}
} elseif ($_GET['dir'] == 'out') {
$pathway_info[] = array('title' => $lang['outbox'], 'link' => 'index.php?n=account&sub=pms&action=view&dir=out');
$item = $DB->selectRow("SELECT * FROM pms WHERE sender_id=?d AND showed=0 AND id=?d LIMIT 1", $user['id'], $_GET['iid']);
}
$pathway_info[] = array('title' => $lang['post_view'], 'link' => '');
if (isset($item['sender_id'])) {
$senderinfo = $auth->getprofile($item['sender_id']);
}
} elseif ($_GET['action'] == 'add') {
$content['message'] = '';
$content['subject'] = '';
$content['sender'] = '';
if ($_POST['owner'] && $_POST['title'] && $_POST['message']) {
$title = trim($_POST['title']);
$message = my_preview($_POST['message']);
$sender_id = $user['id'];
$sender_ip = $user['ip'];
$owner_id = $auth->getid($_POST['owner']);
if ($owner_id > 0) {
$DB->query("INSERT INTO `pms` (`owner_id`,`subject`,`message`,`sender_id`,`posted`,`sender_ip`)\r\n VALUES (?d,?,?,?d,?d,?)", $owner_id, $title, $message, $sender_id, time(), $sender_ip);
redirect('index.php?n=account&sub=pms', 1);
} else {
output_message('alert', $lang['no_such_addr']);
}
}
if ($_GET['reply']) {
$content = $DB->selectRow("SELECT pms.*, account.username AS sender FROM pms LEFT JOIN account ON pms.sender_id=account.id WHERE owner_id=?d AND pms.id=?d", $user['id'], $_GET['reply']);
$content['message'] = '[blockquote="' . $content['sender'] . ' | ' . date('d-m-Y, H:i:s', $content['posted']) . '"] ' . my_previewreverse($content['message']) . '[/blockquote]';
$pathway_info[] = array('title' => $lang['post_reply_to'] . '"' . $content['subject'] . '"', 'link' => '');
$content['subject'] = '[re:] ' . $content['subject'];
<?php
if (INCLUDED !== true) {
exit;
}
$res = my_preview(@$_REQUEST['text'], $user['group']);
echo $res;
// ==================== //
$df = 1;
$zz = $user['id'];
$post_time = time();
$maxtopic_id = $DB->selectCell("SELECT MAX(topic_id) FROM `f_posts`");
if (!$maxtopic_id) {
$topic_id = 1;
} else {
$topic_id = $maxtopic_id + 1;
}
// If posting a new News post
if ($_POST['message']) {
$message = my_preview($_POST['message']);
$new_topic_id = $DB->query("INSERT INTO f_topics (topic_poster_id,topic_poster,topic_name,topic_posted,forum_id) VALUES (?,?,?,?d,?d)", $user['id'], $user['username'], htmlspecialchars($_POST['title']), $post_time, $df);
$new_post_id = $DB->query("INSERT INTO f_posts (poster,poster_id,poster_character_id,poster_ip,message,posted,topic_id) VALUES (?,?d,?d,?,?,?d,?d)", $user['username'], $user['id'], $zz, $user['ip'], $message, $post_time, $topic_id);
$DB->query("UPDATE account_extend SET forum_posts=forum_posts+1 WHERE account_id=?d", $user['id']);
$DB->query("UPDATE f_topics SET last_post=?d, last_post_id=?d, last_poster=? WHERE topic_id=?d", $post_time, $new_post_id, $user['username'], $topic_id);
$DB->query("UPDATE f_forums SET num_topics=num_topics+1, num_posts=num_posts+1,last_topic_id=?d WHERE forum_id=?d", $topic_id, $df);
}
// If editing news
if ($_POST['edit_message']) {
if ($_POST['delete']) {
$DB->query("DELETE FROM f_posts WHERE topic_id=?d", $_POST['id']);
$DB->query("DELETE FROM f_topics WHERE topic_id=?d LIMIT 1", $_POST['id']);
$DB->query("UPDATE f_forums SET num_topics=num_topics-1, last_topic_id=?d WHERE forum_id=?d", $_POST['id'], $df);
redirect($MW->getConfig->temp->site_href . "index.php?n=admin&sub=news&action=edit", 1);
} else {
$message = my_preview($_POST['edit_message']);
$DB->query("UPDATE f_posts SET message=?, edited=?d, edited_by=? WHERE post_id=?d", $message, $post_time, $user['character_name'], $_GET['id']);
}
}
<br /><br /><a href="index.php?n=account&sub=pms&action=add&to=<?php echo$profile['username'];?>"><?php echo $lang['personal_message'];?></a>
</div>
<div style="border: 2px dotted #1E4378;background:none;margin:4px;padding:6px 9px 6px 9px;text-align:left;width:70%;">
<font size="2"><center><b>General Info</b></center></font><br />
<b><?php echo $lang['gender'];?>: </b><?php if($profile['gender'] == 0) { echo "Male"; }else{ echo "Female"; } ?><br />
