<? if(!defined("IN_SITE")){ print "Pls stop haxing"; exit; } if(!$loggedin){ print "You must be logged in to do that"; } else { ?> <a href="?page=usercp&function=messages">Messages</a> | <a href="?page=usercp&function=alerts">Alerts</a><br /> <p> <? switch($_GET["function"]){ case "messages"; ?> <center> <a href="?page=usercp&function=messages&action=inbox">Inbox</a> | <a href="?page=usercp&function=messages&action=send">Send Message</a></center> <p> <? switch($_GET["action"]){ case "inbox"; ?> <script type="text/javascript"> function checkall() { with ( document ) { for ( i = 0 ; i < inbox.elements.length ; i++ ) { if(inbox.elements[i].checked == false){ inbox.elements[i].checked = true; } else { inbox.elements[i].checked = false; } } } } </script> <form name="inbox" action="?page=usercp&function=messages&action=delmsg" method="post"> <table cellpadding="3" style="border: 1px solid #000000;"> <tr> <td style="border-bottom: 1px solid #000000; border-top: 1px solid #000000;"> <input type="checkbox" onclick="checkall();" /> </td> <td style="border-bottom: 1px solid #000000;"> From </td> <td style="border-bottom: 1px solid #000000;"> Subject </td> <td style="border-bottom: 1px solid #000000;"> Message </td> <td style="border-bottom: 1px solid #000000;"> Date </td> </tr> <? $MsgQuery = mysql_query("SELECT id, sender_id, subject, message, seen, DATE_FORMAT(thetime, '%d/%c/%Y %r') as f_thetime FROM messages WHERE receiver_id = '{$CharacterInfo['id']}' AND deleted = '0'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__); if(mysql_num_rows($MsgQuery) > 0){ while($MsgInfo = mysql_fetch_array($MsgQuery)){ $name = mysql_query("SELECT name FROM characters WHERE id = '{$MsgInfo['sender_id']}'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__); $name = mysql_result($name, 0); $msg = $MsgInfo["message"]; $subject = clean_str($MsgInfo["subject"]); if(strlen($msg) > 20){ $msg = substr($msg, 0, 20)."..."; } $msg = clean_str($msg); $msg = str_replace("\n"," ",$msg); if($MsgInfo["seen"] == 1){ print "<tr bgcolor=\"green\">"; } elseif($MsgInfo["read_msg"] == 0) { print "<tr bgcolor=\"red\">"; } ?> <tr> <td style="border-bottom: 1px solid #000000;"> <input type="checkbox" name="check[]" value="<?=$MsgInfo["id"];?>" /> </td> <td style="border-bottom: 1px solid #000000;"> <?=$name;?> </td> <td style="border-bottom: 1px solid #000000;"> <a href="?page=usercp&function=messages&action=readmsg&id=<?=$MsgInfo["id"];?>"><?=$subject;?></a> </td> <td style="border-bottom: 1px solid #000000;"> <?=$msg;?> </td> <td style="border-bottom: 1px solid #000000;"> <?=$date;?> </td> </tr> <? } ?> <tr> <td colspan="5"><input type="submit" value="Delete Messages" name="delete" /></td> </tr> <? } else { print "You have no messages :("; } ?> </table> <? break; case "readmsg"; $msgid = $_GET["id"]; if(isset($msgid)){ if(is_numeric($msgid)){ $msgid = addslashes($msgid); $ReadQ = mysql_query("SELECT * from messages where msg_id = '$msgid'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__); if(mysql_num_rows($ReadQ) > 0){ $ReadI = mysql_fetch_array($ReadQ); if($sess_user_id == $ReadI["rec_id"]){ $name = mysql_query("SELECT username from `users` where user_id={$ReadI['sender_id']}") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__); $name = mysql_fetch_array($name); $name = $name["username"]; $date = date("d-n-Y g:i:s A", $ReadI["timestamp"]); $msg = $ReadI["message"]; $name = clean_str($name); $subject = clean_str($ReadI["subject"]); $msg = clean_str($msg); $msg = str_replace("\n","<br />",$msg); mysql_query("UPDATE messages set read_msg = 1 where msg_id = '{$ReadI['msg_id']}'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__); ?> <form action="?page=usercp&function=messages&action=delmsg" method="post"> <input type="hidden" name="check[]" value="<?=$ReadI["checksum"];?>" /> <table cellspacing="3" style="border: 1px solid #000000;"> <tr> <td align="left" style="border-right: 1px solid #000000;"> From: </td> <td align="center"> <?=$name;?></td> </tr> <tr> <td align="left" style="border-right: 1px solid #000000;"> Subject: </td> <td align="center"> <?=$subject;?></td> </tr> <tr> <td align="left" style="border-right: 1px solid #000000;"> Date: </td> <td align="center"> <?=$date;?></td> </tr> <tr> <td align="left" valign="top" style="border-right: 1px solid #000000;"> Message: </td> <td align="left"> <?=$msg;?></td> </tr> <tr> <td align="left" style="border-right: 1px solid #000000;"><input type="submit" value="Delete Message" name="Submit" /></td> <td align="right"><input type="button" name="Reply" onClick="window.location = '?page=usercp&function=messages&action=send&name=<?=$name;?>'" value="Reply" /> </tr> </table> </form> <? } else { msg_error(); } } else { msg_error(); } } else { msg_error(); } } else { msg_error(); } break; case "send"; if(isset($_POST["name"],$_POST["subject"],$_POST["message"])){ $Name = $_POST["name"]; $subject = $_POST["subject"]; $message = $_POST["message"]; $send = sendmessage($_POST["name"], $_POST["subject"], $_POST["message"]); print "<font color=\"green\">$send</font>"; } ?