<?
if(!defined("IN_SITE")){
	print "Pls stop haxing";
	exit;
}
if(!$loggedin){
	print "You must be logged in to do that";
} else {
	?>
	<a href="?page=usercp&function=messages">Messages</a> |
	<a href="?page=usercp&function=alerts">Alerts</a><br />
	<p>
	<?
	switch($_GET["function"]){
		case "messages";
			?>
			<center>
			<a href="?page=usercp&function=messages&action=inbox">Inbox</a> |
			<a href="?page=usercp&function=messages&action=send">Send Message</a></center>
			<p>
			<?
			switch($_GET["action"]){
				case "inbox";
					?>
					<script type="text/javascript">
					function checkall() {
					  with ( document ) {
						for ( i = 0 ; i < inbox.elements.length ; i++ ) {
						 if(inbox.elements[i].checked == false){
						    inbox.elements[i].checked = true;
						  } else {
						    inbox.elements[i].checked = false;
						  }
						}
					  }
					}
					</script>
					<form name="inbox" action="?page=usercp&function=messages&action=delmsg" method="post">
					<table cellpadding="3" style="border: 1px solid #000000;">
						<tr>
							<td style="border-bottom: 1px solid #000000; border-top: 1px solid #000000;"> <input type="checkbox" onclick="checkall();" /> </td>
							<td style="border-bottom: 1px solid #000000;"> From </td>
							<td style="border-bottom: 1px solid #000000;"> Subject </td>
							<td style="border-bottom: 1px solid #000000;"> Message </td>
							<td style="border-bottom: 1px solid #000000;"> Date </td>
						</tr>
						<?
							$MsgQuery = mysql_query("SELECT id, sender_id, subject, message, seen, DATE_FORMAT(thetime, '%d/%c/%Y %r') as f_thetime FROM messages WHERE receiver_id = '{$CharacterInfo['id']}' AND deleted = '0'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
							if(mysql_num_rows($MsgQuery) > 0){
								while($MsgInfo = mysql_fetch_array($MsgQuery)){
									$name = mysql_query("SELECT name FROM characters WHERE id = '{$MsgInfo['sender_id']}'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
									$name = mysql_result($name, 0);
									$msg = $MsgInfo["message"];
									$subject = clean_str($MsgInfo["subject"]);
									if(strlen($msg) > 20){
										$msg = substr($msg, 0, 20)."...";
									}
									$msg = clean_str($msg);
									$msg = str_replace("\n"," ",$msg);
									if($MsgInfo["seen"] == 1){
										print "<tr bgcolor=\"green\">";
									} elseif($MsgInfo["read_msg"] == 0) {
										print "<tr bgcolor=\"red\">";
									}
									?>
									<tr>
										<td style="border-bottom: 1px solid #000000;"> <input type="checkbox" name="check[]" value="<?=$MsgInfo["id"];?>" /> </td>
										<td style="border-bottom: 1px solid #000000;"> <?=$name;?> </td>
										<td style="border-bottom: 1px solid #000000;"> <a href="?page=usercp&function=messages&action=readmsg&id=<?=$MsgInfo["id"];?>"><?=$subject;?></a> </td>
										<td style="border-bottom: 1px solid #000000;"> <?=$msg;?> </td>
										<td style="border-bottom: 1px solid #000000;"> <?=$date;?> </td>
									</tr>
									<?
								}
								?>
								<tr>
									<td colspan="5"><input type="submit" value="Delete Messages" name="delete" /></td>
								</tr>
								<?
							} else {
								print "You have no messages :(";
							}
						?>
					</table>
				<?
