<?php
if(!defined('DRK'))die('Hacking attempt...');
$uid=IdFromSes($ses);
function flood_protection($fromid,$toid)
{
global $messagefloodtime;
$time=time();
if(num_rows("id",messages,"fromid='$fromid' AND uid='$toid' AND $time-time<=$messagefloodtime")>0)return true;
else return false;
}
function delete_oldest_message($uid)
{
$msgid=fetch_array("id",messages,"uid=$uid ORDER BY time LIMIT 1");
delete(messages,"id=$msgid AND uid=$uid");
}
function sendinbox($fromid,$toid,$type,$subject,$message)
{
global $maxinbox,$admin_maxinbox;
$time=time();
if(insert(messages,"NULL,$toid,$fromid,'$type','$subject','$message','Y',$time")){
$countallmsgs=num_rows("id",messages,"uid=$toid");
if(IsMod($toid)&&$countallmsgs>$admin_maxinbox)delete_oldest_message($toid);
else if(!IsMod($toid)&&$countallmsgs>$maxinbox)delete_oldest_message($toid);
return true;
}
else return false;
}
if($mode=="notices")
{
$newnotices=num_rows("id",messages,"uid='$uid' AND unread='Y' AND type='N'");
$allnotices=num_rows("id",messages,"uid='$uid' AND type='N'");
$page=get_var("page");
if(empty($page))$page=1;
$query=query("*",messages,"uid='$uid' AND type='N' ORDER BY unread DESC, time DESC LIMIT ".($page-1)*$mailsperpage.",$mailsperpage");
if(mysql_num_rows($query)>0){
while($row=mysql_fetch_array($query)){
$fromuser=UserFromId($row['fromid']);
if(profiles_table("sex",$row['fromid'])=="M")$color=" style=\"color:#0000FF;\"";
else if(profiles_table("sex",$row['fromid'])=="F")$color=" style=\"color:#FF0066;\"";
$subject=bb_code($row['subject']);
$pointer = "-";
if($row['unread']=="Y")$pointer="+";
$msglist.="<a href=\"".$action."messages".$mod."readnotice&id=$row[id]".$session."\"$color>$pointer $fromuser</a> <small>$subject</small><br/>\n";
}
}
else $msglist.="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>no notices!!</small><br/>";
if($page>1)$controls.="<a href=\"".$action."messages".$mod."notices&page=".($page-1).$session."\"><- prev</a>";
if($page>1&&$allmsgs>$page*$mailsperpage)$controls.="\n | ";
if($allmsgs>$page*$mailsperpage)$controls.="<a href=\"".$action."messages".$mod."notices&page=".($page+1).$session."\">next -></a>";
if($page>1||$allmsgs>$page*$mailsperpage)$controls.="<br/>";
$what=Array("sitename","username","newnotices","allnotices","msg","msglist","controls");
$with=Array($sitename,users_table("username",IdFromSes($ses)),$newnotices,$allnotices,$msg,$msglist,$controls);
Template($what,$with,"notices");
exit;
}
/////READ MESSAGE/////
if($mode=="readmessage")
{
$id=get_var("id");
if(!empty($id)){
$query=query("*",messages,"id='$id' AND uid='$uid' AND type='I'");
if(mysql_num_rows($query)>0){
$row=mysql_fetch_array($query);
$date=date("D-jS/M/y",$row['time']);
$time=date("g:ia",$row['time']);
$sex=profiles_table("sex",$row['fromid']);
if($sex=="M")$color="#0000FF";
else if($sex=="F")$color="#FF0066";
$from="<span style=\"color:$color\">".UserFromId($row['fromid'])."</span>";
$subject=bb_code($row['subject']);
if(empty($subject))$subject="NA";
$message=bb_code($row['message']);
update(messages,"unread='N'","id='$id' AND uid='$uid'");
$what=Array("username","date","time","msg","from","subject","message","id");
$with=Array(users_table("username",$uid),$date,$time,$msg,$from,$subject,$message,$id);
Template($what,$with,"readmessage");
exit;
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to read is not available!!</small></br/>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to read is not available!!</small></br/>";
}
/////READ NOTICE/////
if($mode=="readnotice")
{
$id=get_var("id");
if(!empty($id)){
$query=query("*",messages,"id='$id' AND uid='$uid' AND type='N'");
if(mysql_num_rows($query)>0){
$row=mysql_fetch_array($query);
$date=date("D-jS/M/y",$row['time']);
$time=date("g:ia",$row['time']);
$sex=profiles_table("sex",$row['fromid']);
if($sex=="M")$color="#0000FF";
else if($sex=="F")$color="#FF0066";
$from="<span style=\"color:$color\">".UserFromId($row['fromid'])."</span>";
$subject=bb_code($row['subject']);
if(empty($subject))$subject="NA";
$message=bb_code($row['message']);
update(messages,"unread='N'","id='$id' AND uid='$uid'");
$what=Array("username","date","time","msg","from","subject","message","id");
$with=Array(users_table("username",$uid),$date,$time,$msg,$from,$subject,$message,$id);
Template($what,$with,"readnotice");
exit;
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to read is not available!!</small></br/>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to read is not available!!</small></br/>";
