Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > Yuna Scatari Edition (YSE)
Reply
  #1  
Old 22nd February 2009, 21:02
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default Announcement Problem
I have just downloaded and installed the Yuna Scatari v2.2 PRE7 By kp380lv script and installed on my server but there is a problem with the announcement it shows

Code:
Tracker sending invalid data: <NULL>
whats the problem? how do i fix it?

Thanks,
Rulebreaker
Reply With Quote
  #2  
Old 22nd February 2009, 21:15
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
read here my post : http://bvlist.com/yuna-scatari/2052-...rity-bugs.html

en then the 4th bug ;)
Reply With Quote
  #3  
Old 22nd February 2009, 21:22
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default
thanks for the help, do u know why when i go to my message.php its just a blank white page?
Reply With Quote
  #4  
Old 22nd February 2009, 21:31
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
post your message php maybe i see something :)
Reply With Quote
  #5  
Old 22nd February 2009, 21:37
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default
PHP Code:
<?


require_once ("include/bittorrent.php");

gzip();
// +-------------BEGIN Language Hack By ANDiTKO ------------------------------+
global $defaultlanguage$tracker_lang$rootpath;
    if (
file_exists($rootpath 'languages/' $lang '/lang_message.php'))
        require_once(
$rootpath 'languages/' $lang '/lang_message.php');
    else
        require_once(
$rootpath 'languages/' $defaultlanguage '/lang_message.php');
// +-------------END Language Hack By ANDiTKO --------------------------------+
// Connect to DB & check login
dbconn();
loggedinorreturn();
parked();

// Define constants
define('PM_DELETED',0); // Message was deleted
define('PM_INBOX',1); // Message located in Inbox for reciever
define('PM_SENTBOX',-1); // GET value for sent box

// Determine action
$action = (string) $_GET['action'];
if (!
$action)
{
        
$action = (string) $_POST['action'];
        if (!
$action)
        {
                
$action 'viewmailbox';
        }
}

// View Mail Box
if ($action == "viewmailbox") {
        
// Get Mailbox Number
        
$mailbox = (int) $_GET['box'];
        if (!
$mailbox)
        {
                
$mailbox PM_INBOX;
        }
                if (
$mailbox == PM_INBOX)
                {
                        
$mailbox_name $tracker_lang['inbox'];
                }
                else
                {
                        
$mailbox_name $tracker_lang['outbox'];
                }

        
// Start Page

        
stdhead($mailbox_name); ?>
        <script language="Javascript" type="text/javascript">
        <!-- Begin
        var checkflag = "false";
        var marked_row = new Array;
        function check(field) {
                if (checkflag == "false") {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = true;}
                                checkflag = "true";
                        }
                else {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = false; }
                                checkflag = "false";
                        }
                }
                //  End -->
        </script>
        <script language="javascript" type="text/javascript" src="js/functions.js"></script>
        <H1><?=$mailbox_name?></H1>
        <DIV align="right"><FORM action="message.php" method="get">
        <INPUT type="hidden" name="action" value="viewmailbox"><?=$tracker_lang['go_to'];?>: <SELECT name="box">
        <OPTION value="1"<?=($mailbox == PM_INBOX " selected" "")?>><?=$tracker_lang['inbox'];?></OPTION>
        <OPTION value="-1"<?=($mailbox == PM_SENTBOX " selected" "")?>><?=$tracker_lang['outbox'];?></OPTION>
        </SELECT> <INPUT type="submit" value="<?=$tracker_lang['go_go_go'];?>"></FORM>
        </DIV>
        <TABLE border="0" cellpadding="4" cellspacing="0" width="100%">
        <FORM action="message.php" method="post" name="form1">
        <INPUT type="hidden" name="action" value="moveordel">
        <TR>
        <TD width="2%" class="colhead">&nbsp;&nbsp;</TD>
        <TD width="51%" class="colhead"><?=$tracker_lang['subject'];?></TD>
        <?
        
if ($mailbox == PM_INBOX )
                print (
"<TD width=\"35%\" class=\"colhead\">".$tracker_lang['sender']."</TD>");
        else
                print (
"<TD width=\"35%\" class=\"colhead\">".$tracker_lang['receiver']."</TD>");
        
?>
        <TD width="10%" class="colhead"><?=$tracker_lang['date'];?></TD>
        <TD width="2%" class="colhead"><INPUT type="checkbox" title="<?=$tracker_lang['mark_all'];?>" value="<?=$tracker_lang['mark_all'];?>" onClick="this.value=check(document.form1.elements);"></TD>
        </TR>
        <? if ($mailbox != PM_SENTBOX) {
                
$res sql_query("SELECT m.*, u.username AS sender_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.sender = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE receiver=" sqlesc($CURUSER['id']) . " AND location=" sqlesc($mailbox) . " ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
        } else {
                
$res sql_query("SELECT m.*, u.username AS receiver_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.receiver = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE sender=" sqlesc($CURUSER['id']) . " AND saved='yes' ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
        }
        if (
mysql_num_rows($res) == 0) {
                echo(
"<TD colspan=\"6\" align=\"center\">".$tracker_lang['no_messages'].".</TD>\n");
        }
        else
        {
                while (
$row mysql_fetch_assoc($res))
                {
                        
// Get Sender Username
                        
if ($row['sender'] != 0) {
                                
$username "<A href=\"userdetails.php?id=" $row['sender'] . "\">" $row["sender_username"] . "</A>";
                                
$id $row['sender'];
                                
$friend $row['sfid'];
                                if (
$friend && $CURUSER['id'] != $row['sender']) {
                                        
$username .= "&nbsp;<a href=friends.php?action=delete&type=friend&targetid=$id>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif (
$CURUSER['id'] != $row['sender']) {
                                        
$username .= "&nbsp;<a href=friends.php?action=add&type=friend&targetid=$id>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                
$username $tracker_lang['from_system'];
                        }
                        
// Get Receiver Username
                        
if ($row['receiver'] != 0) {
                                
$receiver "<A href=\"userdetails.php?id=" $row['receiver'] . "\">" $row["receiver_username"] . "</A>";
                                
$id_r $row['receiver'];
                                
$friend $row['rfid'];
                                if (
$friend && $CURUSER['id'] != $row['receiver']) {
                                        
$receiver .= "&nbsp;<a href=friends.php?action=delete&type=friend&targetid=$id_r>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif (
$CURUSER['id'] != $row['receiver']) {
                                        
$receiver .= "&nbsp;<a href=friends.php?action=add&type=friend&targetid=$id_r>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                
$receiver $tracker_lang['from_system'];
                        }
                        
$subject htmlspecialchars($row['subject']);
                        if (
strlen($subject) <= 0) {
                                
$subject $tracker_lang['no_subject'];
                        }
                        if (
$row['unread'] == 'yes' && $mailbox != PM_SENTBOX) {
                                echo(
"<TR>\n<TD ><IMG src=\"pic/pn_inboxnew.gif\" alt=\"".$tracker_lang['mail_unread']."\"></TD>\n");
                        }
                        else {
                                echo(
"<TR>\n<TD><IMG src=\"pic/pn_inbox.gif\" alt=\"".$tracker_lang['mail_read']."\"></TD>\n");
                        }
                        echo(
"<TD><A href=\"message.php?action=viewmessage&amp;id=" $row['id'] . "\">" $subject "</A></TD>\n");
                        if (
$mailbox != PM_SENTBOX) {
                            echo(
"<TD>$username</TD>\n");
                        }
                        else {
                            echo(
"<TD>$receiver</TD>\n");
                        }
                        echo(
"<TD nowrap>" get_date_time($row['added']) . "</TD>\n");
                        echo(
"<TD><INPUT type=\"checkbox\" name=\"messages[]\" title=\"".$tracker_lang['mark']."\" value=\"" $row['id'] . "\" id=\"checkbox_tbl_" $row['id'] . "\"></TD>\n</TR>\n");
                }
        }
        
?>
        <tr class="colhead">
        <td colspan="6" align="right" class="colhead">
        <input type="hidden" name="box" value="<?=$mailbox?>">
        <input type="submit" name="delete" title="<?=$tracker_lang['delete_marked_messages'];?>" value="<?=$tracker_lang['delete'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_delete'];?>')">
        <input type="submit" name="markread" title="<?=$tracker_lang['mark_as_read'];?>" value="<?=$tracker_lang['mark_read'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_read'];?>')"></form>
        </td>
        </tr>
        </form>
        </table>
        <div align="left"><img src="pic/pn_inboxnew.gif" alt="<?=$message_lang['newmail'];?>" /> <?=$tracker_lang['mail_unread_desc'];?><br />
        <img src="pic/pn_inbox.gif" alt="<?=$message_lang['read'];?>" /> <?=$tracker_lang['mail_read_desc'];?></div>
        <?
        stdfoot
();
}
// End View Mail Box


