<?
if(!defined("IN_SITE")){
print "Pls stop haxing";
exit;
}
if(!$loggedin){
print "You must be logged in to do that";
} else {
?>
<a href="?page=usercp&function=messages">Messages</a> |
<a href="?page=usercp&function=alerts">Alerts</a><br />
<p>
<?
switch($_GET["function"]){
case "messages";
?>
<center>
<a href="?page=usercp&function=messages&action=inbox">Inbox</a> |
<a href="?page=usercp&function=messages&action=send">Send Message</a></center>
<p>
<?
switch($_GET["action"]){
case "inbox";
?>
<script type="text/javascript">
function checkall() {
with ( document ) {
for ( i = 0 ; i < inbox.elements.length ; i++ ) {
if(inbox.elements[i].checked == false){
inbox.elements[i].checked = true;
} else {
inbox.elements[i].checked = false;
}
}
}
}
</script>
<form name="inbox" action="?page=usercp&function=messages&action=delmsg" method="post">
<table cellpadding="3" style="border: 1px solid #000000;">
<tr>
<td style="border-bottom: 1px solid #000000; border-top: 1px solid #000000;"> <input type="checkbox" onclick="checkall();" /> </td>
<td style="border-bottom: 1px solid #000000;"> From </td>
<td style="border-bottom: 1px solid #000000;"> Subject </td>
<td style="border-bottom: 1px solid #000000;"> Message </td>
<td style="border-bottom: 1px solid #000000;"> Date </td>
</tr>
<?
$MsgQuery = mysql_query("SELECT id, sender_id, subject, message, seen, DATE_FORMAT(thetime, '%d/%c/%Y %r') as f_thetime FROM messages WHERE receiver_id = '{$CharacterInfo['id']}' AND deleted = '0'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
if(mysql_num_rows($MsgQuery) > 0){
while($MsgInfo = mysql_fetch_array($MsgQuery)){
$name = mysql_query("SELECT name FROM characters WHERE id = '{$MsgInfo['sender_id']}'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
$name = mysql_result($name, 0);
$msg = $MsgInfo["message"];
$subject = clean_str($MsgInfo["subject"]);
if(strlen($msg) > 20){
$msg = substr($msg, 0, 20)."...";
}
$msg = clean_str($msg);
$msg = str_replace("\n"," ",$msg);
if($MsgInfo["seen"] == 1){
print "<tr bgcolor=\"green\">";
} elseif($MsgInfo["read_msg"] == 0) {
print "<tr bgcolor=\"red\">";
}
?>
<tr>
<td style="border-bottom: 1px solid #000000;"> <input type="checkbox" name="check[]" value="<?=$MsgInfo["id"];?>" /> </td>
<td style="border-bottom: 1px solid #000000;"> <?=$name;?> </td>
<td style="border-bottom: 1px solid #000000;"> <a href="?page=usercp&function=messages&action=readmsg&id=<?=$MsgInfo["id"];?>"><?=$subject;?></a> </td>
<td style="border-bottom: 1px solid #000000;"> <?=$msg;?> </td>
<td style="border-bottom: 1px solid #000000;"> <?=$date;?> </td>
</tr>
<?
}
?>
<tr>
<td colspan="5"><input type="submit" value="Delete Messages" name="delete" /></td>
</tr>
<?
} else {
print "You have no messages :(";
}
?>
</table>
<?
