Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > Yuna Scatari Edition (YSE)
Reply
  #1  
Old 17th August 2010, 21:13
Pelle's Avatar
Pelle Pelle is offline
Senior Member
 
Join Date: Apr 2010
Bosnia-Herzegovina
Posts: 29
Default Problem with message.php or ?
Now i have another problem with pm. When i open my private message there is only empty page . where is the problem ?


Click the image to open in full size. Click the image to open in full size.


PHP Code:
<?

require_once ("include/bittorrent.php");

gzip();
// +-------------BEGIN Language Hack By ANDiTKO  ------------------------------+
global $defaultlanguage$tracker_lang$rootpath;
    if (
file_exists($rootpath 'languages/' $lang .  '/lang_message.php'))
        require_once(
$rootpath 'languages/' $lang .  '/lang_message.php');
    else
        require_once(
$rootpath 'languages/' $defaultlanguage .  '/lang_message.php');
// +-------------END Language Hack By ANDiTKO  --------------------------------+
// Connect to DB & check login
dbconn();
loggedinorreturn();
parked();

// Define constants
define('PM_DELETED',0); // Message was deleted
define('PM_INBOX',1); // Message located in Inbox for reciever
define('PM_SENTBOX',-1); // GET value for sent box

// Determine action
$action = (string) $_GET['action'];
if (!
$action)
{
        
$action = (string) $_POST['action'];
        if (!
$action)
        {
                
$action 'viewmailbox';
        }
}

// View Mail Box
if ($action == "viewmailbox") {
        
// Get Mailbox Number
        
$mailbox = (int) $_GET['box'];
        if (!
$mailbox)
        {
                
$mailbox PM_INBOX;
        }
                if (
$mailbox == PM_INBOX)
                {
                        
$mailbox_name $tracker_lang['inbox'];
                }
                else
                {
                        
$mailbox_name $tracker_lang['outbox'];
                }

        
// Start Page

        
stdhead($mailbox_name); ?>
        <script language="Javascript" type="text/javascript">
        <!-- Begin
        var checkflag = "false";
        var marked_row = new Array;
        function check(field) {
                if (checkflag == "false") {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = true;}
                                checkflag = "true";
                        }
                else {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = false; }
                                checkflag = "false";
                        }
                }
                //  End -->
        </script>
        <script language="javascript" type="text/javascript"  src="js/functions.js"></script>
        <H1><?=$mailbox_name?></H1>
        <DIV align="right"><FORM action="message.php"  method="get">
        <INPUT type="hidden" name="action"  value="viewmailbox"><?=$tracker_lang['go_to'];?>: <SELECT  name="box">
        <OPTION value="1"<?=($mailbox == PM_INBOX " selected" :  "")?>><?=$tracker_lang['inbox'];?></OPTION>
        <OPTION value="-1"<?=($mailbox == PM_SENTBOX " selected"  "")?>><?=$tracker_lang['outbox'];?></OPTION>
        </SELECT> <INPUT type="submit"  value="<?=$tracker_lang['go_go_go'];?>"></FORM>
        </DIV>
        <TABLE border="0" cellpadding="4" cellspacing="0"  width="100%">
        <FORM action="message.php" method="post" name="form1">
        <INPUT type="hidden" name="action" value="moveordel">
        <TR>
        <TD width="2%"  class="colhead">&nbsp;&nbsp;</TD>
        <TD width="51%"  class="colhead"><?=$tracker_lang['subject'];?></TD>
        <?
        
if ($mailbox == PM_INBOX )
                print (
"<TD width=\"35%\"  class=\"colhead\">".$tracker_lang['sender']."</TD>");
        else
                print (
"<TD width=\"35%\"  class=\"colhead\">".$tracker_lang['receiver']."</TD>");
        
?>
        <TD width="10%"  class="colhead"><?=$tracker_lang['date'];?></TD>
        <TD width="2%" class="colhead"><INPUT type="checkbox"  title="<?=$tracker_lang['mark_all'];?>"  value="<?=$tracker_lang['mark_all'];?>"  onClick="this.value=check(document.form1.elements);"></TD>
        </TR>
        <? if ($mailbox != PM_SENTBOX) {
                
$res sql_query("SELECT m.*, u.username AS  sender_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m  LEFT JOIN ".TABLE_USERS." u ON m.sender = u.id LEFT JOIN  ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid =  m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]}  AND s.friendid = m.sender WHERE receiver=" sqlesc($CURUSER['id']) . "  AND location=" sqlesc($mailbox) . " ORDER BY id DESC") or  sqlerr(__FILE__,__LINE__);
        } else {
                
$res sql_query("SELECT m.*, u.username AS  receiver_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m  LEFT JOIN ".TABLE_USERS." u ON m.receiver = u.id LEFT JOIN  ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid =  m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]}  AND s.friendid = m.sender WHERE sender=" sqlesc($CURUSER['id']) . "  AND saved='yes' ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
        }
        if (
mysql_num_rows($res) == 0) {
                echo(
"<TD colspan=\"6\"  align=\"center\">".$tracker_lang['no_messages'].".</TD>\n");
        }
        else
        {
                while (
$row mysql_fetch_assoc($res))
                {
                        
