function char_mail(&$sqlr, &$sqlc)
{
global $output, $lang_global, $lang_char, $lang_mail, $realm_id, $realm_db, $mmfpm_db, $characters_db, $action_permission, $user_lvl, $user_name, $item_datasite, $itemperpage;
if (empty($_GET['id'])) {
error($lang_global['empty_fields']);
}
// this is multi realm support, as of writing still under development
// this page is already implementing it
if (empty($_GET['realm'])) {
$realmid = $realm_id;
} else {
$realmid = $sqlr->quote_smart($_GET['realm']);
if (is_numeric($realmid)) {
$sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']);
} else {
$realmid = $realm_id;
}
}
$id = $sqlc->quote_smart($_GET['id']);
if (is_numeric($id)) {
} else {
$id = 0;
}
//==========================$_GET and SECURE=================================
$start = isset($_GET['start']) ? $sqlc->quote_smart($_GET['start']) : 0;
if (is_numeric($start)) {
} else {
$start = 0;
}
$order_by = isset($_GET['order_by']) ? $sqlc->quote_smart($_GET['order_by']) : 'id';
if (preg_match('/^[_[:lower:]]{1,12}$/', $order_by)) {
} else {
$order_by = 'id';
}
$dir = isset($_GET['dir']) ? $sqlc->quote_smart($_GET['dir']) : 1;
if (preg_match('/^[01]{1}$/', $dir)) {
} else {
$dir = 1;
}
$order_dir = $dir ? 'ASC' : 'DESC';
$dir = $dir ? 0 : 1;
//==========================$_GET and SECURE end=============================
// getting character data from database
$result = $sqlc->query('SELECT account, name, race, class, level, gender
FROM characters WHERE guid = ' . $id . ' LIMIT 1');
if ($sqlc->num_rows($result)) {
$char = $sqlc->fetch_assoc($result);
// we get user permissions first
$owner_acc_id = $sqlc->result($result, 0, 'account');
$result = $sqlr->query('SELECT gmlevel, username FROM account WHERE id = ' . $char['account'] . '');
$owner_gmlvl = $sqlr->result($result, 0, 'gmlevel');
$owner_name = $sqlr->result($result, 0, 'username');
if ($user_lvl > $owner_gmlvl || $owner_name === $user_name) {
//------------------------Character Tabs---------------------------------
// we start with a lead of 10 spaces,
// because last line of header is an opening tag with 8 spaces
// keep html indent in sync, so debuging from browser source would be easy to read
$output .= '
<center>
<div id="tab_content">
<div id="tab">
<ul>
<li><a href="char.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['char_sheet'] . '</a></li>
<li><a href="char_inv.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['inventory'] . '</a></li>
<li><a href="char_extra.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['extra'] . '</a></li>
' . ($char['level'] < 10 ? '' : '<li><a href="char_talent.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['talents'] . '</a></li>') . '
<li><a href="char_achieve.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['achievements'] . '</a></li>
<li><a href="char_rep.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['reputation'] . '</a></li>
<li><a href="char_skill.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['skills'] . '</a></li>
<li><a href="char_quest.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['quests'] . '</a></li>';
if (char_get_class_name($char['class']) === 'Hunter') {
$output .= '
<li><a href="char_pets.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['pets'] . '</a></li>';
}
$output .= '
<li><a href="char_friends.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['friends'] . '</a></li>
<li><a href="char_spell.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['spells'] . '</a></li>
</ul>
<ul>';
// selected char tab at last
$output .= '
<li id="selected"><a href="char_mail.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['mail'] . '</a></li>';
$output .= '
</ul>
</div>
<div id="tab_content2">
<font class="bold">
' . htmlentities($char['name']) . ' -
<img src="img/c_icons/' . $char['race'] . '-' . $char['gender'] . '.gif"
onmousemove="toolTip(\'' . char_get_race_name($char['race']) . '\', \'item_tooltip\')" onmouseout="toolTip()" alt="" />
<img src="img/c_icons/' . $char['class'] . '.gif"
onmousemove="toolTip(\'' . char_get_class_name($char['class']) . '\',\'item_tooltip\')" onmouseout="toolTip()" alt="" /> - lvl ' . char_get_level_color($char['level']) . '
