function OS_GetFirstImage($text)
{
$c = 0;
$_imgs = array();
$dom = new DOMDocument();
@$dom->loadHTML(convEnt($text));
$xpath = new DOMXPath($dom);
$entries = $xpath->query('//img');
$default = OS_HOME . "themes/" . OS_THEMES_DIR . "/images/dota_banner.png";
foreach ($entries as $e) {
$_imgs[$c] = $e->getAttribute("src");
$c++;
break;
}
if (!empty($_imgs[0])) {
return $_imgs[0];
} else {
return $default;
}
}
} else {
?>
<div align="center"><?php
echo $errors;
?>
</div>
<?php
}
}
if (isset($_GET["edit"]) and is_numeric($_GET["edit"])) {
$sth = $db->prepare("SELECT * FROM " . OSDB_BANS . " WHERE id = '" . $id . "' ");
$result = $sth->execute();
$row = $sth->fetch(PDO::FETCH_ASSOC);
$name = $row["name"];
$server = $row["server"];
$reason = convEnt($row["reason"]);
$ip = $row["ip"];
$ip_part = $row["ip_part"];
$admin = $row["admin"];
$gn = $row["gamename"];
$date = $row["date"];
$expire = $row["expiredate"];
$warn = $row["warn"];
$country = $row["country"];
$button = "Edit Ban";
if (isset($_GET["findip"])) {
$sth2 = $db->prepare("SELECT * FROM " . OSDB_GP . " \n\t\tWHERE name = '" . $name . "' AND ip!='' AND ip!='0.0.0.0' ORDER BY id DESC LIMIT 1");
$result = $sth2->execute();
$row2 = $sth2->fetch(PDO::FETCH_ASSOC);
$foundIP = $row2["ip"];
}
$MemberData[$c]["country"] = geoip_country_name_by_addr($GeoIPDatabase, $row["user_ip"]);
if ($GeoIP == 1 and empty($MemberData[$c]["letter"])) {
$MemberData[$c]["letter"] = "blank";
$MemberData[$c]["country"] = "Reserved";
}
$c++;
}
if (isset($GeoIP) and $GeoIP == 1) {
geoip_close($GeoIPDatabase);
}
//GET USER COMMENTS
$sth = $db->prepare("SELECT c.user_id, c.post_id, c.text, c.`date`, n.news_title\r\n FROM " . OSDB_COMMENTS . " as c \r\n\t LEFT JOIN " . OSDB_NEWS . " as n ON n.news_id = c.post_id\r\n\t WHERE c.user_id = :userID AND n.status >= 1\r\n\t ORDER BY c.`date` DESC\r\n\t LIMIT 50");
$sth->bindValue(':userID', $userID, PDO::PARAM_INT);
$result = $sth->execute();
$c = 0;
$MemberComments = array();
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
$ShortText = limit_words(convEnt($row["text"]), 30);
$ShortText = str_replace(array("'", '"'), array(" ", " "), $ShortText);
$MemberComments[$c]["short_text"] = $ShortText;
$MemberComments[$c]["text"] = $row["text"];
$MemberComments[$c]["news_title"] = $row["news_title"];
$MemberComments[$c]["post_id"] = $row["post_id"];
$MemberComments[$c]["date"] = date(OS_DATE_FORMAT, $row["date"]);
$MemberComments[$c]["date_int"] = $row["date"];
$c++;
}
} else {
header('location:' . OS_HOME . '?404');
die;
}
$info = '<span style="float:right;">[read]</span>';
}
if ($status == 0) {
$info = '<span style="float:right;"><b>[unread]</b></span>';
}
$sth2 = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = '{$fromID}' ");
$result = $sth2->execute();
$row2 = $sth2->fetch(PDO::FETCH_ASSOC);
$from = $row2["user_name"];
$MFrom = '<span style="font-size:11px;">from: <a href="' . OS_HOME . '?member=' . $row2["user_id"] . '"><i>' . $from . '</i></a></span>';
if (isset($_GET["pm"]) and !empty($_GET["pm"]) and $_GET["pm"] == $row["field_name"]) {