// View Message
if ($action == "viewmessage") {
        
$pm_id = (int) $_GET['id'];
        if (!
$pm_id)
        {
                
newerr($tracker_lang['error'], $message_lang['norights']);
        }
        
// Get the message
        
$res sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' sqlesc($pm_id) . ' AND (receiver=' sqlesc($CURUSER['id']) . ' OR (sender=' sqlesc($CURUSER['id']). ' AND saved=\'yes\')) LIMIT 1') or sqlerr(__FILE__,__LINE__);
        if (
mysql_num_rows($res) == 0)
        {
                
newerr($tracker_lang['error'],$message_lang['norights']);
        }
        
// Prepare for displaying message
        
$message mysql_fetch_assoc($res);
        if (
$message['sender'] == $CURUSER['id'])
        {
                
// Display to
                
$res2 sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" sqlesc($message['receiver'])) or sqlerr(__FILE__,__LINE__);
                
$sender mysql_fetch_array($res2);
                
$sender "<A href=\"userdetails.php?id=" $message['receiver'] . "\">" $sender[0] . "</A>";
                
$reply "";
                
$from $message_lang['to'];
        }
        else
        {
                
$from $message_lang['from'];
                if (
$message['sender'] == 0)
                {
                        
$sender $message_lang['sender'];
                        
$reply "";
                }
                else
                {
                        
$res2 sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
                        
$sender mysql_fetch_array($res2);
                        
$sender "<A href=\"userdetails.php?id=" $message['sender'] . "\">" $sender[0] . "</A>";
                        
$reply " [ <A href=\"message.php?action=sendmessage&amp;receiver=" $message['sender'] . "&amp;replyto=" $pm_id "\"> " $message_lang['answer']."</A> ]";
                }
        }
        
$body format_comment($message['msg']);
        
$added get_date_time($message['added']);
        if (
get_user_class() >= UC_MODERATOR && $message['sender'] == $CURUSER['id'])
        {
                
$unread = ($message['unread'] == 'yes' "<SPAN style=\"color: #FF0000;\"><b>(" $message_lang['new'] . ")</b></A>" "");
        }
        else
        {
                
$unread "";
        }
        
$subject htmlspecialchars($message['subject']);
        if (
strlen($subject) <= 0)
        {
                
$subject $message_lang['nosubject'] ;
        }
        
// Mark message unread
        
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id=" sqlesc($pm_id) . " AND receiver=" sqlesc($CURUSER['id']) . " LIMIT 1");
        
// Display message
        
stdhead($message_lang['showmessagessdthead']." (".$message_lang['subject'].": $subject)"); ?>
        <TABLE width="660" border="0" cellpadding="4" cellspacing="0">
        <TR><TD class="colhead" colspan="2"><?=$message_lang['subject']?> <?=$subject?></TD></TR>
        <TR>
        <TD width="50%" class="colhead"><?=$from?></TD>
        <TD width="50%" class="colhead"><?=$message_lang['datesent']?></TD>
        </TR>
        <TR>
        <TD><?=$sender?></TD>
        <TD><?=$added?>&nbsp;&nbsp;<?=$unread?></TD>
        </TR>
        <TR>
        <TD colspan="2"><?=$body?></TD>
        </TR>
        <TR>
        <TD align="right" colspan=2>[ <A href="message.php?action=deletemessage&id=<?=$pm_id?>"><?=$message_lang['remove']?></A> ]<?=$reply?> [ <A href="message.php?action=forward&id=<?=$pm_id?>"><?=$message_lang['forward']?></A> ]</TD>
        </TR>
        </TABLE><?
        stdfoot
();
}
// End View Message

// Message
if ($action == "sendmessage") {

        
$receiver $_GET["receiver"];
        if (!
is_valid_id($receiver))
                
newerr($tracker_lang['error'], $message_lang['incorectrecipient']);

        
$replyto $_GET["replyto"];
        if (
$replyto && !is_valid_id($replyto))
                
newerr($tracker_lang['error'], $message_lang['incorectrecipient']);

        
$auto $_GET["auto"];
        
$std $_GET["std"];

        if ((
$auto || $std ) && get_user_class() < UC_MODERATOR)
                
newerr($tracker_lang['error'], $message_lang['noaccess']);

        
$res sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=$receiver") or die(mysql_error());
        
$user mysql_fetch_assoc($res);
        if (!
$user)
                
newerr($tracker_lang['error'], $message_lang['nouserid']);
        if (
$auto)
                
$body $pm_std_reply[$auto];
        if (
$std)
                
$body $pm_template[$std][1];

        if (
$replyto) {
                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$replyto") or sqlerr(__FILE____LINE__);
                
$msga mysql_fetch_assoc($res);
                if (
$msga["receiver"] != $CURUSER["id"])
                        
newerr($tracker_lang['error'], $message_lang['noaccess']);

                
$res sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" $msga["sender"]) or sqlerr(__FILE____LINE__);
                
$usra mysql_fetch_assoc($res);
                
$body .= "\n\n\n-------- $usra[username] wrote: --------\n".htmlspecialchars($msga['msg'])."\n";
                
// Change
                
$subject "Re: " htmlspecialchars($msga['subject']);
                
// End of Change
        
}

        
stdhead($message_lang['sendingmessage']);
        
?>
        <table class=main border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>
        <form name=message method=post action=message.php>
        <input type=hidden name=action value=takemessage>
        <table class=message cellspacing=0 cellpadding=5>
        <tr><td colspan=2 class=colhead><?=$message_lang['messageto']?><a class=altlink_white href=userdetails.php?id=<?=$receiver?>><?=$user["username"]?></a></td></tr>
        <TR>
        <TD colspan="2"><B><?=$message_lang['subject']?>&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60" value="<?=$subject?>" maxlength="255"></TD>
        </TR>
        <tr><td<?=$replyto?" colspan=2":""?>>
        <?
        textbbcode
("message","msg","$body");
        
?>
        </td></tr>
        <tr>
        <? if ($replyto) { ?>
        <td align=center><input type=checkbox name='delete' value='yes' <?=$CURUSER['deletepms'] == 'yes'?"checked":""?>><?=$message_lang['deletewhensent']?>
        <input type=hidden name=origmsg value=<?=$replyto?>></td>
        <? ?>
        <td align=center><input type=checkbox name='save' value='yes' <?=$CURUSER['savepms'] == 'yes'?"checked":""?>><?=$message_lang['savewhensent']?></td></tr>
        <tr><td<?=$replyto?" colspan=2":""?> align=center><input type=submit value="<?=$message_lang['sendmessage-submitbutton']?>" class=btn></td></tr>
        </table>
        <input type=hidden name=receiver value=<?=$receiver?>>
        </form>
        </div></td></tr></table>
        <?
        stdfoot
();
}
// End View Message


// Take Message
if ($action == 'takemessage') {

        
$receiver $_POST["receiver"];
        
$origmsg $_POST["origmsg"];
        
$save $_POST["save"];
        
$returnto $_POST["returnto"];
        if (!
is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg)))
                
newerr($tracker_lang['error'],$message_lang['incorrectid']);
        
$msg trim($_POST["msg"]);
        if (!
$msg)
                
newerr($tracker_lang['error'],$message_lang['entermessage']);
        
$subject trim($_POST['subject']);
        if (!
$subject)
                
newerr($tracker_lang['error'],$message_lang['entersubject']);
        
// Change
        
$save = ($save == 'yes') ? "yes" "no";
        
// End of Change
        
$res sql_query("SELECT email, acceptpms, notifs, parked, UNIX_TIMESTAMP(last_access) as la FROM users WHERE id=$receiver") or sqlerr(__FILE____LINE__);
        
$user mysql_fetch_assoc($res);
        if (!
$user)
                
newerr($tracker_lang['error'], $message_lang['nosuchuser']. " " .$receiver);
        
//Make sure recipient wants this message
        
if ($user["parked"] == "yes")
                
newerr($tracker_lang['error'], $message_lang['accountparked'] );
        if (
get_user_class() < UC_MODERATOR)
        {
                if (
$user["acceptpms"] == "yes")
                {
                        
$res2 sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$receiver AND blockid=" $CURUSER["id"]) or sqlerr(__FILE____LINE__);
                        if (
mysql_num_rows($res2) == 1)
                                
sttderr($tracker_lang['error'], $message_lang['addedtoblacklist']);
                }
                elseif (
$user["acceptpms"] == "friends")
                {
                        
$res2 sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$receiver AND friendid=" $CURUSER["id"]) or sqlerr(__FILE____LINE__);
                        if (
mysql_num_rows($res2) != 1)
                                 
newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
                }
                elseif (
$user["acceptpms"] == "no")
                                 
newerr($tracker_lang['error'], $message_lang['nopm']);
        }
        
sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, msg, subject, saved, location) VALUES(" $CURUSER["id"] . ", " $CURUSER["id"] . ",
        
$receiver, " TIMENOW ", " sqlesc($msg) . ", " sqlesc($subject) . ", " sqlesc($save) . ", 1)") or sqlerr(__FILE____LINE__);
        
$sended_id mysql_insert_id();
        if (
strpos($user['notifs'], '[pm]') !== false) {
                
$username $CURUSER["username"];
                
$usremail $user["email"];
$body = <<<EOD
$username sent you a personal massage!

