<?php
include('header.php');
include('functions.php');
include('show_smilies.php');
if ($pm_enabled ==1)
{
if (!isset($_SESSION['signed_in'])) {
//the user is not signed in
echo '<br /><div align="center">' . $l_you_need_to . ' <a class="loginlink" href="signin.php">' . $l_login_s . '</a> ' . $l_in_order . ' <br>' . $l_u_also . ' <a class="loginlink" href="signup.php">' . $l_register_s . '</a> ' . $l_for_acc . '</div><br />';
} else {
//BUTTONS
echo "<hr /><br /><div align='left' style='margin-left:12px;'>
<a class='profile' href='pm.php?inbox'>$l_inbox</a>
<a class='profile' href='pm.php?outbox'>$l_outbox</a>
<a class='profile' href='pm.php?send'>$l_compose_pm</a>
<br /><br /></div><hr />";
if ( !isset($_GET['send']) ) {$_SESSION['PM']=NULL;}
//////////////////////////////////////////////
// COMPOSE MESSAGE
//////////////////////////////////////////////
if ( isset($_GET['send']) )
{
$mytext = "";
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
if (isset($_GET['u'])) {$send_to = $_GET['u'];}
else {$send_to = "";}
///////////////////////////////////
//FORM
///////////////////////////////////
//echo '';
if ( isset($_SESSION['PM']) ) {$mytext = BBDecode (str_replace("<br>","",$_SESSION['PM']));}
$message_subject = $l_message_from." ".EscapeStr($_SESSION['user_name'])."";
if ( isset($_GET['quote']) )
{
$sql = "SELECT
message,
pm_subject,
from_name
FROM " . $table_prefix . "private_messages
WHERE
pm_id = ".safeEscape($_GET['quote'])." LIMIT 1";
$result = $db->query($sql);
$list = $db->fetch_array($result,'assoc');
$mytext = str_replace("<br>","\n",$mytext);
$mytext = my_nl2br($mytext);
$mytext = BBDecode("[quote=$list[from_name]]$list[message][/quote]\n");
$mytext = str_replace("<br>","\n",$mytext);
$mytext = str_replace("<br>","",$mytext);
$message_subject = "Re: ".$list['pm_subject'];
}
$tags = array('{SUBJECT}','{MESSAGE}','{MORE_SMILIES}','{MY_TEXT}','{MESSAGE_SUBJECT}','{SEND_PM}','{PREVIEW}',
'{STYLE}','{PM_TITLE}','{PM_TO}','{SEND_TO}');
$data = array($l_subject, $l_message,$l_more_smilies,$mytext,$message_subject,$l_send_pm,$l_preview_button,
$default_style,$l_send_pm,$l_pm_to,$send_to);
echo str_replace($tags, $data, file_get_contents("./style/" . $default_style . "/pm_compose.html"));
}
else
{
$errors = array();
$send_to = EscapeStr($_POST['send_to']);
$message_subject = $_POST['message_subject'];
$text = $_POST['reply'];
$text = my_nl2br($text); //Remove double or miltiple new lines
$text = convEnt2($text);
$text = str_replace("\n", "<br>", $text);
$text = BBCode($text);
$message_subject = convEnt2($message_subject);
$message_subject = trim($message_subject);
$message_subject = strip_tags($message_subject);
$send_to = trim($send_to);
if (strlen($message_subject) <= 0)
{$message_subject = "$l_message_from ".EscapeStr($_SESSION['user_name'])."";}
if (strlen($send_to)>0)
{$sql = "SELECT
user_name, user_id, user_email
FROM " . $table_prefix . "users
WHERE
user_name = '$send_to' LIMIT 1";
$result = $db->query($sql);
if ($db->num_rows($result)<=0) {$errors[] = "'<b>$send_to</b>' $l_error_unknown_user";} else
{$row = $db->fetch_array($result,'assoc');}
}
if (!ctype_alnum($send_to)) {$errors[] = $l_error_un_contain;}
if (strlen($message_subject) > 70) {$errors[] = "$l_error_message_subject";}
if (strlen($message_subject) <=0) {$errors[] = "$l_subject_few";}
if (strlen($text) > $max_post_characters) {$errors[] = "$l_error_message_body";}
if (strlen($text) < $min_post_characters) {$errors[] = "$l_message_few";}
if ($_SESSION['user_name'] == $send_to) {$errors[] = "$l_error_pm_self";}
//echo "TO: $send_to<BR> Subject: $message_subject <BR> Message: $text <BR>";
if (!empty($errors)) {
echo '<b>' . $l_information . '</b><br/><div align="center">' . $l_error_message . '<br /><br /><tr>';
$_SESSION['PM'] = $text;
foreach ($errors as $keys => $value) {
/* walk through the array so all the errors get displayed */
echo '<td><span style="color:red">' . $value . '<br /></td></tr></span>';
}
echo '<br /><a href="javascript: history.go(-1)">' . $l_back_to_prev . '</a></div><br /><br />';
} else {
//SEND MESSAGE
$from_id = safeEscape($_SESSION['user_id']);
$from_name = EscapeStr($_SESSION['user_name']);
$to_id = $row['user_id'];
$to_name = $send_to;
$pm_subject = $message_subject;
$pm_time = "NOW() + INTERVAL $server_time MINUTE + INTERVAL $time_difference HOUR";
$pm_text = $text;
$result= $db->sendPM ($from_id, $from_name, $to_id, $to_name, $pm_subject, $pm_time, $pm_text, $table_prefix);
//SEND EMAIL ON NEW PM?
