".$lang_messages['text_no_messages']."

\n"); } else { echo $pagertop; ?>

$sender_receiver"); ?> \n\n"); } else { echo("\n\n"); } echo("\n"); echo("\n"); echo("\n"); echo("\n\n"); } ?>


$\"Unread\"$
$\"Read\"$	" . $subject . "	$username	" . gettime($row['added'],true,false) . "
") ?> > "); print(""); */ ?>

".$lang_messages['text_reply']." ]"; } } $body = format_comment($message['msg'], true); $added = $message['added']; if ($message['sender'] == $CURUSER['id']) { $unread = ($message['unread'] == 'yes' ? "".$lang_messages['text_new']."" : ""); } else { $unread = ""; } $subject = htmlspecialchars($message['subject']); if (strlen($subject) <= 0) { $subject = $lang_messages['text_no_subject']; } // Mark message unread sql_query("UPDATE messages SET unread='no' WHERE id=" . sqlesc($pm_id) . " AND receiver=" . sqlesc($CURUSER['id']) . " LIMIT 1"); $Cache->delete_value('user_'.$CURUSER['id'].'_unread_message_count'); // Display message stdhead("PM ($subject)"); ?>




"); } ?>	[ ] [ ]

delete_value('user_'.$CURUSER['id'].'_unread_message_count'); // Check if messages were moved if (@mysql_affected_rows() == 0) { stderr($lang_messages['std_error'],$lang_messages['std_cannot_mark_messages']); } header("Location: messages.php?action=viewmailbox&box=" . $pm_box); exit(); } elseif ($_POST['move']) { if ($pm_id) { // Move a single message @sql_query("UPDATE messages SET location=" . sqlesc($pm_box) . " WHERE id=" . sqlesc($pm_id) . " AND receiver=" . $CURUSER['id'] . " LIMIT 1"); } else { // Move multiple messages @sql_query("UPDATE messages SET location=" . sqlesc($pm_box) . " WHERE id IN (" . implode(", ", array_map("sqlesc",$pm_messages)) . ') AND receiver=' .$CURUSER['id']); } // Check if messages were moved if (@mysql_affected_rows() == 0) { stderr($lang_messages['std_error'],$lang_messages['std_cannot_move_messages']); } $Cache->delete_value('user_'.$CURUSER['id'].'_unread_message_count'); $Cache->delete_value('user_'.$CURUSER['id'].'_inbox_count'); $Cache->delete_value('user_'.$CURUSER["id"].'_outbox_count'); header("Location: messages.php?action=viewmailbox&box=" . $pm_box); exit(); } elseif ($_POST['delete']) { if ($pm_id) { // Delete a single message $res = sql_query("SELECT * FROM messages WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); $message = mysql_fetch_assoc($res); if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') { sql_query("DELETE FROM messages WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); $Cache->delete_value('user_'.$CURUSER['id'].'_unread_message_count'); $Cache->delete_value('user_'.$CURUSER['id'].'_inbox_count'); } elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) { sql_query("DELETE FROM messages WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); $Cache->delete_value('user_'.$CURUSER["id"].'_outbox_count'); } elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') { sql_query("UPDATE messages SET location=0, unread = 'no' WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); $Cache->delete_value('user_'.$CURUSER['id'].'_unread_message_count'); $Cache->delete_value('user_'.$CURUSER['id'].'_inbox_count'); } elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) { sql_query("UPDATE messages SET saved='no' WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); $Cache->delete_value('user_'.$CURUSER["id"].'_outbox_count'); } } else { if (!$pm_messages) stderr($lang_messages['std_error'], $lang_messages['std_no_message_selected']); // Delete multiple messages foreach ($pm_messages as $id) { $res = sql_query("SELECT * FROM messages WHERE id=" . sqlesc((int) $id)); $message = mysql_fetch_assoc($res); if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') { sql_query("DELETE FROM messages WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__); } elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) { sql_query("DELETE FROM messages WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__); } elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') { sql_query("UPDATE messages SET location=0, unread = 'no' WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__); } elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) { sql_query("UPDATE messages SET saved='no' WHERE id=" . sqlesc((int) $id)) or sqlerr(__FILE__,__LINE__); } } $Cache->delete_value('user_'.$CURUSER['id'].'_unread_message_count'); $Cache->delete_value('user_'.$CURUSER['id'].'_inbox_count'); $Cache->delete_value('user_'.$CURUSER["id"].'_outbox_count'); } // Check if messages were moved if (@mysql_affected_rows() == 0) { stderr($lang_messages['std_error'],$lang_messages['std_cannot_delete_messages']); } else { header("Location: messages.php?action=viewmailbox"); exit(); } } stderr($lang_messages['std_error'],$lang_messages['std_no_action']); } if ($action == "forward") { // Display form $pm_id = (int) $_GET['id']; // Get the message $res = sql_query('SELECT * FROM messages WHERE id=' . sqlesc($pm_id) . ' AND (receiver=' . sqlesc($CURUSER['id']) . ' OR sender=' . sqlesc($CURUSER['id']) .') LIMIT 1') or sqlerr(__FILE__,__LINE__); if (!$res) { stderr($lang_messages['std_error'],$lang_messages['std_no_permission_forwarding']); } if (mysql_num_rows($res) == 0) { stderr($lang_messages['std_error'],$lang_messages['std_no_permission_forwarding']); } $message = mysql_fetch_assoc($res); // Prepare variables $subject = "Fwd: " . htmlspecialchars($message['subject']); $from = $message['receiver']; $orig = $message['sender']; $from_name = get_username($from); if ($orig == 0) { $orig_name = $orig_name2 = $lang_messages['text_system']; } else { $orig_name = get_username($orig); $res = sql_query("SELECT username FROM users WHERE id=" . sqlesc($orig)) or sqlerr(__FILE__,__LINE__); $orig_nameres = mysql_fetch_array($res); $orig_name2 = $orig_nameres['username']; } $body = "-------- Original Message from " . $orig_name2 . " --------
" . format_comment($message['msg']); stdhead($subject);?>