$text = AutoLinkShort(convEnt($row["field_value"])) . ' <div></div> <a href="' . OS_HOME . 'adm/?bnet_pm&pm' . $page . '">« back</a>';
$style = 'style="border: 4px solid #ccc; padding: 5px;"';
} else {
$style = "style='padding: 5px;'";
$text = '<a href="' . OS_HOME . 'adm/?bnet_pm&pm=' . $row["field_name"] . $page . '#' . $row["field_name"] . '">' . limit_words(convEnt($row["field_value"]), 15) . '</a>';
}
?>
<tr class="row">
<td width="200"><a class="anchor" name="<?php
echo $row["field_name"];
?>
"></a><b>to:</b> <a href="<?php
echo OS_HOME;
?>
?member=<?php
echo $sendID;
?>
"><b><?php
echo $sendTo;
?>
if (!empty($sql)) {
$sth->bindValue(1, "%" . $search_items . "%", PDO::PARAM_STR);
}
$result = $sth->execute();
$numrows = $sth->rowCount();
} else {
$sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " WHERE item_info !='' AND name != 'Aegis Check' \n\tAND name != 'Arcane Ring' AND name NOT LIKE 'Disabled%' GROUP BY (shortname)");
$result = $sth->execute();
$numrows = $sth->rowCount();
}
$result_per_page = $ItemsPerPage;
$draw_pagination = 0;
//$total_comments = $numrows;
include 'inc/pagination.php';
$draw_pagination = 1;
$sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " as Items\n\tWHERE item_info !='' AND name != 'Aegis Check' \n\tAND name != 'Arcane Ring' AND name NOT LIKE 'Disabled%' {$sql}\n\tGROUP BY (shortname) \n\tORDER BY (shortname) ASC \n\tLIMIT {$offset}, {$rowsperpage}");
if (!empty($sql)) {
$sth->bindValue(1, "%" . $search_items . "%", PDO::PARAM_STR);
}
$result = $sth->execute();
//if ($db->num_rows() )
$c = 0;
$ItemsData = array();
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
$ItemsData[$c]["itemid"] = $row["itemid"];
$ItemsData[$c]["name"] = $row["name"];
$ItemsData[$c]["shortname"] = $row["shortname"];
$ItemsData[$c]["item_info"] = convEnt($row["item_info"]);
$ItemsData[$c]["icon"] = $row["icon"];
$c++;
}
}
?>
</td>
<td><a class="padLeft" href="<?php
echo OS_HOME;
?>
adm/?users&edit=<?php
echo $row["user_id"];
?>
"><?php
echo $row["user_name"];
?>
</a></td>
<td>
<?php
echo limit_words(convEnt($row["reason"]), 12);
?>
<?php
if (!empty($row["resolved_text"])) {
?>
<div><b><?php
echo $row["resolved"];
?>
:</b> <?php
echo $row["resolved_text"];
?>
</div>
<?php
}
?>
</td>
" alt="*" /></a></td>
<td width="220"><a href="<?php
echo $website;
?>
adm/?items&edit=<?php
echo $row["itemid"] . $add;
?>
"><b><?php
echo $row["shortname"];
?>
</b></a>
<div class="font12"><?php
echo $row["type"];
?>
, Price: <?php
echo $row["price"];
?>
</div></td>
<td><?php
echo limit_words(convEnt($row["item_info"]), 14);
?>
</td>
</tr>
<?php
}
?>
</table>
<?php
include 'pagination.php';
?>
</div>
if (isset($preModerationType) and $preModerationType > 0) {
$emailusers = 0;
}
if ($genEmailDisable != 1 and ($emailusers > 0 or isset($emailadmposts) and $emailadmposts == 1)) {
if (!isset($reply_to_email)) {
$reply_to_email = $admin_email;
}
if ($fn = db_simpleSelect(0, $Tf, 'forum_name', 'forum_id', '=', $forum)) {
$forum_title_em = convEnt($fn[0]);
$forum_title = $fn[0];
} else {
$forum_title = '';
}
$setTpls = array();
$pTxtSm = convEnt($postText);
