File: /home/httpd/html/baretube.com/mail.php
<?
session_start();
include('admin/db.php');
if(!$_SESSION[userid]) {
header("Location: /login.php");
exit();
}
$title = 'Private Messages';
$headertitle = "Private Messages";
$user = $_SESSION[userid];
$box = $_REQUEST[box];
include($basepath.'/templates/template.overall_header.php');
if($_GET[option] == 'del' && is_numeric($_GET[id])) {
if(mysql_query("UPDATE `mail` SET `trash` = 'Y' WHERE `id` = '$_GET[id]' AND `to` = '$_SESSION[userid]'")) {
$showMsg = "Message successfully deleted.";
} else {
$showMsg = "An error has occured.";
}
$box = 'inbox';
}
if($_GET[option] == 'delall') {
if(mysql_query("UPDATE `mail` SET `trash` = 'Y' WHERE `to` = '$_SESSION[userid]'")) {
$showMsg = "Messages successfully deleted.";
} else {
$showMsg = "An error has occured.";
}
$box = 'inbox';
}
if($_GET[option] == 'delallout') {
if(mysql_query("UPDATE `mail` SET `trash_a` = 'Y' WHERE `from` = '$_SESSION[userid]'")) {
$showMsg = "Messages successfully deleted.";
} else {
$showMsg = "An error has occured.";
}
$box = 'outbox';
}
if($_GET[option] == 'delout' && is_numeric($_GET[id])) {
if(mysql_query("UPDATE `mail` SET `trash_a` = 'Y' WHERE `id` = '$_GET[id]' AND `from` = '$_SESSION[userid]'")) {
$showMsg = "Message successfully deleted.";
} else {
$showMsg = "An error has occured.";
}
$box = 'outbox';
}
if($_GET[option] == 'show' && is_numeric($_GET[id])) {
if(mysql_query("UPDATE `mail` SET `read`='Y' WHERE `id` = '$_GET[id]' AND `to` = '$_SESSION[userid]'")) { }
}
if($_POST[newmessage]) {
$to = mysql_real_escape_string($_POST[nameTo]);
$result = mysql_query("SELECT * FROM users WHERE username = '$to'");
if(mysql_num_rows($result) < 1) {
$showMsg = "We're sorry, the user you are trying to send your message to do not exist.";
$box = "compose";
} else {
$row = mysql_fetch_array($result);
$to = $row[record_num];
$text= strip_tags(mysql_real_escape_string($_POST['text']));
$subject = strip_tags(mysql_real_escape_string($_POST[subject]));
$from = $_SESSION[userid];
$date= mysql_real_escape_string(date("Y-m-d"));
$sql= "INSERT INTO `mail` (`id` ,`from` ,`to` ,`subject` ,`date` ,`text` ,`read` ,`trash`) VALUES (NULL , '$from', '$to', '$subject', '$date', '$text', 'N', 'N')";
if(mysql_query($sql)) {
$showMsg = "Your message has been sent!";
$box = "outbox";
}
else {
$showMsg = "An error has occured.";
$box = "compose";
}
}
}
if(isset($_POST['send']) && is_numeric($_POST[reply])){
$text=strip_tags(mysql_real_escape_string($_POST['text']));
$result = mysql_query("SELECT * FROM mail WHERE id = '$_POST[reply]'");
$row = mysql_fetch_array($result);
$subject = "Re: ".$row[subject];
$from = $_SESSION[userid];
$date= mysql_real_escape_string(date("Y-m-d"));
$text = strip_tags($text);
$to = $row[from];
$sql= "INSERT INTO `mail` (`id` ,`from` ,`to` ,`subject` ,`date` ,`text` ,`read` ,`trash`)
VALUES (NULL , '$from', '$to', '$subject', '$date', '$text', 'N', 'N')";
mysql_query($sql);
if($sql) {
$showMsg = "Your message has been sent!";
}
else { $showMsg = "An error has occured."; }
}
switch($box)
{
case 'outbox':
$headertitle='Sent Items';
$sql="SELECT mail.*, (SELECT users.username AS username FROM users WHERE mail.to = users.record_num) as fromuser FROM mail WHERE mail.from = '$user' AND mail.trash_a='N' AND mail.display_a='Y' ORDER BY `date` DESC, id DESC";
break;
case 'trash_in':
