} $per_page_drop_down .= '</select><input type="hidden" name="box" value="' . $mailbox . '" /></form>'; //=== avatars on off $show_pm_avatar_drop_down = ' <form method="post" action="pm_system.php"> <select name="show_pm_avatar" onchange="location = this.options[this.selectedIndex].value;"> <option value="' . $link . '&show_pm_avatar=yes" ' . ($CURUSER['show_pm_avatar'] === 'yes' ? ' selected="selected"' : '') . '>show avatars on PM list</option> <option value="' . $link . '&show_pm_avatar=no" ' . ($CURUSER['show_pm_avatar'] === 'no' ? ' selected="selected"' : '') . '>don\'t show avatars on PM list</option> </select> <input type="hidden" name="box" value="' . $mailbox . '" /></form>'; //=== the bottom $HTMLOUT .= (mysqli_num_rows($res) > 0 ? ' <tr> <td colspan="5" align="right" class="' . $class2 . '"> [ <a class="altlink" href="javascript:SetChecked(1,\'pm[]\')"> select all</a> ] [ <a class="altlink" href="javascript:SetChecked(0,\'pm[]\')">un-select all</a> ] ' . $spacer . ' <input type="submit" class="button" name="move" value="Move to" onmouseover="this.className=\'button_hover\'" onmouseout="this.className=\'button\'" /> ' . get_all_boxes() . ' or <input type="submit" class="button" name="delete" value="Delete" onmouseover="this.className=\'button_hover\'" onmouseout="this.className=\'button\'" /> selected messages.</td> </tr> <tr> <td colspan="5" align="left"> <img src="pic/pn_inboxnew.gif" title="Unread Message" alt="Unread" /> Unread Messages.<br /> <img src="pic/pn_inbox.gif" title="Read Message" alt="Read" /> Read Messages.</td> </tr>' : '') . ' </table> ' . ($perpage < $messages ? '' . $menu . '<br />' : '') . ' <div align="center"> <table border="0" cellspacing="0" cellpadding="5" align="center" style="max-width:800px"> <tr> <td align="center">' . $per_page_drop_down . '</td> <td align="center">' . $show_pm_avatar_drop_down . '</td>
stderr('Error', 'You do not have permission to view this message.'); } // === get user stuff $res_user_stuff = sql_query('SELECT username,id,avatar FROM users WHERE id=' . ($message['sender'] === $CURUSER['id'] ? sqlesc($message['receiver']) : sqlesc($message['sender']))) or sqlerr(__FILE__, __LINE__); $arr_user_stuff = mysql_fetch_assoc($res_user_stuff); $id = $message['sender'] === $CURUSER['id'] ? $message['receiver'] : $message['sender']; // === Mark message read sql_query("UPDATE messages SET unread='no' WHERE id=" . sqlesc($pm_id) . " AND receiver=" . $CURUSER['id'] . " LIMIT 1") or sqlerr(__FILE__, __LINE__); // === get if friend $res_friend = sql_query('SELECT id FROM friends WHERE userid=' . $CURUSER['id'] . ' AND friendid=' . $id) or sqlerr(__FILE__, __LINE__); $friend = mysql_fetch_assoc($res_friend); // === avatar stuff $avatar = $CURUSER['show_pm_avatar'] === 'yes' ? !$row['avatar'] ? '<img width=30 src=pic/default_avatar.gif align=middle> ' : '<img width=30 src=' . htmlspecialchars($row['avatar']) . ' align=middle> ' : ''; // === Display the f****n message already! stdhead('PM ' . htmlspecialchars($subject)); echo ($message['draft'] === 'yes' ? '<h1>This is a draft</h1>' : '<br>') . '<table><tr><td colspan=3 class=colhead align=center><H1>subject: <b>' . ($message['subject'] !== '' ? htmlspecialchars($message['subject']) : 'No Subject') . '</b></H1></td><tr><td colspan=3 class=clearalt7><b>' . ($message['sender'] === $CURUSER['id'] ? 