// Get Sender Username
                        
if ($row['sender'] != 0) {
                                
$username "<A  href=\"userdetails.php?id=" $row['sender'] . "\">" .  $row["sender_username"] . "</A>";
                                
$id $row['sender'];
                                
$friend $row['sfid'];
                                if (
$friend && $CURUSER['id'] !=  $row['sender']) {
                                        
$username .= "&nbsp;<a  href=friends.php?action=delete&type=friend&targetid=$id>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif (
$CURUSER['id'] !=  $row['sender']) {
                                        
$username .= "&nbsp;<a  href=friends.php?action=add&type=friend&targetid=$id>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                
$username =  $tracker_lang['from_system'];
                        }
                        
// Get Receiver Username
                        
if ($row['receiver'] != 0) {
                                
$receiver "<A  href=\"userdetails.php?id=" $row['receiver'] . "\">" .  $row["receiver_username"] . "</A>";
                                
$id_r $row['receiver'];
                                
$friend $row['rfid'];
                                if (
$friend && $CURUSER['id'] !=  $row['receiver']) {
                                        
$receiver .= "&nbsp;<a  href=friends.php?action=delete&type=friend&targetid=$id_r>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif (
$CURUSER['id'] !=  $row['receiver']) {
                                        
$receiver .= "&nbsp;<a  href=friends.php?action=add&type=friend&targetid=$id_r>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                
$receiver =  $tracker_lang['from_system'];
                        }
                        
$subject htmlspecialchars($row['subject']);
                        if (
strlen($subject) <= 0) {
                                
$subject $tracker_lang['no_subject'];
                        }
                        if (
$row['unread'] == 'yes' && $mailbox  != PM_SENTBOX) {
                                echo(
"<TR>\n<TD ><IMG  src=\"pic/pn_inboxnew.gif\"  alt=\"".$tracker_lang['mail_unread']."\"></TD>\n");
                        }
                        else {
                                echo(
"<TR>\n<TD><IMG  src=\"pic/pn_inbox.gif\"  alt=\"".$tracker_lang['mail_read']."\"></TD>\n");
                        }
                        echo(
"<TD><A  href=\"message.php?action=viewmessage&amp;id=" $row['id'] .  "\">" $subject "</A></TD>\n");
                        if (
$mailbox != PM_SENTBOX) {
                            echo(
"<TD>$username</TD>\n");
                        }
                        else {
                            echo(
"<TD>$receiver</TD>\n");
                        }
                        echo(
"<TD nowrap>" .  get_date_time($row['added']) . "</TD>\n");
                        echo(
"<TD><INPUT type=\"checkbox\"  name=\"messages[]\" title=\"".$tracker_lang['mark']."\" value=\"" .  $row['id'] . "\" id=\"checkbox_tbl_" $row['id'] .  "\"></TD>\n</TR>\n");
                }
        }
        
?>
        <tr class="colhead">
        <td colspan="6" align="right" class="colhead">
        <input type="hidden" name="box"  value="<?=$mailbox?>">
        <input type="submit" name="delete"  title="<?=$tracker_lang['delete_marked_messages'];?>"  value="<?=$tracker_lang['delete'];?>" onClick="return  confirm('<?=$tracker_lang['sure_mark_delete'];?>')">
        <input type="submit" name="markread"  title="<?=$tracker_lang['mark_as_read'];?>"  value="<?=$tracker_lang['mark_read'];?>" onClick="return  confirm('<?=$tracker_lang['sure_mark_read'];?>')"></form>
        </td>
        </tr>
        </form>
        </table>
        <div align="left"><img src="pic/pn_inboxnew.gif"  alt="<?=$message_lang['newmail'];?>" />  <?=$tracker_lang['mail_unread_desc'];?><br />
        <img src="pic/pn_inbox.gif"  alt="<?=$message_lang['read'];?>" />  <?=$tracker_lang['mail_read_desc'];?></div>
        <?
        stdfoot
();
}
// End View Mail Box


// View Message
if ($action == "viewmessage") {
        
$pm_id = (int) $_GET['id'];
        if (!
$pm_id)
        {
                
newerr($tracker_lang['error'],  $message_lang['norights']);
        }
        
// Get the message
        
$res sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' .  sqlesc($pm_id) . ' AND (receiver=' sqlesc($CURUSER['id']) . ' OR  (sender=' sqlesc($CURUSER['id']). ' AND saved=\'yes\')) LIMIT 1') or  sqlerr(__FILE__,__LINE__);
        if (
mysql_num_rows($res) == 0)
        {
                 
newerr($tracker_lang['error'],$message_lang['norights']);
        }
        
// Prepare for displaying message
        
$message mysql_fetch_assoc($res);
        if (
$message['sender'] == $CURUSER['id'])
        {
                