Clcik the link below to read the massage.

$DEFAULTBASEURL/message.php?action=viewmessage&id=$sended_id

--

$SITENAME
EOD;
                
$subj "".$message_lang['user_sentyoupm'].$username!";
                
sent_mail($usremail'You have received a new personal massage from $username!'$SITEMAIL$subj$body);
                
//mail($usremail, $subj, $body, $SITEEMAIL);
        
}
        
$delete $_POST["delete"];
        if (
$origmsg)
        {
                if (
$delete == "yes")
                {
                        
// Make sure receiver of $origmsg is current user
                        
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE____LINE__);
                        if (
mysql_num_rows($res) == 1)
                        {
                                
$arr mysql_fetch_assoc($res);
                                if (
$arr["receiver"] != $CURUSER["id"])
                                        
newerr($tracker_lang['error'],"Sorry,can't delete other's massages!");
                                if (
$arr["saved"] == "no")
                                        
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE____LINE__);
                                elseif (
$arr["saved"] == "yes")
                                        
sql_query("UPDATE ".TABLE_MESSAGES." SET location = '0' WHERE id=$origmsg") or sqlerr(__FILE____LINE__);
                        }
                }
                if (!
$returnto)
                        
$returnto "$DEFAULTBASEURL/message.php";
        }
        if (
$returnto) {
                
header("Location: $returnto");
                die;
        }
        else {
                
header ("Refresh: 2; url=message.php");
                
newerr($tracker_lang['success'] , $message_lang['sendsucessfull']);
        }


}
// End Take Message


// Mass PM
if ($action == 'mass_pm') {
        if (
get_user_class() < UC_MODERATOR)
                
newerr($tracker_lang['error'], $tracker_lang['access_denied']);
        
$n_pms $_POST['n_pms'];['n_pms'];
        
$pmees $_POST['pmees'];
        
$auto $_POST['auto'];

        if (
$auto)
                
$body=$mm_template[$auto][1];

        
stdhead($message_lang['masspm_stdhead']);
        
?>
        <table class=main border=0 cellspacing=0 cellpadding=0>
        <tr><td class=embedded><div align=center>
        <form method=post action=<?=$_SERVER['PHP_SELF']?> name=message>
        <input type=hidden name=action value=takemass_pm>
        <? if ($_SERVER["HTTP_REFERER"]) { ?>
        <input type=hidden name=returnto value="<?=htmlspecialchars($_SERVER["HTTP_REFERER"]);?>">
        <? ?>
        <table border=1 cellspacing=0 cellpadding=5>
        <tr><td class=colhead colspan=2><?=$message_lang['masspm_distribution_for']?> <?=$n_pms?> User<?=($n_pms>1?"s":"")?></td></tr>



        <TR>
        <TD colspan="2"><B>Subject:&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60" maxlength="255"></TD>
        </TR>
        <tr><td colspan="2"><div align="center">
        <?=textbbcode("message","msg","$body");?>
        </div></td></tr>
        <tr><td colspan="2"><div align="center"><b>Comment:&nbsp;&nbsp;</b>
        <input name="comment" type="text" size="70">
        </div></td></tr>
        <tr><td><div align="center"><b><?=$message_lang['from'];?>&nbsp;&nbsp;</b>
        <?=$CURUSER['username']?>
        <input name="sender" type="radio" value="self" checked>
        &nbsp; System
        <input name="sender" type="radio" value="system">
        </div></td>
        <td><div align="center"><b>Take snapshot:</b>&nbsp;<input name="snap" type="checkbox" value="1">
         </div></td></tr>
        <tr><td colspan="2" align=center><input type=submit value="Send!" class=btn>
        </td></tr></table>
        <input type=hidden name=pmees value="<?=$pmees?>">
        <input type=hidden name=n_pms value=<?=$n_pms?>>
        </form><br /><br />
        </div>
        </td>
        </tr>
        </table>
        <?
        stdfoot
();

}
//End Mass PM


//Take Mass PM
if ($action == 'takemass_pm') {
        if (
get_user_class() < UC_MODERATOR)
                
newerr($tracker_lang['error'], $tracker_lang['access_denied']);
        
$msg trim($_POST["msg"]);
        if (!
$msg)
                
newerr($tracker_lang['error'],$message_lang['entermessage']);
        
$sender_id = ($_POST['sender'] == 'system' $CURUSER['id']);
        
$from_is unesc($_POST['pmees']);
        
// Change
        
$subject trim($_POST['subject']);
        
$query "INSERT INTO ".TABLE_MESSAGES." (sender, receiver, added, msg, subject, location, poster) ""SELECT $sender_id, u.id, '" get_date_time(time()) . "', " .
        
sqlesc($msg) . ", " sqlesc($subject) . ", 1, $sender_id " $from_is;
        
// End of Change
        
sql_query($query) or sqlerr(__FILE____LINE__);
        
$n mysql_affected_rows();
        
$n_pms $_POST['n_pms'];['n_pms'];
        
$comment $_POST['comment'];
        
$snapshot $_POST['snap'];
        
// add a custom text or stats snapshot to comments in profile
        
if ($comment || $snapshot)
        {
                
$res sql_query("SELECT u.id, u.uploaded, u.downloaded, u.modcomment ".$from_is) or sqlerr(__FILE____LINE__);
                if (
mysql_num_rows($res) > 0)
                {
                        
$l 0;
                        while (
$user mysql_fetch_array($res))
                        {
                                unset(
$new);
                                
$old $user['modcomment'];
                                if (
$comment)
                                        
$new $comment;
                                        if (
$snapshot)
                                        {
                                                
$new .= ($new?"\n":"") . "MMed, " date("Y-m-d") . ", " .
                                                
"UL: " mksize($user['uploaded']) . ", " .
                                                
"DL: " mksize($user['downloaded']) . ", " .
                                                
"r: " . (($user['downloaded'] > 0)?($user['uploaded']/$user['downloaded']) : 0) . " - " .
                                                (
$_POST['sender'] == "system"?"System":$CURUSER['username']);
                                        }
                                        
$new .= $old?("\n".$old):$old;
                                        
sql_query("UPDATE ".TABLE_USERS." SET modcomment = " sqlesc($new) . " WHERE id = " $user['id']) or sqlerr(__FILE____LINE__);
                                        if (
mysql_affected_rows())
                                                
$l++;
                        }
                }
        }
        
header ("Refresh: 3; url=message.php");
        
newerr($tracker_lang['success'], (($n_pms 1) ? "$n Massage $n_pms was" "A message has been")." has been successfully sent!" . ($l $l comment(s) in profile" . (($l>1) ? "" "(s)") . " updated!" ""));
}
//End Take Mass PM


//Move Or Delete
if ($action == "moveordel") {
        
$pm_id = (int) $_POST['id'];
        
$pm_box = (int) $_POST['box'];
        
$pm_messages $_POST['messages'];
        if (
$_POST['move']) {
                if (
$pm_id) {
                        
// Move a single message
                        
@sql_query("UPDATE ".TABLE_MESSAGES." SET location=" sqlesc($pm_box) . ", saved = 'yes' WHERE id=" sqlesc($pm_id) . " AND receiver=" $CURUSER['id'] . " LIMIT 1");
                }
                else {
                        
// Move multiple messages
                        
@sql_query("UPDATE ".TABLE_MESSAGES." SET location=" sqlesc($pm_box) . ", saved = 'yes' WHERE id IN (" implode(", "array_map("sqlesc"array_map("intval"$pm_messages))) . ') AND receiver=' $CURUSER['id']);
                }
                
// Check if messages were moved
                
if (@mysql_affected_rows() == 0) {
                        
newerr($tracker_lang['error'], $message_lang['not_possible_to_move_or_delete_message']);
                }
                
header("Location: message.php?action=viewmailbox&box=" $pm_box);
                exit();
        }
        elseif (
$_POST['delete']) {
                if (
$pm_id) {
                        
// Delete a single message
                        
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        
$message mysql_fetch_assoc($res);
                        if (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                                
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                                
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                                
sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                                
sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                } else {
                        
// Delete multiple messages
                        
if (is_array($pm_messages))
                        foreach (
$pm_messages as $id) {
                                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id));
                                
