Location: PHPKode > projects > NovaBoard > NovaBoard1.1.4/includes/pages/messages.php
<?php
/*
+--------------------------------------------------------------------------
|   NovaBoard
|   ========================================
|   By Dave Murchison
|   (c) 2009 NovaBoard
|   http://www.novaboard.net
|   ========================================
|   messages.php - shows private messages page
 
*/

if (!defined('NOVA_RUN')){
	echo "<h1>ACCESS DENIED</h1>You cannot access this file directly.";
	exit();
}

// TAG EDIT
$format_time = '%A, %b %d, %Y %r';

template_hook("pages/messages.template.php", "start");

	// PERMISSIONS!! Can they PM?
		if ($can_pm=='0'){
		
	nova_redirect("index.php?page=error&error=12","error/12");
		
		}

if ($_GET['act']=='del'){

// First, make sure that they are the original author...

$id=$_GET['id'];
$id=escape_string($id);

$query211 = "select TOPIC_ID from {$db_prefix}messages WHERE MEMBER_FROM='$my_id' AND TITLE!='' AND TOPIC_ID='$id'" ;
$result211 = mysql_query($query211) or die("messages.php - Error in query: $query211") ;                                  
$original_author=mysql_num_rows($result211);


$query211 = "select TOPIC_ID from {$db_prefix}messages WHERE MEMBER_TO='$my_id' AND TITLE!='' AND TOPIC_ID='$id'" ;
$result211 = mysql_query($query211) or die("messages.php - Error in query: $query211") ;                                  
$original_recipient=mysql_num_rows($result211);

if ($original_author!='0'){

$id=$_GET['id'];
$id=escape_string($id);	
	
mysql_query("UPDATE {$db_prefix}messages SET hidden_from='1' WHERE topic_id='$id' AND TITLE!=''");

	template_hook("pages/messages.template.php", "form_1");

	nova_redirect("index.php?page=messages&act=inbox","messages");

}
elseif ($original_recipient!='0'){
// We mask them instead...

$id=$_GET['id'];
$id=escape_string($id);

mysql_query("UPDATE {$db_prefix}messages SET hidden='1' WHERE topic_id='$id' AND TITLE!=''");

	template_hook("pages/messages.template.php", "form_2");

	nova_redirect("index.php?page=messages&act=inbox","messages");

}

else{
	nova_redirect("index.php?page=error&error=13","error/13");
}
}


elseif ($_GET['act']=='inbox'){

$count_message_alt="";

// We'll show messages like a forum :)

template_hook("pages/messages.template.php", "3");

// todays messages...
// Get today's date at midnight...

$server_time=mktime(date("H"),date("i"),date("s"),date("m"),date("d"),date("Y"));
$user_time=mktime((date("H")+$offset),date("i"),date("s"),date("m"),date("d"),date("Y"));
if(floor(($user_time-$server_time)/86400) >= '1'){
$todays_date  = mktime(0, 0, 0, date("m")  , date("d")+1, date("Y"));
}
elseif(floor(($user_time-$server_time)/86400) < '0'){
$todays_date  = mktime(0, 0, 0, date("m")  , date("d")-1, date("Y"));
}
else{
$todays_date = date("F j, Y" );
}
$today_message=strtotime($todays_date);
$today_message=$today_message + $time_offset;

// Yesterday...
$yesterday_message=$today_message -86400;

// Last week
$week_message=$today_message -604800;

$number_today="0";
$number_yesterday="0";
$number_this_week="0";
$number_older="0";

$query211 = "select TOPIC_ID, ID, MEMBER_FROM, MEMBER_TO, SENT_TIME, LAST_POST_TIME from {$db_prefix}messages WHERE MEMBER_TO='$my_id' AND HIDDEN='0' AND TITLE!='' OR MEMBER_FROM='$my_id' AND HIDDEN_FROM='0' AND TITLE!='' GROUP BY TOPIC_ID ORDER BY LAST_POST_TIME desc, SENT_TIME desc, TOPIC_ID desc";
$result211 = mysql_query($query211) or die("messages.php - Error in query: $query211");

while ($results211 = mysql_fetch_array($result211)){
$id = $results211['ID'];
$topic_id = $results211['TOPIC_ID'];
$member_from = $results211['MEMBER_FROM'];
$member_to = $results211['MEMBER_TO'];
$sent_time = $results211['SENT_TIME'];
$last_post_time = $results211['LAST_POST_TIME'];