> <form action="?page=usercp&function=messages&action=send" method="post"> <table cellpadding="3" style="border: 1px solid #000000;"> <tr> <td style="border-bottom: 1px solid #000000;">Name: </td> <td style="border-left: 1px solid #000000; border-bottom: 1px solid #000000;"> <input type="text" name="name" value="<?=$_GET["name"];?>" /></td> </tr> <tr> <td style="border-bottom: 1px solid #000000;">Subject: </td> <td style="border-left: 1px solid #000000; border-bottom: 1px solid #000000;"> <input type="text" name="subject" value="" /></td> </tr> <tr> <td valign="top" style="border-bottom: 1px solid #000000;">Message: </td> <td style="border-left: 1px solid #000000; border-bottom: 1px solid #000000;"> <textarea name="message" cols="40" rows="6"></textarea></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="Send" /></td> </tr> </table> </form> <? break; case "delmsg"; if(isset($_POST["check"])){ while(list($check,$checksum) = each($_POST["check"])){ $checksum = addslashes($checksum); mysql_query("DELETE from messages where rec_id='$sess_user_id' AND checksum='$checksum'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__); } print "Message(s) deleted"; } break; } break; case "alerts"; switch($_GET["action"]){ default; ?> <script type="text/javascript"> function checkall() { $(".alerts").prop('checked', true); } </script> <table cellpadding="3" style="border: 1px solid #000000;"> <tr> <td style="border-bottom: 1px solid #000000;"> <input type="checkbox" name="box" onclick="checkall();" /></td> <td style="border-bottom: 1px solid #000000;"> Subject </td> <td style="border-bottom: 1px solid #000000;"> Message </td> <td style="border-bottom: 1px solid #000000;"> Date </td> </tr> <? $MsgQuery = mysql_query("SELECT id, subject, message, DATE_FORMAT(thetime, '%d/%c/%Y %r') as f_thetime, seen FROM alerts WHERE receiver_id = '{$CharacterInfo['id']}' ORDER by seen, thetime DESC") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__); if(mysql_num_rows($MsgQuery) > 0){ while($MsgInfo = mysql_fetch_array($MsgQuery)){ $msg = $MsgInfo["message"]; $name = clean_str($name); $subject = clean_str($MsgInfo["subject"]); if(strlen($msg) > 40){ $msg = substr($msg, 0, 40)."..."; } $msg = nl2br($msg); $msg = clean_str($msg); ?> <tr> <td style="border-bottom: 1px solid #000000;"> <input class="alerts" type="checkbox" name="check[]" value="<?=$MsgInfo["id"];?>" /> </td> <td style="border-bottom: 1px solid #000000;"> <? if($MsgInfo['seen'] == 0) { print "<b>"; } ?><a href="?page=usercp&function=alerts&action=readalert&id=<?=$MsgInfo["id"];?>"><?=$subject;?></a> <? if($MsgInfo['seen'] == 0) { print "</b>"; } ?> </td> <td style="border-bottom: 1px solid #000000;"> <?=$msg;?> </td> <td style="border-bottom: 1px solid #000000;"> <?=$MsgInfo["f_thetime"];?> </td> </tr> <? } ?> <tr> <td colspan="5"><button onclick="deleteAlerts();">Delete Alerts</button></td> </tr> <? } else { print "You have no alerts :("; } ?> </table> <script type="text/javascript"> function deleteAlerts() { $.post("ajax/user.php?function=deleteAlerts&v=" + Math.random(), {'alerts': $(".alerts").serialize()}, function(data) { window.location = '?page=usercp&function=alerts'; } ); } </script> <? break; case "readalert"; $msgid = $_GET["id"]; if(isset($msgid)){ if(is_numeric($msgid)){ $ReadQ = mysql_query("SELECT subject, message, DATE_FORMAT(thetime, '%d/%c/%Y %r') as f_thetime, receiver_id FROM alerts WHERE id = {$get_safe['id']}") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__); if(mysql_num_rows($ReadQ) > 0){ if($CharacterInfo['id'] == mysql_result($ReadQ, 0, "receiver_id")){ mysql_query("UPDATE alerts SET seen = '1' WHERE id = '{$get_safe['id']}'"); $msg = mysql_result($ReadQ, 0, "message"); $subject = clean_str(mysql_result($ReadQ, 0, "subject")); $msg = nl2br($msg); $msg = clean_str($msg); ?> <div id="result"></div> <table cellpadding="4" style="border: 1px solid #000000;"> <tr> <td align="left"> Subject: </td> <td align="center" style="border-left: 1px solid #000000;"> <?=$subject;?></td> </tr> <tr> <td align="left"> Date: </td> <td align="center" style="border-left: 1px solid #000000;"> <?=mysql_result($ReadQ, 0, 'f_thetime');?></td> </tr> <tr> <td align="left" valign="top"> Message: </td> <td align="left" style="border-left: 1px solid #000000;"> <?=$msg;?></td> </tr> <tr> <td colspan="2" align="left"><button onclick="deleteAlert('<?=$get_safe['id'];?>');">Delete Alert</button></td> </tr> </table> <script type="text/javascript"> function deleteAlert(id) { if(confirm("Are you sure you wish to delete this alert?")) { $.post("ajax/user.php?function=deleteAlert&v=" + Math.random(), {'id':id}, function(data) { if(data.status) $("#result").html(data.message); else alert(data.message); }, "json" ); } } </script> <? } else { msg_error(); } } else { msg_error(); } } else { msg_error(); } } else { msg_error(); } break; } break; } } ?>