function jakoblist_search()
{
global $wpdb;
$books = $wpdb->get_results("SELECT * FROM `" . $wpdb->prefix . "jakoblist` order by `" . $order . "`" . $direction . "");
$result = '';
if (count($books) == 0) {
/* wenn nix da is */
} else {
/* wenn was da is */
foreach ($books as $book) {
$class = 'alternate' != $class ? 'alternate' : '';
echo '<form action="" method="post"><tr class="' . $class . '">';
echo '<td>' . strclean($book->title) . '</td>';
echo '<td>' . strclean($book->author) . '</td>';
echo '<td>' . strclean($book->publisher) . '</td>';
echo '<td>' . strclean($book->info) . '</td>';
echo '<td align="left"><input type="button" name="edit" value=" ✎ " class="button-secondary" onclick=location.href="';
echo bloginfo('wpurl') . '/wp-admin/admin.php?page=jakoblist_edit&id=' . $book->id . '"';
echo '></td>';
echo '<td align="center"><input type="button" name="-" value=" - " class="button-secondary" onclick=location.href="';
echo bloginfo('wpurl') . '/wp-admin/admin.php?page=jakoblist&func=jakoblist_remove&id=' . $book->id . '"';
echo '></td>';
echo '</tr></form>';
}
}
}
$info = strclean($_POST["info"]);
$upd = $con->update("videos", "name='{$name}', info ='{$info}'", "id={$id}");
if ($upd) {
exit("<div {$style}>Successfully updated {$name}</div>");
} else {
exit("<div {$style}>Error updating {$name}</div>");
}
}
if (isset($_POST["add"])) {
$img = $_FILES["upl"]["tmp_name"];
$video = $_FILES["vid"]["tmp_name"];
if (is_uploaded_file($video) && preg_match('/mp4|avi|mpeg|3gp|mkv|flv|mov/', extension($_FILES["vid"]["name"]))) {
$_300x300 = is_uploaded_file($img) ? upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 300, 300) : DEF_VID_IMG;
$vid = md5($video . " " . date("U")) . rand(0, 9) . extension($_FILES["vid"]["name"]);
if ($_300x300 && copy($video, "../video/{$vid}")) {
$name = strclean($_POST["name"]);
$name = strlen($name) < 2 ? $_SESSION["user"] . "'s video " . rand(10, 999) : $name;
$name = _hstr_($name, false);
$info = _hstr_($_POST["info"], false);
$q = $con->insertInto("videos", array($user, $name, $info, $_300x300, $vid, 1, date("U"), 0));
if ($q) {
$q = mysqli_query($conc, "SELECT id FROM videos WHERE user = '******' AND name = '{$name}' AND vid = '{$vid}'");
$r = mysqli_fetch_array($q);
$q = $con->insertInto("hist", array(6, 0, $user, $name . "::__::__::" . $r[0], date("U")));
$q = NULL;
$con->close_db_con($conc);
exit("<div {$style}>{$name} has been successfully added.</div>");
} else {
if (is_file("../prev/" . $_300x300) && strstr($_300x300, DEF_VID_IMG) < 0) {
unlink("../prev/" . $_300x300);
}
}
if (isset($_POST["profile"])) {
$q = NULL;
$name = strclean($_POST["name"]);
$loc = strclean($_POST["loc"]);
$bio = _hstr_($_POST["bio"], false);
$web = urlencode($_POST["web"]);
$work = strclean($_POST["work"]);
$edu = strclean($_POST["edu"]);
$bday = $_POST["bday"];
$sex = intval($_POST["sex"]);
// if(!preg_match('-(\d{2})/(\d{2})/(\d{4})-',$bday))
// {
// exit("<div $style>Your birthday should be in this format {MM/DD/YYYY}</div>");
// }
$status = strclean($_POST["status"]);
$status2 = $status == 4 ? _hstr_($_POST["status_"], 2) : "";
list($img1, $img2, $img3) = explode("____", $_POST["imgs"]);
$img = $_FILES["upl"]["tmp_name"];
if (is_uploaded_file($img)) {
$mdir = "{$pth}/profile_pic/";
$_50x50 = upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 70, 70, $mdir);
$_150x150 = upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 150, 150, $mdir);
$_400x400 = upload_pic($img, $_FILES["upl"]["type"], $_FILES["upl"]["tmp_name"], 500, 500, $mdir);
$_50x50 = str_replace($pth, "", $_50x50);
$_150x150 = str_replace($pth, "", $_150x150);
$_400x400 = str_replace($pth, "", $_400x400);
if ($_50x50 && $_150x150 && $_400x400) {
$q = mysqli_query($conc, "SELECT img1,img2,img3 FROM users WHERE id={$uid}");
$r = NULL;
$r = mysqli_fetch_array($q);
function jakoblist_manage()
{
global $wpdb;
//Important! DBQueries don't work without this!