$user_usr_em = convEnt($user_usr);
$postTextSmall = substr($pTxtSm, 0, 200);
if (strlen($postTextSmall) < strlen($pTxtSm)) {
$postTextSmall .= '...';
}
$setTpls[$langOrig] = ParseTpl(makeUp('email_reply_notify_' . $langOrig));
//$msg=$setTpls[$langOrig];
$sub0 = explode('SUBJECT>>', $setTpls[$langOrig]);
$sub0 = explode('<<', $sub0[1]);
$msgg = explode('[USER_ID]', trim($sub0[1]));
$msg[$langOrig][0] = $msgg[0];
$msg[$langOrig][1] = $msgg[1];
$sub[$langOrig] = $sub0[0];
}
//Email all users about this reply if allowed
if ($genEmailDisable != 1 and $emailusers > 0) {
include 'inc/PlayDotaHeroParser.php';
}
} else {
//get hero data from database
$sth = $db->prepare("SELECT * FROM " . OSDB_HEROES . " WHERE heroid = :heroid LIMIT 1");
$sth->bindValue(':heroid', $heroid, PDO::PARAM_STR);
$result = $sth->execute();
$c = 0;
$HeroData = array();
$row = $sth->fetch(PDO::FETCH_ASSOC);
$HeroData[$c]["id"] = (int) $row["heroid"];
$HeroData[$c]["original"] = $row["original"];
$HeroData[$c]["description"] = $row["description"];
$HeroData[$c]["summary"] = convEnt($row["summary"]);
$HeroData[$c]["stats"] = convEnt($row["stats"]);
$HeroData[$c]["skills"] = convEnt($row["skills"]);
$HomeTitle = $row["description"];
$HomeDesc = os_strip_quotes($row["summary"]);
$HomeKeywords = strtolower(os_strip_quotes($row["description"])) . ',' . $HomeKeywords;
}
if ($GuidesPage == 1) {
$sth = $db->prepare("SELECT * FROM " . OSDB_GUIDES . " WHERE hid = :heroid ");
$sth->bindValue(':heroid', $heroid, PDO::PARAM_STR);
$result = $sth->execute();
$c = 0;
$HeroDataGuides = array();
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
$HeroDataGuides[$c]["id"] = $row["id"];
$HeroDataGuides[$c]["title"] = $row["title"];
$HeroDataGuides[$c]["link"] = $row["link"];
$c++;
$Hero["stats"] = convEnt($Hero["stats"]);
$Hero["summary"] = convEnt($Hero["summary"]);
$Hero["skills"] = convEnt($Hero["skills"]);
OS_DisplayHeroesData($Hero["original"], $Hero["description"], $Hero["stats"], $Hero["summary"], $Hero["skills"]);
}
?>
<div><b>Intelligence</b></div>
<?php
foreach ($HeroListInt as $Hero) {
?>
<?php
$Hero["description"] = convEnt($Hero["description"]);
$Hero["stats"] = convEnt($Hero["stats"]);
$Hero["summary"] = convEnt($Hero["summary"]);
$Hero["skills"] = convEnt($Hero["skills"]);
OS_DisplayHeroesData($Hero["original"], $Hero["description"], $Hero["stats"], $Hero["summary"], $Hero["skills"]);
}
?>
</div>
<div class="HeroInfoMainRight">
<div id="HeroInfo"></div>
</div>
</div>
<script type="text/javascript">
function OS_HeroInfo(hid){
info = document.getElementById("hero"+hid+"description").innerHTML;
}
//Banned players on the same IP range
$sth = $db->prepare("SELECT * FROM " . OSDB_BANS . " WHERE ip_part LIKE '" . $ip_part . "' {$sql} LIMIT 50");
$result = $sth->execute();
$UserIPRange = array();
$c = 0;
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
$UserIPRange[$c]["id"] = $row["id"];
$UserIPRange[$c]["name"] = $row["name"];
$UserIPRange[$c]["ip"] = $row["ip"];
$UserIPRange[$c]["ip_part"] = $row["ip_part"];
$UserIPRange[$c]["country"] = $row["country"];
