function OS_MyAppeals()
    {
        global $db;
        global $lang;
        $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_APPEALS . " WHERE user_id = :uid LIMIT 1");
        $sth->bindValue(':uid', OS_GetUserID(), PDO::PARAM_INT);
        $r = $sth->fetch(PDO::FETCH_NUM);
        $result = $sth->execute();
        $numrows = $r[0];
        $result_per_page = 10;
        $offset = os_offset($numrows, $result_per_page);
        //create offset for pagination
        $sth = $db->prepare("SELECT *\n\t   FROM " . OSDB_APPEALS . " WHERE user_id = :uid\n\t   ORDER BY status ASC, added DESC LIMIT {$offset}, {$result_per_page}");
        $sth->bindValue(':uid', OS_GetUserID(), PDO::PARAM_INT);
        $r = $sth->fetch(PDO::FETCH_NUM);
        $result = $sth->execute();
        ?>
<div class="clr"></div>
 <div class="ct-wrapper">
  <div class="outer-wrapper">
   <div class="content section" id="content recent-posts">
    <div class="widget Blog" id="Blog1">
     <div class="blog-posts hfeed">
	 <div align="center" class="entry clearfix padLeft padTop">
	   <h2 class="title">My Appeals</h2>
	   
	   <table>
	     <tr>
		   <th width="160" class="padLeft">Reported player</th>
		   <th width="150">Status</th>
		   <th>Reason</th>
		   <th width="150">Report date</th>
		 </tr>
	<?php 
        while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
            $reason = trim(strip_tags($row["reason"]));
            if (empty($reason)) {
                $reason = 'n/a';
            }
            if ($row["status"] == 1) {
                $status = 'solved';
            } else {
                $status = 'under review';
            }
            ?>
 
	     <tr style="height:50px;" class="row">
		   <td width="160" class="padLeft"><a href="<?php 
            echo OS_HOME;
            ?>
?u=<?php 
            echo $row["player_name"];
            ?>
" target="_blank"><?php 
            echo $row["player_name"];
            ?>
</a></td>
		   <td><?php 
            echo $status;
            ?>
</td>
		   <td><a href="javascript:;" title="<?php 
            echo $reason;
            ?>
" onclick="showhide('<?php 
            echo $row["player_id"];
            ?>
-<?php 
            echo $row["added"];
            ?>
')" >Show reason</a>
		   <div id="<?php 
            echo $row["player_id"];
            ?>
-<?php 
            echo $row["added"];
            ?>
" style="display:none;">
		   <?php 
            echo $reason;
            ?>
		   <div><b>Game url:</b> <?php 
            echo $row["game_url"];
            ?>
</div>
		   <div><b>Replay url:</b> <?php 
            echo $row["replay_url"];
            ?>
</div>
		   
		   <?php 
            if (!empty($row["resolved"])) {
                ?>
		     <div><b><?php 
                echo $row["resolved"];
                ?>
</b>: <?php 
                echo $row["resolved_text"];
                ?>
</div>
		   <?php 
            }
            ?>
		   </div>
		   </td>
		   <td><?php 
            echo date(OS_DATE_FORMAT, $row["added"]);
            ?>
</td>
		 </tr>
    <?php 
        }
        ?>
	
	   </table>
	<?php 
        os_pagination($numrows, $result_per_page);
        ?>
   
	   <div style="margin-top: 140px;"></div>
	  </div> 
     </div>
    </div>
   </div>
  </div>
</div>
	   <?php 
    }
Beispiel #2
0
    function OS_PMSystem()
    {
        if (OS_GetAction("pm")) {
            global $db;
            $sth = $db->prepare("SET NAMES 'utf8'");
            $result = $sth->execute();
            global $lang;
            global $DateFormat;
            $errors = "";
            ?>
<div class="clr"></div>
 <div class="ct-wrapper"  id="content" class="s-c-x">
  <div class="outer-wrapper wrapper">
   <div class="content section" id="main-column">
    <div class="widget Blog padding">
     <div class="blog-posts hfeed padLeft padTop padBottom inner">
    
	    <h2>Private Messages</h2>
		
		<div>
		<a class="menuButtons" href="<?php 
            echo OS_HOME;
            ?>
?action=pm&amp;inbox">INBOX</a> 
		<a class="menuButtons" href="<?php 
            echo OS_HOME;
            ?>
?action=pm&amp;sent_items">SENT ITEMS</a>
		<a class="menuButtons" href="<?php 
            echo OS_HOME;
            ?>
?action=pm&amp;new_message">NEW MESSAGE</a>
		</div>
		