// Display to
                
$res2 sql_query("SELECT username FROM ".TABLE_USERS."  WHERE id=" sqlesc($message['receiver'])) or sqlerr(__FILE__,__LINE__);
                
$sender mysql_fetch_array($res2);
                
$sender "<A href=\"userdetails.php?id=" .  $message['receiver'] . "\">" $sender[0] . "</A>";
                
$reply "";
                
$from $message_lang['to'];
        }
        else
        {
                
$from $message_lang['from'];
                if (
$message['sender'] == 0)
                {
                        
$sender $message_lang['sender'];
                        
$reply "";
                }
                else
                {
                        
$res2 sql_query("SELECT username FROM  ".TABLE_USERS." WHERE id=" sqlesc($message['sender'])) or  sqlerr(__FILE__,__LINE__);
                        
$sender mysql_fetch_array($res2);
                        
$sender "<A href=\"userdetails.php?id=" .  $message['sender'] . "\">" $sender[0] . "</A>";
                        
$reply " [ <A  href=\"message.php?action=sendmessage&amp;receiver=" .  $message['sender'] . "&amp;replyto=" $pm_id "\"> " .  $message_lang['answer']."</A> ]";
                }
        }
        
$body format_comment($message['msg']);
        
$added get_date_time($message['added']);
        if (
get_user_class() >= UC_MODERATOR &&  $message['sender'] == $CURUSER['id'])
        {
                
$unread = ($message['unread'] == 'yes' "<SPAN  style=\"color: #FF0000;\"><b>(" $message_lang['new'] .  ")</b></A>" "");
        }
        else
        {
                
$unread "";
        }
        
$subject htmlspecialchars($message['subject']);
        if (
strlen($subject) <= 0)
        {
                
$subject $message_lang['nosubject'] ;
        }
        
// Mark message unread
        
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id=" .  sqlesc($pm_id) . " AND receiver=" sqlesc($CURUSER['id']) . " LIMIT  1");
        
// Display message
        
stdhead($message_lang['showmessagessdthead']."  (".$message_lang['subject'].": $subject)"); ?>
        <TABLE width="660" border="0" cellpadding="4"  cellspacing="0">
        <TR><TD class="colhead"  colspan="2"><?=$message_lang['subject']?>  <?=$subject?></TD></TR>
        <TR>
        <TD width="50%"  class="colhead"><?=$from?></TD>
        <TD width="50%"  class="colhead"><?=$message_lang['datesent']?></TD>
        </TR>
        <TR>
        <TD><?=$sender?></TD>
         <TD><?=$added?>&nbsp;&nbsp;<?=$unread?></TD>
        </TR>
        <TR>
        <TD colspan="2"><?=$body?></TD>
        </TR>
        <TR>
        <TD align="right" colspan=2>[ <A rel="nofollow"  href="message.php?action=deletemessage&amp;id=<?=$pm_id?>"><?=$message_lang['remove']?></A>  ]<?=$reply?> [ <A rel="nofollow"  href="message.php?action=forward&amp;id=<?=$pm_id?>"><?=$message_lang['forward']?></A>  ]</TD>
        </TR>
        </TABLE><?
        stdfoot
();
}
// End View Message

// Message
if ($action == "sendmessage") {

        
$receiver $_GET["receiver"];
        if (!
is_valid_id($receiver))
                
newerr($tracker_lang['error'],  $message_lang['incorectrecipient']);

        
$replyto $_GET["replyto"];
        if (
$replyto && !is_valid_id($replyto))
                
newerr($tracker_lang['error'],  $message_lang['incorectrecipient']);

        
$auto $_GET["auto"];
        
$std $_GET["std"];

        if ((
$auto || $std ) && get_user_class() <  UC_MODERATOR)
                
newerr($tracker_lang['error'],  $message_lang['noaccess']);

        
$res sql_query("SELECT * FROM ".TABLE_USERS." WHERE  id=$receiver") or die(mysql_error());
        
$user mysql_fetch_assoc($res);
        if (!
$user)
                
newerr($tracker_lang['error'],  $message_lang['nouserid']);
        if (
$auto)
                
$body $pm_std_reply[$auto];
        if (
$std)
                
$body $pm_template[$std][1];

        if (
$replyto) {
                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE  id=$replyto") or sqlerr(__FILE____LINE__);
                
$msga mysql_fetch_assoc($res);
                if (
$msga["receiver"] != $CURUSER["id"])
                        
newerr($tracker_lang['error'],  $message_lang['noaccess']);

                
$res sql_query("SELECT username FROM ".TABLE_USERS."  WHERE id=" $msga["sender"]) or sqlerr(__FILE____LINE__);
                
$usra mysql_fetch_assoc($res);
                
$body .= "\n\n\n-------- $usra[username] wrote:  --------\n".htmlspecialchars($msga['msg'])."\n";
                
// Change
                
$subject "Re: " htmlspecialchars($msga['subject']);
                
// End of Change
        
}

        
stdhead($message_lang['sendingmessage']);
        