	$count_message_alt=$count_message_alt+1;

	$check_odd = checkNum($count_message_alt);

	if ($check_odd===TRUE){
		$alt_td_class="";
	}
	else{
		$alt_td_class="-alt";	
	}

if ($last_post_time > $today_message && $number_today=='0'){
template_hook("pages/messages.template.php", "19");
$number_today++;
}

if ($last_post_time < $today_message && $last_post_time > $yesterday_message && $number_yesterday=='0'){
template_hook("pages/messages.template.php", "20");
$number_yesterday++;
}

if ($last_post_time > $week_message && $last_post_time < $yesterday_message && $number_this_week=='0'){
template_hook("pages/messages.template.php", "21");
$number_this_week++;
}

if ($last_post_time < $week_message && $number_older=='0'){
template_hook("pages/messages.template.php", "22");
$number_older++;
}

$query212 = "select TITLE from {$db_prefix}messages WHERE TOPIC_ID='$topic_id' AND TITLE!=''" ;
$result212 = mysql_query($query212) or die("messages.php - Error in query: $query212") ;                               
$title = mysql_result($result212, 0);

$title=strip_slashes($title);
$content=strip_slashes($content);

$time = format_date($time); 

// Get last ID where it equals $my_id and see
// if this message has been read by $my_id...

// Set default read time...
$my_read_time="1";

$query21 = "select READ_TIME from {$db_prefix}messages WHERE TOPIC_ID='$topic_id' AND MEMBER_TO='$my_id' ORDER BY ID desc LIMIT 1" ;
$result21 = mysql_query($query21) or die("messages.php - Error in query: $query21"); 
$read_num = mysql_num_rows($result21);

if ($read_num!='0'){                                 
$my_read_time = mysql_result($result21, 0);
}

$query210 = "select HIDDEN from {$db_prefix}messages WHERE TOPIC_ID='$topic_id' AND MEMBER_TO='$my_id' AND TITLE!=''" ;
$result210 = mysql_query($query210) or die("messages.php - Error in query: $query210") ;                                  
$hidden_message = mysql_result($result210, 0);

$query2 = "select HIDDEN_FROM from {$db_prefix}messages WHERE TOPIC_ID='$topic_id' AND MEMBER_FROM='$my_id' AND TITLE!=''" ;
$result2 = mysql_query($query2) or die("messages.php - Error in query: $query2") ;                                  
$hidden_message_from = mysql_result($result2, 0);

$query2111 = "select NAME, ROLE from {$db_prefix}members WHERE ID='$member_from'" ;
$result2111 = mysql_query($query2111) or die("messages.php - Error in query: $query2111") ;                                   
while ($results2111 = mysql_fetch_array($result2111)){
$name = $results2111['NAME'];
$role_from = $results2111['ROLE'];
}

$query8 = "select ID from {$db_prefix}messages WHERE TOPIC_ID='$topic_id' AND TITLE=''" ;
$result8 = mysql_query($query8) or die("messages.php - Error in query: $query8") ;                                  
$replies=number_format(mysql_num_rows($result8));

$query998 = "select ID, SENT_TIME from {$db_prefix}messages WHERE TOPIC_ID='$topic_id' ORDER  BY ID desc LIMIT 1" ;
$result998 = mysql_query($query998) or die("messages.php - Error in query: $query998") ;                                  
while ($results998 = mysql_fetch_array($result998)){
$last_post = $results998['ID'];
$last_sent_time = $results998['SENT_TIME'];

$last_sent_time = format_date($last_sent_time); 

}

$query2 = "select MEMBER_FROM from {$db_prefix}messages WHERE TOPIC_ID='$topic_id' ORDER  BY SENT_TIME desc LIMIT 1" ;
$result2 = mysql_query($query2) or die("messages.php - Error in query: $query2") ;                                  
$last_poster_id = mysql_result($result2, 0);