		<?php 
            //NEW MESSAGE
            if (isset($_GET["new_message"])) {
                $PMName = "";
                $PMText = "";
                if (isset($_POST["pm_message"]) and isset($_POST["pm_name"]) and isset($_SESSION["code"]) and isset($_POST["code"])) {
                    $PMText = $_POST['pm_message'];
                    $PMText = strip_tags($PMText);
                    $PMName = safeEscape(trim($_POST["pm_name"]));
                    if ($_SESSION["code"] != $_POST["code"]) {
                        $errors .= "<h4>Form is not valid. Try again.</h4>";
                    }
                    if (strlen($PMText) <= 2) {
                        $errors .= "<h4>There are not enough characters  in the message</h4>";
                    }
                    if (strlen($PMName) <= 2) {
                        $errors .= "<h4>Please, write a valid username</h4>";
                    }
                    if (strtolower($PMName) == $_SESSION["username"]) {
                        $errors .= "<h4>You can not send messages to yourself</h4>";
                    }
                    if (empty($errors)) {
                        $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " \n\t\t\tWHERE LOWER(user_name) = ? LIMIT 1");
                        $sth->bindValue(1, strtolower($PMName), PDO::PARAM_STR);
                        $result = $sth->execute();
                        if ($sth->rowCount() <= 0) {
                            $errors .= "<h4>User not found</h4>";
                        } else {
                            $row = $sth->fetch(PDO::FETCH_ASSOC);
                            $userID = $row["user_id"];
                        }
                    }
                    if (!empty($errors)) {
                        echo $errors;
                    } else {
                        if (isset($userID) and is_numeric($userID) and $userID != OS_GetUserID()) {
                            OS_add_custom_field($userID, time() . "|" . OS_GetUserID() . "||p.m.0", $PMText);
                            $MailText = $PMText;
                            $PMName = "";
                            $PMText = "";
                            ?>
<h4>Message was sent successfully</h4><?php 
                            //SEND EMAIL NOTIFICATION
                            if (!isset($_SESSION["mail_sent"])) {
                                //$row = $sth->fetch(PDO::FETCH_ASSOC);
                                $_SESSION["mail_sent"] = 1;
                                global $lang;
                                global $mail;
                                global $DefaultHomeTitle;
                                $message = "You have just received a private message from " . $_SESSION["username"] . "<br />";
                                $message .= "Click on the following link to read the message<br />";
                                $message .= "" . OS_HOME . "?action=pm&inbox";
                                $message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />";
                                $message .= convEnt($MailText);
                                $message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />{$DefaultHomeTitle}";
                                require "inc/class.phpmailer.php";
                                $mail = new PHPMailer();
                                $mail->CharSet = 'UTF-8';
                                $mail->SetFrom($lang["email_from"], $lang["email_from_full"]);
                                $mail->AddReplyTo($lang["email_from"], $lang["email_from_full"]);
                                $mail->AddAddress($row["user_email"], "");
                                $mail->Subject = "New Private Message";
                                $mail->MsgHTML($message);
                                $mail->AltBody = "This is the body in plain text for non-HTML mail clients";
                                $mail->Send();
                            }
                        } else {
                            ?>
<h4>The message could not be sent</h4><?php 
                        }
                    }
                }
                $code = generate_hash(8);
                $_SESSION["code"] = $code;
                ?>
		<form action="" method="post" accept-charset="UTF-8">
		  <table>
		    <tr class="row">
			  <td width="70" class="padLeft"><b>To:</b></td>
			  <td><input type="text" value="<?php 
                echo $PMName;
                ?>
" size="65" name="pm_name" /></td>
			</tr>
		    <tr class="row">
			  <td width="70" class="padLeft"><b>Message:</b></td>
			  <td><textarea name="pm_message" rows="9" cols="80" ><?php 
                echo $PMText;
                ?>
</textarea></td>
			</tr>
		    <tr class="row">
			  <td width="70" class="padLeft"></td>
			  <td><input type="submit" value="Send PM" class="menuButtons" /></td>
			</tr>
		  </table>
		  <input type="hidden" name="code" value="<?php 
                echo $code;
                ?>
" />
		</form>
		<?php 
            }
            //SEND MESSAGE (USER ID)
            if (isset($_GET["send"]) and is_numeric($_GET["send"])) {
                $uid = safeEscape((int) $_GET["send"]);
                if (OS_GetUserID() == $uid) {
                    ?>
		<h4>You can not send messages to yourself</h4>
		<?php 
                } else {
                    if (isset($_POST["pm_message"]) and isset($_SESSION["code"]) and isset($_POST["code"])) {
                        if ($_SESSION["code"] != $_POST["code"]) {
                            $errors .= "<div>Form is not valid. Try again.</div>";
                        }
                        $PMText = strip_tags($_POST['pm_message']);
                        if (strlen($PMText) <= 2) {
                            $errors .= "<div>There are not enough characters  in the message</div>";
                        }
