pms = 0 + $_POST['n_pms'];
        $comment = $_POST['comment'];
        $snapshot = $_POST['snap'];
        // add a custom text or stats snapshot to comments in profile
        if ($comment || $snapshot)
        {
                $res = sql_query("SELECT u.id, u.uploaded, u.downloaded, u.modcomment ".$from_is) or sqlerr(__FILE__, __LINE__);
                if (mysql_num_rows($res) > 0)
                {
                        $l = 0;
                        while ($user = mysql_fetch_array($res))
                        {
                                unset($new);
                                $old = $user['modcomment'];
                                if ($comment)
                                        $new = $comment;
                                        if ($snapshot)
                                        {
                                                $new .= ($new?"\n":"") . "MMed, " . date("Y-m-d") . ", " .
                                                "UL: " . mksize($user['uploaded']) . ", " .
                                                "DL: " . mksize($user['downloaded']) . ", " .
                                                "r: " . (($user['downloaded'] > 0)?($user['uploaded']/$user['downloaded']) : 0) . " - " .
                                                ($_POST['sender'] == "system"?"System":$CURUSER['username']);
                                        }
                                        $new .= $old?("\n".$old):$old;
                                        sql_query("UPDATE ".TABLE_USERS." SET modcomment = " . sqlesc($new) . " WHERE id = " . $user['id']) or sqlerr(__FILE__, __LINE__);
                                        if (mysql_affected_rows())
                                                $l++;
                        }
                }
        }
        header ("Refresh: 3; url=message.php");
        newerr($tracker_lang['success'], (($n_pms > 1) ? "$n Massage $n_pms was" : "A message has been")." has been successfully sent!" . ($l ? " $l comment(s) in profile" . (($l>1) ? "" : "(s)") . " updated!" : ""));
}
//End Take Mass PM


//Move Or Delete
if ($action == "moveordel") {
        $pm_id = (int) $_POST['id'];
        $pm_box = (int) $_POST['box'];
        $pm_messages = $_POST['messages'];
        if ($_POST['move']) {
                if ($pm_id) {
                        // Move a single message
                        @sql_query("UPDATE ".TABLE_MESSAGES." SET location=" . sqlesc($pm_box) . ", saved = 'yes' WHERE id=" . sqlesc($pm_id) . " AND receiver=" . $CURUSER['id'] . " LIMIT 1");
                }
                else {
                        // Move multiple messages
                        @sql_query("UPDATE ".TABLE_MESSAGES." SET location=" . sqlesc($pm_box) . ", saved = 'yes' WHERE id IN (" . implode(", ", array_map("sqlesc", array_map("intval", $pm_messages))) . ') AND receiver=' . $CURUSER['id']);
                }
                // Check if messages were moved
                if (@mysql_affected_rows() == 0) {
                        newerr($tracker_lang['error'], $message_lang['not_possible_to_move_or_delete_message']);
                }
                header("Location: message.php?action=viewmailbox&box=" . $pm_box);
                exit();
        }
        elseif ($_POST['delete']) {
                if ($pm_id) {
                        // Delete a single message
                        $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        $message = mysql_fetch_assoc($res);
                        if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                                sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                                sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                                sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                                sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                } else {
                        // Delete multiple messages
                        if (is_array($pm_messages))
                        foreach ($pm_messages as $id) {
                                $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id));
                                $message = mysql_fetch_assoc($res);
                                if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                                        sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                                        sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                                        sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                                        sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                        }
                }
                // Check if messages were moved
                if (@mysql_affected_rows() == 0) {
                        newerr($tracker_lang['error'],$message_lang['nomove']);
                }
                else {
                        header("Location: message.php?action=viewmailbox&box=" . $pm_box);
                        exit();
                }
        }
        elseif ($_POST["markread"]) {
                //Mark Read
                if ($pm_id) {
                        sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                }
                //End Mark Read
                else {
                        if (is_array($pm_messages))
                        foreach ($pm_messages as $id) {
                                $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc((int) $id));
                                $message = mysql_fetch_assoc($res);
                                sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                        }
                }
                if (@mysql_affected_rows() == 0) {
                        newerr($tracker_lang['error'], $message_lang['not_possible_to_mark_this_message_as_read']);
                }
                else {
                        header("Location: message.php?action=viewmailbox&box=" . $pm_box);
                        exit();
                }
        }

