File: /home/httpd/html/porn.tw/public_html/mailbox.php
<?php
include('mb.php');
$metaData = getMetaData("mailbox");
if (!$_SESSION['userid']) {
header("Location: $basehttp/login");
exit();
}
$max_mails_per_page = 24;
//count pages if needed
if (!isset($_GET['page']) || $_GET['page'] == '' || !is_numeric($_GET['page'])) {
$page = 1;
} else {
$page = $_GET['page'];
}
$from = (($page * $max_mails_per_page) - $max_mails_per_page);
//delete----------------------------------------------------------------------------------
if ($_GET['delete'] == 'true' && $_GET['mode'] == 'read') {
$mid = intval($_GET['mid']);
$message = dbQuery("SELECT * FROM mail WHERE record_num = '$mid'", false);
if ($message[0]['from_user'] == $_SESSION['userid']) {
dbQuery("UPDATE mail SET sender_deleted = 1 WHERE record_num = '$mid'");
header("Location: $basehttp/mailbox/outbox/");
exit();
} else {
dbQuery("UPDATE mail SET recipient_deleted = 1 WHERE record_num = '$mid'");
header("Location: $basehttp/mailbox/");
exit();
}
}
//----------------------------------------------------------------------------------------
$title = _t("Mailbox");
$headertitle = _t("My Mailbox");
getTemplate("template.overall_header.php");
if ($_GET[mode] == 'outbox') {
if (isset($_POST['list'])) {
foreach ($_POST['list'] as $i) {
$i = intval($i);
dbQuery("UPDATE mail SET sender_deleted = '1' WHERE record_num = '$i'");
}
}
$outbox = dbQuery("SELECT * FROM mail WHERE from_user = '" . $_SESSION['userid'] . "' AND sender_deleted = '0' ORDER BY date_sent DESC LIMIT $from,$max_mails_per_page", false);
$total_results = count(dbQuery("SELECT record_num FROM mail WHERE from_user = '" . $_SESSION['userid'] . "' AND sender_deleted = '0' ORDER BY date_sent DESC", false));
$total_pages = ceil($total_results / $max_mails_per_page);
include($basepath . '/includes/mailbox/outbox.php');
} else if ($_GET[mode] == 'read') {
$mid = mysqli_real_escape_string($dblink, $_GET['mid']);
$message = dbQuery("SELECT * FROM mail WHERE record_num = '$mid' AND (from_user = '$_SESSION[userid]' OR to_user = '$_SESSION[userid]')", false);
if (is_array($message)) {
if (($message[0]['from_user'] == $_SESSION['userid'] && $message[0]['sender_deleted'] == 0) || ($message[0]['to_user'] == $_SESSION['userid'] && $message[0]['recipient_deleted'] == 0)) {
if ($message[0]['from_user'] == $_SESSION['userid'] && $message[0]['to_user'] == $_SESSION['userid']) {
$message_type = 'inbox';
dbQuery("UPDATE mail SET recipient_read = 1 WHERE record_num = '$mid'");
} else if ($message[0]['from_user'] == $_SESSION['userid']) {
$message_type = 'outbox';
} else {
$message_type = 'inbox';
dbQuery("UPDATE mail SET recipient_read = 1 WHERE record_num = '$mid'");
}
} else {
setMessage(_t('There is no such message in your inbox.'), 'error');
}
} else {
setMessage(_t('Access Denied'), 'error');
getTemplate("template.overall_footer.php");
exit();
}
include($basepath . '/includes/mailbox/read.php');
} else if ($_GET['mode'] == 'compose') {
if ($_POST) {
$error_ = '';
$username = '';
if ($_POST['additional_username']) {
$username = mysqli_real_escape_string($dblink, $_POST['additional_username']);
} else {
$username = mysqli_real_escape_string($dblink, $_POST['username']);
}
if ($username != $_SESSION['username']) {
$get_userid = dbQuery("SELECT record_num,premium FROM users WHERE username = '$username'", false);
if (is_array($get_userid)) {
if (!empty($_POST['subject'])) {
//save mail
$subject = mysqli_real_escape_string($dblink, $_POST['subject']);
$body = mysqli_real_escape_string($dblink, $_POST['message']);
$sent = date("Y-m-d H:i:s", time());
dbQuery("INSERT INTO mail(from_user,to_user,subject,body,date_sent,recipient_read,recipient_deleted,sender_deleted,sender_ip)
VALUES('" . $_SESSION['userid'] . "','" . $get_userid[0]['record_num'] . "','$subject','$body','$sent','0','0','0','" . $_SERVER['REMOTE_ADDR'] . "')", false);
sendEmail('new-message', $get_userid[0]['record_num']);
echo '<script type="text/javascript">window.location = "' . $basehttp . '/mailbox/";</script>';
} else {
setMessage(_t('Please provide email subject'), 'error');
}
} else {
setMessage(_t('User you try to send message to, does not exists.'), 'error');
}
} else {
setMessage(_t('You can\'t send email to yourself.'), 'error');
}
}
if ($_GET['reply'] == 'true') {
$reply = true;
$mid = mysqli_real_escape_string($dblink, $_GET['mid']);
$message = dbQuery("SELECT * FROM mail WHERE record_num = '$mid'", false);
$to = $message[0]['from_user'];
if ($to != 0) {
$touser = dbQuery("SELECT username FROM users WHERE record_num = '$to'");
$to_username = $touser[0]['username'];
} else {
$to_username = 'Admin';
}
$subject = 'Re: ' . $message[0]['subject'];
$body = "--------------- original message -----------------\n\r" . $message[0]['body'];
}
include($basepath . '/includes/mailbox/compose.php');
} else {
if (isset($_POST['list'])) {
foreach ($_POST['list'] as $i) {
$i = intval($i);
dbQuery("UPDATE mail SET recipient_deleted = '1' WHERE record_num = '$i'", false);
}
}
$inbox = dbQuery("SELECT * FROM mail WHERE to_user = '" . $_SESSION['userid'] . "' AND recipient_deleted = '0' ORDER BY date_sent DESC LIMIT $from,$max_mails_per_page", false);
$total_results = count(dbQuery("SELECT * FROM mail WHERE to_user = '" . $_SESSION['userid'] . "' AND recipient_deleted = '0' ORDER BY date_sent DESC", false));
$total_pages = ceil($total_results / $max_mails_per_page);
include($basepath . '/includes/mailbox/inbox.php');
}
getTemplate("template.overall_footer.php");
?>