                        if (!empty($errors)) {
                            ?>
<h4><?php 
                            echo $errors;
                            ?>
</h4><?php 
                        } else {
                            //ADD MESSAGE
                            //ARG: TO - user ID, FROM - time_UserID, message
                            $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = ? LIMIT 1");
                            $sth->bindValue(1, $uid, PDO::PARAM_INT);
                            $result = $sth->execute();
                            if ($sth->rowCount() >= 1) {
                                OS_add_custom_field($uid, time() . "|" . OS_GetUserID() . "||p.m.0", $PMText);
                            }
                            ?>
<h4>Message was sent successfully</h4><?php 
                        }
                    }
                    $code = generate_hash(8);
                    $_SESSION["code"] = $code;
                    $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = ? LIMIT 1");
                    $sth->bindValue(1, $uid, PDO::PARAM_INT);
                    $result = $sth->execute();
                    if ($sth->rowCount() >= 1) {
                        $row = $sth->fetch(PDO::FETCH_ASSOC);
                        $sendTo = $row["user_name"];
                        ?>
		<form action="" method="post" accept-charset="UTF-8">
		  <table>
		    <tr class="row">
			  <td width="120" class="padLeft"><b>Send to:</b></td>
			  <td><?php 
                        echo $sendTo;
                        ?>
</td>
			</tr>
		    <tr class="row">
			  <td width="120" class="padLeft"><b>Message:</b></td>
			  <td><textarea name="pm_message" rows="9" cols="80" ></textarea></td>
			</tr>
		    <tr class="row">
			  <td width="120" class="padLeft"></td>
			  <td><input type="submit" value="Send PM" class="menuButtons" /></td>
			</tr>
		  </table>
		  <input type="hidden" name="code" value="<?php 
                        echo $code;
                        ?>
" />
		</form>
		<?php 
                        if (isset($_GET["m"])) {
                            $sth = $db->prepare("SELECT * FROM " . OSDB_CUSTOM_FIELDS . " WHERE field_name = ? ");
                            $sth->bindValue(1, safeEscape($_GET["m"]), PDO::PARAM_STR);
                            $result = $sth->execute();
                            $row = $sth->fetch(PDO::FETCH_ASSOC);
                            $dateFor = explode("|", $row["field_name"]);
                            $date = (int) $dateFor[0];
                            //print_r($dateFor);
                            ?>
		   <div class="padTop"></div>
		   <table>
		    <tr class="row">
		     <td class="padLeft"><b><?php 
                            echo $sendTo;
                            ?>
</b>, <?php 
                            echo date($DateFormat, $date);
                            ?>
</td>
            </tr>
			<tr>
			  <td><?php 
                            echo convEnt($row["field_value"]);
                            ?>
</td>
			</tr>
		   </table>
		   <?php 
                        }
                    } else {
                        ?>
<h4>User not found</h4><?php 
                    }
                }
            }
            //SENT ITEMS
            if (isset($_GET["sent_items"]) and is_logged()) {
                ?>
<h4>Sent items</h4><?php 
                //GET ALL MESSAGES
                if (!empty($_GET["sent_items"]) and is_numeric($_GET["sent_items"]) and isset($_GET["m"])) {
                    $id = safeEscape((int) $_GET["sent_items"]);
                    $field = safeEscape($_GET["m"]);
                    $sql = "AND c.field_name = ? ";
                } else {
                    $sql = "";
                }
                $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tWHERE c.field_name LIKE ? {$sql}");
                $sth->bindValue(1, "%|" . (int) $_SESSION["user_id"] . "||p.m.%", PDO::PARAM_STR);
                if (!empty($sql)) {
                    $sth->bindValue(2, $field, PDO::PARAM_STR);
                }
                $result = $sth->execute();
                $r = $sth->fetch(PDO::FETCH_NUM);
                $numrows = $r[0];
                $result_per_page = 10;
                $offset = os_offset($numrows, $result_per_page);
                $sth = $db->prepare("SELECT c.field_id, c.field_name, c.field_value, u.user_name, u.user_avatar\n\t\tFROM " . OSDB_CUSTOM_FIELDS . "  as c\n\t\tLEFT JOIN " . OSDB_USERS . " as u ON u.user_id = c.field_id\n\t\tWHERE c.field_name LIKE ? {$sql}\n\t\tORDER BY c.field_name DESC\n\t\tLIMIT {$offset}, {$result_per_page}");
                $sth->bindValue(1, "%|" . OS_GetUserID() . "||p.m.%", PDO::PARAM_STR);
                if (!empty($sql)) {
                    $sth->bindValue(2, $field, PDO::PARAM_STR);
                }
                $result = $sth->execute();
                ?>
		<table>
		<?php 
                while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
                    $dateFor = explode("|", $row["field_name"]);
                    $date = $dateFor[0];
                    if (!isset($_GET["m"])) {
                        $text = limit_words(convEnt($row["field_value"]), 40);
                    } else {
                        $text = AutoLinkShort(convEnt($row["field_value"]));
                    }
                    ?>
		<tr class="row">
		  <td width="140"><a href="<?php 
                    echo OS_HOME;
                    ?>
?action=pm&sent_items=<?php 
                    echo $row["field_id"];
                    ?>
&amp;m=<?php 
                    echo $row["field_name"];
                    ?>
"><b><?php 
                    echo $row["user_name"];
                    ?>
</b>, <?php 
                    echo date($DateFormat, $date);
                    ?>
</a></td>
		  <td><?php 
                    echo $text;
                    ?>
 