> >

0) { ++$box; sql_query("INSERT INTO pmboxes (userid, name, boxnumber) VALUES (" . sqlesc($CURUSER['id']) . ", " . sqlesc($nameone) . ", $box)") or sqlerr(__FILE__,__LINE__); } if (strlen($nametwo) > 0) { ++$box; sql_query("INSERT INTO pmboxes (userid, name, boxnumber) VALUES (" . sqlesc($CURUSER['id']) . ", " . sqlesc($nametwo) . ", $box)") or sqlerr(__FILE__,__LINE__); } if (strlen($namethree) > 0) { ++$box; sql_query("INSERT INTO pmboxes (userid, name, boxnumber) VALUES (" . sqlesc($CURUSER['id']) . ", " . sqlesc($namethree) . ", $box)") or sqlerr(__FILE__,__LINE__); } header("Location: messages.php?action=editmailboxes"); exit(); } if ($action2 == "edit"); { $res = sql_query("SELECT * FROM pmboxes WHERE userid=" . sqlesc($CURUSER['id'])); if (!$res) { stderr($lang_messages['std_error'],$lang_messages['text_no_mailboxes_to_edit']); } if (mysql_num_rows($res) == 0) { stderr($lang_messages['std_error'],$lang_messages['text_no_mailboxes_to_edit']); } else { while ($row = mysql_fetch_assoc($res)) { if (isset($_GET['edit' . $row['id']])) { if ($_GET['edit' . $row['id']] != $row['name']) { // Do something if (strlen($_GET['edit' . $row['id']]) > 0) { // Edit name sql_query("UPDATE pmboxes SET name=" . sqlesc($_GET['edit' . $row['id']]) . " WHERE id=" . sqlesc($row['id']) . " LIMIT 1"); } else { // Delete sql_query("DELETE FROM pmboxes WHERE id=" . sqlesc($row['id']) . " LIMIT 1"); // Delete all messages from this folder (uses multiple queries because we can only perform security checks in WHERE clauses) sql_query("UPDATE messages SET location=0 WHERE saved='yes' AND location=" . sqlesc($row['boxnumber']) . " AND receiver=" . sqlesc($CURUSER['id'])); sql_query("UPDATE messages SET saved='no' WHERE saved='yes' AND sender=" . sqlesc($CURUSER['id'])); sql_query("DELETE FROM messages WHERE saved='no' AND location=" . sqlesc($row['boxnumber']) . " AND receiver=" . sqlesc($CURUSER['id'])); sql_query("DELETE FROM messages WHERE location=0 AND saved='yes' AND sender=" . sqlesc($CURUSER['id'])); } } } } header("Location: messages.php?action=editmailboxes"); exit(); } } } if ($action == "deletemessage") { $pm_id = (int) $_GET['id']; // Delete message $res = sql_query("SELECT * FROM messages WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); if (!$res) { stderr($lang_messages['std_error'],$lang_messages['std_no_message_id']); } if (mysql_num_rows($res) == 0) { stderr($lang_messages['std_error'],$lang_messages['std_no_message_id']); } $message = mysql_fetch_assoc($res); if ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'no') { $res2 = sql_query("DELETE FROM messages WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); } elseif ($message['sender'] == $CURUSER['id'] && $message['location'] == PM_DELETED) { $res2 = sql_query("DELETE FROM messages WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); } elseif ($message['receiver'] == $CURUSER['id'] && $message['saved'] == 'yes') { $res2 = sql_query("UPDATE messages SET location=0 WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); } elseif ($message['sender'] == $CURUSER['id'] && $message['location'] != PM_DELETED) { $res2 = sql_query("UPDATE messages SET saved='no' WHERE id=" . sqlesc($pm_id)) or sqlerr(__FILE__,__LINE__); } if (!$res2) { stderr($lang_messages['std_error'],$lang_messages['std_could_not_delete_message']); } if (mysql_affected_rows() == 0) { stderr($lang_messages['std_error'],$lang_messages['std_could_not_delete_message']); } else { header("Location: messages.php?action=viewmailbox&id=" . $message['location']); exit(); } } //----- FUNCTIONS ------ function insertJumpTo($selected = 0) { global $lang_messages; global $CURUSER; $res = sql_query('SELECT * FROM pmboxes WHERE userid=' . sqlesc($CURUSER['id']) . ' ORDER BY boxnumber'); $place = $_GET['place'] ?? ''; ?> "); end_main_frame(); } ?>