break;
case "readmsg";
$msgid = $_GET["id"];
if(isset($msgid)){
if(is_numeric($msgid)){
$msgid = addslashes($msgid);
$ReadQ = mysql_query("SELECT * from messages where msg_id = '$msgid'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
if(mysql_num_rows($ReadQ) > 0){
$ReadI = mysql_fetch_array($ReadQ);
if($sess_user_id == $ReadI["rec_id"]){
$name = mysql_query("SELECT username from `users` where user_id={$ReadI['sender_id']}") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
$name = mysql_fetch_array($name);
$name = $name["username"];
$date = date("d-n-Y g:i:s A", $ReadI["timestamp"]);
$msg = $ReadI["message"];
$name = clean_str($name);
$subject = clean_str($ReadI["subject"]);
$msg = clean_str($msg);
$msg = str_replace("\n","<br />",$msg);
mysql_query("UPDATE messages set read_msg = 1 where msg_id = '{$ReadI['msg_id']}'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
?>
<form action="?page=usercp&function=messages&action=delmsg" method="post">
<input type="hidden" name="check[]" value="<?=$ReadI["checksum"];?>" />
<table cellspacing="3" style="border: 1px solid #000000;">
<tr>
<td align="left" style="border-right: 1px solid #000000;"> From: </td>
<td align="center"> <?=$name;?></td>
</tr>
<tr>
<td align="left" style="border-right: 1px solid #000000;"> Subject: </td>
<td align="center"> <?=$subject;?></td>
</tr>
<tr>
<td align="left" style="border-right: 1px solid #000000;"> Date: </td>
<td align="center"> <?=$date;?></td>
</tr>
<tr>
<td align="left" valign="top" style="border-right: 1px solid #000000;"> Message: </td>
<td align="left"> <?=$msg;?></td>
</tr>
<tr>
<td align="left" style="border-right: 1px solid #000000;"><input type="submit" value="Delete Message" name="Submit" /></td>
<td align="right"><input type="button" name="Reply" onClick="window.location = '?page=usercp&function=messages&action=send&name=<?=$name;?>'" value="Reply" />
</tr>
</table>
</form>
<?
} else {
msg_error();
}
} else {
msg_error();
}
} else {
msg_error();
}
} else {
msg_error();
}
break;
case "send";
if(isset($_POST["name"],$_POST["subject"],$_POST["message"])){
$Name = $_POST["name"];
$subject = $_POST["subject"];
$message = $_POST["message"];
$send = sendmessage($_POST["name"], $_POST["subject"], $_POST["message"]);
print "<font color=\"green\">$send</font>";
}
?>
<form action="?page=usercp&function=messages&action=send" method="post">
<table cellpadding="3" style="border: 1px solid #000000;">
<tr>
<td style="border-bottom: 1px solid #000000;">Name: </td>
<td style="border-left: 1px solid #000000; border-bottom: 1px solid #000000;"> <input type="text" name="name" value="<?=$_GET["name"];?>" /></td>
</tr>
<tr>
<td style="border-bottom: 1px solid #000000;">Subject: </td>
<td style="border-left: 1px solid #000000; border-bottom: 1px solid #000000;"> <input type="text" name="subject" value="" /></td>
</tr>
<tr>
<td valign="top" style="border-bottom: 1px solid #000000;">Message: </td>
<td style="border-left: 1px solid #000000; border-bottom: 1px solid #000000;"> <textarea name="message" cols="40" rows="6"></textarea></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Send" /></td>
</tr>
</table>
</form>
<?
break;
case "delmsg";
if(isset($_POST["check"])){
while(list($check,$checksum) = each($_POST["check"])){
$checksum = addslashes($checksum);
mysql_query("DELETE from messages where rec_id='$sess_user_id' AND checksum='$checksum'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
}
print "Message(s) deleted";
}
break;
}
break;
case "alerts";
switch($_GET["action"]){
default;
?>
<script type="text/javascript">
function checkall() {
$(".alerts").prop('checked', true);
}
</script>
<table cellpadding="3" style="border: 1px solid #000000;">
<tr>
<td style="border-bottom: 1px solid #000000;"> <input type="checkbox" name="box" onclick="checkall();" /></td>
<td style="border-bottom: 1px solid #000000;"> Subject </td>
<td style="border-bottom: 1px solid #000000;"> Message </td>
<td style="border-bottom: 1px solid #000000;"> Date </td>
</tr>
<?