?>
        <table class=main border=0 cellspacing=0  cellpadding=0><tr><td class=embedded>
        <form name=message method=post action=message.php>
        <input type=hidden name=action value=takemessage>
        <table class=message cellspacing=0 cellpadding=5>
        <tr><td colspan=2  class=colhead><?=$message_lang['messageto']?><a  class=altlink_white  href=userdetails.php?id=<?=$receiver?>><?=$user["username"]?></a></td></tr>
        <TR>
        <TD  colspan="2"><B><?=$message_lang['subject']?>&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60"  value="<?=$subject?>" maxlength="255"></TD>
        </TR>
        <tr><td<?=$replyto?" colspan=2":""?>>
        <?
        textbbcode
("message","msg","$body");
        
?>
        </td></tr>
        <tr>
        <? if ($replyto) { ?>
        <td align=center><input type=checkbox name='delete'  value='yes' <?=$CURUSER['deletepms'] ==  'yes'?"checked":""?>><?=$message_lang['deletewhensent']?>
        <input type=hidden name=origmsg  value=<?=$replyto?>></td>
        <? ?>
        <td align=center><input type=checkbox name='save'  value='yes' <?=$CURUSER['savepms'] ==  'yes'?"checked":""?>><?=$message_lang['savewhensent']?></td></tr>
        <tr><td<?=$replyto?" colspan=2":""?>  align=center><input type=submit  value="<?=$message_lang['sendmessage-submitbutton']?>"  class=btn></td></tr>
        </table>
        <input type=hidden name=receiver  value=<?=$receiver?>>
        </form>
        </div></td></tr></table>
        <?
        stdfoot
();
}
// End View Message


// Take Message
if ($action == 'takemessage') {

        
$receiver $_POST["receiver"];
        
$origmsg $_POST["origmsg"];
        
$save $_POST["save"];
        
$returnto $_POST["returnto"];
        if (!
is_valid_id($receiver) || ($origmsg &&  !is_valid_id($origmsg)))
                 
newerr($tracker_lang['error'],$message_lang['incorrectid']);
        
$msg trim($_POST["msg"]);
        if (!
$msg)
                 
newerr($tracker_lang['error'],$message_lang['entermessage']);
        
$subject trim($_POST['subject']);
        if (!
$subject)
                 
newerr($tracker_lang['error'],$message_lang['entersubject']);
        
// Change
        
$save = ($save == 'yes') ? "yes" "no";
        
// End of Change
        
$res sql_query("SELECT email, acceptpms, notifs, parked,  UNIX_TIMESTAMP(last_access) as la FROM users WHERE id=$receiver") or  sqlerr(__FILE____LINE__);
        
$user mysql_fetch_assoc($res);
        if (!
$user)
                
newerr($tracker_lang['error'],  $message_lang['nosuchuser']. " " .$receiver);
        
//Make sure recipient wants this message
        
if ($user["parked"] == "yes")
                
newerr($tracker_lang['error'],  $message_lang['accountparked'] );
        if (
get_user_class() < UC_MODERATOR)
        {
                if (
$user["acceptpms"] == "yes")
                {
                        
$res2 sql_query("SELECT * FROM  ".TABLE_BLOCKS." WHERE userid=$receiver AND blockid=" $CURUSER["id"])  or sqlerr(__FILE____LINE__);
                        if (
mysql_num_rows($res2) == 1)
                                
sttderr($tracker_lang['error'],  $message_lang['addedtoblacklist']);
                }
                elseif (
$user["acceptpms"] == "friends")
                {
                        
$res2 sql_query("SELECT * FROM  ".TABLE_FRIENDS." WHERE userid=$receiver AND friendid=" .  $CURUSER["id"]) or sqlerr(__FILE____LINE__);
                        if (
mysql_num_rows($res2) != 1)
                                 
newerr($tracker_lang['error'],  $message_lang['onlypmsfromfreindlist']);
                }
                elseif (
$user["acceptpms"] == "no")
                                 
newerr($tracker_lang['error'],  $message_lang['nopm']);
        }
        
sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender,  receiver, added, msg, subject, saved, location) VALUES(" .  $CURUSER["id"] . ", " $CURUSER["id"] . ",
        
$receiver, " TIMENOW ", " sqlesc($msg) . ", " .  sqlesc($subject) . ", " sqlesc($save) . ", 1)") or sqlerr(__FILE__,  __LINE__);
        
$sended_id mysql_insert_id();
        if (
strpos($user['notifs'], '[pm]') !== false) {
                
$username $CURUSER["username"];
                
$usremail $user["email"];
$body = <<<EOD
$username sent you a personal massage!

Clcik the link below to read the massage.