newerr($tracker_lang['error'],"There is no action");
}
//End Move Or Delete


//Foward
if ($action == "forward") {
        if ($_SERVER['REQUEST_METHOD'] == 'GET') {
                // Display form
                $pm_id = (int) $_GET['id'];

                // Get the message
                $res = sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' . sqlesc($pm_id) . ' AND (receiver=' . sqlesc($CURUSER['id']) . ' OR sender=' . sqlesc($CURUSER['id']) . ') LIMIT 1') or sqlerr(__FILE__,__LINE__);

                if (!$res) {
                        newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }
                if (mysql_num_rows($res) == 0) {
                        newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }
                $message = mysql_fetch_assoc($res);

                // Prepare variables
                $subject = "Fwd: " . htmlspecialchars($message['subject']);
                $from = $message['sender'];
                $orig = $message['receiver'];

                $res = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . sqlesc($orig) . " OR id=" . sqlesc($from)) or sqlerr(__FILE__,__LINE__);

                $orig2 = mysql_fetch_assoc($res);
                $orig_name = "<A href=\"userdetails.php?id=" . $from . "\">" . $orig2['username'] . "</A>";
                if ($from == 0) {
                        $from_name = $message_lang['systemsendername'];
                        $from2['username'] = $message_lang['systemsendername'];
                }
                else {
                        $from2 = mysql_fetch_array($res);
                        $from_name = "<A href=\"userdetails.php?id=" . $from . "\">" . $from2['username'] . "</A>";
                }

                $body = "-------- ". $message_lang['originalsender'] . $from2['username'] . ": --------<BR>" . format_comment($message['msg']);

                stdhead($subject);?>

                <FORM action="message.php" method="post">
                <INPUT type="hidden" name="action" value="forward">
                <INPUT type="hidden" name="id" value="<?=$pm_id?>">
                <TABLE border="0" cellpadding="4" cellspacing="0">
                <TR><TD class="colhead" colspan="2"><?=$subject?></TD></TR>
                <TR>
                <TD><?=$message_lang['to']?></TD>
                <TD><INPUT type="text" name="to" value="<?=$message_lang['nameofrecipient']?>" size="83"></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['originalsender2']?></TD>
                <TD><?=$orig_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['from']?></TD>
                <TD><?=$from_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['subject']?></TD>
                <TD><INPUT type="text" name="subject" value="<?=$subject?>" size="83"></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['message']?></TD>
                <TD><TEXTAREA name="msg" cols="80" rows="8"></TEXTAREA><BR><?=$body?></TD>
                </TR>
                <TR>
                <TD colspan="2" align="center"><?=$message_lang['savewhensent']?> <INPUT type="checkbox" name="save" value="1"<?=$CURUSER['savepms'] == 'yes'?" checked":""?>>&nbsp;<INPUT type="submit" value="<?=$message_lang['sendmessage-submitbutton']?>"></TD>
                </TR>
                </TABLE>
                </FORM><?
                stdfoot();
        }

        else {

                // Forward the message
                $pm_id = (int) $_POST['id'];

                // Get the message
                $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id) . " AND (receiver=" . sqlesc($CURUSER['id']) . " OR sender=" . sqlesc($CURUSER['id']) . ") LIMIT 1") or sqlerr(__FILE__,__LINE__);
                if (!$res) {
                        newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }

                if (mysql_num_rows($res) == 0) {
                        newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }

                $message = mysql_fetch_assoc($res);
                $subject = (string) $_POST['subject'];
                $username = strip_tags($_POST['to']);