$UserIPRange[$c]["date"] = date(OS_DATE_FORMAT, strtotime($row["date"]));
$UserIPRange[$c]["admin"] = $row["admin"];
$UserIPRange[$c]["gamename"] = $row["gamename"];
$UserIPRange[$c]["reason"] = convEnt($row["reason"]);
$UserIPRange[$c]["expiredate"] = date(OS_DATE_FORMAT, strtotime($row["expiredate"]));
if (empty($row["expiredate"]) or $row["expiredate"] == "0000-00-00 00:00:00") {
$UserIPRange[$c]["expiredate"] = '<span class="perm_ban">Permanent</span>';
}
$c++;
}
$sth = $db->prepare("SELECT gp.id, gp.ip, gp.name, g.gamename, g.datetime, gp.gameid \n\t\t\t FROM " . OSDB_GP . " as gp\n\t\t\t LEFT JOIN " . OSDB_GAMES . " as g on g.id = gp.gameid\n\t\t\t WHERE name!= '" . $PlayerName . "' AND ip LIKE '" . $ip_part . ".%'\n\t\t\t GROUP BY gp.name ORDER BY gp.id DESC LIMIT 50");
$result = $sth->execute();
$OtherIPAddr = array();
$c = 0;
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
$OtherIPAddr[$c]["id"] = $row["id"];
$OtherIPAddr[$c]["ip"] = $row["ip"];
$OtherIPAddr[$c]["name"] = $row["name"];
$OtherIPAddr[$c]["gameid"] = $row["gameid"];
function OS_PMSystem()
{
if (OS_GetAction("pm")) {
global $db;
$sth = $db->prepare("SET NAMES 'utf8'");
$result = $sth->execute();
global $lang;
global $DateFormat;
$errors = "";
?>
<div class="clr"></div>
<div class="ct-wrapper" id="content" class="s-c-x">
<div class="outer-wrapper wrapper">
<div class="content section" id="main-column">
<div class="widget Blog padding">
<div class="blog-posts hfeed padLeft padTop padBottom inner">
<h2>Private Messages</h2>
<div>
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?action=pm&inbox">INBOX</a>
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?action=pm&sent_items">SENT ITEMS</a>
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?action=pm&new_message">NEW MESSAGE</a>
</div>
<?php
//NEW MESSAGE
if (isset($_GET["new_message"])) {
$PMName = "";
$PMText = "";
if (isset($_POST["pm_message"]) and isset($_POST["pm_name"]) and isset($_SESSION["code"]) and isset($_POST["code"])) {
$PMText = $_POST['pm_message'];
$PMText = strip_tags($PMText);
$PMName = safeEscape(trim($_POST["pm_name"]));
if ($_SESSION["code"] != $_POST["code"]) {
$errors .= "<h4>Form is not valid. Try again.</h4>";
}
if (strlen($PMText) <= 2) {
$errors .= "<h4>There are not enough characters in the message</h4>";
}
if (strlen($PMName) <= 2) {
$errors .= "<h4>Please, write a valid username</h4>";
}
if (strtolower($PMName) == $_SESSION["username"]) {
$errors .= "<h4>You can not send messages to yourself</h4>";
}
if (empty($errors)) {
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " \n\t\t\tWHERE LOWER(user_name) = ? LIMIT 1");
$sth->bindValue(1, strtolower($PMName), PDO::PARAM_STR);
$result = $sth->execute();
if ($sth->rowCount() <= 0) {
$errors .= "<h4>User not found</h4>";
} else {
$row = $sth->fetch(PDO::FETCH_ASSOC);
$userID = $row["user_id"];
}
}
if (!empty($errors)) {
echo $errors;
} else {
if (isset($userID) and is_numeric($userID) and $userID != OS_GetUserID()) {
OS_add_custom_field($userID, time() . "|" . OS_GetUserID() . "||p.m.0", $PMText);
$MailText = $PMText;
$PMName = "";
$PMText = "";
?>
