<?php require('layout/header.php'); ?>
<script type="text/javascript">
function insert(was) {
document.pm_answer.message.value += was + " ";
document.pm_answer.message.focus();
}
</script>
<script type="text/javascript">
function showSuccessMessage() {
showNotification({
type : "success",
message: "<?php echo $lang['success_pm_sent']; ?>"
});
}
function showErrorMessage() {
showNotification({
type : "error",
message: "<?php echo $lang['couldnot_sent_pm']; ?>"
});
}
</script>
<div id="content_wrapper">
<div class="content"><?php
if(!isset($_SESSION['signed_in'])) {
echo '<p class="false">' . $lang['just_for_users'] . '!</p>
<p>' . $lang['you_need_to'] . ' <a href="signin.php">' . $lang['signin_s'] . '</a>.
- ' . $lang['not_yet'] . ' <a href="signup.php">' . $lang['registered'] . '</a>?</p>';
}else{
echo '<table align="center" class="usertable">
<tr>
<td align="center"><ul class="usermenu">
<li><a href="myprofile.php">' . $lang['my_profile'] . '</a></li>
<li><a href="guestbook.php">' . $lang['guestbook'] . '</a></li>
<li><a href="messagebox.php">' . $lang['messagebox'] . '</a></li>
<li><a href="password.php">' . $lang['password'] . '</a></li>
<li><a href="inbox.php">' . $lang['inbox'] . '</a></li>
<li><a href="outbox.php">' . $lang['outbox'] . '</a></li>
<li><a href="create_pm.php">' . $lang['m_newpm'] . '</a></li>
<li><a href="mypostings.php">' . $lang['my_posts'] . '</a></li>
<li><a href="infos.php">' . $lang['informations'] . '</a></li>
<li><a href="todo.php">' . $lang['m_todo'] . '</a></li>
<li><a href="news.php">' . $lang['news'] . '</a></li>
</ul></td>
</tr>
<tr>
<td><h1>' . $lang['pm_discussion'] . '</h1></td>
</tr>';
echo '<tr><td>';
include_once('functions/bbcode.php');
include_once('functions/badwords.php');
if((isset($_GET['pm_id'])) && (is_numeric($_GET['pm_id']))) {
$id = mysql_real_escape_string($_GET['pm_id']);
$id = intval($_GET['pm_id']);
}else{
echo '<p align="center" class="false">' . $lang['invalid_id'] . '!</p>';
exit();
}
$sql = mysql_query("SELECT title, user1, user2 FROM messages WHERE pm_id = '" . $id . "' AND pm_id2 = '1'") OR die(mysql_error());
$row = mysql_fetch_array($sql);
if(intval(mysql_num_rows($sql)) == 1) {
if($row['user1'] == (int)$_SESSION['user_id'] or $row['user2'] == (int)$_SESSION['user_id']) {
if($row['user1'] == (int)$_SESSION['user_id']) {
mysql_query("UPDATE messages SET user1read = 'yes' WHERE pm_id = '" . $id . "' AND pm_id2 = '1'") OR die(mysql_error());
$user_partic = 2;
}else{
mysql_query("UPDATE messages SET user2read = 'yes' WHERE pm_id = '" . $id . "' AND pm_id2 = '1'") OR die(mysql_error());
$user_partic = 1;
}
}
$query = mysql_query("SELECT messages.timestamp, messages.message, users.user_id AS user_id, users.user_name FROM messages, users WHERE messages.pm_id = '" . $id . "' AND users.user_id = messages.user1 ORDER BY messages.pm_id2") OR die(mysql_error());
if(isset($_POST['message']) AND $_POST['message']!='') {
$message = htmlentities($_POST['message']);
if(mysql_query('INSERT INTO messages (pm_id, pm_id2, title, user1, user2, message, timestamp, user1read, user2read)VALUES("' . $id . '", "' . (intval(mysql_num_rows($query))+1) . '", "", "' . $_SESSION['user_id'] . '", "", "' . mysql_real_escape_string($message) . '", "' . time() . '", "", "")') AND mysql_query('UPDATE messages SET user' . $user_partic . 'read = "yes" WHERE pm_id = "' . $id . '" AND pm_id2 = "1"')) {
echo '<p class="right">' . $lang['success_pm_sent'] . '</p>
<p>[ <a href="read_pm.php?user_id=' . (int)$_SESSION['user_id'] . '&pm_id=' . $id . '">' . $lang['go_on'] . '</a> ]</p>';
echo "<script type=\"text/javascript\">showSuccessMessage();</script>";
}else{
echo '<p class="false">' . $lang['couldnot_sent_pm'] . '</p>
<p>[ <a href="read_pm.php?user_id=' . (int)$_SESSION['user_id'] . '&pm_id=' . $id . '">' . $lang['back'] . '</a> ]</p>';
echo "<script type=\"text/javascript\">showErrorMessage();</script>";
}
}else{
echo '<table align="center" cellpadding="5" class="pmtable">
<tr>
<td colspan="2" valign="top"><img src="images/icons/pm.png"> <span class="blue"><u>' . htmlentities($row['title'], ENT_QUOTES) . '</u></span></td>
</tr>';
while($pm_row = mysql_fetch_array($query)) {
echo '<tr>
<td colspan="2"><div id="pm_line"> </div></td>
</tr>
<tr>
<td width="15%"> <span class="blue">' . $lang['by_b'] . '</span></td>
<td width="85%"><a href="profile.php?user_id=' . (int)$pm_row['user_id'] . '">' . htmlentities($pm_row['user_name'], ENT_QUOTES) . '</a></td>
</tr>
<tr>
<td width="15%"> <span class="blue">' . $lang['date'] . '</span></td>
<td width="85%">';
if($language == "de") {
echo date('d.m.Y - H:i', $pm_row['timestamp']);
}elseif($language == "en") {
echo date('Y-m-d - H:i', $pm_row['timestamp']); }
echo '</td>
</tr>
<tr>
<td width="15%" valign="top"> <span class="blue">' . $lang['message'] . '</span></td>
<td width="85%"><p>' . parseBBCode2HTML(delBad(nl2br(stripslashes(strip_tags($pm_row['message']))))) . '</p></td>
</tr>';
}
echo '</table>';
echo '<br><h1>' . $lang['to_answer'] . '</h1>
<form action="read_pm.php?pm_id=' . $id . '" method="post" name="pm_answer">';
echo "<strong>" . $lang['message'] . "</strong><br>
<textarea cols=\"40\" rows=\"5\" name=\"message\" id=\"message\" class=\"fields_text\"></textarea>
<p><input type=\"submit\" value=\"" . $lang['send'] . "\" class=\"button\"></p>
</form>
</div>
</div>";
}
}else{
echo '<p class="false">' . $lang['pm_discussion_nexist'] . '.</p>
<p>[ <a href="inbox.php?user_id=' . (int)$_SESSION['user_id'] . '">' . $lang['back'] . '</a> ]</p>';
}
}
echo '</td></tr>
</table>';
echo '<div class="spacer_div"> </div>';
?>
</div>
</div>
<div id="infobox_wrapper">
<div class="infobox">
<?php include('layout/infobox.php'); ?>
</div>
</div>
<?php require('layout/footer.php'); ?>