$message mysql_fetch_assoc($res);
                                if (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                                        
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                                        
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                                        
sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                                        
sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                        }
                }
                
// Check if messages were moved
                
if (@mysql_affected_rows() == 0) {
                        
newerr($tracker_lang['error'],$message_lang['nomove']);
                }
                else {
                        
header("Location: message.php?action=viewmailbox&box=" $pm_box);
                        exit();
                }
        }
        elseif (
$_POST["markread"]) {
                
//Mark Read
                
if ($pm_id) {
                        
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                }
                
//End Mark Read
                
else {
                        if (
is_array($pm_messages))
                        foreach (
$pm_messages as $id) {
                                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id));
                                
$message mysql_fetch_assoc($res);
                                
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                        }
                }
                if (@
mysql_affected_rows() == 0) {
                        
newerr($tracker_lang['error'], $message_lang['not_possible_to_mark_this_message_as_read']);
                }
                else {
                        
header("Location: message.php?action=viewmailbox&box=" $pm_box);
                        exit();
                }
        }

newerr($tracker_lang['error'],"There is no action");
}
//End Move Or Delete


//Foward
if ($action == "forward") {
        if (
$_SERVER['REQUEST_METHOD'] == 'GET') {
                
// Display form
                
$pm_id = (int) $_GET['id'];

                
// Get the message
                
$res sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' sqlesc($pm_id) . ' AND (receiver=' sqlesc($CURUSER['id']) . ' OR sender=' sqlesc($CURUSER['id']) . ') LIMIT 1') or sqlerr(__FILE__,__LINE__);

                if (!
$res) {
                        
newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }
                if (
mysql_num_rows($res) == 0) {
                        
newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }
                
$message mysql_fetch_assoc($res);

                
// Prepare variables
                
$subject "Fwd: " htmlspecialchars($message['subject']);
                
$from $message['sender'];
                
$orig $message['receiver'];

                
$res sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" sqlesc($orig) . " OR id=" sqlesc($from)) or sqlerr(__FILE__,__LINE__);

                
$orig2 mysql_fetch_assoc($res);
                
$orig_name "<A href=\"userdetails.php?id=" $from "\">" $orig2['username'] . "</A>";
                if (
$from == 0) {
                        
$from_name $message_lang['systemsendername'];
                        
$from2['username'] = $message_lang['systemsendername'];
                }
                else {
                        
$from2 mysql_fetch_array($res);
                        
$from_name "<A href=\"userdetails.php?id=" $from "\">" $from2['username'] . "</A>";
                }

                
$body "-------- "$message_lang['originalsender'] . $from2['username'] . ": --------<BR>" format_comment($message['msg']);

                
stdhead($subject);?>

                <FORM action="message.php" method="post">
                <INPUT type="hidden" name="action" value="forward">
                <INPUT type="hidden" name="id" value="<?=$pm_id?>">
                <TABLE border="0" cellpadding="4" cellspacing="0">
                <TR><TD class="colhead" colspan="2"><?=$subject?></TD></TR>
                <TR>
                <TD><?=$message_lang['to']?></TD>
                <TD><INPUT type="text" name="to" value="<?=$message_lang['nameofrecipient']?>" size="83"></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['originalsender2']?></TD>
                <TD><?=$orig_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['from']?></TD>
                <TD><?=$from_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['subject']?></TD>
                <TD><INPUT type="text" name="subject" value="<?=$subject?>" size="83"></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['message']?></TD>
                <TD><TEXTAREA name="msg" cols="80" rows="8"></TEXTAREA><BR><?=$body?></TD>
                </TR>
                <TR>
                <TD colspan="2" align="center"><?=$message_lang['savewhensent']?> <INPUT type="checkbox" name="save" value="1"<?=$CURUSER['savepms'] == 'yes'?" checked":""?>>&nbsp;<INPUT type="submit" value="<?=$message_lang['sendmessage-submitbutton']?>"></TD>
                </TR>
                </TABLE>
                </FORM><?
                stdfoot
();
        }

        else {

                
// Forward the message
                
$pm_id = (int) $_POST['id'];

                
// Get the message
                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id) . " AND (receiver=" sqlesc($CURUSER['id']) . " OR sender=" sqlesc($CURUSER['id']) . ") LIMIT 1") or sqlerr(__FILE__,__LINE__);  
                if (!
$res) {
                        
newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }

                if (
mysql_num_rows($res) == 0) {
                        
newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }

                
$message mysql_fetch_assoc($res);
                
$subject = (string) $_POST['subject'];
                
$username strip_tags($_POST['to']);

                
// Try finding a user with specified name

                
$res sql_query("SELECT id FROM ".TABLE_USERS." WHERE LOWER(username)=LOWER(" sqlesc($username) . ") LIMIT 1");
                if (!
$res) {
                        
newerr($tracker_lang['error'], $message_lang['incorrectuser']);
                }
                if (
mysql_num_rows($res) == 0) {
                        
newerr($tracker_lang['error'], $message_lang['incorrectuser']);
                }

                
$to mysql_fetch_array($res);
                
$to $to[0];

                
// Get Orignal sender's username
                
if ($message['sender'] == 0) {
                        
$from $message_lang['systemsendername'];
                }
                else {
                        
$res sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=" sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
                        
$from mysql_fetch_assoc($res);
                        
$from $from['username'];
                }
                
$body = (string) $_POST['msg'];
                
$body .= "\n-------- "$message_lang['originalsender']. " " $from ": --------\n" $message['msg'];
                
$save = (int) $_POST['save'];
                if (
$save) {
                        
$save 'yes';
                }
                else {
                        
$save 'no';
                }

                
//Make sure recipient wants this message
                
if (get_user_class() < UC_MODERATOR) {
                        if (
$from["acceptpms"] == "yes") {
                                
$res2 sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$to AND blockid=" $CURUSER["id"]) or sqlerr(__FILE____LINE__);
                                if (
mysql_num_rows($res2) == 1)
                                        
newerr($tracker_lang['error'], $message_lang['addedtoblacklist']);
                        }
                        elseif (
$from["acceptpms"] == "friends") {
                                
$res2 sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$to AND friendid=" $CURUSER["id"]) or sqlerr(__FILE____LINE__);
                                if (
mysql_num_rows($res2) != 1)
                                        
newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
                        }

                        elseif (
$from["acceptpms"] == "no")
                                
newerr($tracker_lang['error'], $message_lang['nopm']);
                }
                
sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, subject, msg, location, saved) VALUES(" $CURUSER["id"] . ", " $CURUSER["id"] . ", $to, '" TIMENOW "', " sqlesc($subject) . "," sqlesc($body) . ", " sqlesc(PM_INBOX) . ", " sqlesc($save) . ")") or sqlerr(__FILE____LINE__);
                        
newerr($message_lang['success'], $message_lang['sendsucessfull']);
        }
}


if (
$action == "deletemessage") {
        
$pm_id = (int) $_GET['id'];

        
// Delete message
        
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        if (!
$res) {
                
newerr($tracker_lang['error'],$message_lang['noid']);
        }
        if (
mysql_num_rows($res) == 0) {
                
newerr($tracker_lang['error'],$message_lang['noid']);
        }
        
$message mysql_fetch_assoc($res);
        if (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                
$res2 sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                
$res2 sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                
$res2 sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                
$res2 sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        if (!
$res2) {
                
newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        if (
mysql_affected_rows() == 0) {
                
newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        else {
                
header("Location: message.php?action=viewmailbox&id=" $message['location']);
                exit();
        }
}
?>
here
Reply With Quote
  #6  
Old 22nd February 2009, 21:44
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
alright this will work ;)


PHP Code:
<?


require_once ("include/bittorrent.php");

gzip();
// +-------------BEGIN Language Hack By ANDiTKO ------------------------------+
global $defaultlanguage$tracker_lang$rootpath;
    if (
file_exists($rootpath 'languages/' $lang '/lang_message.php'))
        require_once(
$rootpath 'languages/' $lang '/lang_message.php');
    else
        require_once(
$rootpath 'languages/' $defaultlanguage '/lang_message.php');
// +-------------END Language Hack By ANDiTKO --------------------------------+
// Connect to DB & check login
dbconn();
loggedinorreturn();
parked();

// Define constants
define('PM_DELETED',0); // Message was deleted
define('PM_INBOX',1); // Message located in Inbox for reciever
define('PM_SENTBOX',-1); // GET value for sent box

// Determine action
$action = (string) $_GET['action'];
if (!
$action)
{
        
$action = (string) $_POST['action'];
        if (!
$action)
        {
                
$action 'viewmailbox';
        }
}

// View Mail Box
if ($action == "viewmailbox") {
        
// Get Mailbox Number
        
$mailbox = (int) $_GET['box'];
        if (!
$mailbox)
        {
                
$mailbox PM_INBOX;
        }
                if (
$mailbox == PM_INBOX)
                {
                        
