print "";
if ($log) {
$username = $loguser['name'];
$passhint = 'Alternate Login:'******'altlogin').style.cssText=''; this.style.cssText='display:none'\">Use an alternate login</a>\n\t\t\t\t<span id=\"altlogin\" style=\"display:none\">";
} else {
$username = '';
$passhint = 'Login Info:';
$altloginjs = "<span>";
}
$quotemsg = "";
if (filter_int($postid)) {
$post = $sql->fetchq("SELECT user,text,thread FROM posts,posts_text WHERE id={$postid} AND id=pid");
$post['text'] = str_replace('<br>', $br, $post['text']);
$u = $post['user'];
$users[$u] = loaduser($u, 1);
if ($post['thread'] == $id) {
$quotemsg = "[quote={$users[$u]['name']}]{$post['text']}[/quote]\r\n";
}
}
print "\n\t\t\t<body>\n\t\t\t{$tccellh} width=150> </td>{$tccellh} colspan=2> <tr>\n\t\t\t{$tccell1}><b>{$passhint}</td> {$tccell2l} colspan=2>\n\t\t\t{$altloginjs}\n\t\t\t<b>Username:</b> {$inpt}=username VALUE=\"" . htmlspecialchars($username) . "\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\">\n\n\t\t\t<!-- Hack around autocomplete, fake inputs (don't use these in the file) -->\n\t\t\t<input style=\"display:none;\" type=\"text\" name=\"__f__usernm__\">\n\t\t\t<input style=\"display:none;\" type=\"password\" name=\"__f__passwd__\">\n\n\t\t\t<b>Password:</b> {$inpp}=password SIZE=13 MAXLENGTH=64 autocomplete=\"off\">\n\t\t\t</span><tr>\n\t\t\t{$tccell1}><b>Reply:</td>\n\t\t\t{$tccell2l} width=800px valign=top>\n\t\t\t{$txta}=message ROWS=21 COLS={$numcols} style=\"width: 100%; max-width: 800px; resize:vertical;\">" . htmlspecialchars($quotemsg, ENT_QUOTES) . "</TEXTAREA></td>\n\t\t{$tccell2l} width=*>" . moodlist(filter_int($moodid)) . "</td><tr>\n\t\t<tr>\n\t\t\t{$tccell1}> </td>{$tccell2l} colspan=2>\n\t\t\t{$inph}=action VALUE=postreply>\n\t\t\t{$inph}=id VALUE={$id}>\n\t\t\t{$inph}=valid value=\"" . md5($_SERVER['REMOTE_ADDR'] . $id . "sillysaltstring") . "\">\n\t\t\t{$inps}=submit VALUE=\"Submit reply\">\n\t\t\t{$inps}=preview VALUE=\"Preview reply\"></td>\n\t\t<tr>{$tccell1}><b>Options:</b></td>{$tccell2l} colspan=2>\n\t\t\t{$inpc}=\"nosmilies\" id=\"nosmilies\" value=\"1\"><label for=\"nosmilies\">Disable Smilies</label> -\n\t\t\t{$inpc}=\"nolayout\" id=\"nolayout\" value=\"1\"><label for=\"nolayout\">Disable Layout</label> -\n\t\t\t{$inpc}=\"nohtml\" id=\"nohtml\" value=\"1\"><label for=\"nohtml\">Disable HTML</label></td></tr>\n\t\t\t{$modoptions}\n\t\t\t{$tblend}\n\t\t\t<br>\n\t\t\t{$tblstart}{$postlist}{$tblend}\n\t\t</table>\n\t\t\t</form>\n\t\t{$fonttag}<a href=index.php>{$boardname}</a> - <a href=forum.php?id={$forumid}>{$forum['title']}</a> - {$thread['title']}";
} elseif (!$_POST['action']) {
print $header;
print "{$tccell1}>You are not allowed to post in this thread.\n\t\t<br>" . redirect("index.php", 'return to the index page', 0) . "</table>";
}
if ($_POST['action'] == 'postreply' && !($banned && $log) && $id > 0) {
if ($log && !$password) {
$userid = $loguserid;
} else {
$userid = checkuser($username, $password);
}
}
}
print "{$header}{$fonttag}<a href=index.php>{$boardname}</a> - <a href=private.php>Private messages</a>{$tblstart}";
if (!$action) {
print '<body onload=window.document.REPLIER.message.focus()><FORM ACTION=sendprivate.php NAME=REPLIER METHOD=POST>';
if ($log && $id) {
$user = loaduser($msg['userfrom'], 1);
$quotemsg = "[quote={$user['name']}]{$msg['text']}[/quote]\r\n";
$subject = "Re: {$msg['title']}";
$tcellbg = "{$tccell1l} valign=top";
$postlist = "\n\t\t\t\t{$tccellh} width=150>User</td>\n\t\t\t\t{$tccellh}>Message<tr>\n\t\t\t\t{$tcellbg}><a href=profile.php?id={$user['id']}>{$user['name']}</a>{$smallfont}<br>\n\t\t\t\tPosts: {$postnum}{$user['posts']}</td>\n\t\t\t\t{$tcellbg}>" . doreplace2($msg[text]) . "<tr>\n\t\t\t";
} else {
$postlist = '';
}
if ($userid) {
$user = loaduser($userid, 1);
}
$user['name'] = htmlspecialchars($user['name']);
$subject = htmlspecialchars($subject);
print "\n\t\t\t{$tccellh} width=150> </td>\n\t\t\t{$tccellh}> <tr>\n\t\t\t{$tccell1}><b>Send to:</td>\t {$tccell2l}>{$inpt}=username value=\"{$user['name']}\" size=25 maxlength=25><tr>\n\t\t\t{$tccell1}><b>Subject:</td>\t {$tccell2l}>{$inpt}=subject value=\"{$subject}\" size=60 maxlength=100><tr>\n\t\t\t{$tccell1}><b>Message:</td>\t {$tccell2l}>{$txta}='message' rows=20 cols={$numcols}>{$quotemsg}</textarea><tr>\n\t\t\t{$tccell1}> </td>\t\t {$tccell2l}>\n\t\t\t{$inph}=action VALUE=sendmsg>\n\t\t\t{$inps}=submit VALUE='Send message'>\n\t\t\t{$inps}=preview VALUE='Preview message'></td>\n\n\t\t\t{$tblend}\n\t\t\t</FORM>\n\t\t\t<br>{$tblstart}{$postlist}{$tblend}\n\t\t\t{$fonttag}<a href=index.php>{$boardname}</a> - <a href=private.php>Private messages</a>\n\t\t";
}
if ($action == 'sendmsg') {
$username = stripslashes($_POST['username']);
$userid = checkusername($username);
if ($userid == -1) {
print "{$tccell1}>Couldn't send the message. You didn't enter an existing username to send the message to.\n\t\t\t\t<br>" . redirect('private.php', 'your private message box', 2);
} elseif (!$subject) {
print "{$tccell1}>Couldn't send the message. You didn't enter a subject.\n\t\t\t\t<br>" . redirect('private.php', 'your private message box', 2);
} else {
$subject = str_replace('<', '<', $subject);
$sign = $loguser['signature'];