                // Try finding a user with specified name

                $res = sql_query("SELECT id FROM ".TABLE_USERS." WHERE LOWER(username)=LOWER(" . sqlesc($username) . ") LIMIT 1");
                if (!$res) {
                        newerr($tracker_lang['error'], $message_lang['incorrectuser']);
                }
                if (mysql_num_rows($res) == 0) {
                        newerr($tracker_lang['error'], $message_lang['incorrectuser']);
                }

                $to = mysql_fetch_array($res);
                $to = $to[0];

                // Get Orignal sender's username
                if ($message['sender'] == 0) {
                        $from = $message_lang['systemsendername'];
                }
                else {
                        $res = sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=" . sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
                        $from = mysql_fetch_assoc($res);
                        $from = $from['username'];
                }
                $body = (string) $_POST['msg'];
                $body .= "\n-------- ". $message_lang['originalsender']. " " . $from . ": --------\n" . $message['msg'];
                $save = (int) $_POST['save'];
                if ($save) {
                        $save = 'yes';
                }
                else {
                        $save = 'no';
                }

                //Make sure recipient wants this message
                if (get_user_class() < UC_MODERATOR) {
                        if ($from["acceptpms"] == "yes") {
                                $res2 = sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$to AND blockid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
                                if (mysql_num_rows($res2) == 1)
                                        newerr($tracker_lang['error'], $message_lang['addedtoblacklist']);
                        }
                        elseif ($from["acceptpms"] == "friends") {
                                $res2 = sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$to AND friendid=" . $CURUSER["id"]) or sqlerr(__FILE__, __LINE__);
                                if (mysql_num_rows($res2) != 1)
                                        newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
                        }

                        elseif ($from["acceptpms"] == "no")
                                newerr($tracker_lang['error'], $message_lang['nopm']);
                }
                sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, subject, msg, location, saved) VALUES(" . $CURUSER["id"] . ", " . $CURUSER["id"] . ", $to, '" . TIMENOW . "', " . sqlesc($subject) . "," . sqlesc($body) . ", " . sqlesc(PM_INBOX) . ", " . sqlesc($save) . ")") or sqlerr(__FILE__, __LINE__);
                        newerr($message_lang['success'], $message_lang['sendsucessfull']);
        }
}


if ($action == "deletemessage") {
        $pm_id = (int) $_GET['id'];

        // Delete message
        $res = sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        if (!$res) {
                newerr($tracker_lang['error'],$message_lang['noid']);
        }
        if (mysql_num_rows($res) == 0) {
                newerr($tracker_lang['error'],$message_lang['noid']);
        }
        $message = mysql_fetch_assoc($res);
        if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                $res2 = sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                $res2 = sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                $res2 = sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                $res2 = sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        if (!$res2) {
                newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        if (mysql_affected_rows() == 0) {
                newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        else {
                header("Location: message.php?action=viewmailbox&id=" . $message['location']);
                exit();
        }
}
?>
Reply With Quote
  #7  
Old 22-02-09, 21:48
rulebreaker's Avatar
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default
Thanks alot! there isnt a donation system up for this yet right?
Reply With Quote
  #8  
Old 22-02-09, 22:03
carphunter18's Avatar
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
Donation system for what ?
Reply With Quote
  #9  
Old 22-02-09, 22:08
rulebreaker's Avatar
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default
Donation system for Yuna Scatari 2.2 PRE7 and also why do i get a "access denied" when i try to delete a torrent and im administrator! is it a problem with delete.php?
Reply With Quote
  #10  
Old 24-02-09, 00:05
carphunter18's Avatar
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
there is a sort of donation system in it :P

and deleting torrents is only possible true browse.php
Reply With Quote
Reply

Tags
announcement , problem

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
New announcement: XBTIT VULNERABILITY Fynnon xBTiT 1 12-04-10 11:35
TS 5.1 Announcement Problem rulebreaker Template Shares 4 07-10-09 00:49
IRC announcement.. wizard2 Torrent Strike 0 26-10-08 20:24



All times are GMT +2. The time now is 13:41. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2018, vBulletin Solutions Inc.