/*
Scan the URL for sort/order parameters and keep them.
*/
$searchterm = $_GET['search'];
switch ($_GET['orderby']) {
case 'title':
$orderby = "title";
break;
case 'author':
$orderby = "author";
break;
case 'publisher':
$orderby = "publisher";
break;
case 'info':
$orderby = "info";
break;
case 'price':
$orderby = "price";
break;
default:
$orderby = "title";
}
switch ($_GET['order']) {
case 'desc':
$order = "DESC";
break;
default:
$order = "";
}
if ($_GET['search'] == '') {
/* Alles außer Suche */
$books = $wpdb->get_results("SELECT * FROM `" . $wpdb->prefix . "jakoblist` order by `" . $orderby . "`" . $order . "");
} else {
/* Suche */
$books = $wpdb->get_results("SELECT * FROM `" . $wpdb->prefix . "jakoblist` WHERE `title` LIKE '%" . $searchterm . "%' OR `author` LIKE '%" . $searchterm . "%' OR `publisher` LIKE '%" . $searchterm . "%' OR `info` LIKE '%" . $searchterm . "%' order by `" . $orderby . "` " . $order . "");
}
?>
<div class="wrap">
<h2>Bücherliste verwalten <a href="admin.php?page=jakoblist_edit" class="button add-new-h2" >Neues Buch</a><?php
if ($_GET['search']) {
echo '<span class=\'subtitle\'> Suchergebnisse für "' . $_GET['search'] . '"</span>';
}
?>
</h2>
<table style="margin-bottom:0.2em;">
<tr>
<td class="tablenav">
<span class="displaying-num"><?php
echo count($books);
?>
<?php
echo 'Bücher';
?>
</span>
</td>
<td>
<form action="admin.php?" method="get">
</td>
<td width="100%">
</td>
<td>
<input type="text" value="<?php
echo $_GET["search"];
?>
" name="search" />
</td>
<td>
<input type="hidden" name="page" value="jakoblist">
<input type="hidden" name="orderby" value="<?php
echo $orderby;
?>
">
<input type="hidden" name="order" value="<?php
echo $order;
?>
">
<input type="submit" value=" <?php
echo _("suchen");
?>
" class="button-secondary" />
</td>
</form>
</tr>
</table>
<table id="mytable" class="widefat" width="50%">
<thead>
<tr>
<th width="20%" class="manage-column column-date <?php
sort_class('title', $orderby, $order);
?>
"><a href="<?php
echo sort_link('title', $orderby, $order, $searchterm);
?>
">Titel<?php
if ($orderby == 'title') {
echo '<span class=sorting-indicator> </span>';
}
?>
</a></th>
<th width="20%" class="manage-column column-date <?php
sort_class('author', $orderby, $order);
?>
"><a href="<?php
echo sort_link('author', $orderby, $order, $searchterm);
?>
">Autor<?php
if ($orderby == 'author') {
echo '<span class="sorting-indicator"></span>';
}
?>
</a></th>
<th width="20%" class="manage-column column-date <?php
sort_class('publisher', $orderby, $order);
?>
"><a href="<?php
echo sort_link('publisher', $orderby, $order, $searchterm);
?>
">Verlag<?php
if ($orderby == 'publisher') {
echo '<span class="sorting-indicator"></span>';
}
?>
</a></th>
<th class="manage-column column-date <?php
sort_class('info', $orderby, $order);
?>
"><a href="<?php
echo sort_link('info', $orderby, $order, $searchterm);
?>
">Information<?php
if ($orderby == 'info') {
echo '<span class="sorting-indicator"></span>';
}
?>
</th>
<th colspan="3" width="10"></th>
</tr>
</thead>
<tbody>
<?php
/*<tr>
<form action="admin.php?page=jakoblist&func=jakoblist_add" method="post">
<td><input name="title" type="text" size="30%" maxlength="200"><br /><em>Max. 200 Zeichen</em></td>
<td><input name="author" type="text" size="30%" maxlength="200"><br /><em>Max. 200 Zeichen</em></td>
<td><input name="publisher" type="text" size="30%" maxlength="200"><br /><em>Max. 200 Zeichen</em></td>
<td><input name="info" type="text" size="50%" maxlength="200"><br /><em>Max. 200 Zeichen</em></td>
<td><input name="price" type="text" size="10" maxlength="10"><br /><em>Max. 200 Zeichen</em></td>
<td align="left" colspan="2"><input type="submit" name="add" value=" ✚ " class="button-primary" onclick=''></td>
</form>
</tr> */
?>
<?php
global $wpdb;
//Important! DBQueries don't work without this!