				break;
				case "readmsg";
					$msgid = $_GET["id"];
					if(isset($msgid)){
						if(is_numeric($msgid)){
							$msgid = addslashes($msgid);
							$ReadQ = mysql_query("SELECT * from messages where msg_id = '$msgid'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
							if(mysql_num_rows($ReadQ) > 0){
								$ReadI = mysql_fetch_array($ReadQ);
								if($sess_user_id == $ReadI["rec_id"]){
									$name = mysql_query("SELECT username from `users` where user_id={$ReadI['sender_id']}") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
									$name = mysql_fetch_array($name);
									$name = $name["username"];
									$date = date("d-n-Y g:i:s A", $ReadI["timestamp"]);
									$msg = $ReadI["message"];
									$name = clean_str($name);
									$subject = clean_str($ReadI["subject"]);
									$msg = clean_str($msg);
									$msg = str_replace("\n","<br />",$msg);
									mysql_query("UPDATE messages set read_msg = 1 where msg_id = '{$ReadI['msg_id']}'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
									?>
									<form action="?page=usercp&function=messages&action=delmsg" method="post">
									<input type="hidden" name="check[]" value="<?=$ReadI["checksum"];?>" />
									<table cellspacing="3" style="border: 1px solid #000000;">
										<tr>
											<td align="left" style="border-right: 1px solid #000000;"> From: </td>
											<td align="center"> <?=$name;?></td>
										</tr>
										<tr>
											<td align="left" style="border-right: 1px solid #000000;"> Subject: </td>
											<td align="center">	 <?=$subject;?></td>
										</tr>
										<tr>
											<td align="left" style="border-right: 1px solid #000000;"> Date: </td>
											<td align="center"> <?=$date;?></td>
										</tr>
										<tr>
											<td align="left" valign="top" style="border-right: 1px solid #000000;"> Message: </td>
											<td align="left"> <?=$msg;?></td>
										</tr>
										<tr>
											<td align="left" style="border-right: 1px solid #000000;"><input type="submit" value="Delete Message" name="Submit" /></td>
											<td align="right"><input type="button" name="Reply" onClick="window.location = '?page=usercp&function=messages&action=send&name=<?=$name;?>'" value="Reply" />
										</tr>
									</table>
									</form>
									<?
								} else {
									msg_error();
								}
							} else {
								msg_error();
							}
						} else {
							msg_error();
						}
					} else {
						msg_error();
					}
				break;
				case "send";
					if(isset($_POST["name"],$_POST["subject"],$_POST["message"])){
						$Name = $_POST["name"];
						$subject = $_POST["subject"];
						$message = $_POST["message"];
						$send = sendmessage($_POST["name"], $_POST["subject"], $_POST["message"]);
						print "<font color=\"green\">$send</font>";
					}
					?>
					<form action="?page=usercp&function=messages&action=send" method="post">
					<table  cellpadding="3" style="border: 1px solid #000000;">
						<tr>
							<td style="border-bottom: 1px solid #000000;">Name: </td>
							<td style="border-left: 1px solid #000000; border-bottom: 1px solid #000000;"> <input type="text" name="name" value="<?=$_GET["name"];?>" /></td>
						</tr>
						<tr>
							<td style="border-bottom: 1px solid #000000;">Subject: </td>
							<td style="border-left: 1px solid #000000; border-bottom: 1px solid #000000;"> <input type="text" name="subject" value="" /></td>
						</tr>
						<tr>
							<td valign="top" style="border-bottom: 1px solid #000000;">Message: </td>
							<td style="border-left: 1px solid #000000; border-bottom: 1px solid #000000;"> <textarea name="message" cols="40" rows="6"></textarea></td>
						</tr>
						<tr>
							<td colspan="2" align="center"><input type="submit" value="Send" /></td>
						</tr>
					</table>
					</form>
					<?
				break;
				case "delmsg";
					if(isset($_POST["check"])){
						while(list($check,$checksum) = each($_POST["check"])){
							$checksum = addslashes($checksum);
							mysql_query("DELETE from messages where rec_id='$sess_user_id' AND checksum='$checksum'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
						}
						print "Message(s) deleted";
					}
				break;
			}
		break;
		case "alerts";
			switch($_GET["action"]){
				default;
					?>
					<script type="text/javascript">
					function checkall() {
						$(".alerts").prop('checked', true);
					}
					</script>
					<table cellpadding="3" style="border: 1px solid #000000;">
						<tr>
							<td style="border-bottom: 1px solid #000000;"> <input type="checkbox" name="box" onclick="checkall();" /></td>
							<td style="border-bottom: 1px solid #000000;"> Subject </td>
							<td style="border-bottom: 1px solid #000000;"> Message </td>
							<td style="border-bottom: 1px solid #000000;"> Date </td>
						</tr>
						<?
