require '../structure/msgcenter.php'; $database = new database($db_host, $db_name, $db_user, $db_password); $base = new base($database); $msgcenter = new msgcenter($database); $user = new user($database); $username = $user->getUsername($_COOKIE['user'], 2); $rank = $user->getRank($username); $id = $_GET['id']; if (!$user->isLoggedIn()) { $base->redirect('../index.php'); } if ($rank < 4) { $base->redirect('viewmessage.php?id=' . $id); } $user->updateLastActive(); if (!$msgcenter->canView($id, $username, $rank)) { $content = 'You can\'t edit a non-existent message. <input type="button" class="button" value="Back" onclick="goBack()" />'; } elseif (!isset($_POST['message']) || !isset($_POST['title']) || !isset($_POST['receiver'])) { //get current data $data = $database->processQuery("SELECT `title`,`message`,`receiver` FROM `messages` WHERE `id` = ? LIMIT 1", array($id), true); $content = ' <form action="editmessage.php?id=' . $id . '" method="POST"> <table> <tr><td>Title</td><td align="left"><input type="text" class="button" name="title" maxlength="50" value="' . stripslashes($data[0]['title']) . '"></td></tr> <tr><td>Receiver</td><td align="left"><input type="text" class="button" name="receiver" maxlength="12" value="' . stripslashes($data[0]['receiver']) . '"></td></tr> <tr><td>Message</td><td><textarea name="message" cols="45" rows="20" class="button" maxlength="2000">' . htmlentities($base->remBr(stripslashes($data[0]['message']))) . '</textarea><br/></td></tr> <tr><td>Done?</td><td><input type="submit" class="button" value="Update Message"></td></tr> </table> </form>'; } elseif (!$user->doesExist($_POST['receiver']) && $_POST['receiver'] != '!') { $content = 'The user you chose to send the message to doesn\'t exist! <input type="button" class="button" value="Back" onclick="goBack()" />';
require '../structure/msgcenter.php'; $database = new database($db_host, $db_name, $db_user, $db_password); $base = new base($database); $msgcenter = new msgcenter($database); $user = new user($database); $username = $user->getUsername($_COOKIE['user'], 2); $rank = $user->getRank($username); $id = $_GET['id']; if (!$user->isLoggedIn()) { $base->redirect('../index.php'); } if ($rank < 4) { $base->redirect('viewmessage.php?id=' . $_GET['convo']); } $user->updateLastActive(); if (!$msgcenter->canView($_GET['convo'], $username, $rank)) { $content = 'You can\'t edit a reply to a non-existent message. <input type="button" class="button" value="Back" onclick="goBack()" />'; } elseif (!isset($_POST['content'])) { //get current data $data = $database->processQuery("SELECT `content` FROM `replies` WHERE `id` = ? LIMIT 1", array($id), true); $content = ' <form action="editreply.php?id=' . $id . '&convo=' . $_GET['convo'] . '" method="POST"> <table> <tr><td>Message</td><td><textarea name="content" cols="45" rows="20" class="button" maxlength="2000">' . htmlentities($base->remBr(stripslashes($data[0]['content']))) . '</textarea></td></tr> <tr><td>Done?</td><td><input type="submit" class="button" value="Update Message"></td></tr> </table> </form>'; } elseif (strlen($_POST['content']) > 2000) { $content = 'Your reply cannot be greater than 2000 characters.'; } else { //update message
<?php require '../includes/config.php'; require '../structure/database.php'; require '../structure/base.php'; require '../structure/user.php'; require '../structure/msgcenter.php'; $database = new database($db_host, $db_name, $db_user, $db_password); $base = new base($database); $user = new user($database); $msgcenter = new msgcenter($database); $user->updateLastActive(); $username = $user->getUsername($_COOKIE['user'], 2); $rank = $user->getRank($username); if ($rank < 4 || !$msgcenter->canView($_GET['id'], $username, $rank)) { $base->redirect('viewmessage.php?id=' . $_GET['id']); } else { $database->processQuery("DELETE FROM `replies` WHERE `conversation` = ?", array($_GET['id']), false); $database->processQuery("DELETE FROM `messages` WHERE `id` = ?", array($_GET['id']), false); $base->redirect('index.php'); }