/*if($_GET['search'] == '' )
{
$books = $wpdb->get_results( "SELECT * FROM `".$wpdb->prefix."jakoblist` order by `".$orderby."`".$order."" );
}
else
{
$books = $wpdb->get_results( "SELECT * FROM `".$wpdb->prefix."jakoblist` WHERE `title` LIKE '%".$searchterm."%' OR `author` LIKE '%".$searchterm."%' OR `publisher` LIKE '%".$searchterm."%' OR `info` LIKE '%".$searchterm."%' order by `".$orderby."` ".$order."" );
}*/
if (count($books) > 0) {
/* keine Suchergebnisse */
foreach ($books as $book) {
$thecurrency = ' €';
//temporary, check back soon
$status = !$book->active ? '<br /><span class="post-state">Entwurf</span>' : '';
$class = 'alternate' != $class ? 'alternate' : '';
$editlink = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=jakoblist_edit&id=' . $book->id;
echo '<form action="" method="post"><tr class="' . $class . '">';
echo '<td><strong><a class="row-title" href="' . $editlink . '">' . strclean($book->title) . '</a>' . $status . '</strong></td>';
echo '<td>' . strclean($book->author) . '</td>';
echo '<td>' . strclean($book->publisher) . '</td>';
echo '<td>' . strclean($book->info) . '</td>';
echo '<td align="right">' . strclean($book->price) . $thecurrency . '</td>';
/*echo '<td align="left"><input type="button" name="edit" value=" ✎ " class="button-secondary" onclick=location.href="';
echo $editlink.'"';
echo '></td>';*/
echo '<td align="center"><input type="button" name="-" value=" - " class="button-secondary" onclick="if(confirm(\'Sind Sie sicher?\')) {location.href=\'';
echo bloginfo('wpurl') . '/wp-admin/admin.php?page=jakoblist&func=jakoblist_remove&id=' . $book->id . '\'} else {return false;}"';
echo '></td>';
echo '</tr></form>';
}
}
?>
</tbody>
</table>
</div>
<?php
}
function _post_array_string($nom)
{
$array = isset($_POST[$nom]) && is_array($_POST[$nom]) ? $_POST[$nom] : null;
if (isset($array)) {
foreach ($array as $clef => $item) {
if (get_magic_quotes_gpc()) {
$item = stripslashes($item);
}
$array[$clef] = strclean($item);
}
}
return $array;
}
<?php
include "../scripts/db.php";
$con = new db();
$conc = $con->c();
header("Content-Type: text/xml");
$user = md5($_POST["user"]);
echo "<?xml version='1.0' encoding='utf-8' ?><bubble uid='{$user}'>";
$action = $_POST["action"];
$p = sha1($_POST["p"]);
$id = $_POST["id"];
$time = $_POST["time"];
$msg = _hstr_(strclean($_POST["msg"]), false);
switch ($action) {
case 1:
$q = mysqli_query($conc, "SELECT * FROM `users` WHERE `em` = '{$user}' AND `pass` = '{$p}' ");
$r = mysqli_fetch_assoc($q);
if (mysqli_num_rows($q) == 1) {
echo "<name>" . $r["fname"] . " " . $r["lname"] . "</name>";
echo "<img>" . str_replace("../", "http://localhost/bubble/", $r["img_m"]) . "</img>";
} else {
echo "<error>Invalid Credentials</error>";
}
break;
case 2:
$q = mysqli_query($conc, "SELECT `email`,`femail`,`id` FROM `pals` WHERE `email` = '{$user}' OR `femail` = '{$user}' ");
$q2 = mysqli_query($conc, "UPDATE `chat_online` SET `time` = " . date("U") . " WHERE `email` = '{$user}'");
while ($r = mysqli_fetch_array($q)) {
$em = $r[0] == $user ? $r[1] : $r[0];
$tm = date("U") - 60 * 10;
$q2 = mysqli_query($conc, "SELECT `email` FROM `chat_online` WHERE `email` = '{$em}' AND `time` > {$tm}");
function _hstr_($str, $is_mail)
