print ""; if ($log) { $username = $loguser['name']; $passhint = 'Alternate Login:'******'altlogin').style.cssText=''; this.style.cssText='display:none'\">Use an alternate login</a>\n\t\t\t\t<span id=\"altlogin\" style=\"display:none\">"; } else { $username = ''; $passhint = 'Login Info:'; $altloginjs = "<span>"; } $quotemsg = ""; if (filter_int($postid)) { $post = $sql->fetchq("SELECT user,text,thread FROM posts,posts_text WHERE id={$postid} AND id=pid"); $post['text'] = str_replace('<br>', $br, $post['text']); $u = $post['user']; $users[$u] = loaduser($u, 1); if ($post['thread'] == $id) { $quotemsg = "[quote={$users[$u]['name']}]{$post['text']}[/quote]\r\n"; } } print "\n\t\t\t<body>\n\t\t\t{$tccellh} width=150> </td>{$tccellh} colspan=2> <tr>\n\t\t\t{$tccell1}><b>{$passhint}</td> {$tccell2l} colspan=2>\n\t\t\t{$altloginjs}\n\t\t\t<b>Username:</b> {$inpt}=username VALUE=\"" . htmlspecialchars($username) . "\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\">\n\n\t\t\t<!-- Hack around autocomplete, fake inputs (don't use these in the file) -->\n\t\t\t<input style=\"display:none;\" type=\"text\" name=\"__f__usernm__\">\n\t\t\t<input style=\"display:none;\" type=\"password\" name=\"__f__passwd__\">\n\n\t\t\t<b>Password:</b> {$inpp}=password SIZE=13 MAXLENGTH=64 autocomplete=\"off\">\n\t\t\t</span><tr>\n\t\t\t{$tccell1}><b>Reply:</td>\n\t\t\t{$tccell2l} width=800px valign=top>\n\t\t\t{$txta}=message ROWS=21 COLS={$numcols} style=\"width: 100%; max-width: 800px; resize:vertical;\">" . htmlspecialchars($quotemsg, ENT_QUOTES) . "</TEXTAREA></td>\n\t\t{$tccell2l} width=*>" . moodlist(filter_int($moodid)) . "</td><tr>\n\t\t<tr>\n\t\t\t{$tccell1}> </td>{$tccell2l} colspan=2>\n\t\t\t{$inph}=action VALUE=postreply>\n\t\t\t{$inph}=id VALUE={$id}>\n\t\t\t{$inph}=valid value=\"" . md5($_SERVER['REMOTE_ADDR'] . $id . "sillysaltstring") . "\">\n\t\t\t{$inps}=submit VALUE=\"Submit reply\">\n\t\t\t{$inps}=preview VALUE=\"Preview reply\"></td>\n\t\t<tr>{$tccell1}><b>Options:</b></td>{$tccell2l} colspan=2>\n\t\t\t{$inpc}=\"nosmilies\" id=\"nosmilies\" value=\"1\"><label for=\"nosmilies\">Disable Smilies</label> -\n\t\t\t{$inpc}=\"nolayout\" id=\"nolayout\" value=\"1\"><label for=\"nolayout\">Disable Layout</label> -\n\t\t\t{$inpc}=\"nohtml\" id=\"nohtml\" value=\"1\"><label for=\"nohtml\">Disable HTML</label></td></tr>\n\t\t\t{$modoptions}\n\t\t\t{$tblend}\n\t\t\t<br>\n\t\t\t{$tblstart}{$postlist}{$tblend}\n\t\t</table>\n\t\t\t</form>\n\t\t{$fonttag}<a href=index.php>{$boardname}</a> - <a href=forum.php?id={$forumid}>{$forum['title']}</a> - {$thread['title']}"; } elseif (!$_POST['action']) { print $header; print "{$tccell1}>You are not allowed to post in this thread.\n\t\t<br>" . redirect("index.php", 'return to the index page', 0) . "</table>"; } if ($_POST['action'] == 'postreply' && !($banned && $log) && $id > 0) { if ($log && !$password) { $userid = $loguserid; } else { $userid = checkuser($username, $password); }
} } print "{$header}{$fonttag}<a href=index.php>{$boardname}</a> - <a href=private.php>Private messages</a>{$tblstart}"; if (!$action) { print '<body onload=window.document.REPLIER.message.focus()><FORM ACTION=sendprivate.php NAME=REPLIER METHOD=POST>'; if ($log && $id) { $user = loaduser($msg['userfrom'], 1); $quotemsg = "[quote={$user['name']}]{$msg['text']}[/quote]\r\n"; $subject = "Re: {$msg['title']}"; $tcellbg = "{$tccell1l} valign=top"; $postlist = "\n\t\t\t\t{$tccellh} width=150>User</td>\n\t\t\t\t{$tccellh}>Message<tr>\n\t\t\t\t{$tcellbg}><a href=profile.php?id={$user['id']}>{$user['name']}</a>{$smallfont}<br>\n\t\t\t\tPosts: {$postnum}{$user['posts']}</td>\n\t\t\t\t{$tcellbg}>" . doreplace2($msg[text]) . "<tr>\n\t\t\t"; } else { $postlist = ''; } if ($userid) { $user = loaduser($userid, 1); } $user['name'] = htmlspecialchars($user['name']); $subject = htmlspecialchars($subject); print "\n\t\t\t{$tccellh} width=150> </td>\n\t\t\t{$tccellh}> <tr>\n\t\t\t{$tccell1}><b>Send to:</td>\t {$tccell2l}>{$inpt}=username value=\"{$user['name']}\" size=25 maxlength=25><tr>\n\t\t\t{$tccell1}><b>Subject:</td>\t {$tccell2l}>{$inpt}=subject value=\"{$subject}\" size=60 maxlength=100><tr>\n\t\t\t{$tccell1}><b>Message:</td>\t {$tccell2l}>{$txta}='message' rows=20 cols={$numcols}>{$quotemsg}</textarea><tr>\n\t\t\t{$tccell1}> </td>\t\t {$tccell2l}>\n\t\t\t{$inph}=action VALUE=sendmsg>\n\t\t\t{$inps}=submit VALUE='Send message'>\n\t\t\t{$inps}=preview VALUE='Preview message'></td>\n\n\t\t\t{$tblend}\n\t\t\t</FORM>\n\t\t\t<br>{$tblstart}{$postlist}{$tblend}\n\t\t\t{$fonttag}<a href=index.php>{$boardname}</a> - <a href=private.php>Private messages</a>\n\t\t"; } if ($action == 'sendmsg') { $username = stripslashes($_POST['username']); $userid = checkusername($username); if ($userid == -1) { print "{$tccell1}>Couldn't send the message. You didn't enter an existing username to send the message to.\n\t\t\t\t<br>" . redirect('private.php', 'your private message box', 2); } elseif (!$subject) { print "{$tccell1}>Couldn't send the message. You didn't enter a subject.\n\t\t\t\t<br>" . redirect('private.php', 'your private message box', 2); } else { $subject = str_replace('<', '<', $subject); $sign = $loguser['signature'];