<h4>Message was sent successfully</h4><?php
//SEND EMAIL NOTIFICATION
if (!isset($_SESSION["mail_sent"])) {
//$row = $sth->fetch(PDO::FETCH_ASSOC);
$_SESSION["mail_sent"] = 1;
global $lang;
global $mail;
global $DefaultHomeTitle;
$message = "You have just received a private message from " . $_SESSION["username"] . "<br />";
$message .= "Click on the following link to read the message<br />";
$message .= "" . OS_HOME . "?action=pm&inbox";
$message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />";
$message .= convEnt($MailText);
$message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />{$DefaultHomeTitle}";
require "inc/class.phpmailer.php";
$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->SetFrom($lang["email_from"], $lang["email_from_full"]);
$mail->AddReplyTo($lang["email_from"], $lang["email_from_full"]);
$mail->AddAddress($row["user_email"], "");
$mail->Subject = "New Private Message";
$mail->MsgHTML($message);
$mail->AltBody = "This is the body in plain text for non-HTML mail clients";
$mail->Send();
}
} else {
?>
<h4>The message could not be sent</h4><?php
}
}
}
$code = generate_hash(8);
$_SESSION["code"] = $code;
?>
<form action="" method="post" accept-charset="UTF-8">
<table>
<tr class="row">
<td width="70" class="padLeft"><b>To:</b></td>
<td><input type="text" value="<?php
echo $PMName;
?>
" size="65" name="pm_name" /></td>
</tr>
<tr class="row">
<td width="70" class="padLeft"><b>Message:</b></td>
<td><textarea name="pm_message" rows="9" cols="80" ><?php
echo $PMText;
?>
</textarea></td>
</tr>
<tr class="row">
<td width="70" class="padLeft"></td>
<td><input type="submit" value="Send PM" class="menuButtons" /></td>
</tr>
</table>
<input type="hidden" name="code" value="<?php
echo $code;
?>
" />
</form>
<?php
}
//SEND MESSAGE (USER ID)
if (isset($_GET["send"]) and is_numeric($_GET["send"])) {
$uid = safeEscape((int) $_GET["send"]);
if (OS_GetUserID() == $uid) {
?>
<h4>You can not send messages to yourself</h4>
<?php
} else {
if (isset($_POST["pm_message"]) and isset($_SESSION["code"]) and isset($_POST["code"])) {
if ($_SESSION["code"] != $_POST["code"]) {
$errors .= "<div>Form is not valid. Try again.</div>";
}
$PMText = strip_tags($_POST['pm_message']);
if (strlen($PMText) <= 2) {
$errors .= "<div>There are not enough characters in the message</div>";
}
if (!empty($errors)) {
?>
<h4><?php
echo $errors;
?>
</h4><?php
} else {
//ADD MESSAGE
//ARG: TO - user ID, FROM - time_UserID, message
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = ? LIMIT 1");
$sth->bindValue(1, $uid, PDO::PARAM_INT);
$result = $sth->execute();
if ($sth->rowCount() >= 1) {
OS_add_custom_field($uid, time() . "|" . OS_GetUserID() . "||p.m.0", $PMText);
}
?>
<h4>Message was sent successfully</h4><?php
}
}
$code = generate_hash(8);
$_SESSION["code"] = $code;
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = ? LIMIT 1");
$sth->bindValue(1, $uid, PDO::PARAM_INT);
$result = $sth->execute();
if ($sth->rowCount() >= 1) {
$row = $sth->fetch(PDO::FETCH_ASSOC);
$sendTo = $row["user_name"];
?>
<form action="" method="post" accept-charset="UTF-8">