{
$pr = explode(" ", $str);
$ostr = $str;
$href = array();
$mention = array();
$trend = array();
$music = array();
$art = array();
$video = array();
foreach ($pr as $a) {
if (stripos($a, "http://") !== false && !in_array($a, $href)) {
$str = str_replace($a, "-{$a} -", $str);
array_push($href, $a);
} else {
if (stripos($a, "@") !== false && !in_array($a, $mention)) {
$str = str_replace($a, "_{$a} _", $str);
array_push($mention, $a);
send_mention_mail($a, $ostr, $is_mail);
} else {
if (stripos($a, "#") !== false && !in_array($a, $trend)) {
$str = str_replace($a, "_{$a} _", $str);
array_push($trend, $a);
}
}
}
/*( else if(stripos($a,"[art:") !== false && !in_array($a,$art))
{
$str = str_replace($a,"_$a _",$str);
array_push($mention,$a);
}
else if(stripos($a,"[music:") !== false && !in_array($a,$music))
{
$str = str_replace($a,"_$a _",$str);
array_push($trend,$a);
}
*/
}
$href = null;
$mention = null;
$trend = null;
return strclean($str);
}
session_start();
$dbfile = "./scripts/db.php";
if (file_exists($dbfile)) {
require_once $dbfile;
} else {
require_once "." . $dbfile;
}
if (!isset($_SESSION["uid"], $_SESSION["user"])) {
exit("<div class='m_s_g'>Invalid Authentication<div>");
}
$uid = $_SESSION["uid"];
$mobile = $_POST["mobile"];
$arg = strclean($_REQUEST["s"]);
if (!isset($_REQUEST['s'])) {
$arg = strclean($_REQUEST["search"]);
}
list($s1, $s2) = explode(" ", $arg, 2);
$page = intval($_POST["page"]);
$pp = $page > 0 ? $page - 1 : 0;
$url = PTH . "/";
$b = PTH;
function getArt($con, $s, $s1, $s2)
{
$q = mysqli_query($con, "SELECT `art`.`id`,`art`.`user`,`art`.`name`,`art`.`info`,`art`.`img1`,`art`.`img2`,`art`.`img3`,`art`.`date`,`users`.`user` FROM `art` INNER JOIN `users` ON `users`.`id` = `art`.`user` WHERE art.name LIKE '%{$s}%' OR art.info LIKE '%{$s}%' LIMIT 0, 20");
if (mysqli_num_rows($q) == 0) {
return "<div class='m_s_g'>No content available</div>";
}
$n = 0;
$ans = "<table><tr>";
while ($r = mysqli_fetch_array($q)) {
session_start();
include "../scripts/db.php";
if (!isset($_SESSION["user"])) {
exit("<div class='m_s_g'>Invalid Authentication<div>");
}
$uid = intval($_SESSION["uid"]);
$u = $_POST["uid"];
if (ctype_digit($u) && $u == 0) {
exit("<div style='padding:30px;'><a href='" . PTH . "/' style='font-size:20px;'>Join Muzik Kitchen</a></div>");
}
if ($u == $uid || $u == $_SESSION["user"]) {
// exit();
}
if (isset($u) && strlen($u) > 4) {
$u = strclean($u);
$con = new db();
$conc = $con->c();
$q = mysqli_query($conc, "SELECT id,user,name,img1,sex,bio,bg,bgcolor,web FROM users WHERE id = '{$u}' OR user = '******'");
if (mysqli_num_rows($q) == 0) {
$con->close_db_con($conc);
exit("<div class='m_s_g' align='center'>This user '{$u}' doest not exist.</div>");
}
$r = mysqli_fetch_array($q);
$q = NULL;
$q = mysqli_query($conc, "SELECT * FROM follow WHERE u1 = {$r['0']}");
$ff = mysqli_num_rows($q);
$feeds = numfeeds($conc, $r[0]);
$q = NULL;
$q = mysqli_query($conc, "SELECT `post`.`id`,`post`.`user`,`post`.`post`,`post`.`date`,`users`.`img1`,`users`.`user`,`users`.`name` ,`post`.`client`,`post`.`rid`,`post`.`type` FROM post INNER JOIN users ON (`post`.`user` = `users`.`id`) WHERE `post`.`user` = {$r['0']} ORDER BY `post`.`id` DESC LIMIT 0,3");