$headertitle='Trash In';
break;
case 'trash_out':
$headertitle='Trash Out';
break;
case 'compose':
$headertitle='Send Message';
break;
default:
$headertitle='Inbox';
$sql="SELECT mail.*, (SELECT users.username AS username FROM users WHERE mail.from = users.record_num) as fromuser FROM mail WHERE mail.to = '$user' AND mail.trash='N' AND mail.display='Y' ORDER BY `date` DESC, id DESC";
break;
}
?>
<style>
#mailContainer {
padding-top: 20px;
}
.maillighter {
background-color: #E5E5E5;
padding: 3px;
}
.maildarker {
background-color: #D6D6D6;
padding: 3px;
}
.mailtop {
background-color: #848484;
color: #ffffff;
padding: 3px;
}
#mailShowMsg {
font-weight: bold;
color: #848484;
}
</style>
<div id='mailNav'>
<a href='<? echo $basehttp; ?>/mail.php?box=inbox'><img src="<? echo $basehttp;?>/images/Get_Mail.png" width="32" height="32" align='absbottom' /> Inbox</a> <a href='<? echo $basehttp; ?>/mail.php?box=outbox'><img src="<? echo $basehttp;?>/images/Send_Mail.png" width="32" height="32" align='absbottom' /> Sent Items</a> <a href='<? echo $basehttp; ?>/mail.php?box=compose'><img src="<? echo $basehttp;?>/images/Compose_Mail.png" width="32" height="32" align='absbottom' /> Send Message</a>
</div>
<div id='mailContainer'>
<? if($showMsg) { ?>
<div id='mailShowMsg'><? echo $showMsg; ?><Br /><br /></div>
<? } ?>
<? if($_GET[option] == 'show' && is_numeric($_GET[id])) {
$result = mysql_query("SELECT mail.*, (SELECT users.username AS username FROM users WHERE mail.from = users.record_num) as fromuser FROM mail WHERE mail.to = '$user' AND mail.id = '$_GET[id]'");
$row = mysql_fetch_array($result);
?>
<h3 style='padding-bottom: 0px; margin-bottom: 0px;'>Showing Message: <? echo strip_tags($row[subject]); ?></h3>
<span>Sent by <a href='<? echo $basehttp; ?>/profiles/<? echo $row[from]; ?>.html'><? echo $row[fromuser]; ?></a> on <? echo $row[date]; ?></span>
<p>
<? echo nl2br(strip_tags($row[text])); ?>
</p>
<br />
<h3>Your Reply</h3>
<form method='post' action='mail.php'>
<textarea name="text" cols="" rows="" style="width:600px; height:150px;">
On <? echo $row[date]; ?>, <? echo $row[fromuser]; ?> Wrote:
<? echo strip_tags($row[text]); ?>
</textarea>
<input type="hidden" name="reply" value="<? echo $row['id'];?>" />
<input type="hidden" name="box" value="inbox" />
<br />
<input name="send" type="submit" value="Reply" />
<br />
</form>
<br /><br /><br />
<? } ?>
<? if($_GET[option] == 'showout' && is_numeric($_GET[id])) {
$result = mysql_query("SELECT mail.*, (SELECT users.username AS username FROM users WHERE mail.to = users.record_num) as fromuser FROM mail WHERE mail.from = '$user' AND mail.id = '$_GET[id]'");
$row = mysql_fetch_array($result);
?>
<h3 style='padding-bottom: 0px; margin-bottom: 0px;'>Showing Message: <? echo strip_tags($row[subject]); ?></h3>
<span>Sent to <a href='<? echo $basehttp; ?>/profiles/<? echo $row[to]; ?>.html'><? echo $row[fromuser]; ?></a> on <? echo $row[date]; ?></span>
<p>
<? echo nl2br(strip_tags($row[text])); ?>
</p>
<br /><br /><br />
<? } ?>
<h3><? echo $headertitle; ?></h3>
<? if($box == 'inbox') { ?>
<table width="700" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class='mailtop' width="100"><strong>From</strong></td>
<td class='mailtop' width="439"><strong>Subject</strong></td>
<td class='mailtop' width="100"><strong>Date</strong></td>
<td class='mailtop' width="61"> </td>
</tr>
<?