$MsgQuery = mysql_query("SELECT id, subject, message, DATE_FORMAT(thetime, '%d/%c/%Y %r') as f_thetime, seen FROM alerts WHERE receiver_id = '{$CharacterInfo['id']}' ORDER by seen, thetime DESC") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
if(mysql_num_rows($MsgQuery) > 0){
while($MsgInfo = mysql_fetch_array($MsgQuery)){
$msg = $MsgInfo["message"];
$name = clean_str($name);
$subject = clean_str($MsgInfo["subject"]);
if(strlen($msg) > 40){
$msg = substr($msg, 0, 40)."...";
}
$msg = nl2br($msg);
$msg = clean_str($msg);
?>
<tr>
<td style="border-bottom: 1px solid #000000;"> <input class="alerts" type="checkbox" name="check[]" value="<?=$MsgInfo["id"];?>" /> </td>
<td style="border-bottom: 1px solid #000000;">
<?
if($MsgInfo['seen'] == 0) {
print "<b>";
}
?><a href="?page=usercp&function=alerts&action=readalert&id=<?=$MsgInfo["id"];?>"><?=$subject;?></a>
<?
if($MsgInfo['seen'] == 0) {
print "</b>";
}
?>
</td>
<td style="border-bottom: 1px solid #000000;"> <?=$msg;?> </td>
<td style="border-bottom: 1px solid #000000;"> <?=$MsgInfo["f_thetime"];?> </td>
</tr>
<?
}
?>
<tr>
<td colspan="5"><button onclick="deleteAlerts();">Delete Alerts</button></td>
</tr>
<?
} else {
print "You have no alerts :(";
}
?>
</table>
<script type="text/javascript">
function deleteAlerts() {
$.post("ajax/user.php?function=deleteAlerts&v=" + Math.random(), {'alerts': $(".alerts").serialize()},
function(data) {
window.location = '?page=usercp&function=alerts';
}
);
}
</script>
<?
break;
case "readalert";
$msgid = $_GET["id"];
if(isset($msgid)){
if(is_numeric($msgid)){
$ReadQ = mysql_query("SELECT subject, message, DATE_FORMAT(thetime, '%d/%c/%Y %r') as f_thetime, receiver_id FROM alerts WHERE id = {$get_safe['id']}") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
if(mysql_num_rows($ReadQ) > 0){
if($CharacterInfo['id'] == mysql_result($ReadQ, 0, "receiver_id")){
mysql_query("UPDATE alerts SET seen = '1' WHERE id = '{$get_safe['id']}'");
$msg = mysql_result($ReadQ, 0, "message");
$subject = clean_str(mysql_result($ReadQ, 0, "subject"));
$msg = nl2br($msg);
$msg = clean_str($msg);
?>
<div id="result"></div>
<table cellpadding="4" style="border: 1px solid #000000;">
<tr>
<td align="left"> Subject: </td>
<td align="center" style="border-left: 1px solid #000000;"> <?=$subject;?></td>
</tr>
<tr>
<td align="left"> Date: </td>
<td align="center" style="border-left: 1px solid #000000;"> <?=mysql_result($ReadQ, 0, 'f_thetime');?></td>
</tr>
<tr>
<td align="left" valign="top"> Message: </td>
<td align="left" style="border-left: 1px solid #000000;"> <?=$msg;?></td>
</tr>
<tr>
<td colspan="2" align="left"><button onclick="deleteAlert('<?=$get_safe['id'];?>');">Delete Alert</button></td>
</tr>
</table>
<script type="text/javascript">
function deleteAlert(id) {
if(confirm("Are you sure you wish to delete this alert?")) {
$.post("ajax/user.php?function=deleteAlert&v=" + Math.random(), {'id':id},
function(data) {
if(data.status)
$("#result").html(data.message);
else
alert(data.message);
}, "json"
);
}
}
</script>
<?
} else {
msg_error();
}
} else {
msg_error();
}
} else {
msg_error();
}
} else {
msg_error();
}
break;
}
break;
}
}
?>