'To' : 'From') . ': ' . ($arr_user_stuff['username'] === 0 ? 'System' : ($message['sender'] === $CURUSER['id'] ? '<a class=altlink href=userdetails.php?id=' . $message['receiver'] . '>' . $arr_user_stuff['username'] . '</a>' : '<a class=altlink href=userdetails.php?id=' . $message['sender'] . '>' . $arr_user_stuff['username'] . '</a>')) . ' </b>' . ($friend > 0 ? ' [ <a class=altlink href=friends.php?action=delete&type=friend&targetid=' . $id . '><font size="-4">remove from friends</font></a> ]' : ($id > 0 ? ' [ <a class=altlink href=friends.php?action=add&type=friend&targetid=' . $id . '><font size="-4">add to friends</font></a> ]' : '')) . ' ' . ' <b>sent on:</b> ' . $message['added'] . ' ' . ($message['sender'] === $CURUSER['id'] && $message['unread'] == 'yes' ? '<font color=red><b>[ Un-read ]</b></font>' : '') . ($message['urgent'] === 'yes' ? ' <blink><font color=red><b>URGENT!</b></font></blink>' : '') . '</td>' . '</tr><tr><td width=83 rowspan=2 align=center valign=top class=clearalt7>' . $avatar . '</td><td colspan=2 class=clearalt6>' . format_comment($message['msg']) . '</td></tr><tr><td class=clearalt7><form action=?action=move method=post>' . '<input type=hidden name=id value=' . $pm_id . '> <b>Move to:</b> ' . get_all_boxes() . ' ' . ' <input class=button type=submit value=Move></form></td><td align=right class=clearalt7>[ <a class=altlink href=?action=delete&id=' . $pm_id . '>Delete</a> ] ' . ($id < 1 || $message['sender'] === $CURUSER['id'] ? '' : ' [ <a class=altlink href=sendmessage.php?receiver=' . $message['sender'] . '&replyto=' . $pm_id . '>Reply</a> ]') . ($message['draft'] === 'yes' ? ' [ <a class=altlink href=?action=use_draft&id=' . $pm_id . '>use draft</a> ] [ <a class=altlink href=sendmessage.php?receiver=' . $CURUSER['id'] . '&draft=1&edit_draft=' . $pm_id . '>edit draft</a> ]' : ' [ <a class=altlink href=?action=forward&id=' . $pm_id . '>Forward PM</a> ]') . '</td></tr></table>'; stdfoot(); } // /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // === use draft part one... bring up the draft and let them edit it and select a username to send it to // /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if ($action === 'use_draft') { $pm_id = 0 + $_GET['id']; // === Get the info $res = sql_query('SELECT * FROM messages WHERE id=' . sqlesc($pm_id)) or sqlerr(__FILE__, __LINE__); $message = mysql_fetch_assoc($res); if (mysql_num_rows($res) === 0) { stderr('Error', 'She hath more hair than wit, and more faults than hairs, and more wealth than faults.'); }
$arr_box_name = mysqli_fetch_row($res_box_name); if (mysqli_num_rows($res) === 0) { stderr($lang['pm_error'], $lang['pm_mailbox_invalid']); } $mailbox_name = htmlsafechars($arr_box_name[0]); $other_box_info = '<p class="text-center"><span style="color: red;">' . $lang['pm_mailbox_asterisc'] . '</span><span style="font-weight: bold;">' . $lang['pm_mailbox_note'] . '</span> ' . $lang['pm_mailbox_max'] . '<span style="font-weight: bold;">' . $maxbox . '</span>' . $lang['pm_mailbox_either'] . ' <span style="font-weight: bold;">' . $lang['pm_mailbox_inbox'] . '</span>' . $lang['pm_mailbox_or'] . '<span style="font-weight: bold;">' . $lang['pm_mailbox_sentbox'] . '</span>.</p>'; } //=== Display the message already! $HTMLOUT .