$bgclass = 'maillighter';
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
if ($row['read']=="N"){$style="class=\"message_unread\"";} else { $style="class=\"message_read\""; }
?>
<tr>
<td class='<? echo $bgclass; ?>' align='center' valign='top'>
<a href="<? echo $basehttp; ?>/profiles/<? echo $row[from]; ?>.html" target="_self">
<? if($row[avatar] != '') { ?><img src='<? echo $basehttp; ?>/media/misc/<? echo $row[avatar]; ?>' width=100 height=75 border=0/>
<? } else { ?><img src='<? echo $basehttp; ?>/images/avatars/default.jpg'width=100 height=75 border=0 /><? } ?><br /><? echo $row[fromuser]; ?></a>
</td>
<td valign='top' class='<? echo $bgclass; ?>'><a <? if($row[read] == 'N') { echo "style='font-weight: bold;'"; } ?> href='<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=show'><? echo strip_tags($row[subject]); ?></a><br />
<span style='font-size: 10px;'><? echo substr(strip_tags($row['text']),0,150); ?>...</span></td>
<td valign='top' class='<? echo $bgclass; ?>'><span <? if($row[read] == 'N') { echo "style='font-weight: bold;'"; } ?>><? echo $row[date]; ?></span></td>
<td valign='top' class='<? echo $bgclass; ?>'><a href="<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=del" class="message_del"></a> <a href="<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=show" <? echo $style;?>></a></td>
</tr>
<?
if($bgclass == 'maillighter') { $bgclass = 'maildarker'; } else { $bgclass='maillighter'; }
} ?>
<tr>
<td colspan=4 align='right'><a href="<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=delall" class="message_del" style='margin-left: 5px; margin-right: 5px;'></a><a href='<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=delall'>Delete All</a></td>
</tr>
</table>
<? } elseif($box == 'outbox') { ?>
<table width="700" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class='mailtop' width="100"><strong>To</strong></td>
<td class='mailtop' width="439"><strong>Subject</strong></td>
<td class='mailtop' width="100"><strong>Date</strong></td>
<td class='mailtop' width="61"> </td>
</tr>
<?
$bgclass = 'maillighter';
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
if ($row['read']=="N"){$style="class=\"message_unread\"";} else { $style="class=\"message_read\""; }
?>
<tr>
<td class='<? echo $bgclass; ?>' align='center' valign='top'>
<a href="<? echo $basehttp; ?>/profiles/<? echo $row[to]; ?>.html" target="_self">
<? if($row[avatar] != '') { ?><img src='<? echo $basehttp; ?>/media/misc/<? echo $row[avatar]; ?>' width=100 height=75 border=0/>
<? } else { ?><img src='<? echo $basehttp; ?>/images/avatars/default.jpg'width=100 height=75 border=0 /><? } ?><br /><? echo $row[fromuser]; ?></a>
</td>
<td valign='top' class='<? echo $bgclass; ?>'><a <? if($row[read] == 'N') { echo "style='font-weight: bold;'"; } ?> href='<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=show'><? echo strip_tags($row[subject]); ?></a><br />
<span style='font-size: 10px;'><? echo substr(strip_tags($row['text']),0,150); ?>...</span></td>
<td valign='top' class='<? echo $bgclass; ?>'><span <? if($row[read] == 'N') { echo "style='font-weight: bold;'"; } ?>><? echo $row[date]; ?></span></td>
<td valign='top' class='<? echo $bgclass; ?>'><a href="<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=delout" class="message_del"></a> <a href="<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=showout" <? echo $style;?>></a></td>
</tr>
<?
if($bgclass == 'maillighter') { $bgclass = 'maildarker'; } else { $bgclass='maillighter'; }
} ?>
<tr>
<td colspan=4 align='right'><a href="<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=delallout" class="message_del" style='margin-left: 5px; margin-right: 5px;'></a><a href='<? echo $basehttp; ?>/mail.php?box=inbox&id=<? echo $row[id]; ?>&option=delallout'>Delete All</a></td>
</tr>
</table>
<? } elseif($box == 'compose') { ?>
<form method='post' action='mail.php' >
To:<br />
<input type='text' name='nameTo' value="<? echo strip_tags(htmlentities($_POST[nameTo])); ?>"/><br /><br />
Subject:<br />
<input type='text' name='subject' value="<? echo strip_tags(htmlentities($_POST[subject])); ?>" /><br /><br />
Body:<br />
<textarea name="text" cols="" rows="" style="width:600px; height:150px;"><? echo strip_tags(htmlentities($_POST[text])); ?></textarea>
<input type="hidden" name="newmessage" value="true" />
<input type="hidden" name="box" value="outbox" />
<br />
<input name="send" type="submit" value="Send Message" />
<br />
</form>
<? } ?>
</div>
<? include($basepath.'/templates/template.overall_footer.php'); ?>