$mailbox_name $tracker_lang['inbox'];
                }
                else
                {
                        
$mailbox_name $tracker_lang['outbox'];
                }

        
// Start Page

        
stdhead($mailbox_name); ?>
        <script language="Javascript" type="text/javascript">
        <!-- Begin
        var checkflag = "false";
        var marked_row = new Array;
        function check(field) {
                if (checkflag == "false") {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = true;}
                                checkflag = "true";
                        }
                else {
                        for (i = 0; i < field.length; i++) {
                                field[i].checked = false; }
                                checkflag = "false";
                        }
                }
                //  End -->
        </script>
        <script language="javascript" type="text/javascript" src="js/functions.js"></script>
        <H1><?=$mailbox_name?></H1>
        <DIV align="right"><FORM action="message.php" method="get">
        <INPUT type="hidden" name="action" value="viewmailbox"><?=$tracker_lang['go_to'];?>: <SELECT name="box">
        <OPTION value="1"<?=($mailbox == PM_INBOX " selected" "")?>><?=$tracker_lang['inbox'];?></OPTION>
        <OPTION value="-1"<?=($mailbox == PM_SENTBOX " selected" "")?>><?=$tracker_lang['outbox'];?></OPTION>
        </SELECT> <INPUT type="submit" value="<?=$tracker_lang['go_go_go'];?>"></FORM>
        </DIV>
        <TABLE border="0" cellpadding="4" cellspacing="0" width="100%">
        <FORM action="message.php" method="post" name="form1">
        <INPUT type="hidden" name="action" value="moveordel">
        <TR>
        <TD width="2%" class="colhead">&nbsp;&nbsp;</TD>
        <TD width="51%" class="colhead"><?=$tracker_lang['subject'];?></TD>
        <?
        
if ($mailbox == PM_INBOX )
                print (
"<TD width=\"35%\" class=\"colhead\">".$tracker_lang['sender']."</TD>");
        else
                print (
"<TD width=\"35%\" class=\"colhead\">".$tracker_lang['receiver']."</TD>");
        
?>
        <TD width="10%" class="colhead"><?=$tracker_lang['date'];?></TD>
        <TD width="2%" class="colhead"><INPUT type="checkbox" title="<?=$tracker_lang['mark_all'];?>" value="<?=$tracker_lang['mark_all'];?>" onClick="this.value=check(document.form1.elements);"></TD>
        </TR>
        <? if ($mailbox != PM_SENTBOX) {
                
$res sql_query("SELECT m.*, u.username AS sender_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.sender = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE receiver=" sqlesc($CURUSER['id']) . " AND location=" sqlesc($mailbox) . " ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
        } else {
                
$res sql_query("SELECT m.*, u.username AS receiver_username, s.id AS sfid, r.id AS rfid FROM ".TABLE_MESSAGES." m LEFT JOIN ".TABLE_USERS." u ON m.receiver = u.id LEFT JOIN ".TABLE_FRIENDS." r ON r.userid = {$CURUSER["id"]} AND r.friendid = m.receiver LEFT JOIN ".TABLE_FRIENDS." s ON s.userid = {$CURUSER["id"]} AND s.friendid = m.sender WHERE sender=" sqlesc($CURUSER['id']) . " AND saved='yes' ORDER BY id DESC") or sqlerr(__FILE__,__LINE__);
        }
        if (
mysql_num_rows($res) == 0) {
                echo(
"<TD colspan=\"6\" align=\"center\">".$tracker_lang['no_messages'].".</TD>\n");
        }
        else
        {
                while (
$row mysql_fetch_assoc($res))
                {
                        
// Get Sender Username
                        
if ($row['sender'] != 0) {
                                
$username "<A href=\"userdetails.php?id=" $row['sender'] . "\">" $row["sender_username"] . "</A>";
                                
$id $row['sender'];
                                
$friend $row['sfid'];
                                if (
$friend && $CURUSER['id'] != $row['sender']) {
                                        
$username .= "&nbsp;<a href=friends.php?action=delete&type=friend&targetid=$id>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif (
$CURUSER['id'] != $row['sender']) {
                                        
$username .= "&nbsp;<a href=friends.php?action=add&type=friend&targetid=$id>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                
$username $tracker_lang['from_system'];
                        }
                        
// Get Receiver Username
                        
if ($row['receiver'] != 0) {
                                
$receiver "<A href=\"userdetails.php?id=" $row['receiver'] . "\">" $row["receiver_username"] . "</A>";
                                
$id_r $row['receiver'];
                                
$friend $row['rfid'];
                                if (
$friend && $CURUSER['id'] != $row['receiver']) {
                                        
$receiver .= "&nbsp;<a href=friends.php?action=delete&type=friend&targetid=$id_r>[".$message_lang['remove_from_friends']."]</a>";
                                }
                                elseif (
$CURUSER['id'] != $row['receiver']) {
                                        
$receiver .= "&nbsp;<a href=friends.php?action=add&type=friend&targetid=$id_r>[".$message_lang['add_to_friends']."]</a>";
                                }
                        }
                        else {
                                
$receiver $tracker_lang['from_system'];
                        }
                        
$subject htmlspecialchars($row['subject']);
                        if (
strlen($subject) <= 0) {
                                
$subject $tracker_lang['no_subject'];
                        }
                        if (
$row['unread'] == 'yes' && $mailbox != PM_SENTBOX) {
                                echo(
"<TR>\n<TD ><IMG src=\"pic/pn_inboxnew.gif\" alt=\"".$tracker_lang['mail_unread']."\"></TD>\n");
                        }
                        else {
                                echo(
"<TR>\n<TD><IMG src=\"pic/pn_inbox.gif\" alt=\"".$tracker_lang['mail_read']."\"></TD>\n");
                        }
                        echo(
"<TD><A href=\"message.php?action=viewmessage&amp;id=" $row['id'] . "\">" $subject "</A></TD>\n");
                        if (
$mailbox != PM_SENTBOX) {
                            echo(
"<TD>$username</TD>\n");
                        }
                        else {
                            echo(
"<TD>$receiver</TD>\n");
                        }
                        echo(
"<TD nowrap>" get_date_time($row['added']) . "</TD>\n");
                        echo(
"<TD><INPUT type=\"checkbox\" name=\"messages[]\" title=\"".$tracker_lang['mark']."\" value=\"" $row['id'] . "\" id=\"checkbox_tbl_" $row['id'] . "\"></TD>\n</TR>\n");
                }
        }
        
?>
        <tr class="colhead">
        <td colspan="6" align="right" class="colhead">
        <input type="hidden" name="box" value="<?=$mailbox?>">
        <input type="submit" name="delete" title="<?=$tracker_lang['delete_marked_messages'];?>" value="<?=$tracker_lang['delete'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_delete'];?>')">
        <input type="submit" name="markread" title="<?=$tracker_lang['mark_as_read'];?>" value="<?=$tracker_lang['mark_read'];?>" onClick="return confirm('<?=$tracker_lang['sure_mark_read'];?>')"></form>
        </td>
        </tr>
        </form>
        </table>
        <div align="left"><img src="pic/pn_inboxnew.gif" alt="<?=$message_lang['newmail'];?>" /> <?=$tracker_lang['mail_unread_desc'];?><br />
        <img src="pic/pn_inbox.gif" alt="<?=$message_lang['read'];?>" /> <?=$tracker_lang['mail_read_desc'];?></div>
        <?
        stdfoot
();
}
// End View Mail Box


// View Message
if ($action == "viewmessage") {
        
$pm_id = (int) $_GET['id'];
        if (!
$pm_id)
        {
                
newerr($tracker_lang['error'], $message_lang['norights']);
        }
        
// Get the message
        
$res sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' sqlesc($pm_id) . ' AND (receiver=' sqlesc($CURUSER['id']) . ' OR (sender=' sqlesc($CURUSER['id']). ' AND saved=\'yes\')) LIMIT 1') or sqlerr(__FILE__,__LINE__);
        if (
mysql_num_rows($res) == 0)
        {
                
newerr($tracker_lang['error'],$message_lang['norights']);
        }
        
// Prepare for displaying message
        
$message mysql_fetch_assoc($res);
        if (
$message['sender'] == $CURUSER['id'])
        {
                
// Display to
                
$res2 sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" sqlesc($message['receiver'])) or sqlerr(__FILE__,__LINE__);
                
$sender mysql_fetch_array($res2);
                
$sender "<A href=\"userdetails.php?id=" $message['receiver'] . "\">" $sender[0] . "</A>";
                
$reply "";
                
$from $message_lang['to'];
        }
        else
        {
                
$from $message_lang['from'];
                if (
$message['sender'] == 0)
                {
                        
