$fromID = $dateFor[1]; $status = substr($row["field_name"], strlen($row["field_name"]) - 1, strlen($row["field_name"])); $MFrom = ""; if ($status == 1) { $info = '<span style="float:right;">[read]</span>'; } if ($status == 0) { $info = '<span style="float:right;"><b>[unread]</b></span>'; } $sth2 = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = '{$fromID}' "); $result = $sth2->execute(); $row2 = $sth2->fetch(PDO::FETCH_ASSOC); $from = $row2["user_name"]; $MFrom = '<span style="font-size:11px;">from: <a href="' . OS_HOME . '?member=' . $row2["user_id"] . '"><i>' . $from . '</i></a></span>'; if (isset($_GET["pm"]) and !empty($_GET["pm"]) and $_GET["pm"] == $row["field_name"]) { $text = AutoLinkShort(convEnt($row["field_value"])) . ' <div></div> <a href="' . OS_HOME . 'adm/?bnet_pm&pm' . $page . '">« back</a>'; $style = 'style="border: 4px solid #ccc; padding: 5px;"'; } else { $style = "style='padding: 5px;'"; $text = '<a href="' . OS_HOME . 'adm/?bnet_pm&pm=' . $row["field_name"] . $page . '#' . $row["field_name"] . '">' . limit_words(convEnt($row["field_value"]), 15) . '</a>'; } ?> <tr class="row"> <td width="200"><a class="anchor" name="<?php echo $row["field_name"]; ?> "></a><b>to:</b> <a href="<?php echo OS_HOME; ?> ?member=<?php echo $sendID;
function OS_PMSystem() { if (OS_GetAction("pm")) { global $db; $sth = $db->prepare("SET NAMES 'utf8'"); $result = $sth->execute(); global $lang; global $DateFormat; $errors = ""; ?> <div class="clr"></div> <div class="ct-wrapper" id="content" class="s-c-x"> <div class="outer-wrapper wrapper"> <div class="content section" id="main-column"> <div class="widget Blog padding"> <div class="blog-posts hfeed padLeft padTop padBottom inner"> <h2>Private Messages</h2> <div> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&inbox">INBOX</a> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&sent_items">SENT ITEMS</a> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&new_message">NEW MESSAGE</a> </div> <?php //NEW MESSAGE if (isset($_GET["new_message"])) { $PMName = ""; $PMText = ""; if (isset($_POST["pm_message"]) and isset($_POST["pm_name"]) and isset($_SESSION["code"]) and isset($_POST["code"])) { $PMText = $_POST['pm_message']; $PMText = strip_tags($PMText); $PMName = safeEscape(trim($_POST["pm_name"])); if ($_SESSION["code"] != $_POST["code"]) { $errors .= "<h4>Form is not valid. Try again.</h4>"; } if (strlen($PMText) <= 2) { $errors .= "<h4>There are not enough characters in the message</h4>"; } if (strlen($PMName) <= 2) { $errors .= "<h4>Please, write a valid username</h4>"; } if (strtolower($PMName) == $_SESSION["username"]) { $errors .= "<h4>You can not send messages to yourself</h4>"; } if (empty($errors)) { $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " \n\t\t\tWHERE LOWER(user_name) = ? LIMIT 1"); $sth->bindValue(1, strtolower($PMName), PDO::PARAM_STR); $result = $sth->execute(); if ($sth->rowCount() <= 0) { $errors .= "<h4>User not found</h4>"; } else { $row = $sth->fetch(PDO::FETCH_ASSOC); $userID = $row["user_id"]; } } if (!empty($errors)) { echo $errors; } else { if (isset($userID) and is_numeric($userID) and $userID != OS_GetUserID()) { OS_add_custom_field($userID, time() . "|" . OS_GetUserID() . "||p.m.0", $PMText); $MailText = $PMText; $PMName = ""; $PMText = ""; ?> <h4>Message was sent successfully</h4><?php //SEND EMAIL NOTIFICATION if (!isset($_SESSION["mail_sent"])) { //$row = $sth->fetch(PDO::FETCH_ASSOC); $_SESSION["mail_sent"] = 1; global $lang; global $mail; global $DefaultHomeTitle; $message = "You have just received a private message from " . $_SESSION["username"] . "<br />"; $message .= "Click on the following link to read the message<br />"; $message .= "" . OS_HOME . "?action=pm&inbox"; $message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />"; $message .