while ($rr = mysqli_fetch_array($q)) {
$qq = mysqli_query($conc, "DELETE FROM comment WHERE cid = {$id} AND type = 2");
if ($owner == 1) {
unlink("../music/" . $mp3);
}
if ($q) {
$con->close_db_con($conc);
exit("<div {$style}>Successfully Deleted.</div>");
} else {
$con->close_db_con($conc);
exit("<div {$style}>Incomplete Deletion</div>");
}
}
if (isset($_POST["upd"])) {
$id = intval($_POST["id"]);
$name = strclean($_POST["name"]);
$info = strclean($_POST["info"]);
$upd = $con->update("music", "name='{$name}', info ='{$info}'", "id={$id}");
if ($upd) {
exit("<div {$style}>Successfully updated {$name}</div>");
} else {
exit("<div {$style}>Error updating {$name}</div>");
}
}
if (isset($_POST["add"])) {
$music = $_FILES["mp3"]["tmp_name"];
if (is_uploaded_file($music)) {
$type = extension($_FILES["mp3"]["name"]);
if ($type != ".mp3" && $_FILES["mp3"]["type"] != "audio/mpeg") {
exit("<div {$style}>" . $_FILES["mp3"]["type"] . "'{$type}' formats are not supoorted, please upload mp3 only</div>");
}
$mp3 = md5($music . " " . date("U")) . rand(0, 9) . $type;
<?php
include "../scripts/db.php";
$post = "RP: @fisicallyFeet RP: @omish RP: @papaste @fisicallyFeet @omish @easymind @DonZion";
$post = strclean(_hstr_($post, false));
$post = str_replace("__@", "_@", $post);
$post = str_replace(" _ _ ", " _ ", $post);
//echo $post;
$m = " @papaste @fisicallyFeet @omish [music:5] @papaste @fisicallyFeet @omish";
$con = new db();
$conc = $con->c();
$conc = $con->c();
$q = mysqli_query($conc, "SELECT id,img1,img2,img3 FROM users");
echo "no. of users " . mysqli_num_rows($q);
if (isset($_GET["no"])) {
$con->close_db_con($conc);
exit;
}
while ($r = mysqli_fetch_array($q)) {
$img1 = str_replace("..", "", $r[1]);
$img2 = str_replace("..", "", $r[2]);
$img3 = str_replace("..", "", $r[3]);
$img1 = str_replace("d70.jpg", "d70.png", $img1);
$img2 = str_replace("d150.jpg", "d150.png", $img2);
$img3 = str_replace("d500.jpg", "d500.png", $img3);
$qq = mysqli_query($conc, "UPDATE users SET img1='{$img1}',img2='{$img2}',img3='{$img3}' WHERE id = {$r['0']}");
echo $img1 . "<br/>";
}
$q = mysqli_query($conc, "SELECT id,img1,img2,img3 FROM art");
while ($r = mysqli_fetch_array($q)) {
$img1 = str_replace("..", "", $r[1]);
<?php
if (intval($uid) == 0) {
exit;
}
$msg_to = strclean($_GET["to"]);
if (!$con) {
$con = new db();
}
$msg_r = $con->query("users", "id", "user='******' or id='{$msg_to}'");
if ($msg_r[0] == 1) {
$msg_rr = mysqli_fetch_array($msg_r[1]);
?>
<div id="compose" class="scolumn">
<table class="wp" style="width:100%;padding:40px 40px 40px 40px;">
<tr>
<td></td>
<td>To : <input type="text" style="text-decoration:underline;" value="<?php
echo $msg_to;
?>
"disabled="disabled" class="txt" />
</td>
</tr>
<tr>
<td></td>
<td><input type="hidden" id="txtto" value="<?php
echo $msg_rr[0];
?>
"/></td></tr><tr><td></td><td>Subject</td>
</tr>
<?php
session_start();
include "../scripts/db.php";
$uid = $_SESSION["uid"];
if (!isset($_SESSION["user"], $_SESSION["p"]) || $uid == 0) {
exit("<div class='m_s_g'>Invalid Authentication<div>");
}
$loc = $_POST["loc"];
$post = $_POST["post"];
$real_post = $post;
$post = _hstr_($post, false);
$client = strclean($_POST["client"]);
$id = intval($_POST["rid"]);