$DEFAULTBASEURL/message.php?action=viewmessage&id=$sended_id

--

$SITENAME
EOD;
                
$subj "".$message_lang['user_sentyoupm']."  $username!";
                
sent_mail($usremail'You have received a new personal  massage from $username!'$SITEMAIL$subj$body);
                
//mail($usremail, $subj, $body, $SITEEMAIL);
        
}
        
$delete $_POST["delete"];
        if (
$origmsg)
        {
                if (
$delete == "yes")
                {
                        
// Make sure receiver of $origmsg is current  user
                        
$res sql_query("SELECT * FROM  ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE____LINE__);
                        if (
mysql_num_rows($res) == 1)
                        {
                                
$arr mysql_fetch_assoc($res);
                                if (
$arr["receiver"] != $CURUSER["id"])
                                         
newerr($tracker_lang['error'],"Sorry,can't delete other's massages!");
                                if (
$arr["saved"] == "no")
                                        
sql_query("DELETE FROM  ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE____LINE__);
                                elseif (
$arr["saved"] == "yes")
                                        
sql_query("UPDATE  ".TABLE_MESSAGES." SET location = '0' WHERE id=$origmsg") or  sqlerr(__FILE____LINE__);
                        }
                }
                if (!
$returnto)
                        
$returnto "$DEFAULTBASEURL/message.php";
        }
        if (
$returnto) {
                
header("Location: $returnto");
                die;
        }
        else {
                
header ("Refresh: 2; url=message.php");
                
newerr($tracker_lang['success'] ,  $message_lang['sendsucessfull']);
        }


}
// End Take Message


// Mass PM
if ($action == 'mass_pm') {
        if (
get_user_class() < UC_MODERATOR)
                
newerr($tracker_lang['error'],  $tracker_lang['access_denied']);
        
$n_pms $_POST['n_pms'];
        
$pmees $_POST['pmees'];
        
$auto $_POST['auto'];

        if (
$auto)
                
$body=$mm_template[$auto][1];

        
stdhead($message_lang['masspm_stdhead']);
        
?>
        <table class=main border=0 cellspacing=0 cellpadding=0>
        <tr><td class=embedded><div align=center>
        <form method=post action=<?=$_SERVER['PHP_SELF']?>  name=message>
        <input type=hidden name=action value=takemass_pm>
        <? if ($_SERVER["HTTP_REFERER"]) { ?>
        <input type=hidden name=returnto  value="<?=htmlspecialchars($_SERVER["HTTP_REFERER"]);?>">
        <? ?>
        <table border=1 cellspacing=0 cellpadding=5>
        <tr><td class=colhead  colspan=2><?=$message_lang['masspm_distribution_for']?>  <?=$n_pms?>  User<?=($n_pms>1?"s":"")?></td></tr>



        <TR>
        <TD  colspan="2"><B>Subject:&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60"  maxlength="255"></TD>
        </TR>
        <tr><td colspan="2"><div align="center">
        <?=textbbcode("message","msg","$body");?>
        </div></td></tr>
        <tr><td colspan="2"><div  align="center"><b>Comment:&nbsp;&nbsp;</b>
        <input name="comment" type="text" size="70">
        </div></td></tr>
        <tr><td><div  align="center"><b><?=$message_lang['from'];?>&nbsp;&nbsp;</b>
        <?=$CURUSER['username']?>
        <input name="sender" type="radio" value="self" checked>
        &nbsp; System
        <input name="sender" type="radio" value="system">
        </div></td>
        <td><div align="center"><b>Take  snapshot:</b>&nbsp;<input name="snap" type="checkbox"  value="1">
         </div></td></tr>
        <tr><td colspan="2" align=center><input  type=submit value="Send!" class=btn>
        </td></tr></table>
        <input type=hidden name=pmees value="<?=$pmees?>">
        <input type=hidden name=n_pms value=<?=$n_pms?>>
        </form><br /><br />
        </div>
        </td>
        </tr>
        </table>
        <?
        stdfoot
();

}
//End Mass PM


//Take Mass PM
if ($action == 'takemass_pm') {
        if (
get_user_class() < UC_MODERATOR)
                
newerr($tracker_lang['error'],  $tracker_lang['access_denied']);
        
$msg trim($_POST["msg"]);
        if (!
$msg)
                 
newerr($tracker_lang['error'],$message_lang['entermessage']);
        
$sender_id = ($_POST['sender'] == 'system' :  $CURUSER['id']);
        
$from_is unesc($_POST['pmees']);
        
// Change
        
$subject trim($_POST['subject']);
        
$query "INSERT INTO ".TABLE_MESSAGES." (sender, receiver,  added, msg, subject, location, poster) ""SELECT $sender_id, u.id, '" .  get_date_time(time()) . "', " .
        
sqlesc($msg) . ", " sqlesc($subject) . ", 1, $sender_id " .  $from_is;
        
// End of Change
        
sql_query($query) or sqlerr(__FILE____LINE__);
        
$n mysql_affected_rows();
        
$n_pms $_POST['n_pms'];['n_pms'];
        
$comment $_POST['comment'];
        
$snapshot $_POST['snap'];
        
// add a custom text or stats snapshot to comments in profile
        
if ($comment || $snapshot)
        {
                
$res sql_query("SELECT u.id, u.uploaded, u.downloaded,  u.modcomment ".$from_is) or sqlerr(__FILE____LINE__);
                if (
mysql_num_rows($res) > 0)
                {
                        