$sender $message_lang['sender'];
                        
$reply "";
                }
                else
                {
                        
$res2 sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
                        
$sender mysql_fetch_array($res2);
                        
$sender "<A href=\"userdetails.php?id=" $message['sender'] . "\">" $sender[0] . "</A>";
                        
$reply " [ <A href=\"message.php?action=sendmessage&amp;receiver=" $message['sender'] . "&amp;replyto=" $pm_id "\"> " $message_lang['answer']."</A> ]";
                }
        }
        
$body format_comment($message['msg']);
        
$added get_date_time($message['added']);
        if (
get_user_class() >= UC_MODERATOR && $message['sender'] == $CURUSER['id'])
        {
                
$unread = ($message['unread'] == 'yes' "<SPAN style=\"color: #FF0000;\"><b>(" $message_lang['new'] . ")</b></A>" "");
        }
        else
        {
                
$unread "";
        }
        
$subject htmlspecialchars($message['subject']);
        if (
strlen($subject) <= 0)
        {
                
$subject $message_lang['nosubject'] ;
        }
        
// Mark message unread
        
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id=" sqlesc($pm_id) . " AND receiver=" sqlesc($CURUSER['id']) . " LIMIT 1");
        
// Display message
        
stdhead($message_lang['showmessagessdthead']." (".$message_lang['subject'].": $subject)"); ?>
        <TABLE width="660" border="0" cellpadding="4" cellspacing="0">
        <TR><TD class="colhead" colspan="2"><?=$message_lang['subject']?> <?=$subject?></TD></TR>
        <TR>
        <TD width="50%" class="colhead"><?=$from?></TD>
        <TD width="50%" class="colhead"><?=$message_lang['datesent']?></TD>
        </TR>
        <TR>
        <TD><?=$sender?></TD>
        <TD><?=$added?>&nbsp;&nbsp;<?=$unread?></TD>
        </TR>
        <TR>
        <TD colspan="2"><?=$body?></TD>
        </TR>
        <TR>
        <TD align="right" colspan=2>[ <A href="message.php?action=deletemessage&id=<?=$pm_id?>"><?=$message_lang['remove']?></A> ]<?=$reply?> [ <A href="message.php?action=forward&id=<?=$pm_id?>"><?=$message_lang['forward']?></A> ]</TD>
        </TR>
        </TABLE><?
        stdfoot
();
}
// End View Message

// Message
if ($action == "sendmessage") {

        
$receiver $_GET["receiver"];
        if (!
is_valid_id($receiver))
                
newerr($tracker_lang['error'], $message_lang['incorectrecipient']);

        
$replyto $_GET["replyto"];
        if (
$replyto && !is_valid_id($replyto))
                
newerr($tracker_lang['error'], $message_lang['incorectrecipient']);

        
$auto $_GET["auto"];
        
$std $_GET["std"];

        if ((
$auto || $std ) && get_user_class() < UC_MODERATOR)
                
newerr($tracker_lang['error'], $message_lang['noaccess']);

        
$res sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=$receiver") or die(mysql_error());
        
$user mysql_fetch_assoc($res);
        if (!
$user)
                
newerr($tracker_lang['error'], $message_lang['nouserid']);
        if (
$auto)
                
$body $pm_std_reply[$auto];
        if (
$std)
                
$body $pm_template[$std][1];

        if (
$replyto) {
                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$replyto") or sqlerr(__FILE____LINE__);
                
$msga mysql_fetch_assoc($res);
                if (
$msga["receiver"] != $CURUSER["id"])
                        
newerr($tracker_lang['error'], $message_lang['noaccess']);

                
$res sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" $msga["sender"]) or sqlerr(__FILE____LINE__);
                
$usra mysql_fetch_assoc($res);
                
$body .= "\n\n\n-------- $usra[username] wrote: --------\n".htmlspecialchars($msga['msg'])."\n";
                
// Change
                
$subject "Re: " htmlspecialchars($msga['subject']);
                
// End of Change
        
}

        
stdhead($message_lang['sendingmessage']);
        
?>
        <table class=main border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>
        <form name=message method=post action=message.php>
        <input type=hidden name=action value=takemessage>
        <table class=message cellspacing=0 cellpadding=5>
        <tr><td colspan=2 class=colhead><?=$message_lang['messageto']?><a class=altlink_white href=userdetails.php?id=<?=$receiver?>><?=$user["username"]?></a></td></tr>
        <TR>
        <TD colspan="2"><B><?=$message_lang['subject']?>&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60" value="<?=$subject?>" maxlength="255"></TD>
        </TR>
        <tr><td<?=$replyto?" colspan=2":""?>>
        <?
        textbbcode
("message","msg","$body");
        
?>
        </td></tr>
        <tr>
        <? if ($replyto) { ?>
        <td align=center><input type=checkbox name='delete' value='yes' <?=$CURUSER['deletepms'] == 'yes'?"checked":""?>><?=$message_lang['deletewhensent']?>
        <input type=hidden name=origmsg value=<?=$replyto?>></td>
        <? ?>
        <td align=center><input type=checkbox name='save' value='yes' <?=$CURUSER['savepms'] == 'yes'?"checked":""?>><?=$message_lang['savewhensent']?></td></tr>
        <tr><td<?=$replyto?" colspan=2":""?> align=center><input type=submit value="<?=$message_lang['sendmessage-submitbutton']?>" class=btn></td></tr>
        </table>
        <input type=hidden name=receiver value=<?=$receiver?>>
        </form>
        </div></td></tr></table>
        <?
        stdfoot
();
}
// End View Message


// Take Message
if ($action == 'takemessage') {

        
$receiver $_POST["receiver"];
        
$origmsg $_POST["origmsg"];
        
$save $_POST["save"];
        
$returnto $_POST["returnto"];
        if (!
is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg)))
                
newerr($tracker_lang['error'],$message_lang['incorrectid']);
        
$msg trim($_POST["msg"]);
        if (!
$msg)
                
newerr($tracker_lang['error'],$message_lang['entermessage']);
        
$subject trim($_POST['subject']);
        if (!
$subject)
                
newerr($tracker_lang['error'],$message_lang['entersubject']);
        
// Change
        
$save = ($save == 'yes') ? "yes" "no";
        
// End of Change
        
$res sql_query("SELECT email, acceptpms, notifs, parked, UNIX_TIMESTAMP(last_access) as la FROM users WHERE id=$receiver") or sqlerr(__FILE____LINE__);
        
$user mysql_fetch_assoc($res);
        if (!
$user)
                
newerr($tracker_lang['error'], $message_lang['nosuchuser']. " " .$receiver);
        
//Make sure recipient wants this message
        
if ($user["parked"] == "yes")
                
newerr($tracker_lang['error'], $message_lang['accountparked'] );
        if (
get_user_class() < UC_MODERATOR)
        {
                if (
$user["acceptpms"] == "yes")
                {
                        
$res2 sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$receiver AND blockid=" $CURUSER["id"]) or sqlerr(__FILE____LINE__);
                        if (
mysql_num_rows($res2) == 1)
                                
sttderr($tracker_lang['error'], $message_lang['addedtoblacklist']);
                }
                elseif (
$user["acceptpms"] == "friends")
                {
                        
$res2 sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$receiver AND friendid=" $CURUSER["id"]) or sqlerr(__FILE____LINE__);
                        if (
mysql_num_rows($res2) != 1)
                                 
newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
                }
                elseif (
$user["acceptpms"] == "no")
                                 
newerr($tracker_lang['error'], $message_lang['nopm']);
        }
        
sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, msg, subject, saved, location) VALUES(" $CURUSER["id"] . ", " $CURUSER["id"] . ",
        
$receiver, " TIMENOW ", " sqlesc($msg) . ", " sqlesc($subject) . ", " sqlesc($save) . ", 1)") or sqlerr(__FILE____LINE__);
        
$sended_id mysql_insert_id();
        if (
strpos($user['notifs'], '[pm]') !== false) {
                
$username $CURUSER["username"];
                
$usremail $user["email"];
$body = <<<EOD
$username sent you a personal massage!

Clcik the link below to read the massage.