</font>
<br /><br />
<table class="lined" style="width: 100%">';
//---------------Page Specific Starts Ends here----------------------------
$query = $sqlc->query('SELECT a.id as id, a.messageType as messagetype, a.sender as sender,
a.subject as subject, a.itemTextId as itemtextid, a.has_items as hasitems, a.money as money, a.cod as cod, a.checked as checked,
b.item_template as itemtemplate
FROM mail a INNER JOIN mail_items b ON a.id = b.mail_id where a.receiver = ' . $id . ' LIMIT ' . $start . ', ' . $itemperpage . '');
$total_mail = $sqlc->result($sqlc->query('SELECT count(*) FROM mail WHERE receiver= ' . $id . ''), 0);
$output .= '
<tr>
<td align="left">
Total Mails: ' . $total_mail . '
</td>
<td align="right" width="45%">';
$output .= generate_pagination('char_mail.php?start=' . $start . '&order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1), $total_mail, $itemperpage, $start);
$output .= '
</td>
</table>
<table class="lined" style="width: 100%">
<tr>
<th width="5%">' . $lang_mail['mail_type'] . '</th>
<th width="10%">' . $lang_mail['sender'] . '</th>
<th width="15%">' . $lang_mail['subject'] . '</th>
<th width="5%">' . $lang_mail['has_items'] . '</th>
<th width="25%">' . $lang_mail['text'] . '</th>
<th width="20%">' . $lang_mail['money'] . '</th>
<th width="5%">' . $lang_mail['checked'] . '</th>
</tr>';
while ($mail = $sqlc->fetch_assoc($query)) {
$output .= '
<tr valign=top>
<td>' . get_mail_source($mail['messagetype']) . '</td>
<td><a href="char.php?id=' . $mail['sender'] . '">' . get_char_name($mail['sender']) . '</a></td>
<td>' . $mail['subject'] . '</td>
<td>
<a style="padding:2px;" href="' . $item_datasite . $mail['itemtemplate'] . '" target="_blank">
<img class="bag_icon" src="' . get_item_icon($mail['itemtemplate'], $sqlm) . '" alt="" />
</a>
</td>
<td>' . get_mail_text($mail['itemtextid']) . '</td>
<td>
' . substr($mail['money'], 0, -4) . '<img src="img/gold.gif" alt="" align="middle" />
' . substr($mail['money'], -4, 2) . '<img src="img/silver.gif" alt="" align="middle" />
' . substr($mail['money'], -2) . '<img src="img/copper.gif" alt="" align="middle" />
</td>
<td>' . get_check_state($mail['checked']) . '</td>
</tr>';
}
//---------------Page Specific Data Ends here----------------------------
//---------------Character Tabs Footer-----------------------------------
$output .= '
</table>
</div>
<br />
<table class="hidden">
<tr>
<td>';
// button to user account page, user account page has own security
makebutton($lang_char['chars_acc'], 'user.php?action=edit_user&id=' . $owner_acc_id . '', 130);
$output .= '
</td>
<td>';
// only higher level GM with delete access can edit character
// character edit allows removal of character items, so delete permission is needed
if ($user_lvl > $owner_gmlvl && $user_lvl >= $action_permission['delete']) {
makebutton($lang_char['edit_button'], 'char_edit.php?id=' . $id . '&realm=' . $realmid . '', 130);
$output .= '
</td>
<td>';
}
// only higher level GM with delete access, or character owner can delete character
if ($user_lvl > $owner_gmlvl && $user_lvl >= $action_permission['delete'] || $owner_name === $user_name) {
makebutton($lang_char['del_char'], 'char_list.php?action=del_char_form&check%5B%5D=' . $id . '" type="wrn', 130);
$output .= '
</td>
<td>';
}
// only GM with update permission can send mail, mail can send items, so update permission is needed
if ($user_lvl >= $action_permission['update']) {
makebutton($lang_char['send_mail'], 'mail.php?type=ingame_mail&to=' . $char['name'] . '', 130);
$output .= '
</td>
<td>';
}
makebutton($lang_global['back'], 'javascript:window.history.back()" type="def', 130);
$output .= '
</td>
</tr>
</table>
<br />
</center>
<!-- end of char_mail.php -->';
} else {
error($lang_char['no_permission']);
}
} else {
error($lang_char['no_char_found']);
}
}
function search()
{
global $lang_global, $lang_mail, $output, $itemperpage, $item_datasite, $mangos_db, $characters_db, $realm_id, $sql_search_limit;
wowhead_tt();
if (!isset($_GET['search_value']) || !isset($_GET['search_by'])) {
redirect("mail_on.php?error=2");
}
$sql = new SQL();
$sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$search_value = $sql->quote_smart($_GET['search_value']);
$search_by = $sql->quote_smart($_GET['search_by']);
$search_menu = array('sender', 'receiver');
// if (!array_key_exists($search_by, $search_menu)) $search_by = 'sender';
$start = isset($_GET['start']) ? $sql->quote_smart($_GET['start']) : 0;
$order_by = isset($_GET['order_by']) ? $sql->quote_smart($_GET['order_by']) : "id";
$dir = isset($_GET['dir']) ? $sql->quote_smart($_GET['dir']) : 1;
$order_dir = $dir ? "ASC" : "DESC";
$dir = $dir ? 0 : 1;
if ($search_value == '') {
$search_by .= ' != 0';
} else {
$temp = $sql->query("SELECT guid FROM `characters` WHERE name like '%{$search_value}%'");
$search_value = $sql->result($temp, 0, 'guid');
$search_by .= ' =' . $search_value;
}
$query_1 = $sql->query("SELECT count(*) FROM `mail`");
$query = $sql->query("SELECT a.id, a.messageType, a.sender, a.receiver, a.subject, a.body, a.has_items, a.money, a.cod, a.checked, b.item_template\r\n FROM mail a\r\n LEFT JOIN mail_items b ON a.id = b.mail_id\r\n WHERE {$search_by}\r\n ORDER BY {$order_by} {$order_dir} LIMIT {$start}, {$itemperpage}");
$this_page = $sql->num_rows($query);
$all_record = $sql->result($query_1, 0);
$total_found = $sql->num_rows($query);
//==========================top page navigation starts here========================
$output .= "<center><table class=\"top_hidden\">\r\n <tr><td>\r\n <table class=\"hidden\">\r\n <tr><td>\r\n <form action=\"mail_on.php\" method=\"get\" name=\"form\">\r\n <input type=\"hidden\" name=\"action\" value=\"search\" />\r\n <input type=\"hidden\" name=\"error\" value=\"4\" />\r\n <input type=\"text\" size=\"45\" name=\"search_value\" />\r\n <select name=\"search_by\">\r\n <option value=\"a.sender\">Sender</option>\r\n <option value=\"a.receiver\">Receiver</option>\r\n </select></form></td><td>";
makebutton($lang_global['search'], "javascript:do_submit()", 80);
$output .= "</td></tr></table>\r\n <td align=\"right\">";
$output .= generate_pagination("mail_on.php?action=search&order_by={$order_by}&dir=" . !$dir, $all_record, $itemperpage, $start);
$output .= "</td></tr></table>";
//==========================top page navigation ENDS here ========================
$output .= "<table class=\"lined\">\r\n <tr>\r\n <th width=\"5%\">" . $lang_mail['id'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['mail_type'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['sender'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['receiver'] . "</th>\r\n <th width=\"15%\">" . $lang_mail['subject'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['has_items'] . "</th>\r\n <th width=\"25%\">" . $lang_mail['text'] . "</th>\r\n <th width=\"20%\">" . $lang_mail['money'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['checked'] . "</th>\r\n </tr>";
while ($mail = $sql->fetch_array($query)) {
$g = floor($mail[7] / 10000);
$mail[7] -= $g * 10000;
$s = floor($mail[7] / 100);
$mail[7] -= $s * 100;
$c = $mail[7];
$money = "";
if ($mail[7] > 0) {
$money = $g . "<img src=\"./img/gold.gif\" /> " . $s . "<img src=\"./img/silver.gif\" /> " . $c . "<img src=\"./img/copper.gif\" /> ";
}
$output .= "<tr valign=top>\r\n <td>{$mail['0']}</td>\r\n <td>" . get_mail_source($mail[1]) . "</td>\r\n <td><a href=\"char.php?id={$mail['2']}\">" . get_char_name($mail[2]) . "</a></td>\r\n <td><a href=\"char.php?id={$mail['3']}\">" . get_char_name($mail[3]) . "</a></td>\r\n <td>{$mail['4']}</td>\r\n ";
$output .= "<td>";
if ($mail[6]) {
$output .= "\r\n <a style=\"padding:2px;\" href=\"{$item_datasite}{$mail[10]}\" target=\"_blank\">\r\n <img class=\"bag_icon\" src=\"" . get_item_icon($mail[10]) . "\" alt=\"\" />\r\n </a>";
}
//maketooltip("<img src=\"./img/up.gif\" alt=\"\">", $item_datasite{$mail[10]}, $mail[10], "item_tooltip", "target=\"_blank\"");
$output .= "</td>";
$output .= "<td>" . get_mail_text($mail[0]) . "</td>\r\n <td>{$money}</td>\r\n <td>" . get_check_state($mail[9]) . "</td>\r\n </tr>";
}
/*--------------------------------------------------*/
$output .= "<tr><td colspan=\"6\" class=\"hidden\" align=\"right\">All Mails: {$all_record}</td></tr>\r\n </table></center>";
$sql->close();
}