$last_poster = '';

$query2185 = "select NAME, ROLE from {$db_prefix}members WHERE ID='$last_poster_id'" ;
$result2185 = mysql_query($query2185) or die("messages.php - Error in query: $query2185") ;                                   
while ($results2185 = mysql_fetch_array($result2185)){
$last_poster = $results2185['NAME'];
$last_role = $results2185['ROLE'];
}

$query2185 = "select NAME, ROLE from {$db_prefix}members WHERE ID='$member_to'" ;
$result2185 = mysql_query($query2185) or die("messages.php - Error in query: $query2185") ;                                   
while ($results2185 = mysql_fetch_array($result2185)){
$name_to = $results2185['NAME'];
$role_to = $results2185['ROLE'];
}


if ($hidden_message=='0' && $my_id==$member_to){
template_hook("pages/messages.template.php", "4");                            
}

elseif ($hidden_message_from=='0' && $my_id==$member_from){
template_hook("pages/messages.template.php", "4");                             
}

}


template_hook("pages/messages.template.php", "5"); 

}
elseif($_GET['act']=='new'){

if ($_POST['content']!='' && $_POST['member_to']!='' && $_POST['member_to']!='0'){

$token_id = $_POST['token_id'];
$token_id = escape_string($token_id);

$token_name = "token_messages_$token_id";

 if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){

// do a check and make sure the username exists, if not, return to error page

$member_to=$_POST['member_to'];
$member_to=escape_string($member_to);

$query2167		= 'SELECT name, email, subscribe_pm, board_lang FROM ' . $db_prefix . 'members WHERE id = ' . $member_to;
$result2167		= mysql_query($query2167) or die("messages.php - Error in query: $query2167");
$row			= mysql_fetch_assoc($result2167);
$members_result	= mysql_num_rows($result2167);

	$is_subscribed 		= $row['subscribe_pm'];
	$subscriber_name	= $row['name'];
	$subscriber_email	= $row['email'];
	$recipient_lang		= $row['board_lang'];

if ($members_result != 1)
{
	nova_redirect("index.php?page=error&error=31","error/31");
}

// okay, so they exist, but are you sending a PM to yourself???

if ($member_to == $my_id)
{
	nova_redirect("index.php?page=error","error");
}

$query2167 = "select TOPIC_ID from {$db_prefix}messages ORDER BY TOPIC_ID desc LIMIT 1" ;
$result2167 = mysql_query($query2167) or die("messages.php - Error in query: $query2167") ;                                  
$topic_id = mysql_result($result2167, 0);

$topic_id=$topic_id+1;

$time=time();

$subject=$_POST['subject'];
$subject=escape_string($subject);
$content=$_POST['content'];
$content=escape_string($content);
if ($subject==''){
	$subject="(No Subject)";
}

mysql_query("INSERT INTO {$db_prefix}messages (topic_id, member_from, member_to, title, content, sent_time, last_post_time) VALUES ('$topic_id', '$my_id', '$member_to', '$subject', '$content', '$time', '$time')");

mysql_query("UPDATE {$db_prefix}members SET new_pms=new_pms+1 WHERE ID='$member_to'");

// send email to recipient...

if ($is_subscribed == 1)
{
	$query1 = "select NAME from {$db_prefix}members WHERE ID='$my_id'" ;
	$result1 = mysql_query($query1) or die("subscriptions.php - Error in query: $query1") ; 
	$subscriber_from = mysql_result($result1, 0);

	// Prepare message...

	$from = strip_slashes($subscriber_from);
	
	/*
	Load the recipients language
*/

	# First save this lang
	$oldLang = $lang;
	
	# Now load
	include $nova_root . '/lang/' . $recipient_lang . '/lang_forum.php';

	$lang['email_pm_content']	= str_replace("<%subscriber>", $subscriber_name, $lang['email_pm_content']);
	$lang['email_pm_content']	= str_replace("<%site>", $nova_domain, $lang['email_pm_content']);
	$lang['email_pm_content']	= str_replace("<%sitename>", $site_name, $lang['email_pm_content']);
	$lang['email_pm_title']		= str_replace("<%from>", $from, $lang['email_pm_title']);
	$from						= "From: $site_name <$board_email>\r\n";

	mail($subscriber_email, $lang['email_pm_title'], $lang['email_pm_content'], $from);
	