$DEFAULTBASEURL/message.php?action=viewmessage&id=$sended_id

--

$SITENAME
EOD;
                
$subj "".$message_lang['user_sentyoupm'].$username!";
                
sent_mail($usremail'You have received a new personal massage from $username!'$SITEMAIL$subj$body);
                
//mail($usremail, $subj, $body, $SITEEMAIL);
        
}
        
$delete $_POST["delete"];
        if (
$origmsg)
        {
                if (
$delete == "yes")
                {
                        
// Make sure receiver of $origmsg is current user
                        
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE____LINE__);
                        if (
mysql_num_rows($res) == 1)
                        {
                                
$arr mysql_fetch_assoc($res);
                                if (
$arr["receiver"] != $CURUSER["id"])
                                        
newerr($tracker_lang['error'],"Sorry,can't delete other's massages!");
                                if (
$arr["saved"] == "no")
                                        
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=$origmsg") or sqlerr(__FILE____LINE__);
                                elseif (
$arr["saved"] == "yes")
                                        
sql_query("UPDATE ".TABLE_MESSAGES." SET location = '0' WHERE id=$origmsg") or sqlerr(__FILE____LINE__);
                        }
                }
                if (!
$returnto)
                        
$returnto "$DEFAULTBASEURL/message.php";
        }
        if (
$returnto) {
                
header("Location: $returnto");
                die;
        }
        else {
                
header ("Refresh: 2; url=message.php");
                
newerr($tracker_lang['success'] , $message_lang['sendsucessfull']);
        }


}
// End Take Message


// Mass PM
if ($action == 'mass_pm') {
        if (
get_user_class() < UC_MODERATOR)
                
newerr($tracker_lang['error'], $tracker_lang['access_denied']);
        
$n_pms $_POST['n_pms'];
        
$pmees $_POST['pmees'];
        
$auto $_POST['auto'];

        if (
$auto)
                
$body=$mm_template[$auto][1];

        
stdhead($message_lang['masspm_stdhead']);
        
?>
        <table class=main border=0 cellspacing=0 cellpadding=0>
        <tr><td class=embedded><div align=center>
        <form method=post action=<?=$_SERVER['PHP_SELF']?> name=message>
        <input type=hidden name=action value=takemass_pm>
        <? if ($_SERVER["HTTP_REFERER"]) { ?>
        <input type=hidden name=returnto value="<?=htmlspecialchars($_SERVER["HTTP_REFERER"]);?>">
        <? ?>
        <table border=1 cellspacing=0 cellpadding=5>
        <tr><td class=colhead colspan=2><?=$message_lang['masspm_distribution_for']?> <?=$n_pms?> User<?=($n_pms>1?"s":"")?></td></tr>



        <TR>
        <TD colspan="2"><B>Subject:&nbsp;&nbsp;</B>
        <INPUT name="subject" type="text" size="60" maxlength="255"></TD>
        </TR>
        <tr><td colspan="2"><div align="center">
        <?=textbbcode("message","msg","$body");?>
        </div></td></tr>
        <tr><td colspan="2"><div align="center"><b>Comment:&nbsp;&nbsp;</b>
        <input name="comment" type="text" size="70">
        </div></td></tr>
        <tr><td><div align="center"><b><?=$message_lang['from'];?>&nbsp;&nbsp;</b>
        <?=$CURUSER['username']?>
        <input name="sender" type="radio" value="self" checked>
        &nbsp; System
        <input name="sender" type="radio" value="system">
        </div></td>
        <td><div align="center"><b>Take snapshot:</b>&nbsp;<input name="snap" type="checkbox" value="1">
         </div></td></tr>
        <tr><td colspan="2" align=center><input type=submit value="Send!" class=btn>
        </td></tr></table>
        <input type=hidden name=pmees value="<?=$pmees?>">
        <input type=hidden name=n_pms value=<?=$n_pms?>>
        </form><br /><br />
        </div>
        </td>
        </tr>
        </table>
        <?
        stdfoot
();

}
//End Mass PM


//Take Mass PM
if ($action == 'takemass_pm') {
        if (
get_user_class() < UC_MODERATOR)
                
newerr($tracker_lang['error'], $tracker_lang['access_denied']);
        
$msg trim($_POST["msg"]);
        if (!
$msg)
                
newerr($tracker_lang['error'],$message_lang['entermessage']);
        
$sender_id = ($_POST['sender'] == 'system' $CURUSER['id']);
        
$from_is unesc($_POST['pmees']);
        
// Change
        
$subject trim($_POST['subject']);
        
$query "INSERT INTO ".TABLE_MESSAGES." (sender, receiver, added, msg, subject, location, poster) ""SELECT $sender_id, u.id, '" get_date_time(time()) . "', " .
        
sqlesc($msg) . ", " sqlesc($subject) . ", 1, $sender_id " $from_is;
        
// End of Change
        
sql_query($query) or sqlerr(__FILE____LINE__);
        
$n mysql_affected_rows();
        
$n_pms $_POST['n_pms'];
        
$comment $_POST['comment'];
        
$snapshot $_POST['snap'];
        
// add a custom text or stats snapshot to comments in profile
        
if ($comment || $snapshot)
        {
                
$res sql_query("SELECT u.id, u.uploaded, u.downloaded, u.modcomment ".$from_is) or sqlerr(__FILE____LINE__);
                if (
mysql_num_rows($res) > 0)
                {
                        
$l 0;
                        while (
$user mysql_fetch_array($res))
                        {
                                unset(
$new);
                                
$old $user['modcomment'];
                                if (
$comment)
                                        
$new $comment;
                                        if (
$snapshot)
                                        {
                                                
$new .= ($new?"\n":"") . "MMed, " date("Y-m-d") . ", " .
                                                
"UL: " mksize($user['uploaded']) . ", " .
                                                
"DL: " mksize($user['downloaded']) . ", " .
                                                
"r: " . (($user['downloaded'] > 0)?($user['uploaded']/$user['downloaded']) : 0) . " - " .
                                                (
$_POST['sender'] == "system"?"System":$CURUSER['username']);
                                        }
                                        
$new .= $old?("\n".$old):$old;
                                        
sql_query("UPDATE ".TABLE_USERS." SET modcomment = " sqlesc($new) . " WHERE id = " $user['id']) or sqlerr(__FILE____LINE__);
                                        if (
mysql_affected_rows())
                                                
$l++;
                        }
                }
        }
        
header ("Refresh: 3; url=message.php");
        
newerr($tracker_lang['success'], (($n_pms 1) ? "$n Massage $n_pms was" "A message has been")." has been successfully sent!" . ($l $l comment(s) in profile" . (($l>1) ? "" "(s)") . " updated!" ""));
}
//End Take Mass PM


//Move Or Delete
if ($action == "moveordel") {
        
$pm_id = (int) $_POST['id'];
        
$pm_box = (int) $_POST['box'];
        
$pm_messages $_POST['messages'];
        if (
$_POST['move']) {
                if (
$pm_id) {
                        
// Move a single message
                        
@sql_query("UPDATE ".TABLE_MESSAGES." SET location=" sqlesc($pm_box) . ", saved = 'yes' WHERE id=" sqlesc($pm_id) . " AND receiver=" $CURUSER['id'] . " LIMIT 1");
                }
                else {
                        
// Move multiple messages
                        
@sql_query("UPDATE ".TABLE_MESSAGES." SET location=" sqlesc($pm_box) . ", saved = 'yes' WHERE id IN (" implode(", "array_map("sqlesc"array_map("intval"$pm_messages))) . ') AND receiver=' $CURUSER['id']);
                }
                
// Check if messages were moved
                
if (@mysql_affected_rows() == 0) {
                        
newerr($tracker_lang['error'], $message_lang['not_possible_to_move_or_delete_message']);
                }
                
header("Location: message.php?action=viewmailbox&box=" $pm_box);
                exit();
        }
        elseif (
$_POST['delete']) {
                if (
$pm_id) {
                        
// Delete a single message
                        
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        
$message mysql_fetch_assoc($res);
                        if (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                                
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                                
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                                
sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                        elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                                
sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                        }
                } else {
                        
// Delete multiple messages
                        
if (is_array($pm_messages))
                        foreach (
$pm_messages as $id) {
                                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id));
                                
$message mysql_fetch_assoc($res);
                                if (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                                        
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                                        
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                                        
sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                                elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                                        
sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                                }
                        }
                }
                
// Check if messages were moved
                
if (@mysql_affected_rows() == 0) {
                        
newerr($tracker_lang['error'],$message_lang['nomove']);
                }
                else {
                        
header("Location: message.php?action=viewmailbox&box=" $pm_box);
                        exit();
                }
        }
        elseif (
$_POST["markread"]) {
                
//Mark Read
                
if ($pm_id) {
                        
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
                }
                
//End Mark Read
                
else {
                        if (
is_array($pm_messages))
                        foreach (
$pm_messages as $id) {
                                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc((int) $id));
                                
$message mysql_fetch_assoc($res);
                                
sql_query("UPDATE ".TABLE_MESSAGES." SET unread='no' WHERE id = " sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__);
                        }
                }
                if (@
mysql_affected_rows() == 0) {
                        
newerr($tracker_lang['error'], $message_lang['not_possible_to_mark_this_message_as_read']);
                }
                else {
                        
header("Location: message.php?action=viewmailbox&box=" $pm_box);
                        exit();
                }
        }

newerr($tracker_lang['error'],"There is no action");
}
//End Move Or Delete


//Foward
if ($action == "forward") {
        if (
$_SERVER['REQUEST_METHOD'] == 'GET') {
                