<table>
<tr class="row">
<td width="120" class="padLeft"><b>Send to:</b></td>
<td><?php
echo $sendTo;
?>
</td>
</tr>
<tr class="row">
<td width="120" class="padLeft"><b>Message:</b></td>
<td><textarea name="pm_message" rows="9" cols="80" ></textarea></td>
</tr>
<tr class="row">
<td width="120" class="padLeft"></td>
<td><input type="submit" value="Send PM" class="menuButtons" /></td>
</tr>
</table>
<input type="hidden" name="code" value="<?php
echo $code;
?>
" />
</form>
<?php
if (isset($_GET["m"])) {
$sth = $db->prepare("SELECT * FROM " . OSDB_CUSTOM_FIELDS . " WHERE field_name = ? ");
$sth->bindValue(1, safeEscape($_GET["m"]), PDO::PARAM_STR);
$result = $sth->execute();
$row = $sth->fetch(PDO::FETCH_ASSOC);
$dateFor = explode("|", $row["field_name"]);
$date = (int) $dateFor[0];
//print_r($dateFor);
?>
<div class="padTop"></div>
<table>
<tr class="row">
<td class="padLeft"><b><?php
echo $sendTo;
?>
</b>, <?php
echo date($DateFormat, $date);
?>
</td>
</tr>
<tr>
<td><?php
echo convEnt($row["field_value"]);
?>
</td>
</tr>
</table>
<?php
}
} else {
?>
<h4>User not found</h4><?php
}
}
}
//SENT ITEMS
if (isset($_GET["sent_items"]) and is_logged()) {
?>
<h4>Sent items</h4><?php
//GET ALL MESSAGES
if (!empty($_GET["sent_items"]) and is_numeric($_GET["sent_items"]) and isset($_GET["m"])) {
$id = safeEscape((int) $_GET["sent_items"]);
$field = safeEscape($_GET["m"]);
$sql = "AND c.field_name = ? ";
} else {
$sql = "";
}
$sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tWHERE c.field_name LIKE ? {$sql}");
$sth->bindValue(1, "%|" . (int) $_SESSION["user_id"] . "||p.m.%", PDO::PARAM_STR);
if (!empty($sql)) {
$sth->bindValue(2, $field, PDO::PARAM_STR);
}
$result = $sth->execute();
$r = $sth->fetch(PDO::FETCH_NUM);
$numrows = $r[0];
$result_per_page = 10;
$offset = os_offset($numrows, $result_per_page);
$sth = $db->prepare("SELECT c.field_id, c.field_name, c.field_value, u.user_name, u.user_avatar\n\t\tFROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tLEFT JOIN " . OSDB_USERS . " as u ON u.user_id = c.field_id\n\t\tWHERE c.field_name LIKE ? {$sql}\n\t\tORDER BY c.field_name DESC\n\t\tLIMIT {$offset}, {$result_per_page}");
$sth->bindValue(1, "%|" . OS_GetUserID() . "||p.m.%", PDO::PARAM_STR);
if (!empty($sql)) {
$sth->bindValue(2, $field, PDO::PARAM_STR);
}
$result = $sth->execute();
?>
<table>
<?php
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
$dateFor = explode("|", $row["field_name"]);
$date = $dateFor[0];
if (!isset($_GET["m"])) {
$text = limit_words(convEnt($row["field_value"]), 40);
} else {
$text = AutoLinkShort(convEnt($row["field_value"]));
}
?>
<tr class="row">
<td width="140"><a href="<?php
echo OS_HOME;
?>
?action=pm&sent_items=<?php
echo $row["field_id"];
?>
&m=<?php
echo $row["field_name"];
?>
"><b><?php
echo $row["user_name"];
?>
</b>, <?php
echo date($DateFormat, $date);
?>
</a></td>
<td><?php
echo $text;
?>
<?php
if (isset($_GET["m"])) {
?>
<div class="padTop">
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?action=pm&send=<?php
echo $row["field_id"];
?>
&m=<?php
echo $_GET["m"];
?>
">[SEND MESSAGE]</a>