							$MsgQuery = mysql_query("SELECT id, subject, message, DATE_FORMAT(thetime, '%d/%c/%Y %r') as f_thetime, seen FROM alerts WHERE receiver_id = '{$CharacterInfo['id']}' ORDER by seen, thetime DESC") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
							if(mysql_num_rows($MsgQuery) > 0){
								while($MsgInfo = mysql_fetch_array($MsgQuery)){
									$msg = $MsgInfo["message"];
									$name = clean_str($name);
									$subject = clean_str($MsgInfo["subject"]);
									if(strlen($msg) > 40){
										$msg = substr($msg, 0, 40)."...";
									}
									$msg = nl2br($msg);
									$msg = clean_str($msg);
									?>
									<tr>
										<td style="border-bottom: 1px solid #000000;"> <input class="alerts" type="checkbox" name="check[]" value="<?=$MsgInfo["id"];?>" /> </td>
										<td style="border-bottom: 1px solid #000000;">
										<?
										if($MsgInfo['seen'] == 0) {
											print "<b>";
										}
										?><a href="?page=usercp&function=alerts&action=readalert&id=<?=$MsgInfo["id"];?>"><?=$subject;?></a>
										<?
										if($MsgInfo['seen'] == 0) {
											print "</b>";
										}
										?>
										</td>
										<td style="border-bottom: 1px solid #000000;"> <?=$msg;?> </td>
										<td style="border-bottom: 1px solid #000000;"> <?=$MsgInfo["f_thetime"];?> </td>
									</tr>
									<?
								}
									?>
									<tr>
										<td colspan="5"><button onclick="deleteAlerts();">Delete Alerts</button></td>
									</tr>
									<?
							} else {
								print "You have no alerts :(";
							}
						?>
					</table>
					<script type="text/javascript">
					function deleteAlerts() {
						$.post("ajax/user.php?function=deleteAlerts&v=" + Math.random(), {'alerts': $(".alerts").serialize()},
							function(data) {
								window.location = '?page=usercp&function=alerts';
							}
						);
					}
					</script>
					<?
				break;
				case "readalert";
					$msgid = $_GET["id"];
					if(isset($msgid)){
						if(is_numeric($msgid)){
							$ReadQ = mysql_query("SELECT subject, message, DATE_FORMAT(thetime, '%d/%c/%Y %r') as f_thetime, receiver_id FROM alerts WHERE id = {$get_safe['id']}") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
							if(mysql_num_rows($ReadQ) > 0){
								if($CharacterInfo['id'] == mysql_result($ReadQ, 0, "receiver_id")){
									mysql_query("UPDATE alerts SET seen = '1' WHERE id = '{$get_safe['id']}'");
									$msg = mysql_result($ReadQ, 0, "message");
									$subject = clean_str(mysql_result($ReadQ, 0, "subject"));
									$msg = nl2br($msg);
									$msg = clean_str($msg);
									?>
									<div id="result"></div>
									<table cellpadding="4" style="border: 1px solid #000000;">
										<tr>
											<td align="left"> Subject: </td>
											<td align="center" style="border-left: 1px solid #000000;">	 <?=$subject;?></td>
										</tr>
										<tr>
											<td align="left"> Date: </td>
											<td align="center" style="border-left: 1px solid #000000;"> <?=mysql_result($ReadQ, 0, 'f_thetime');?></td>
										</tr>
										<tr>
											<td align="left" valign="top"> Message: </td>
											<td align="left" style="border-left: 1px solid #000000;"> <?=$msg;?></td>
										</tr>
										<tr>
											<td colspan="2" align="left"><button onclick="deleteAlert('<?=$get_safe['id'];?>');">Delete Alert</button></td>
										</tr>
									</table>
									<script type="text/javascript">
									function deleteAlert(id) {
										if(confirm("Are you sure you wish to delete this alert?")) {
											$.post("ajax/user.php?function=deleteAlert&v=" + Math.random(), {'id':id},
												function(data) {
													if(data.status)
														$("#result").html(data.message);
													else
														alert(data.message);
												}, "json"
											);
										}
									}
									</script>
									<?
								} else {
									msg_error();
								}
							} else {
								msg_error();
							}
						} else {
							msg_error();
						}
					} else {
						msg_error();
					}
				break;
			}
		break;
	}
}
?>