= convEnt($MailText); $message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />{$DefaultHomeTitle}"; require "inc/class.phpmailer.php"; $mail = new PHPMailer(); $mail->CharSet = 'UTF-8'; $mail->SetFrom($lang["email_from"], $lang["email_from_full"]); $mail->AddReplyTo($lang["email_from"], $lang["email_from_full"]); $mail->AddAddress($row["user_email"], ""); $mail->Subject = "New Private Message"; $mail->MsgHTML($message); $mail->AltBody = "This is the body in plain text for non-HTML mail clients"; $mail->Send(); } } else { ?> <h4>The message could not be sent</h4><?php } } } $code = generate_hash(8); $_SESSION["code"] = $code; ?> <form action="" method="post" accept-charset="UTF-8"> <table> <tr class="row"> <td width="70" class="padLeft"><b>To:</b></td> <td><input type="text" value="<?php echo $PMName; ?> " size="65" name="pm_name" /></td> </tr> <tr class="row"> <td width="70" class="padLeft"><b>Message:</b></td> <td><textarea name="pm_message" rows="9" cols="80" ><?php echo $PMText; ?> </textarea></td> </tr> <tr class="row"> <td width="70" class="padLeft"></td> <td><input type="submit" value="Send PM" class="menuButtons" /></td> </tr> </table> <input type="hidden" name="code" value="<?php echo $code; ?> " /> </form> <?php } //SEND MESSAGE (USER ID) if (isset($_GET["send"]) and is_numeric($_GET["send"])) { $uid = safeEscape((int) $_GET["send"]); if (OS_GetUserID() == $uid) { ?> <h4>You can not send messages to yourself</h4> <?php } else { if (isset($_POST["pm_message"]) and isset($_SESSION["code"]) and isset($_POST["code"])) { if ($_SESSION["code"] != $_POST["code"]) { $errors .= "<div>Form is not valid. Try again.</div>"; } $PMText = strip_tags($_POST['pm_message']); if (strlen($PMText) <= 2) { $errors .= "<div>There are not enough characters in the message</div>"; } if (!empty($errors)) { ?> <h4><?php echo $errors; ?> </h4><?php } else { //ADD MESSAGE //ARG: TO - user ID, FROM - time_UserID, message $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = ? LIMIT 1"); $sth->bindValue(1, $uid, PDO::PARAM_INT); $result = $sth->execute(); if ($sth->rowCount() >= 1) { OS_add_custom_field($uid, time() . "|" . OS_GetUserID() . "||p.m.0", $PMText); } ?> <h4>Message was sent successfully</h4><?php } } $code = generate_hash(8); $_SESSION["code"] = $code; $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = ? LIMIT 1"); $sth->bindValue(1, $uid, PDO::PARAM_INT); $result = $sth->execute(); if ($sth->rowCount() >= 1) { $row = $sth->fetch(PDO::FETCH_ASSOC); $sendTo = $row["user_name"]; ?> <form action="" method="post" accept-charset="UTF-8"> <table> <tr class="row"> <td width="120" class="padLeft"><b>Send to:</b></td> <td><?php echo $sendTo; ?> </td> </tr> <tr class="row"> <td width="120" class="padLeft"><b>Message:</b></td> <td><textarea name="pm_message" rows="9" cols="80" ></textarea></td> </tr> <tr class="row"> <td width="120" class="padLeft"></td> <td><input type="submit" value="Send PM" class="menuButtons" /></td> </tr> </table> <input type="hidden" name="code" value="<?php echo $code; ?> " /> </form> <?php if (isset($_GET["m"])) { $sth = $db->prepare("SELECT * FROM " . OSDB_CUSTOM_FIELDS . " WHERE field_name = ? "); $sth->bindValue(1, safeEscape($_GET["m"]), PDO::PARAM_STR); $result = $sth->execute(); $row = $sth->fetch(PDO::FETCH_ASSOC); $dateFor = explode("|", $row["field_name"]); $date = (int) $dateFor[0]; //print_r($dateFor); ?> <div class="padTop"></div> <table> <tr class="row"> <td class="padLeft"><b><?php echo $sendTo; ?> </b>, <?php echo date($DateFormat, $date); ?> </td> </tr> <tr> <td><?php echo convEnt($row["field_value"]); ?> </td> </tr> </table> <?php } } else { ?> <h4>User not found</h4><?php } } } //SENT ITEMS if (isset($_GET["sent_items"]) and is_logged()) { ?> <h4>Sent items</h4><?php //GET ALL MESSAGES if (!empty($_GET["sent_items"]) and is_numeric($_GET["sent_items"]) and isset($_GET["m"])) { $id = safeEscape((int) $_GET["sent_items"]); $field = safeEscape($_GET["m"]); $sql = "AND c.field_name = ? "; } else { $sql = ""; } $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tWHERE c.field_name LIKE ? {$sql}"); $sth->bindValue(1, "%|" . (int) $_SESSION["user_id"] . "||p.m.