= $h1_thingie . ($message['draft'] === 'yes' ? '<h1>' . $lang['pm_viewmsg_tdraft'] . '</h1>' : '<h1>' . $lang['pm_viewmsg_mailbox'] . '' . $mailbox_name . '</h1>') . $top_links . ' <table class="table table-bordered"> <tr> <td class="text-center" colspan="2" class="colhead"><h1>' . $lang['pm_send_subject'] . ' <span style="font-weight: bold;">' . ($message['subject'] !== '' ? htmlsafechars($message['subject']) : $lang['pm_search_nosubject']) . '</span></h1></td> </tr> <tr> <td colspan="2" class="text-left"><span style="font-weight: bold;">' . ($message['sender'] === $CURUSER['id'] ? $lang['pm_viewmsg_to'] : $lang['pm_viewmsg_from']) . ':</span> ' . ($arr_user_stuff['id'] == 0 ? $lang['pm_viewmsg_sys'] : print_user_stuff($arr_user_stuff)) . $spacer . $friends . $spacer . $spacer . ' <span style="font-weight: bold;">sent:</span> ' . get_date($message['added'], '') . $spacer . ($message['sender'] === $CURUSER['id'] && $message['unread'] == 'yes' ? '' . $lang['pm_mailbox_char1'] . '<span style="font-weight: bold;color:red;">' . $lang['pm_mailbox_unread'] . '</span>' . $lang['pm_mailbox_char2'] . '' : '') . ($message['urgent'] === 'yes' ? '<span style="font-weight: bold;color:red;">' . $lang['pm_mailbox_urgent'] . '</span>' : '') . '</td> </tr> <tr> <td class="text-center" valign="top" width="0px" id="photocol">' . $avatar . '</td> <td class="text-left text-resize">' . format_comment($message['msg']) . '</td> </tr> <tr> <td class="textright" colspan="2"> <form class="form-horizontal" role="form" action="pm_system.php" method="post"> <input class="form-control" type="hidden" name="id" value="' . $pm_id . '"> <input class="form-control" type="hidden" name="action" value="move">' . get_all_boxes() . '<br>' . $the_buttons . insertJumpTo(0) . '</td></tr></table>';
$HTMLOUT .= $as_list_post == 2 ? ' <tr> <td class="colhead" colspan="4">' . $lang['pm_search_msgfrom'] . '' . ($row[$sender_reciever] == 0 ? $lang['pm_search_sysbot'] : $the_username) . '</td> </tr> <tr> <td colspan="4"><span style="font-weight: bold;">' . $lang['pm_search_subject'] . '</span> <a class="altlink" href="pm_system.php?action=view_message&id=' . $row['id'] . '">' . ($row['subject'] !== '' ? $subject : $lang['pm_search_nosubject']) . '</a> ' . ($all_boxes ? $lang['pm_search_foundin'] . $arr_box . $lang['pm_search_sign'] : '') . $lang['pm_search_at'] . get_date($row['added'], '') . $lang['pm_search_gmt'] . get_date($row['added'], '', 0, 1) . '' . $lang['pm_search_sign'] . '</td> </tr> <tr> <td colspan="4">' . $body . '</td> </tr>' : ' <tr> <td><img src="pic/readpm.gif" title="' . $lang['pm_search_messg'] . '" alt="' . $lang['pm_search_read'] . '" /></td> <td><a class="altlink" href="pm_system.php?action=view_message&id=' . $row['id'] . '">' . ($row['subject'] !== '' ? $subject : $lang['pm_search_nosubject']) . '</a> ' . ($all_boxes ? $lang['pm_search_foundin'] . $arr_box . $lang['pm_search_sign'] : '') . '</td> <td>' . ($row[$sender_reciever] == 0 ? $lang['pm_search_sysbot'] : $the_username) . '</td> <td>' . get_date($row['added'], '') . $lang['pm_search_gmt'] . get_date($row['added'], '', 0, 1) . '] </td> <td><input type="checkbox" name="pm[]" value="' . (int) $row['id'] . '" /></td> </tr>'; } } //=== the bottom $HTMLOUT .