$l 0;
                        while (
$user mysql_fetch_array($res))
                        {
                                unset(
$new);
                                
$old $user['modcomment'];
                                if (
$comment)
                                        
$new $comment;
                                        if (
$snapshot)
                                        {
                                                
$new .= ($new?"\n":"") .  "MMed, " date("Y-m-d") . ", " .
                                                
"UL: " .  mksize($user['uploaded']) . ", " .
                                                
"DL: " .  mksize($user['downloaded']) . ", " .
                                                
"r: " .  (($user['downloaded'] > 0)?($user['uploaded']/$user['downloaded']) :  0) . " - " .
                                                (
$_POST['sender'] ==  "system"?"System":$CURUSER['username']);
                                        }
                                        
$new .= $old?("\n".$old):$old;
                                        
sql_query("UPDATE  ".TABLE_USERS." SET modcomment = " sqlesc($new) . " WHERE id = " .  $user['id']) or sqlerr(__FILE____LINE__);
                                        if (
mysql_affected_rows())
                                                
$l++;
                        }
                }
        }
        
header ("Refresh: 3; url=message.php");
        
newerr($tracker_lang['success'], (($n_pms 1) ? "$n Massage  $n_pms was" "A message has been")." has been successfully sent!" . ($l  $l comment(s) in profile" . (($l>1) ? "" "(s)") . " updated!" :  ""));
}
//End Take Mass PM


//Move Or Delete
if ($action == "moveordel") {
        
$pm_id = (int) $_POST['id'];
        
$pm_box = (int) $_POST['box'];
        
$pm_messages $_POST['messages'];
        if (
$_POST['move']) {
                if (
$pm_id) {
                        
// Move a single message
                        
@sql_query("UPDATE ".TABLE_MESSAGES." SET  location=" sqlesc($pm_box) . ", saved = 'yes' WHERE id=" .  sqlesc($pm_id) . " AND receiver=" $CURUSER['id'] . " LIMIT 1");
                }
                else {
                        
// Move multiple messages
                        
@sql_query("UPDATE ".TABLE_MESSAGES." SET  location=" sqlesc($pm_box) . ", saved = 'yes' WHERE id IN (" .  implode(", "array_map("sqlesc"array_map("intval"$pm_messages))) .  ') AND receiver=' $CURUSER['id']);
                }
                
// Check if messages were moved
                
if (@mysql_affected_rows() == 0) {
                        
newerr($tracker_lang['error'],  $message_lang['not_possible_to_move_or_delete_message']);
                }
                
header("Location:  message.php?action=viewmailbox&box=" $pm_box);
                exit();
        }
        elseif (
$_POST['delete']) {
                if (
$pm_id) {
                        
// Delete a single message
                        
$res sql_query("SELECT * FROM  ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or  sqlerr(__FILE__,__LINE__);
                        
$message mysql_fetch_assoc($res);
                        if (
$message['receiver'] == $CURUSER['id']  && $message['saved'] == 'no') {
                                
sql_query("DELETE FROM  ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or  sqlerr(__FILE__,__LINE__);
                        }
                        elseif (
$message['sender'] == $CURUSER['id']  && $message['location'] == PM_DELETED) {
                                
sql_query("DELETE FROM  ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or  sqlerr(__FILE__,__LINE__);
                        }
                        elseif (
$message['receiver'] == $CURUSER['id']  && $message['saved'] == 'yes') {
                                
sql_query("UPDATE ".TABLE_MESSAGES." SET  location=0 WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif (
$message['sender'] == $CURUSER['id']  && $message['location'] != PM_DELETED) {
                                
sql_query("UPDATE ".TABLE_MESSAGES." SET  saved='no' WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                } else {
                        
// Delete multiple messages
                        
if (is_array($pm_messages))
                        foreach (
$pm_messages as $id) {
                                
$res sql_query("SELECT * FROM  ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id));
                                
$message mysql_fetch_assoc($res);
                                if (
$message['receiver'] ==  $CURUSER['id'] && $message['saved'] == 'no') {
                                        
sql_query("DELETE FROM  ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id)) or  sqlerr(__FILE__,__LINE__);
                                }
                                elseif (
$message['sender'] ==  $CURUSER['id'] && $message['location'] == PM_DELETED) {
                                        
sql_query("DELETE FROM  ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id)) or  sqlerr(__FILE__,__LINE__);
                                }
                                elseif (
$message['receiver'] ==  $CURUSER['id'] && $message['saved'] == 'yes') {
                                        
sql_query("UPDATE  ".TABLE_MESSAGES." SET location=0 WHERE id=" sqlesc((int) $id)) or  sqlerr(__FILE__,__LINE__);
                                }
                                elseif (
$message['sender'] ==  $CURUSER['id'] && $message['location'] != PM_DELETED) {
                                        
sql_query("UPDATE  ".TABLE_MESSAGES." SET saved='no' WHERE id=" sqlesc((int) $id)) or  sqlerr(__FILE__,__LINE__);
                                }
                        }
                }
                