		  <?php 
                    if (isset($_GET["m"])) {
                        ?>
		  <div class="padTop">
		  <a class="menuButtons" href="<?php 
                        echo OS_HOME;
                        ?>
?action=pm&send=<?php 
                        echo $row["field_id"];
                        ?>
&amp;m=<?php 
                        echo $_GET["m"];
                        ?>
">[SEND MESSAGE]</a>
		  <a class="menuButtons" href="<?php 
                        echo OS_HOME;
                        ?>
?action=pm&sent_items">&laquo; Back</a>
		  </div>
		  <?php 
                    } else {
                        ?>
		  <a href="<?php 
                        echo OS_HOME;
                        ?>
?action=pm&sent_items=<?php 
                        echo $row["field_id"];
                        ?>
&amp;m=<?php 
                        echo $row["field_name"];
                        ?>
">more &raquo; </a>
		  <?php 
                    }
                    ?>
		  </td>
		</tr>
		<?php 
                }
                if ($sth->rowCount() <= 0) {
                    ?>
<tr><td>No new messages</td></tr><?php 
                }
                ?>
		</table>
		<?php 
                os_pagination($numrows, $result_per_page, 5, 1, '&amp;sent_items');
            }
            //INBOX MESSAGES
            if (isset($_GET["inbox"]) and is_logged()) {
                ?>
<h4>Inbox</h4><?php 
                if (!empty($_GET["inbox"]) and is_numeric($_GET["inbox"]) and isset($_GET["m"])) {
                    $id = safeEscape((int) $_GET["inbox"]);
                    $field = safeEscape($_GET["m"]);
                    $sql = "AND c.field_name = :field_name ";
                    $field_name = substr($field, 0, -1) . "1";
                } else {
                    $sql = "";
                }
                $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tWHERE c.field_id = '" . OS_GetUserID() . "' {$sql}");
                //$sth->bindValue(':field_id', "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR);
                //$sth->bindValue(1, "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR);
                if (!empty($sql)) {
                    $sth->bindValue(':field_name', $field, PDO::PARAM_STR);
                }
                //$sth->bindValue(2, $field, PDO::PARAM_STR);
                $result = $sth->execute();
                $r = $sth->fetch(PDO::FETCH_NUM);
                $numrows = $r[0];
                $result_per_page = 10;
                $offset = os_offset($numrows, $result_per_page);
                $sth = $db->prepare("SELECT c.field_id, c.field_name, c.field_value, u.user_name, u.user_avatar\n\t\tFROM " . OSDB_CUSTOM_FIELDS . "  as c\n\t\tLEFT JOIN " . OSDB_USERS . " as u ON u.user_id = c.field_id\n\t\tWHERE c.field_id = '" . OS_GetUserID() . "'\n\t\tAND field_name LIKE('%||p.m.%')\n\t\t{$sql}\n\t\tORDER BY c.field_name DESC\n\t\tLIMIT {$offset}, {$result_per_page}");
                //$sth->bindValue(':field_id', "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR);
                if (!empty($sql)) {
                    $sth->bindValue(':field_name', $field, PDO::PARAM_STR);
                }
                $result = $sth->execute();
                //UPDATE "read" message
                if (!empty($_GET["inbox"]) and is_numeric($_GET["inbox"]) and isset($_GET["m"])) {
                    $field = safeEscape($_GET["m"]);
                    $field_name = substr($field, 0, -1) . "1";
                    $result = $db->update(OSDB_CUSTOM_FIELDS, array("field_name" => $field_name), "field_name = '" . $field . "'");
                }
                ?>
		<table>
		<?php 
                while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