= ($num_result > 0 ? ' <tr> <td colspan="4" class="text-right"> <a class="altlink" href="javascript:SetChecked(1,\'pm[]\')">' . $lang['pm_search_selall'] . '</a> - <a class="altlink" href="javascript:SetChecked(0,\'pm[]\')">' . $lang['pm_search_unselall'] . '</a> <input type="submit" class="button" name="move" value="' . $lang['pm_search_move_to'] . '" onmouseover="this.className=\'button_hover\'" onmouseout="this.className=\'button\'" /> ' . get_all_boxes() . ' or <input type="submit" class="button" name="delete" value="' . $lang['pm_search_delete'] . '" onmouseover="this.className=\'button_hover\'" onmouseout="this.className=\'button\'" />' . $lang['pm_search_selected'] . '</td> </tr> </table></form>' : '') . '<br />';
$arr_box_name = mysqli_fetch_row($res_box_name); if (mysqli_num_rows($res) === 0) { stderr($lang['pm_error'], $lang['pm_mailbox_invalid']); } $mailbox_name = htmlsafechars($arr_box_name[0]); $other_box_info = '<p align="center"><span style="color: red;">' . $lang['pm_mailbox_asterisc'] . '</span><span style="font-weight: bold;">' . $lang['pm_mailbox_note'] . '</span> ' . $lang['pm_mailbox_max'] . '<span style="font-weight: bold;">' . $maxbox . '</span>' . $lang['pm_mailbox_either'] . ' <span style="font-weight: bold;">' . $lang['pm_mailbox_inbox'] . '</span>' . $lang['pm_mailbox_or'] . '<span style="font-weight: bold;">' . $lang['pm_mailbox_sentbox'] . '</span>.</p>'; } //=== Display the message already! $HTMLOUT .= $h1_thingie . ($message['draft'] === 'yes' ? '<h1>' . $lang['pm_viewmsg_tdraft'] . '</h1>' : '<h1>' . $lang['pm_viewmsg_mailbox'] . '' . $mailbox_name . '</h1>') . $top_links . ' <table border="0" cellspacing="0" cellpadding="5" align="center" style="max-width:800px"> <tr> <td align="center" colspan="2" class="colhead"><h1>' . $lang['pm_send_subject'] . ' <span style="font-weight: bold;">' . ($message['subject'] !== '' ? htmlsafechars($message['subject']) : $lang['pm_search_nosubject']) . '</span></h1></td> </tr> <tr> <td align="left" colspan="2" class="one"><span style="font-weight: bold;">' . ($message['sender'] === $CURUSER['id'] ? $lang['pm_viewmsg_to'] : $lang['pm_viewmsg_from']) . ':</span> ' . ($arr_user_stuff['id'] == 0 ? $lang['pm_viewmsg_sys'] : print_user_stuff($arr_user_stuff)) . $spacer . $friends . $spacer . $spacer . ' <span style="font-weight: bold;">sent:</span> ' . get_date($message['added'], '') . $spacer . ($message['sender'] === $CURUSER['id'] && $message['unread'] == 'yes' ? '' . $lang['pm_mailbox_char1'] . '<span style="font-weight: bold;color:red;">' . $lang['pm_mailbox_unread'] . '</span>' . $lang['pm_mailbox_char2'] . '' : '') . ($message['urgent'] === 'yes' ? '<span style="font-weight: bold;color:red;">' . $lang['pm_mailbox_urgent'] . '</span>' : '') . '</td> </tr> <tr> <td align="center" valign="top" class="one" width="0px" id="photocol">' . $avatar . '</td> <td class="two" style="min-width:400px;padding:10px;vertical-align: top;text-align: left;">' . format_comment($message['msg']) . '</td> </tr> <tr> <td class="one" align="right" colspan="2"> <form action="pm_system.php" method="post"> <input type="hidden" name="id" value="' . $pm_id . '" /> <input type="hidden" name="action" value="' . $lang['pm_viewmsg_to'] . '" /><span style="font-weight: bold;">' . $lang['pm_search_move_to'] . '</span> ' . get_all_boxes() . $the_buttons . '</td> </tr></table><br />' . insertJumpTo(0);