70) echo $lang_pms['Too long subject']; // Clean up message from POST $message = copper_linebreaks(copper_trim($_POST['message'])); // Check message if ($message == '') echo $lang_pms['No message']; else if (strlen($message) > 65535) echo $lang_pms['Too long message']; // Validate BBCode syntax if ($CONFIG['pms_message_bbcode'] == '1' && strpos($message, '[') !== false && strpos($message, ']') !== false) { //require 'include/pms_parser.inc.php'; $message = preparse_bbcode($message, $errors); } if (isset($errors)) echo ($errors[0]); // Get userid $result = cpg_db_query("SELECT user_id, user_name, user_group, user_pmsmail, user_email FROM {$CONFIG['TABLE_USERS']} WHERE user_name='".addslashes($_POST['req_username'])."'"); // Send message if(list($user_id, $user_name, $user_group, $user_pmsmail, $user_email) = mysql_fetch_row($result)){ // Check inbox status if($CONFIG['pms_messages'] != 0 && (USER_ID)) { $result = cpg_db_query("SELECT count(*) FROM {$CONFIG['TABLE_PMS']} WHERE owner=".$user_id); list($count) = mysql_fetch_row($result); if($count >= $CONFIG['pms_messages']) { cpg_die(ERROR, $lang_pms['Inbox full'], __FILE__, __LINE__); } // Also check users own box if(isset($_POST['savemessage']) && intval($_POST['savemessage']) == 1) { $result = cpg_db_query("SELECT count(*) FROM {$CONFIG['TABLE_PMS']} WHERE owner=".(USER_ID)) ; list($count) = mysql_fetch_row($result); if($count >= $CONFIG['pms_messages']) cpg_die(ERROR, $lang_pms['Sent full'], __FILE__, __LINE__); } } // "Send" message cpg_db_query("INSERT INTO {$CONFIG['TABLE_PMS']} (owner, subject, message, sender, sender_id, sender_ip, smileys, posted) VALUES( '".$user_id."', '".addslashes($subject)."', '".addslashes($message)."', '".addslashes((USER_NAME))."', '".(USER_ID)."', '".get_remote_address()."', '".$smilies."', '".localised_timestamp(-1)."' )"); //mark replied if(isset($_POST['replied']) && $_POST['replied']>0){ cpg_db_query("UPDATE {$CONFIG['TABLE_PMS']} SET replied=1 WHERE id ='".$_POST['replied']."' AND owner='".USER_ID."'"); } // Save an own copy of the message if(isset($_POST['savemessage'])){ cpg_db_query("INSERT INTO {$CONFIG['TABLE_PMS']} (owner, subject, message, sender, sender_id, sender_ip, smileys, showed, status, posted) VALUES( '".(USER_ID)."', '".addslashes($subject)."', '".addslashes($message)."', '".addslashes($_POST['req_username'])."', '".$user_id."', '".get_remote_address()."', '".$smilies."', '1', '1', '".localised_timestamp(-1)."' )"); } if ($CONFIG['pms_enable_email'] && $user_pmsmail==1 && $user_email) { include_once('include/mailer.inc.php'); $gallery_url_prefix = $CONFIG['ecards_more_pic_target']. (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/'); $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{SENDER_NAME}' => (USER_NAME), '{LINK}' => "{$gallery_url_prefix}pms.php" ); $mail_body=strtr($lang_pms_notify_email, $template_vars); $subject="New private message at ".$CONFIG['gallery_name']; cpg_mail($user_email, $subject, $mail_body, 'text/plain', $CONFIG['gallery_name'], $CONFIG['gallery_admin_email'] ); } } else{ cpg_die(ERROR, "User doesn't exist", __FILE__, __LINE__); } header('Location: '.str_replace('&', '&', "pms.php")); } else { if (isset($_GET['id'])) $id = intval($_GET['id']); else $id = 0; if($id > 0){ $result = cpg_db_query("SELECT user_name FROM {$CONFIG['TABLE_USERS']} WHERE user_id=".$id) or error('Unable to fetch message info', __FILE__, __LINE__, $db->error()); if (!mysql_num_rows($result)) echo $lang_common['Bad request']; list($username) = mysql_fetch_row($result); } if(isset($_GET['reply']) || isset($_GET['quote'])){ $r = isset($_GET['reply']) ? intval($_GET['reply']) : 0; $q = isset($_GET['quote']) ? intval($_GET['quote']) : 0; // Get message info empty($r) ? $id = $q : $id = $r; $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PMS']} WHERE id=".$id); if (!mysql_num_rows($result)) echo $lang_common['Bad request']; $message = mysql_fetch_assoc($result); // Quote the message if(isset($_GET['quote'])) $quote = '[quote='.$message['sender'].']'.stripslashes($message['message']).'[/quote]'; // Add subject $subject = "RE: " . stripslashes($message['subject']); } $action = $lang_pms['Send a message']; $form = '

'; $page_title = copper_htmlspecialchars($lang_pms['o_board_title']).' / '.$action; $form_name = 'post'; $cur_index = 1; if (!isset($username)) $username = ''; if (!isset($quote)) $quote = ''; if (!isset($subject)) $subject = ''; pageheader($lang_pms['o_board_title']); starttable('90%', $action, 2); echo $form; ?>

: '; ?> : :   Default Dark Red Red Orange Brown Yellow Green Olive Cyan Blue Dark Blue Indigo Violet White Black          Close Tags : <?php echo $quote ?> : : : : '.$lang_pms['Hide smilies']; $checkboxes[] = ''.$lang_pms['Save message']; if (!empty($checkboxes)) { ?>'."\n\t\t\t\t", $checkboxes).' '."\n" ?>