if ($email_pm == 1 AND $disable_email == 0) {require_once('./includes/send_email_pm.php');}
if ($result) {echo "<br><div align='center'> $l_message_send_to <b>$send_to</b><br><br>
<a href='pm.php?inbox'>Back to inbox</a></div><br><br>";
if ( isset($_SESSION['PM']) ) {$_SESSION['PM'] = NULL;}
}
}
} //end if REQUEST_METHOD = post
}
//END COMPOSE MESSAGE
//////////////////////////////////////////////
// DELETE PM
//////////////////////////////////////////////
$pm_read_ = "";
$pm_to_or_from = "to_id";
$get_inbox = "inbox";
$pm_to = "";
if (isset($_GET['outbox']))
{$pm_read_ = "AND pm_read = 0";
$pm_to_or_from = "from_id";
$get_inbox = "outbox";}
if ( isset($_GET['delmsg']) )
{
//Check if this PM is in my inbox before delete it.
$sql = "SELECT pm_id FROM " . $table_prefix . "private_messages
WHERE
$pm_to_or_from = ".safeEscape($_SESSION['user_id'])."
AND
pm_id = ".safeEscape($_GET['delmsg'])." LIMIT 1";
$result = $db->query($sql);
if ($db->num_rows($result)>=1 AND !isset($_POST['Submit']))
{
$sql = "
DELETE FROM " . $table_prefix . "private_messages
WHERE
pm_id = ".safeEscape($_GET['delmsg'])."
LIMIT 1";
$result = $db->query($sql);
if ($result) {echo "<div align='center'>$l_pm_deleted</div>";}
}
}
///// DELETE SELECTED
if (isset($_GET['inbox']) or isset($_GET['outbox']) and $_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['Submit']) AND isset($_POST['checkbox'])) {
for ($i = 0; $i < count($_POST['checkbox']); $i++) {
$sql = "
DELETE FROM " . $table_prefix . "private_messages
WHERE
pm_id = ".EscapeStr($_POST['checkbox'][$i])."
LIMIT 1";
$result = $db->query($sql);
}
}
}
//END DELETE PM
//////////////////////////////////////////////
//INBOX / OUTBOX
//////////////////////////////////////////////
echo "
<script language=\"JavaScript\">
function toggle(source) {
checkboxes = document.getElementsByName('checkbox[]');
for(var i in checkboxes)
checkboxes[i].checked = source.checked;
}
</script>";
if ( isset($_GET['inbox']) or isset($_GET['outbox']))
{
////// SORTING //////
$desasc = "DESC";
$ordimg = "down.gif";
$order = 'pm_date';
$sorting = "date";
$d_img = "<img src='./style/$default_style/img/$ordimg' style='vertical-align: middle;' border=0 />";
$n_img = "";
if (isset($_GET['order']))
{
if ($_GET['order'] == 'ASC') {$desasc = "DESC"; $ordimg = "down.gif";}
if ($_GET['order'] == 'DESC') {$desasc = "ASC"; $ordimg = "up.gif";} }
if (isset($_GET['sort']))
{
if ($_GET['sort'] == 'date') {
$sorting = "date";
$order = "pm_date";
$d_img = "<img src='./style/$default_style/img/$ordimg' style='vertical-align: middle;' border=0 />";
$n_img = "";
}
if ($_GET['sort'] == 'name') {
$sorting = "name";
$order = "LOWER(from_name)";
$d_img = "";
$n_img = "<img src='./style/$default_style/img/$ordimg' style='vertical-align: middle;' border=0 />";
}
}
////// END SORTING //////
// GET ALL PM's (50) //
$sql = "SELECT * FROM " . $table_prefix . "private_messages WHERE $pm_to_or_from = ".safeEscape($_SESSION['user_id'])." $pm_read_ ORDER BY $order $desasc LIMIT 50";
$result = $db->query($sql);
$total_pm = "(".$db->num_rows($result).")";
if ($total_pm >=1) {$total_pm = "($total_pm)";}
$l_priv_pm__ = $l_priv_messages;
if (isset($_GET['outbox'])) {$l_priv_pm__ = $l_outbox;}
echo "<br/><form name ='myform' action='' method='post'><div align='center'><table style='width:98%;'><tr>
<th>
<input type='checkbox' onClick='toggle(this)' /> <b> $l_priv_pm__ $total_pm</b></th>
<th><b> <a href='pm.php?$get_inbox&sort=name&order=$desasc'>$l_message_from</a></b> $n_img</th>
<th><b> <a href='pm.php?$get_inbox&sort=date&order=$desasc'>$l_pm_date</a></b> $d_img</th></tr>";
WHILE ($list = $db->fetch_array($result,'assoc'))
{
//$text = substr($list['message'],0,30)."...";
$reply_button = "";
$quote_button = "";
$print_button = "";
$text = "";
// Preview text on mouse hover (300 char.)