	# Revert back to the other lang
	$lang = $oldLang;
	unset($oldLang);
}

	template_hook("pages/messages.template.php", "form_3");

	nova_redirect("index.php?page=messages&act=inbox","messages");

}
else{
	nova_redirect("index.php?page=error&error=28","error/28");
}
}
else{


$token_id = md5(microtime());
$token = md5(uniqid(rand(),true));

$token_name = "token_messages_$token_id";

$_SESSION[$token_name] = $token;

if (isset($_GET['id'])){
$prepared_id=escape_string($_GET['id']);

$queryname = "select NAME from {$db_prefix}members WHERE ID ='$prepared_id'" ;
$resultname = mysql_query($queryname) or die("members.php - Error in query: $queryname") ;                                  
$prepared_name = mysql_result($resultname, 0);

}

template_hook("pages/messages.template.php", "7");

}
}
elseif($_GET['act']=='reply'){

$topic=$_POST['topic'];
$topic=escape_string($topic);

$token_id = $_POST['token_id'];
$token_id = escape_string($token_id);

$token_name = "token_messages_$token_id";

 if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){

// Who was this to anyway?

$query211 = "select MEMBER_FROM, MEMBER_TO from {$db_prefix}messages WHERE MEMBER_TO!=MEMBER_FROM AND TOPIC_ID='$topic' ORDER BY ID desc LIMIT 1" ;
$result211 = mysql_query($query211) or die("messages.php - Error in query: $query211") ;                                  
while ($results211 = mysql_fetch_array($result211)){
$member_to = $results211['MEMBER_TO'];
$member_from = $results211['MEMBER_FROM'];
}

if ($member_from==$my_id){
$member_to=$member_to;
}
else{
$member_to=$member_from;
}

// Insert reply
$time=time();

$topic=$_POST['topic'];
$topic=escape_string($topic);

$content=$_POST['content'];
$content=escape_string($content);

mysql_query("INSERT INTO {$db_prefix}messages (topic_id, member_to, member_from, content, sent_time) VALUES ('$topic', '$member_to', '$my_id', '$content', '$time')");

mysql_query("UPDATE {$db_prefix}members SET new_pms=new_pms+1 WHERE ID='$member_to'");

// Update messages to say when last reply was

$time=time();

$topic=$_POST['topic'];
$topic=escape_string($topic);

mysql_query("UPDATE {$db_prefix}messages SET last_post_time='$time', hidden='0', hidden_from='0' WHERE topic_id='$topic' AND TITLE!=''");


$topic=$_POST['topic'];
$topic=escape_string($topic);

// send email to recipient...

$query1 = "select SUBSCRIBE_PM from {$db_prefix}members WHERE ID='$member_to'" ;
$result1 = mysql_query($query1) or die("subscriptions.php - Error in query: $query1") ; 
$is_subscribed = mysql_result($result1, 0);

if ($is_subscribed == 1)
{
	$query1		= 'SELECT name, email, board_lang FROM ' . $db_prefix . 'members WHERE id = ' . $member_to;
	$result1	= mysql_query($query1) or die("subscriptions.php - Error in query: $query1");
	$row		= mysql_fetch_assoc($result1);

		$subscriber_name 	= $row['name'];
		$subscriber_email	= $row['email'];
		$subscriber_lang	= $row['board_lang'];
		
	# First save this language
	$oldLang = $lang;

	# Now load
	include $nova_root . '/lang/' . $subscriber_lang . '/lang_forum.php';

	// Prepare message...