%", PDO::PARAM_STR); if (!empty($sql)) { $sth->bindValue(2, $field, PDO::PARAM_STR); } $result = $sth->execute(); $r = $sth->fetch(PDO::FETCH_NUM); $numrows = $r[0]; $result_per_page = 10; $offset = os_offset($numrows, $result_per_page); $sth = $db->prepare("SELECT c.field_id, c.field_name, c.field_value, u.user_name, u.user_avatar\n\t\tFROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tLEFT JOIN " . OSDB_USERS . " as u ON u.user_id = c.field_id\n\t\tWHERE c.field_name LIKE ? {$sql}\n\t\tORDER BY c.field_name DESC\n\t\tLIMIT {$offset}, {$result_per_page}"); $sth->bindValue(1, "%|" . OS_GetUserID() . "||p.m.%", PDO::PARAM_STR); if (!empty($sql)) { $sth->bindValue(2, $field, PDO::PARAM_STR); } $result = $sth->execute(); ?> <table> <?php while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $dateFor = explode("|", $row["field_name"]); $date = $dateFor[0]; if (!isset($_GET["m"])) { $text = limit_words(convEnt($row["field_value"]), 40); } else { $text = AutoLinkShort(convEnt($row["field_value"])); } ?> <tr class="row"> <td width="140"><a href="<?php echo OS_HOME; ?> ?action=pm&sent_items=<?php echo $row["field_id"]; ?> &m=<?php echo $row["field_name"]; ?> "><b><?php echo $row["user_name"]; ?> </b>, <?php echo date($DateFormat, $date); ?> </a></td> <td><?php echo $text; ?> <?php if (isset($_GET["m"])) { ?> <div class="padTop"> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&send=<?php echo $row["field_id"]; ?> &m=<?php echo $_GET["m"]; ?> ">[SEND MESSAGE]</a> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&sent_items">« Back</a> </div> <?php } else { ?> <a href="<?php echo OS_HOME; ?> ?action=pm&sent_items=<?php echo $row["field_id"]; ?> &m=<?php echo $row["field_name"]; ?> ">more » </a> <?php } ?> </td> </tr> <?php } if ($sth->rowCount() <= 0) { ?> <tr><td>No new messages</td></tr><?php } ?> </table> <?php os_pagination($numrows, $result_per_page, 5, 1, '&sent_items'); } //INBOX MESSAGES if (isset($_GET["inbox"]) and is_logged()) { ?> <h4>Inbox</h4><?php if (!empty($_GET["inbox"]) and is_numeric($_GET["inbox"]) and isset($_GET["m"])) { $id = safeEscape((int) $_GET["inbox"]); $field = safeEscape($_GET["m"]); $sql = "AND c.field_name = :field_name "; $field_name = substr($field, 0, -1) . "1"; } else { $sql = ""; } $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tWHERE c.field_id = '" . OS_GetUserID() . "' {$sql}"); //$sth->bindValue(':field_id', "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR); //$sth->bindValue(1, "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR); if (!empty($sql)) { $sth->bindValue(':field_name', $field, PDO::PARAM_STR); } //$sth->bindValue(2, $field, PDO::PARAM_STR); $result = $sth->execute(); $r = $sth->fetch(PDO::FETCH_NUM); $numrows = $r[0]; $result_per_page = 10; $offset = os_offset($numrows, $result_per_page); $sth = $db->prepare("SELECT c.field_id, c.field_name, c.field_value, u.user_name, u.user_avatar\n\t\tFROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tLEFT JOIN " . OSDB_USERS . " as u ON u.user_id = c.field_id\n\t\tWHERE c.field_id = '" . OS_GetUserID() . "'\n\t\tAND field_name LIKE('%||p.m.%')\n\t\t{$sql}\n\t\tORDER BY c.field_name DESC\n\t\tLIMIT {$offset}, {$result_per_page}"); //$sth->bindValue(':field_id', "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR); if (!empty($sql)) { $sth->bindValue(':field_name', $field, PDO::PARAM_STR); } $result = $sth->execute(); //UPDATE "read" message if (!empty($_GET["inbox"]) and is_numeric($_GET["inbox"]) and isset($_GET["m"])) { $field = safeEscape($_GET["m"]); $field_name = substr($field, 0, -1) . "1"; $result = $db->update(OSDB_CUSTOM_FIELDS, array("field_name" => $field_name), "field_name = '" . $field . "'"); } ?