                    $dateFor = explode("|", $row["field_name"]);
                    $date = $dateFor[0];
                    $FromID = $dateFor[1];
                    $read = substr($row["field_name"], strlen($row["field_name"]) - 1, 1);
                    if ($read == 1) {
                        $col = '686A6B';
                        $readTxt = 'read';
                    } else {
                        $col = 'A41600';
                        $readTxt = '<b>new</b>';
                    }
                    if (!isset($_GET["m"])) {
                        $text = limit_words(convEnt($row["field_value"]), 12);
                        if ($read == 0) {
                            $text = '<span style="color: #000;"><b>' . convEnt($text) . '<b/></span>';
                        }
                        if ($read == 1) {
                            $text = '<span style="color: #686A6B;">' . convEnt($text) . '</span>';
                        }
                    } else {
                        $text = AutoLinkShort(convEnt($row["field_value"]));
                    }
                    ?>
		 <?php 
                    if (!isset($_GET["m"])) {
                        ?>
		 <tr class="row">
		   <td width="120" class="padLeft">
		   <a href="<?php 
                        echo OS_HOME;
                        ?>
?action=pm&inbox=<?php 
                        echo $FromID;
                        ?>
&amp;m=<?php 
                        echo $row["field_name"];
                        ?>
"><span style="color: #<?php 
                        echo $col;
                        ?>
"><b><?php 
                        echo OS_GetUsernameByUserID($FromID);
                        ?>
</b></span></a>
		   </td>
		   <td width="600"><a href="<?php 
                        echo OS_HOME;
                        ?>
?action=pm&inbox=<?php 
                        echo $FromID;
                        ?>
&amp;m=<?php 
                        echo $row["field_name"];
                        ?>
"><?php 
                        echo $text;
                        ?>
</a></td>
		   <td><?php 
                        echo date($DateFormat, $date);
                        ?>
</td>
		 </tr>
		 <?php 
                    } else {
                        ?>
		 <tr class="row">
		    <td class="padLeft"><span style="color: #<?php 
                        echo $col;
                        ?>
"><b><?php 
                        echo OS_GetUsernameByUserID($FromID);
                        ?>
</b>, <?php 
                        echo date($DateFormat, $date);
                        ?>
</span></td>
		 </tr>
		 <tr>
		    <td><?php 
                        echo $text;
                        ?>
</td>
		 </tr>
		 <tr>
		   <td><div class="padTop padBottom">
		  <a class="menuButtons" href="<?php 
                        echo OS_HOME;
                        ?>
?action=pm&send=<?php 
                        echo $FromID;
                        ?>
&amp;m=<?php 
                        echo $_GET["m"];
                        ?>
">[SEND MESSAGE]</a>
		  <a class="menuButtons" href="<?php 
                        echo OS_HOME;
                        ?>
?action=pm&inbox">&laquo; Back</a>
		  </div></td>
		 </tr>
		 <?php 
                    }
                    ?>
		<?php 
                }
                if ($sth->rowCount() <= 0) {
                    ?>
<tr><td>No new messages</td></tr><?php 
                }
                ?>
		</table>
		<?php 
                os_pagination($numrows, $result_per_page, 5, 1, '&amp;inbox');
            }
            ?>
		<div class="padTop" style="margin-top:124px;"></div>
	 </div>
    </div>
   </div>
  </div>
</div>	 
	  <?php 
        }
    }