// Display form
                
$pm_id = (int) $_GET['id'];

                
// Get the message
                
$res sql_query('SELECT * FROM '.TABLE_MESSAGES.' WHERE id=' sqlesc($pm_id) . ' AND (receiver=' sqlesc($CURUSER['id']) . ' OR sender=' sqlesc($CURUSER['id']) . ') LIMIT 1') or sqlerr(__FILE__,__LINE__);

                if (!
$res) {
                        
newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }
                if (
mysql_num_rows($res) == 0) {
                        
newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }
                
$message mysql_fetch_assoc($res);

                
// Prepare variables
                
$subject "Fwd: " htmlspecialchars($message['subject']);
                
$from $message['sender'];
                
$orig $message['receiver'];

                
$res sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" sqlesc($orig) . " OR id=" sqlesc($from)) or sqlerr(__FILE__,__LINE__);

                
$orig2 mysql_fetch_assoc($res);
                
$orig_name "<A href=\"userdetails.php?id=" $from "\">" $orig2['username'] . "</A>";
                if (
$from == 0) {
                        
$from_name $message_lang['systemsendername'];
                        
$from2['username'] = $message_lang['systemsendername'];
                }
                else {
                        
$from2 mysql_fetch_array($res);
                        
$from_name "<A href=\"userdetails.php?id=" $from "\">" $from2['username'] . "</A>";
                }

                
$body "-------- "$message_lang['originalsender'] . $from2['username'] . ": --------<BR>" format_comment($message['msg']);

                
stdhead($subject);?>

                <FORM action="message.php" method="post">
                <INPUT type="hidden" name="action" value="forward">
                <INPUT type="hidden" name="id" value="<?=$pm_id?>">
                <TABLE border="0" cellpadding="4" cellspacing="0">
                <TR><TD class="colhead" colspan="2"><?=$subject?></TD></TR>
                <TR>
                <TD><?=$message_lang['to']?></TD>
                <TD><INPUT type="text" name="to" value="<?=$message_lang['nameofrecipient']?>" size="83"></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['originalsender2']?></TD>
                <TD><?=$orig_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['from']?></TD>
                <TD><?=$from_name?></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['subject']?></TD>
                <TD><INPUT type="text" name="subject" value="<?=$subject?>" size="83"></TD>
                </TR>
                <TR>
                <TD><?=$message_lang['message']?></TD>
                <TD><TEXTAREA name="msg" cols="80" rows="8"></TEXTAREA><BR><?=$body?></TD>
                </TR>
                <TR>
                <TD colspan="2" align="center"><?=$message_lang['savewhensent']?> <INPUT type="checkbox" name="save" value="1"<?=$CURUSER['savepms'] == 'yes'?" checked":""?>>&nbsp;<INPUT type="submit" value="<?=$message_lang['sendmessage-submitbutton']?>"></TD>
                </TR>
                </TABLE>
                </FORM><?
                stdfoot
();
        }

        else {

                
// Forward the message
                
$pm_id = (int) $_POST['id'];

                
// Get the message
                
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id) . " AND (receiver=" sqlesc($CURUSER['id']) . " OR sender=" sqlesc($CURUSER['id']) . ") LIMIT 1") or sqlerr(__FILE__,__LINE__);
                if (!
$res) {
                        
newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }

                if (
mysql_num_rows($res) == 0) {
                        
newerr($tracker_lang['error'], $message_lang['nopermissions']);
                }

                
$message mysql_fetch_assoc($res);
                
$subject = (string) $_POST['subject'];
                
$username strip_tags($_POST['to']);

                
// Try finding a user with specified name

                
$res sql_query("SELECT id FROM ".TABLE_USERS." WHERE LOWER(username)=LOWER(" sqlesc($username) . ") LIMIT 1");
                if (!
$res) {
                        
newerr($tracker_lang['error'], $message_lang['incorrectuser']);
                }
                if (
mysql_num_rows($res) == 0) {
                        
newerr($tracker_lang['error'], $message_lang['incorrectuser']);
                }

                
$to mysql_fetch_array($res);
                
$to $to[0];

                
// Get Orignal sender's username
                
if ($message['sender'] == 0) {
                        
$from $message_lang['systemsendername'];
                }
                else {
                        
$res sql_query("SELECT * FROM ".TABLE_USERS." WHERE id=" sqlesc($message['sender'])) or sqlerr(__FILE__,__LINE__);
                        
$from mysql_fetch_assoc($res);
                        
$from $from['username'];
                }
                
$body = (string) $_POST['msg'];
                
$body .= "\n-------- "$message_lang['originalsender']. " " $from ": --------\n" $message['msg'];
                
$save = (int) $_POST['save'];
                if (
$save) {
                        
$save 'yes';
                }
                else {
                        
$save 'no';
                }

                
//Make sure recipient wants this message
                
if (get_user_class() < UC_MODERATOR) {
                        if (
$from["acceptpms"] == "yes") {
                                
$res2 sql_query("SELECT * FROM ".TABLE_BLOCKS." WHERE userid=$to AND blockid=" $CURUSER["id"]) or sqlerr(__FILE____LINE__);
                                if (
mysql_num_rows($res2) == 1)
                                        
newerr($tracker_lang['error'], $message_lang['addedtoblacklist']);
                        }
                        elseif (
$from["acceptpms"] == "friends") {
                                
$res2 sql_query("SELECT * FROM ".TABLE_FRIENDS." WHERE userid=$to AND friendid=" $CURUSER["id"]) or sqlerr(__FILE____LINE__);
                                if (
mysql_num_rows($res2) != 1)
                                        
newerr($tracker_lang['error'], $message_lang['onlypmsfromfreindlist']);
                        }

                        elseif (
$from["acceptpms"] == "no")
                                
newerr($tracker_lang['error'], $message_lang['nopm']);
                }
                
sql_query("INSERT INTO ".TABLE_MESSAGES." (poster, sender, receiver, added, subject, msg, location, saved) VALUES(" $CURUSER["id"] . ", " $CURUSER["id"] . ", $to, '" TIMENOW "', " sqlesc($subject) . "," sqlesc($body) . ", " sqlesc(PM_INBOX) . ", " sqlesc($save) . ")") or sqlerr(__FILE____LINE__);
                        
newerr($message_lang['success'], $message_lang['sendsucessfull']);
        }
}


if (
$action == "deletemessage") {
        
$pm_id = (int) $_GET['id'];

        
// Delete message
        
$res sql_query("SELECT * FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        if (!
$res) {
                
newerr($tracker_lang['error'],$message_lang['noid']);
        }
        if (
mysql_num_rows($res) == 0) {
                
newerr($tracker_lang['error'],$message_lang['noid']);
        }
        
$message mysql_fetch_assoc($res);
        if (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') {
                
$res2 sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) {
                
$res2 sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif (
$message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') {
                
$res2 sql_query("UPDATE ".TABLE_MESSAGES." SET location=0 WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        elseif (
$message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) {
                
$res2 sql_query("UPDATE ".TABLE_MESSAGES." SET saved='no' WHERE id=" sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__);
        }
        if (!
$res2) {
                
newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        if (
mysql_affected_rows() == 0) {
                
newerr($tracker_lang['error'],$message_lang['impossibletoremovemessage']);
        }
        else {
                
header("Location: message.php?action=viewmailbox&id=" $message['location']);
                exit();
        }
}
?>
Reply With Quote
  #7  
Old 22nd February 2009, 21:48
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default
Thanks alot! there isnt a donation system up for this yet right?
Reply With Quote
  #8  
Old 22nd February 2009, 22:03
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
Donation system for what ?
Reply With Quote
  #9  
Old 22nd February 2009, 22:08
rulebreaker rulebreaker is offline
Senior Member
 
Join Date: Feb 2009
P2P
Posts: 41
Default
Donation system for Yuna Scatari 2.2 PRE7 and also why do i get a "access denied" when i try to delete a torrent and im administrator! is it a problem with delete.php?
Reply With Quote
  #10  
Old 24th February 2009, 00:05
carphunter18 carphunter18 is offline
Senior Member
 
Join Date: Dec 2008
Choose
Posts: 18
Default
there is a sort of donation system in it :P

and deleting torrents is only possible true browse.php
Reply With Quote
Reply

Tags
announcement , problem

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
New announcement: XBTIT VULNERABILITY Fynnon xBTiT 1 12th April 2010 11:35
TS 5.1 Announcement Problem rulebreaker Template Shares 4 7th October 2009 00:49
IRC announcement.. wizard2 Torrent Strike 0 26th October 2008 20:24



All times are GMT +2. The time now is 14:11. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.