$type = intval($_POST["type"]);
function _Trend($str, $con)
{
global $uid;
$pos = stripos($str, "#");
if ($pos !== false) {
$preg = preg_split("/ /", $str, -1);
foreach ($preg as $s) {
if (stristr($s, "#")) {
$q = mysqli_query($con, "SELECT id FROM trend WHERE trend LIKE '{$s}'");
if (mysqli_num_rows($q) == 0) {
$qq = mysqli_query($con, "INSERT INTO trend Values (NULL, {$uid},'{$s}',1," . date("U") . ")");
} else {
$qq = mysqli_query($con, "UPDate trend set tc=tc+1 WHERE trend LIKE '{$s}'");
}
}
}
<?php
session_start();
include "../scripts/db.php";
if (!isset($_SESSION["user"], $_SESSION["p"])) {
exit("<div class='m_s_g'>Invalid Authentication<div>");
}
$uid = $_SESSION["uid"];
$nm = $_POST["nm"];
$string = strclean($_POST["s"]);
$string = str_replace("_", "", $string);
list($s1, $s2) = explode(" ", $string, 2);
if ($s2 == "" || !$s2) {
$s2 = $s1;
}
if (isset($string)) {
$con = new db();
$conc = $con->c();
$users = mysqli_query($conc, "SELECT `id`,`user`,`name` FROM `users` WHERE `name` LIKE '%{$string}%' OR `user` LIKE '%{$string}%' OR `email` LIKE '{$string}' OR `name` LIKE '{$s1}' OR `name` LIKE '%{$s1}%' OR `user` LIKE '%{$s2}%' OR `user` LIKE '%{$s1}%' OR `name` LIKE '%{$s2}%' ORDER BY `user` ASC LIMIT 0 , 10");
$n = 0;
$result = "<input type='hidden' id='_hedin' value='' />";
while ($q = mysqli_fetch_array($users)) {
$pals = mysqli_query($conc, "SELECT `u1` FROM `follow` WHERE (`u1` ='{$q['0']}' AND `u2` ='{$uid}')");
$bool = false;
if ($nm == 1) {
$bool = $q[0] == $user;
}
if (mysqli_num_rows($pals) == 1 || $bool) {
$n++;
$name = "{$q['1']} [{$q['2']}]";
$fn = $name;
echo "</div></td><td valign='top'><div id='rightcolumn'>";
if (!$ismobile) {
requireonce_("./actions/right_column.php");
requireonce_("./right_column.php");
}
echo "</div></td></tr></table></div>";
?>
<input type="hidden" id="eval_script" value="now_playing(<?php
echo intval($type - 1);
?>
,<?php
echo $mediaID;
?>
);document.title='Muzik Kitchen | <?php
echo strclean($title);
?>
'
" />
<?php
if ($ismobile == 2 || isset($_GET["media"])) {
?>
<script language="javascript">
$(document).ready(function(e) {
try{
$(".subdiv").html(_str($(".subdiv").html()));
var uid = document.getElementById("upid").value;
var div = new createCommentDiv(<?php
echo "'" . $_GET["mediaID"] . "','" . $_GET["type"] . "','{$owner}'";
?>
<?php
session_start();
include "../scripts/db.php";
if (!isset($_SESSION["uid"], $_SESSION["user"])) {
exit("<div class='m_s_g'>Invalid Authentication<div>");
}
$uid = $_SESSION["uid"];
$msg = _hstr_($_POST["msg"], false);
$subj = strclean($_POST["subj"]);
$to = $_POST["u2"];
$id = $_POST["id"];
if (isset($msg) && $msg != "") {
if ($uid == $to) {
die("You cannot send a message to yourself");
exit;
}
$con = new db();
$conc = $con->c();
if (isset($subj) && !isset($id) && isset($to) && $to != "") {
if ($subj == "") {
$subj = "No Subject";
}
$qq = mysqli_query($conc, "INSERT INTO `msg_subj` VALUES(NULL,'{$uid}','{$to}','{$subj}','" . date("U") . "')");
$getid = mysqli_query($conc, "SELECT `id` FROM `msg_subj` WHERE `u1` = '{$uid}' AND `u2`='{$to}' AND `subj` = '{$subj}'");
$nid = mysqli_fetch_array($getid);
if ($getid && $qq) {
sendmsg($conc, $nid[0], $uid, $to, $msg);
} else {
echo 2;
}