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?action=pm&sent_items">« Back</a>
</div>
<?php
} else {
?>
<a href="<?php
echo OS_HOME;
?>
?action=pm&sent_items=<?php
echo $row["field_id"];
?>
&m=<?php
echo $row["field_name"];
?>
">more » </a>
<?php
}
?>
</td>
</tr>
<?php
}
if ($sth->rowCount() <= 0) {
?>
<tr><td>No new messages</td></tr><?php
}
?>
</table>
<?php
os_pagination($numrows, $result_per_page, 5, 1, '&sent_items');
}
//INBOX MESSAGES
if (isset($_GET["inbox"]) and is_logged()) {
?>
<h4>Inbox</h4><?php
if (!empty($_GET["inbox"]) and is_numeric($_GET["inbox"]) and isset($_GET["m"])) {
$id = safeEscape((int) $_GET["inbox"]);
$field = safeEscape($_GET["m"]);
$sql = "AND c.field_name = :field_name ";
$field_name = substr($field, 0, -1) . "1";
} else {
$sql = "";
}
$sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tWHERE c.field_id = '" . OS_GetUserID() . "' {$sql}");
//$sth->bindValue(':field_id', "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR);
//$sth->bindValue(1, "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR);
if (!empty($sql)) {
$sth->bindValue(':field_name', $field, PDO::PARAM_STR);
}
//$sth->bindValue(2, $field, PDO::PARAM_STR);
$result = $sth->execute();
$r = $sth->fetch(PDO::FETCH_NUM);
$numrows = $r[0];
$result_per_page = 10;
$offset = os_offset($numrows, $result_per_page);
$sth = $db->prepare("SELECT c.field_id, c.field_name, c.field_value, u.user_name, u.user_avatar\n\t\tFROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tLEFT JOIN " . OSDB_USERS . " as u ON u.user_id = c.field_id\n\t\tWHERE c.field_id = '" . OS_GetUserID() . "'\n\t\tAND field_name LIKE('%||p.m.%')\n\t\t{$sql}\n\t\tORDER BY c.field_name DESC\n\t\tLIMIT {$offset}, {$result_per_page}");
//$sth->bindValue(':field_id', "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR);
if (!empty($sql)) {
$sth->bindValue(':field_name', $field, PDO::PARAM_STR);
}
$result = $sth->execute();
//UPDATE "read" message
if (!empty($_GET["inbox"]) and is_numeric($_GET["inbox"]) and isset($_GET["m"])) {
$field = safeEscape($_GET["m"]);
$field_name = substr($field, 0, -1) . "1";
$result = $db->update(OSDB_CUSTOM_FIELDS, array("field_name" => $field_name), "field_name = '" . $field . "'");
}
?>
<table>
<?php
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
$dateFor = explode("|", $row["field_name"]);
$date = $dateFor[0];
$FromID = $dateFor[1];
$read = substr($row["field_name"], strlen($row["field_name"]) - 1, 1);
if ($read == 1) {
$col = '686A6B';
$readTxt = 'read';
} else {
$col = 'A41600';
$readTxt = '<b>new</b>';
}
if (!isset($_GET["m"])) {
$text = limit_words(convEnt($row["field_value"]), 12);
if ($read == 0) {
$text = '<span style="color: #000;"><b>' . convEnt($text) . '<b/></span>';
}
if ($read == 1) {
$text = '<span style="color: #686A6B;">' . convEnt($text) . '</span>';
}
} else {
$text = AutoLinkShort(convEnt($row["field_value"]));
}
?>
<?php
if (!isset($_GET["m"])) {
?>
<tr class="row">
<td width="120" class="padLeft">
<a href="<?php
echo OS_HOME;
?>
?action=pm&inbox=<?php
echo $FromID;
?>
&m=<?php
echo $row["field_name"];
?>