		$from = strip_slashes($nova_name);
		
		$lang['email_pm_content']	= str_replace("<%subscriber>", $subscriber_name, $lang['email_pm_content']);
		$lang['email_pm_content']	= str_replace("<%site>", $nova_domain, $lang['email_pm_content']);
		$lang['email_pm_content']	= str_replace("<%sitename>", $site_name, $lang['email_pm_content']);
		$lang['email_pm_title']		= str_replace("<%from>", $from, $lang['email_pm_title']);
		
		$message		= $lang['email_pm_content'];
		$outgoing		= $subscriber_email;
		$from			= "From: $site_name <$board_email>\r\n";
		$subject		= $lang['email_pm_title'];
		
		mail($outgoing, $subject, $message, $from);
	
	# And change back...
	$lang = $oldLang;
}

	template_hook("pages/messages.template.php", "form_4");

	nova_redirect("index.php?page=messages&id=$topic#last","messages/$topic#last");

}
else{
	nova_redirect("index.php?page=error&error=28","error/28");
}
}
else{



$token_id = md5(microtime());
$token = md5(uniqid(rand(),true));

$token_name = "token_messages_$token_id";

$_SESSION[$token_name] = $token;

// Tell database that the last message to this person
// has been read (easier said than done!)

$read_time=time();

$id=$_GET['id'];
$id=escape_string($id);

mysql_query("UPDATE {$db_prefix}messages SET read_time='$read_time' WHERE topic_id = '$id' AND MEMBER_TO='$my_id'");

$query22 = "select TOPIC_ID from {$db_prefix}messages WHERE MEMBER_TO ='$my_id' AND READ_TIME='0' AND HIDDEN!='1' AND TITLE!=''" ;
$result22 = mysql_query($query22) or die("header.php - Error in query: $query22");
$messages_number=mysql_num_rows($result22);

mysql_query("UPDATE {$db_prefix}members SET new_pms='$messages_number' WHERE ID='$my_id'");

$id=$_GET['id'];
$id=escape_string($id);

$query211 = "select TITLE from {$db_prefix}messages WHERE TOPIC_ID='$id' AND TITLE!=''" ;
$result211 = mysql_query($query211) or die("messages.php - Error in query: $query211") ;                                  
$title = mysql_result($result211, 0);

$title=strip_slashes($title);

template_hook("pages/messages.template.php", "11");

$query211 = "select ID, MEMBER_FROM, MEMBER_TO, CONTENT, SENT_TIME from {$db_prefix}messages WHERE TOPIC_ID='$id'  AND member_from='$my_id' OR TOPIC_ID='$id' AND member_to='$my_id' ORDER BY ID asc" ;
$result211 = mysql_query($query211) or die("messages.php - Error in query: $query211") ; 
$check_can_view=mysql_num_rows($result211);

if ($check_can_view=='0'){

	nova_redirect("index.php?page=error&error=14","error/14");

}
else{                                 
/* TAG EDIT */
$TAG_max_message = mysql_num_rows($result211) - 1;
$TAG_message_number = 0;

while ($results211 = mysql_fetch_array($result211)){
$id = $results211['ID'];
$post_id = $results211['ID'];
$member_from = $results211['MEMBER_FROM'];
$member_to = $results211['MEMBER_TO'];
$content = $results211['CONTENT'];
$sent_time = $results211['SENT_TIME'];

//TAG EDIT
$TAG_message_number ++;

$time = format_date($sent_time);

$content=strip_slashes($content);

$name		= '';
$cv_rank	= 0;

$query2 = "select ID, NAME, USER_POSTS, LOCATION, AVATAR, REMOTE_AVATAR, SIGNATURE, NATIONALITY, ROLE, USERTITLE, WARN_LEVEL, REGISTER_DATE from {$db_prefix}members WHERE ID='$member_from'" ;
$result2 = mysql_query($query2) or die("topic.php - Error in query: $query2") ;                                  
while ($results2 = mysql_fetch_array($result2)){
$id = $results2['ID'];
$name = $results2['NAME'];
$location = strip_slashes($results2['LOCATION']);
$avatar = $results2['AVATAR'];

$remote_avatar = $results2['REMOTE_AVATAR'];

	if ($remote_avatar =='0'){
		$avatar = $nova_domain."/".$avatar;
	}

$signature = $results2['SIGNATURE'];
$nationality = $results2['NATIONALITY'];
$usertitle = $results2['USERTITLE'];
$warn_level = $results2['WARN_LEVEL'];
$register_date = $results2['REGISTER_DATE'];
$member_role = $results2['ROLE'];
$user_posts = $results2['USER_POSTS'];