// Check if messages were moved
                
if (@mysql_affected_rows() == 0) {
                         
newerr($tracker_lang['error'],$message_lang['nomove']);
                }
                else {
                        
header("Location:  message.php?action=viewmailbox&box=" $pm_box);
                        exit();
                }
        }
        elseif (
$_POST["markread"]) {
                
//Mark Read
                
if ($pm_id) {
                        
sql_query("UPDATE ".TABLE_MESSAGES." SET  unread='no' WHERE id = " sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                }
                
//End Mark Read
                
else {
                        if (
is_array($pm_messages))
                        foreach (
$pm_messages as $id) {
                                
$res sql_query("SELECT * FROM  ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id));
                                
$message mysql_fetch_assoc($res);
                                
sql_query("UPDATE ".TABLE_MESSAGES." SET  unread='no' WHERE id = " sqlesc((int) $id)) or  sqlerr(__FILE__,__LINE__);
                        }
                }
                if (@
mysql_affected_rows() == 0) {
                        
newerr($tracker_lang['error'],  $message_lang['not_possible_to_mark_this_message_as_read']);
                }
                else {
                        
header("Location:  message.php?action=viewmailbox&box=" $pm_box);
                        exit();
                }
        }

newerr($tracker_lang['error'],"There is no action");
}
//End Move Or Delete


//Foward
if ($action == "forward") {
        if (
$_SERVER['REQUEST_METHOD'] == 'GET') {
                
// Display form
                
$pm_id = (int) $_GET['id'];

                
// Get the message
                
$res sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE  id=' sqlesc($pm_id) . ' AND (receiver=' sqlesc($CURUSER['id']) . '  OR sender=' sqlesc($CURUSER['id']) . ') LIMIT 1') or  sqlerr(__FILE__,__LINE__);

                if (!
$res) {
                        
newerr($tracker_lang['error'],  $message_lang['nopermissions']);
                }
                if (
mysql_num_rows($res) == 0) {
                        
newerr($tracker_lang['error'],  $message_lang['nopermissions']);
                }
                
$message mysql_fetch_assoc($res);

                
// Prepare variables
                
$subject "Fwd: " .  htmlspecialchars($message['subject']);
                
$from $message['sender'];
                
$orig $message['receiver'];

                
$res sql_query("SELECT username FROM ".TABLE_USERS."  WHERE id=" sqlesc($orig) . " OR id=" sqlesc($from)) or  sqlerr(__FILE__,__LINE__);

                
$orig2 mysql_fetch_assoc($res);
                
$orig_name "<A href=\"userdetails.php?id=" $from .  "\">" $orig2['username'] . "</A>";
                if (
$from == 0) {
                        
$from_name $message_lang['systemsendername'];
                        
$from2['username'] =  $message_lang['systemsendername'];
                }
                else {
                        
$from2 mysql_fetch_array($res);
                        
$from_name "<A href=\"userdetails.php?id=" .  $from "\">" $from2['username'] . "</A>";
                }

                
$body "-------- "$message_lang['originalsender'] .  $from2['username'] . ": --------<BR>" .  format_comment($message['msg']);

                
stdhead($subject);?>

                <FORM action="message.php" method="post">
                <INPUT type="hidden" name="action"  value="forward">
                <INPUT type="hidden" name="id"  value="<?=$pm_id?>">
                <TABLE border="0" cellpadding="4" cellspacing="0">
                <TR><TD class="colhead"  colspan="2"><?=$subject?></TD></TR>
                <TR>
                <TD><?=$message_lang['to']?></TD>
                <TD><INPUT type="text" name="to"  value="<?=$message_lang['nameofrecipient']?>"  size="83"></TD>
                </TR>
                <TR>
                 <TD><?=$message_lang['originalsender2']?></TD>
                <TD><?=$orig_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['from']?></TD>
                <TD><?=$from_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['subject']?></TD>
                <TD><INPUT type="text" name="subject"  value="<?=$subject?>" size="83"></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['message']?></TD>
                <TD><TEXTAREA name="msg" cols="80"  rows="8"></TEXTAREA><BR><?=$body?></TD>
                </TR>
                <TR>
                <TD colspan="2"  align="center"><?=$message_lang['savewhensent']?> <INPUT  type="checkbox" name="save" value="1"<?=$CURUSER['savepms'] ==  'yes'?" checked":""?>>&nbsp;<INPUT type="submit"  value="<?=$message_lang['sendmessage-submitbutton']?>"></TD>
                </TR>
                </TABLE>
                </FORM><?
                stdfoot
();
        }

        else {

                
// Forward the message
                
$pm_id = (int) $_POST['id'];

                
// Get the message
                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE  id=" sqlesc($pm_id) . " AND (receiver=" sqlesc($CURUSER['id']) . "  OR sender=" sqlesc($CURUSER['id']) . ") LIMIT 1") or  sqlerr(__FILE__,__LINE__);  
                if (!
$res) {
                        
newerr($tracker_lang['error'],  $message_lang['nopermissions']);
                }

                if (
mysql_num_rows($res) == 0) {
                        
newerr($tracker_lang['error'],  $message_lang['nopermissions']);
                }