"><span style="color: #<?php
echo $col;
?>
"><b><?php
echo OS_GetUsernameByUserID($FromID);
?>
</b></span></a>
</td>
<td width="600"><a href="<?php
echo OS_HOME;
?>
?action=pm&inbox=<?php
echo $FromID;
?>
&m=<?php
echo $row["field_name"];
?>
"><?php
echo $text;
?>
</a></td>
<td><?php
echo date($DateFormat, $date);
?>
</td>
</tr>
<?php
} else {
?>
<tr class="row">
<td class="padLeft"><span style="color: #<?php
echo $col;
?>
"><b><?php
echo OS_GetUsernameByUserID($FromID);
?>
</b>, <?php
echo date($DateFormat, $date);
?>
</span></td>
</tr>
<tr>
<td><?php
echo $text;
?>
</td>
</tr>
<tr>
<td><div class="padTop padBottom">
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?action=pm&send=<?php
echo $FromID;
?>
&m=<?php
echo $_GET["m"];
?>
">[SEND MESSAGE]</a>
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?action=pm&inbox">« Back</a>
</div></td>
</tr>
<?php
}
?>
<?php
}
if ($sth->rowCount() <= 0) {
?>
<tr><td>No new messages</td></tr><?php
}
?>
</table>
<?php
os_pagination($numrows, $result_per_page, 5, 1, '&inbox');
}
?>
<div class="padTop" style="margin-top:124px;"></div>
</div>
</div>
</div>
</div>
</div>
<?php
}
}
?>
</div>
</td>
<td width="450" class="font12" style="width:450px !important; word-wrap:break-word;">
<div style="text-align:left; font-size:12px; word-wrap:break-word;"><a href="<?php
echo $website;
?>
adm/?comments&edit=<?php
echo $row["id"];
?>
"><?php
echo $row["news_title"];
?>
</a></div>
<?php
echo limit_words(convEnt($row["text"]), 16);
?>
</td>
<td width="64" class="font12">
<a href="<?php
echo $website;
?>
adm/?comments&edit=<?php
echo $row["id"];
?>
"><img src="<?php
echo $website;
?>
adm/edit.png" alt="img" /></a>
<a href="javascript:;" onclick="if (confirm('Delete Comment?') ) { location.href='<?php
echo $website;
$CommentsAllowed = $row["allow_comments"];
if (!isset($updateViews)) {
$updateViews = $db->query("UPDATE " . OSDB_NEWS . " SET views = views+1 WHERE news_id = '" . $row["news_id"] . "' LIMIT 1");
}
}
$NewsData[$c]["id"] = (int) $row["news_id"];
$id = (int) $row["news_id"];
$NewsData[$c]["title"] = $row["news_title"];
if (!isset($_GET["post_id"]) and isset($NewsWordLimit) and $NewsWordLimit >= 2) {
$NewsData[$c]["text"] = limit_words(convEnt($row["news_content"]), $NewsWordLimit);
$NewsData[$c]["read_more"] = '<a class="read_more" href="' . $website . '?post_id=' . $id . '">' . $lang["read_more"] . '</a>';
} else {
$NewsData[$c]["text"] = convEnt($row["news_content"]);
$NewsData[$c]["read_more"] = '';
}
$NewsData[$c]["full_text"] = convEnt($row["news_content"]);
//$NewsData[$c]["text"] = str_replace("\n","<br />", $NewsData[$c]["text"]);
$NewsData[$c]["date"] = date($DateFormat, $row["news_date"]);
$NewsData[$c]["date_int"] = $row["news_date"];
$NewsData[$c]["comments"] = $row["comments"];
$NewsData[$c]["allow_comments"] = $row["allow_comments"];
$c++;
}
//$db->free($result);
//GAMELIST PATCH
if (isset($GameListPatch) and $GameListPatch == 1 and !$_GET) {
$sth = $db->prepare("SELECT * FROM " . OSDB_GAMELIST . " ");
$result = $sth->execute();
$c = 0;
$LiveGamesData = array();
$CurrentPlayers = array();