$text_preview = substr($list['message'],0,300)."...";
$text_preview = str_replace("<br>","\n",$text_preview);
$text_preview = strip_tags($text_preview);
$text_preview = convEnt2($text_preview);
$td_style = "class='friend'";
$td_width = "400px";
$delete_pm = "<p class='alignright'><a title='$l_delete' href='pm.php?$get_inbox&delmsg=$list[pm_id]'><img src='./style/$default_style/img/delete.gif' style='vertical-align: middle;' border=0 /></a> </p>";
if (isset($_GET['msg']) AND $_GET['msg'] == $list['pm_id'])
{
$text = "<blockquote class='pm_message'><br/>".$list['message']."<br/><br/></blockquote>";
$td_style = "style ='background-color: #FDFDFD; border: 0px solid #9B9C9E;'"; //Highlist PM
//$td_width = "600px";
if ($allow_smilies == 1) {$text = smilies($text, 'img/smilies/');}
}
if (strlen($text)>20 AND !isset($_GET['msg']))
{$text = substr($text,0,20)."...";}
if (isset($_GET['msg']) AND $list['pm_read'] == 0 AND $list['to_id'] == $_SESSION['user_id'])
{$read_msg = $db->query("UPDATE " . $table_prefix . "private_messages
SET
pm_read = 1
WHERE pm_id = ".safeEscape($_GET['msg'])." LIMIT 1");
}
if (isset($_GET['inbox']) AND isset($_GET['msg']) AND $_GET['msg'] == $list['pm_id'])
{$reply_button = "<br><a class='menuButtons' href='pm.php?send&u=$list[from_name]'>$l_reply</a>";
$quote_button = "<a class='menuButtons' href='pm.php?send&u=$list[from_name]"e=$list[pm_id]'>$l_quote</a>";
$print_button = "<p class='alignright'><a class='menuButtons' href='pm.php?inbox&u=$list[from_name]&msg=$list[pm_id]&print#$list[pm_id]'>$l_print</a></p><br><br>";
}
if (isset($_GET['outbox']))
{$pm_to = " ($l_pm_to <a href='user.php?u=$list[to_id]'><b>$list[to_name]</b></a>)";}
$pm_subj = "<b>$list[pm_subject]</b>";
if ($list['pm_read'] == 0) {$pm_subj = "<span style='color:red'><b>$list[pm_subject]</b></span>";}
$pm_date = date($date_format, strtotime($list['pm_date']));
echo "
<tr>
<td $td_style valign='top' width='$td_width' >
<input type='checkbox' name='checkbox[]' value='$list[pm_id]'>
<a title='$text_preview' name='$list[pm_id]' href='pm.php?$get_inbox&msg=$list[pm_id]#$list[pm_id]'>$pm_subj</a> $pm_to $delete_pm<br><br>$text $reply_button $quote_button $print_button<br>\n</td>
<td $td_style valign='top'> <a href='user.php?u=$list[from_id]'>$list[from_name]</a></td>
<td $td_style valign='top'> $pm_date
</td>
</tr>
";
}
if ($total_pm !="(0)") {
echo "<tr><td><input class='inputButton' type='submit' name='Submit' value='$l_delete_selected'>
</td>
<td></td>
<td></td>
</tr>";}
echo "
</table></form>
</div>
<br/><br/>";
} //END INBOX
} //END PM
} else {header('location:index.php');}
$pageTitle = "Send private message";
$pageContents = ob_get_contents();
ob_end_clean();
echo str_replace('<!--TITLE-->', $pageTitle, $pageContents);
?>