                
$message mysql_fetch_assoc($res);
                
$subject = (string) $_POST['subject'];
                
$username strip_tags($_POST['to']);

                
// Try finding a user with specified name

                
$res sql_query("SELECT id FROM ".TABLE_USERS." WHERE  LOWER(username)=LOWER(" sqlesc($username) . ") LIMIT 1");
                if (!
$res) {
                        
newerr($tracker_lang['error'],  $message_lang['incorrectuser']);
                }
                if (
mysql_num_rows($res) == 0) {
                        
newerr($tracker_lang['error'],  $message_lang['incorrectuser']);
                }

                
$to mysql_fetch_array($res);
                
$to $to[0];

                
// Get Orignal sender's username
                
if ($message['sender'] == 0) {
                        
$from $message_lang['systemsendername'];
                }
                else {
                        
$res sql_query("SELECT * FROM ".TABLE_USERS."  WHERE id=" sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
                        
$from mysql_fetch_assoc($res);
                        
$from $from['username'];
                }
                
$body = (string) $_POST['msg'];
                
$body .= "\n-------- "$message_lang['originalsender'].  " " $from ": --------\n" $message['msg'];
                
$save = (int) $_POST['save'];
                if (
$save) {
                        
$save 'yes';
                }
                else {
                        
$save 'no';
                }

                
//Make sure recipient wants this message
                
if (get_user_class() < UC_MODERATOR) {
                        if (
$from["acceptpms"] == "yes") {
                                
$res2 sql_query("SELECT * FROM  ".TABLE_BLOCKS." WHERE userid=$to AND blockid=" $CURUSER["id"]) or  sqlerr(__FILE____LINE__);
                                if (
mysql_num_rows($res2) == 1)
                                        
newerr($tracker_lang['error'],  $message_lang['addedtoblacklist']);
                        }
                        elseif (
$from["acceptpms"] == "friends") {
                                
$res2 sql_query("SELECT * FROM  ".TABLE_FRIENDS." WHERE userid=$to AND friendid=" $CURUSER["id"]) or  sqlerr(__FILE____LINE__);
                                if (
mysql_num_rows($res2) != 1)
                                        
newerr($tracker_lang['error'],  $message_lang['onlypmsfromfreindlist']);
                        }

                        elseif (
$from["acceptpms"] == "no")
                                
newerr($tracker_lang['error'],  $message_lang['nopm']);
                }
                
sql_query("INSERT INTO ".TABLE_MESSAGES." (poster,  sender, receiver, added, subject, msg, location, saved) VALUES(" .  $CURUSER["id"] . ", " $CURUSER["id"] . ", $to, '" TIMENOW "', " .  sqlesc($subject) . "," sqlesc($body) . ", " sqlesc(PM_INBOX) . ", " .  sqlesc($save) . ")") or sqlerr(__FILE____LINE__);
                        
newerr($message_lang['success'],  $message_lang['sendsucessfull']);
        }
}


if (
$action == "deletemessage") {
        
$pm_id = (int) $_GET['id'];

        
// Delete message
        
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" .  sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        if (!
$res) {
                
newerr($tracker_lang['error'],$message_lang['noid']);
        }
        if (
mysql_num_rows($res) == 0) {
                
newerr($tracker_lang['error'],$message_lang['noid']);
        }
        
$message mysql_fetch_assoc($res);
        if (
$message['receiver'] == $CURUSER['id'] &&  $message['saved'] == 'no') {
                
$res2 sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE  id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif (
$message['sender'] == $CURUSER['id'] &&  $message['location'] == PM_DELETED) {
                
$res2 sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE  id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif (
$message['receiver'] == $CURUSER['id'] &&  $message['saved'] == 'yes') {
                
$res2 sql_query("UPDATE ".TABLE_MESSAGES." SET  location=0 WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif (
$message['sender'] == $CURUSER['id'] &&  $message['location'] != PM_DELETED) {
                
$res2 sql_query("UPDATE ".TABLE_MESSAGES." SET  saved='no' WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        if (!
$res2) {
                 
newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        if (
mysql_affected_rows() == 0) {
                 
newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        else {
                
header("Location:  message.php?action=viewmailbox&id=" $message['location']);
                exit();
        }
}
?>


EDIT
now its OK :-)

432 line:
PHP Code:
$n_pms $_POST['n_pms'];['n_pms']; 
change to:
PHP Code:
$n_pms $_POST['n_pms']; 
503 line:
PHP Code:
$n_pms $_POST['n_pms'];['n_pms']; 
change to:
PHP Code:
$n_pms $_POST['n_pms']; 
__________________
http://tvojforum.com

Last edited by Pelle; 17th August 2010 at 21:56.
Reply With Quote
The Following User Says Thank You to Pelle For This Useful Post:
M_Mayers (12th January 2012)
Reply

Tags
messagephp , problem

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 17:08. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.