$num_post=number_format($user_posts);

$register_date=format_date($register_date, '%d %B %Y');

$usertitle=strip_slashes($usertitle);
$signature=strip_slashes($signature);
}

$query54 = "select CAN_CHANGE_SITE_SETTINGS, CAN_CHANGE_FORUM_SETTINGS, GROUP_ICON, GROUP_NAME, GROUP_COLOR from {$db_prefix}groups WHERE GROUP_ID='$member_role'" ;
$result54 = mysql_query($query54) or die("topic.php - Error in query: $query54") ;                                  
while ($results54 = mysql_fetch_array($result54)){
$user_can_change_site_settings = $results54['CAN_CHANGE_SITE_SETTINGS'];
$user_can_change_forum_settings = $results54['CAN_CHANGE_FORUM_SETTINGS'];
$user_group_icon = $results54['GROUP_ICON'];
$user_group_name = strip_slashes($results54['GROUP_NAME']);
$user_group_color = strip_slashes($results54['GROUP_COLOR']);
}

// show group icon
if ($user_group_icon != 0 && $user_group_icon <= 10)
{
	$group_img = ${'groups_' . $user_group_icon . '_img'};
}

// Show online/offline icon

$query21 = "select ID from {$db_prefix}sessions WHERE ID='$id'" ;
$result21 = mysql_query($query21) or die("topic.php - Error in query: $query21") ;                                  
$member_online=mysql_num_rows($result21);

template_hook("pages/messages.template.php", "12");

// Get avatar...
if ($avatar==''){
$avatar = $default_avatar;
}
else{

$ext = strtolower(strrchr($avatar,"."));

}

// Show graphic...
$graphic_level=floor($warn_level/$max_warn*5);
$graphic_warn = $graphic_level*10;

// get title and pips...
$query_rank = "select RANK_TITLE, RANK_PIPS from {$db_prefix}ranks WHERE RANK_POSTS <= '$user_posts' ORDER BY RANK_POSTS desc LIMIT 1" ;
$result_rank = mysql_query($query_rank) or die("topic.php - Error in query: $query_rank") ;                                  
while ($results_rank = mysql_fetch_array($result_rank)){
$rank_title = strip_slashes($results_rank['RANK_TITLE']);
$rank_pips = $results_rank['RANK_PIPS'];
}

if ($usertitle==''){
$usertitle = "$rank_title";
}

template_hook("pages/messages.template.php", "13");

$start_pip = "0";
while ($start_pip < $rank_pips){

template_hook("pages/messages.template.php", "36");

$start_pip = $start_pip + 1;
}

template_hook("pages/messages.template.php", "37");

// BB Parse...
if (file_exists("themes/$theme/scripts/php/parse.php")){
	include "themes/$theme/scripts/php/parse.php";
}
else{
	include "scripts/php/parse.php";				
}

template_hook("pages/messages.template.php", "15"); 

// Now.. what about that sig huh?...
if ($signature!=''){

$content=$signature;

// BB Parse...
if (file_exists("themes/$theme/scripts/php/parse.php")){
	include "themes/$theme/scripts/php/parse.php";
}
else{
	include "scripts/php/parse.php";				
}

template_hook("pages/messages.template.php", "16");

}

$query2167 = "select ROLE from {$db_prefix}members WHERE ID='$id'" ;
$result2167 = mysql_query($query2167) or die("topic.php - Error in query: $query2167") ;                                  
$users_role = mysql_result($result2167, 0);

	// PERMISSIONS! Can the recipient PM???!!!

		$query2168 = "select CAN_PM from {$db_prefix}groups WHERE GROUP_ID='$users_role'" ;
		$result2168 = mysql_query($query2168) or die("topic.php - Error in query: $query2168") ;                                  
		$can_pm_this_member = mysql_result($result2168, 0);

template_hook("pages/messages.template.php", "17");

}

}

$id=$_GET['id'];
$id=escape_string($id);

template_hook("pages/messages.template.php", "18");

}

template_hook("pages/messages.template.php", "end");
?>
Return current item: NovaBoard