Location: PHPKode > projects > Crown of Evanion > final/post.php
<?php
/*
*   This file is part of 'Crown of Evanion'.
*
*    'Crown of Evanion' is free software; you can redistribute it and/or modify
*    it under the terms of the GNU General Public License as published by
*    the Free Software Foundation; either version 2 of the License, or
*    (at your option) any later version.
*
*    'Crown of Evanion' is distributed in the hope that it will be useful,
*    but WITHOUT ANY WARRANTY; without even the implied warranty of
*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*    GNU General Public License for more details.
*
*    You should have received a copy of the GNU General Public License
*    along with 'Crown of Evanion'; if not, write to the Free Software
*    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/
$title = "Owl Post";
include("include.php");

if(!$Username) {
	header("location: login.php");
}

$errors = array(
'1' => "<h5>No such message.</h5>",
'2' => "<h5>You do not own that message!</h5>",
'3' => "<h5>You forgot to fill in a field.</h5>",
'4' => "<h5>That user was not found.</h5>",
'5' => "<h5>Mail sent!</h5>",
);

echo "<div align=\"center\"><p class=\"drag\"><a href=$PHP_SELF>Inbox</a> | <a href=$PHP_SELF?page=send>Send Message</a></p></div>";

if(!$page) {
	$select = mysql_query("SELECT * FROM mail WHERE owner = '$UserID' ORDER BY id DESC");
	$num = mysql_num_rows($select);
	if(!$num) {
		echo "<div align=\"center\">
		You have no mail!
		</div>";
	} else {
		echo "<div align=\"center\">
		$errors[$error]
		</div>
		<div class=\"mail\">
		<table align=\"center\">
		<td bgcolor=#F30>
		From
		</td>
		<td bgcolor=#F30>
		Subject
		</td>
		";
		while ($mail = mysql_fetch_array($select)) {
			$title = filter($mail[title], 1);
			if(!$mail[reed]) {
				$ht = "<strong>";
				$ml = "</strong>";
			} else {
				$ht = "";
				$ml = "";
			}
			echo "<tr><td>
			$mail[sender]</td>
			<td align=\"center\">
			$ht<a href=\"$PHP_SELF?page=view&id=$mail[id]\">$title</a>$ml
			</td></tr>
			";
		}
		echo "</table>
		</div>";
	}
}	

if($page == "view" && $id) {
	$id = $_REQUEST['id'];
	$select = mysql_query("SELECT * FROM mail WHERE id = '$id'");
	$num = mysql_num_rows($select);
	
	if(!$num) {
		header("location: $PHP_SELF?error=1");
		die;
	}
	
	$mail = mysql_fetch_array($select);
	
	if($mail[owner] != $UserID) {
		header("location: $PHP_SELF?error=2");
		die;
	} 
	
	if(!$mail[reed]) {
		mysql_query("UPDATE mail SET reed = '1' WHERE id = '$id'");
	}
	
	$title = filter($mail[title], 1);
	$message = filter($mail[message], 1);
	
	echo "
	<div class=\"mail\">
	<div align=\"left\">
	<p><a href=$PHP_SELF?page=send&repid=$mail[id]>Reply</a> | <a href=$PHP_SELF?page=delete&id=$mail[id]>Burn</a></p>
	<p><strong>Title:</strong> $title</p>
	<p><strong>From: </strong> $mail[sender]</p>
	<p>$message</p>
	</div>
	</div>
	";
}


if($page == "send") {
	$select = mysql_query("SELECT owner FROM mail WHERE id = '$repid'");
	$array = mysql_fetch_array($select);
	if($repid) {
		if($array[owner] != $UserID) {
			header("location: $PHP_SELF?error=2");
			die;
		}
		$select = mysql_query("SELECT * FROM mail WHERE id = '$repid'");
		$reply = mysql_fetch_array($select);
	}
	echo "<div align=\"center\">
	<div class=\"boxen\">
	<form action=\"$PHP_SELF\" method=\"POST\">
	<input type=\"hidden\" name=\"page\" value=\"sending\">
	<p><strong>For:</strong> <input type=\"text\" name=\"for\" value=\"$reply[sender]\"></p>
	<p><strong>Title:</strong> <input type=\"text\" name=\"title\" value=\"$reply[title]\"></p>
	<p><textarea name=\"mess\" cols=\"22\" rows=\"5\">$reply[message]</textarea></p>
	<p><input type=\"submit\" value=\"Send\"></p>
	</form>
	</div>
	</div>";
}

if($page == "sending") {
	$for = $_POST['for'];
	$title = $_POST['title'];
	$mess = $_POST['mess'];
	if(!$for || !$title || !$mess) {
		header("location: $PHP_SELF?error=3");
		die;
	}
	$select = mysql_query("SELECT id FROM users WHERE username = '$for'");
	$num = mysql_num_rows($select);
	
	if(!$num) {
		header("location: $PHP_SELF?error=4");
		die;
	}
	$sendto = mysql_fetch_array($select);
	
	mysql_query("INSERT INTO mail (owner,sender,title,message) VALUES ('$sendto[id]','$Username','$title','$mess')");
	mysql_query("INSERT INTO event (foruser,text) VALUES ('$sendto[id]','$Username has sent you a message through the Owl Post!')");
	
	header("location: $PHP_SELF?error=5");
	die;
}

if($page == "delete") {
	$select = mysql_query("SELECT id,owner FROM mail WHERE id = '$id'");
	$array = mysql_fetch_array($select);
	if($array[owner] != $UserID) {
		header("location: $PHP_SELF?error=2");
		die;
	}
	
	mysql_query("DELETE FROM mail WHERE id = '$array[id]'");
	echo "<div align=\"center\">Message deleted.</div>";
}
include("footer.php");
?>
Return current item: Crown of Evanion