> <table> <?php while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $dateFor = explode("|", $row["field_name"]); $date = $dateFor[0]; $FromID = $dateFor[1]; $read = substr($row["field_name"], strlen($row["field_name"]) - 1, 1); if ($read == 1) { $col = '686A6B'; $readTxt = 'read'; } else { $col = 'A41600'; $readTxt = '<b>new</b>'; } if (!isset($_GET["m"])) { $text = limit_words(convEnt($row["field_value"]), 12); if ($read == 0) { $text = '<span style="color: #000;"><b>' . convEnt($text) . '<b/></span>'; } if ($read == 1) { $text = '<span style="color: #686A6B;">' . convEnt($text) . '</span>'; } } else { $text = AutoLinkShort(convEnt($row["field_value"])); } ?> <?php if (!isset($_GET["m"])) { ?> <tr class="row"> <td width="120" class="padLeft"> <a href="<?php echo OS_HOME; ?> ?action=pm&inbox=<?php echo $FromID; ?> &m=<?php echo $row["field_name"]; ?> "><span style="color: #<?php echo $col; ?> "><b><?php echo OS_GetUsernameByUserID($FromID); ?> </b></span></a> </td> <td width="600"><a href="<?php echo OS_HOME; ?> ?action=pm&inbox=<?php echo $FromID; ?> &m=<?php echo $row["field_name"]; ?> "><?php echo $text; ?> </a></td> <td><?php echo date($DateFormat, $date); ?> </td> </tr> <?php } else { ?> <tr class="row"> <td class="padLeft"><span style="color: #<?php echo $col; ?> "><b><?php echo OS_GetUsernameByUserID($FromID); ?> </b>, <?php echo date($DateFormat, $date); ?> </span></td> </tr> <tr> <td><?php echo $text; ?> </td> </tr> <tr> <td><div class="padTop padBottom"> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&send=<?php echo $FromID; ?> &m=<?php echo $_GET["m"]; ?> ">[SEND MESSAGE]</a> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&inbox">« Back</a> </div></td> </tr> <?php } ?> <?php } if ($sth->rowCount() <= 0) { ?> <tr><td>No new messages</td></tr><?php } ?> </table> <?php os_pagination($numrows, $result_per_page, 5, 1, '&inbox'); } ?> <div class="padTop" style="margin-top:124px;"></div> </div> </div> </div> </div> </div> <?php } }
<td width="130" class="padLeft"><b><?php echo $lang["member_realm"]; ?> :</b></td> <td><?php echo $Member["user_realm"]; ?> </td> </tr> <tr> <td width="130" class="padLeft"><b><?php echo $lang["member_website"]; ?> :</b></td> <td><?php echo AutoLinkShort($Member["user_website"], 'target="_blank"'); ?> </td> </tr> <tr> <td width="130" class="padLeft"><b><?php echo $lang["member_gender"]; ?> :</b></td> <td><?php echo UserGender($Member["user_gender"]); ?> </td> </tr> <tr> <td width="130" class="padLeft"><b><?php
$result = $sth->execute(); $c = 0; $CommentsData = array(); while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $CommentsData[$c]["id"] = (int) $row["id"]; $CommentsData[$c]["total_comments"] = $total_comments; $CommentsData[$c]["username"] = $row["user_name"]; $CommentsData[$c]["username_clean"] = $row["user_name"]; $CommentsData[$c]["user_id"] = $row["user_id"]; $CommentsData[$c]["post_id"] = $row["post_id"]; //$CommentsData[$c]["text"] = convEnt($row["text"]); if (isset($AutoLinkComments) and $AutoLinkComments == 2) { $CommentsData[$c]["text"] = RemoveLinks($row["text"], $AutoLinkTextReplace); } else { if (isset($AutoLinkComments) and $AutoLinkComments == 1) { $CommentsData[$c]["text"] = AutoLinkShort($row["text"], 'target="_blank" class="u_links"'); } else { if (isset($AutoLinkComments) and $AutoLinkComments == 1 and isset($AutoLinkFull) and $AutoLinkFull == 1) { $CommentsData[$c]["text"] = AutoLinkFull($row["text"], 'target="_blank" class="u_links"'); } } } //$CommentsData[$c]["text"] = html_entity_decode( $CommentsData[$c]["text"] ); $CommentsData[$c]["text"] = convEnt($CommentsData[$c]["text"]); //Quote user - bold username if (strstr($CommentsData[$c]["text"], "@") and strstr($CommentsData[$c]["text"], ", ")) { $CommentsData[$c]["text"] = preg_replace('#\\@(.*?)\\, #i', '<b>@\\1</b>, ', $CommentsData[$c]["text"]); } $CommentsData[$c]["date"] = date($DateFormat, $row["date"]); $CommentsData[$c]["user_ip"] = $row["user_ip"]; $CommentsData[$c]["fb"] = $row["user_fbid"];