}
/////REPLY MESSAGE/////
else if($mode=="reply")
{
$id=get_var("id");
if(!empty($id)){
$query=query("*",messages,"id='$id' AND uid='$uid' AND type='I'");
if(mysql_num_rows($query)>0){
$row=mysql_fetch_array($query);
$to=UserFromId($row['fromid']);
if(substr($row['subject'],0,3)=="re:")$subject=$row['subject'];
else $subject="re:$row[subject]";
$return="messages&mode=readmessage&id=$id";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"writemessage");
exit;
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>you cannot reply to this message!!</small>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to reply to is not available!!</small>";
$return="messages";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"writemessage");
exit;
}
/////SEND MESSAGE/////
else if($mode=="sendmessage")
{
$time=time();
$to=get_var("to");
$subject=get_var("subject");
$message=get_var("message");
$return=get_var("return");
if(get_var("invite")==1)$message="take a look!! [topic=".get_var("tid")."]Click here[/topic]";
if(!SignupChars($to)||IllegalChars($subject)||IllegalChars($message)){
$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>illegal chars used!!</small>";
$return="messages";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"writemessage");
exit;
}
else if(num_rows("id",users,"LOWER(username)=LOWER('$to')")==0){
$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>unknown user!!</small>";
$return="messages";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"writemessage");
exit;
}
else if(empty($to)||empty($message)){
$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>some fields are empty!!</small>";
$return="messages";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"writemessage");
exit;
}
if(flood_protection($uid,IdFromUser($to))){
$msg="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>1 or more messages may not have been sent, if u clicked send more then once ignore this message!!</small>";
$return="messages";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"writemessage");
exit;
}
else{
$subject=$subject;
if(empty($subject))$subject="NA";
$message=$message;
if(!sendinbox($uid,IdFromUser($to),"I",$subject,$message)){
$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>error sending message!!</small>";
$return="messages";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"writemessage");
exit;
}
$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>message has been sent!!</small><br/>";
}
}
/////FORWARD TO/////
else if($mode=="fwdto")
{
$id=get_var("id");
$return="messages";
if(!empty($id)){
$query=query("*",messages,"id='$id' AND uid='$uid' AND type='I'");
if(mysql_num_rows($query)>0){
$row=mysql_fetch_array($query);
$return="messages&mode=readmessage&id=$id";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to forward is not available!!</small>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to forward is not available!!</small>";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"forwardmessage");
exit;
}
/////FORWARD MESSAGE/////
else if($mode=="forwardmessage")
{
$time=time();
$to=get_var("to");
$subject=get_var("subject");
$message=get_var("message");
$return=get_var("return");
$id=get_var("id");
if(!empty($id)){
$query=query("*",messages,"id='$id' AND uid='$uid' AND type='I'");
if(mysql_num_rows($query)>0){
$row=mysql_fetch_array($query);
if(IllegalChars($to)||IllegalChars($subject)||IllegalChars($message)){
$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>illegal chars used!!</small>";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"forwardmessage");
exit;
}
else if(num_rows("id",users,"LOWER(username)=LOWER('$to')")==0){
$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>unknown user!!</small>";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"forwardmessage");
exit;
}
else if(empty($to)||empty($subject)||empty($message)){
$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>some fields are empty!!</small>";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"forwardmessage");
exit;
}
$message.="<br/>
-----<br/>
author: ".UserFromId($row['fromid'])."<br/>
<small>(".date("g:ia D-jS/M/y",$row['time']).")</small><br/>
subject: $row[subject]<br/>
message: $row[message]";
if(!sendinbox($uid,IdFromUser($to),"I","fw: $subject",$message)){
$msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>error forwarding message!!</small>";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"forwardmessage");
exit;
}
else $msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>message has been sent!!</small><br/>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to forward is not available!!</small><br/>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to forward is not available!!</small><br/>";
}
/////WRITE MESSAGE/////
else if($mode=="writemessage")
{
$to=get_var("to");
$return=get_var("return");
if($return==1)$return="options&mode=adminlist";
else $return="messages";
$what=Array("username","msg","to","subject","message","id","return");
$with=Array(users_table("username",$uid),$msg,$to,$subject,$message,$id,$return);
Template($what,$with,"writemessage");
exit;
}
/////DELETE MESSAGE/////
else if($mode=="delmsg")
{
$id=get_var("id");
if(num_rows("id",messages,"id='$id' AND uid='$uid'")>0){
if(!empty($id))delete(messages,"id='$id' AND uid='$uid'");
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to delete is not available!!</small><br/>";
}
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>the message you are trying to delete is not available!!</small><br/>";
}
/////DELETE MESSAGES/////
else if($mode=="delmsgs")
{
$what=Array("username");
$with=Array(users_table("username",$uid));
Template($what,$with,"deletemessages");
exit;
}
/////DELETE ALL MESSAGES/////
else if($mode=="delete")
{
$type=get_var("type");
if($type=="read"){
if(delete(messages,"uid='$uid' AND unread='N' AND type='I'"))$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>all read messages have been deleted!!</small><br/>";
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>Could not delete all read messages!!</small><br/>";
}
else if($type=="new"){
if(delete(messages,"uid='$uid' AND unread='Y' AND type='I'"))$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>all unread messages have been deleted!!</small><br/>";
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>Could not delete all unread messages!!</small><br/>";
}
else if($type=="all"){
if(delete(messages,"uid='$uid' AND type='I'"))$msg="<img src=\"./images/ok.gif\" alt=\"[ok]\"/><small>all messages have been deleted!!</small><br/>";
else $msg="<img src=\"./images/error.gif\" alt=\"[x]\"/><small>could not delete all messages!!</small><br/>";
}
}
/////MESSAGES/////
$newmsgs=num_rows("id",messages,"uid='$uid' AND unread='Y' AND type='I'");
$allmsgs=num_rows("id",messages,"uid='$uid' AND type='I'");
$allnotices=num_rows("id",messages,"uid='$uid' AND type='N'");
$space=round($allmsgs/$maxinbox*100,2);
if(IsAdmin($uid))$space=round($allmsgs/$admin_maxinbox*100,2);
if($allnotices>0)$notices="<a href=\"".$action."messages".$mod."notices".$session."\">* notifications</a><br/>";
$page=get_var("page");
if(empty($page))$page=1;
$query=query("*",messages,"uid='$uid' AND type='I' ORDER BY unread DESC, time DESC LIMIT ".($page-1)*$mailsperpage.",$mailsperpage");
if(mysql_num_rows($query)>0){
while($row=mysql_fetch_array($query)){
$fromuser=UserFromId($row['fromid']);
if(profiles_table("sex",$row['fromid'])=="M")$color=" style=\"color:#0000FF;\"";
else if(profiles_table("sex",$row['fromid'])=="F")$color=" style=\"color:#FF0066;\"";
if(stristr($row['message'],"a [topic"))$row['message']="a new reply was posted by...";
if(stristr($row['message'],"take a look!! [topic"))$row['message']="take a look click here";
$preview=bb_code(substr($row['message'],0,25));
if(trim(strlen($row['message']))>25)$preview.="...";
$pointer = "-";
if($row['unread']=="Y")$pointer="+";
if(IsAdmin($uid))$size=$admin_maxinbox;
else $size=$maxinbox;
if(num_rows("id",messages,"uid='$uid' AND type='I'")>=$size)$msg="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>your inbox is full any new messages u receive will wipe your old ones!!</small><br/>";
$msglist.="<a href=\"".$action."messages".$mod."readmessage&id=$row[id]".$session."\"$color>$pointer $fromuser</a><small> $preview</small><br/>\n";
}
}
else $msglist.="<img src=\"./images/point.gif\" alt=\"[!]\"/><small>no messages!!</small><br/>";
if($page>1)$controls.="<a href=\"".$action."messages&page=".($page-1).$session."\"><- prev</a>";
if($page>1&&$allmsgs>$page*$mailsperpage)$controls.="\n | ";
if($allmsgs>$page*$mailsperpage)$controls.="<a href=\"".$action."messages&page=".($page+1).$session."\">next -></a>";
if($page>1||$allmsgs>$page*$mailsperpage)$controls.="<br/>";
?>