<b>Forum Posts: </b><?php echo $profile['forum_posts'] ?><br /><br />
<b>Join Date: </b><?php echo $joined ?><br />
<b>Last Login (Game): </b><?php echo $lastlogggedin; ?><br />
</div>
<div style="border: 2px dotted #1E4378;background:none;margin:4px;padding:6px 9px 6px 9px;text-align:left;width:70%;">
<font size="2"><center><b>Contact Details</b></center></font><br />
<b>Email:</b> <?php echo $profile['email'];?> <br/>
</div>
<div style="border: 2px dotted #1E4378;background:none;margin:4px;padding:6px 9px 6px 9px;text-align:left;width:70%;">
<font size="2"><center><b>Contact Details</b></center></font><br />
<?php if($profile['hideemail']!=1){ ?>
<b>Email:</b> <?php echo $profile['email'];?> <br/>
<?php } ?>
<b>WWW: </b> <?php echo $profile['homepage'];?> <br/>
<b>ICQ: </b> <?php echo $profile['icq'];?> <br/>
<b>MSN: </b> <?php echo $profile['msn'];?> <br/>
<b><?php echo $lang['wherefrom'];?>: </b> <?php echo $profile['location'];?> <br/>
</div>
<div style="border: 2px dotted #1E4378;background:none;margin:4px;padding:6px 9px 6px 9px;text-align:center;width:70%;">
<b><?php echo $lang['signature'];?></b> <br/>
<div style="width:70%; text-align: left;"><?php echo my_preview($profile['signature']);?></div>
</div>
</td></tr></table>
<?php } ?>
<?php builddiv_end() ?>
$content['text'] = '';
if ($_GET['quote']) {
$q_post = get_post_byid($_GET['quote']);
$content['text'] = '[blockquote="' . $q_post['poster'] . ' | ' . date('d-m-Y, H:i:s', $q_post['posted']) . '"] ' . my_previewreverse($q_post['message']) . ' [/blockquote]';
}
} elseif ($_GET['action'] == 'editpost' && $this_post['post_id'] > 0) {
$content['text'] = my_previewreverse($this_post['message']);
} elseif ($_GET['action'] == 'movetopic' && $this_forum['forum_id'] > 0 && $this_topic['topic_id'] > 0) {
if ($user['group'] >= 1) {
}
} elseif ($_GET['action'] == 'doeditpost' && $this_forum['forum_id'] > 0 && $this_topic['topic_id'] > 0 && $this_post['post_id'] > 0) {
$message = my_preview($_POST['text']);
$DB->query("UPDATE f_posts SET message=?, edited=?d, edited_by=? WHERE post_id=?d", $message, $post_time, $user['username'], $this_post['post_id']);
redirect($config['site_href'] . "index.php?n=forum&sub=viewtopic&tid=" . $this_topic['topic_id'] . "&to=" . $this_post['post_id'], 1);
} elseif ($_GET['action'] == 'donewpost' && $this_forum['forum_id'] > 0 && $this_topic['topic_id'] > 0) {
$message = my_preview($_POST['text']);
if ($_POST['text']) {
$new_post_id = $DB->query("INSERT INTO f_posts (poster,poster_id,poster_ip,message,posted,topic_id) VALUES (?,?d,?,?,?d,?d)", $user['username'], $user['id'], $user['ip'], $message, $post_time, $this_topic['topic_id']);
$DB->query("UPDATE account_extend SET forum_posts=forum_posts+1 WHERE account_id=?d", $user['id']);
$DB->query("UPDATE f_topics SET last_post=?d, last_post_id=?d, last_poster=?, num_replies=num_replies+1 WHERE topic_id=?d", $post_time, $new_post_id, $user['username'], $this_topic['topic_id']);
$DB->query("UPDATE f_forums SET num_posts=num_posts+1,last_topic_id=?d WHERE forum_id=?d", $this_topic['topic_id'], $this_forum['forum_id']);
}
redirect($config['site_href'] . "index.php?n=forum&sub=viewtopic&tid=" . $this_topic['topic_id'] . "&to=lastpost", 1);
} elseif ($_GET['action'] == 'dodeletepost' && $this_forum['forum_id'] > 0 && $this_topic['topic_id'] > 0 && $this_post['post_id'] > 0) {
if ($this_post['poster_id'] == $user['id'] && $user['g_delete_own_posts'] == 1 || $user['g_forum_moderate'] == 1) {
$DB->query("DELETE FROM f_posts WHERE post_id=?d LIMIT 1", $this_post['post_id']);
if ($this_post['poster_id'] == $user['id']) {
$DB->query("UPDATE account_extend SET forum_posts=forum_posts-1 WHERE account_id=?d", $user['id']);
}
$new_last_post = get_last_topic_post($this_topic['topic_id']);
$DB->query("UPDATE f_topics SET last_post=?d, last_post_id=?d, last_poster=?, num_replies=num_replies-1 WHERE topic_id=?d", $new_last_post['posted'], $new_last_post['post_id'], $new_last_post['poster'], $this_topic['topic_id']);