Scripts
Personal Message system + login
Dit is een Personal Message system dat je simpel kan gebruiken voor op je website. Ik heb er tevens een klein login systeempje bij gedaan omdat ik het geschreven heb aan de hand van dat login systeem. Dit zal ik volgende week veranderen. ( vanaf dan zal je alles even moeten instellen in de config.php ). Het systeem werkt goed zoals het nu is: Ik ben er nog bezig om te kijken of de code korter / overzichtelijker kan, dat zal ik netjes bijhouden in de To do list onderaan deze toelichting. Alle scripts zijn ingedeeld in mappen. De mappen zal ik hier noteren en achter bij de scripts zal ik netjes zetten in welke map het hoort :) SQL voor de tabel: pb SQL voor de tabel: members To do list: xhtml + css valid maken alle notices eruit werken config.php iets uitbreidden style.css even nalopen, volgens mij staat er meer in dan nodig is. Meer commentaar in de scripts gooien. Iets beters verzinnen voor de functie query_fouten(); Meer UBB functies maken Shorttags eruit halen Niet alleen loggen of het bericht is verstuurd, maar ook of het is aangekomen Changelog send.php ( map: messaging ) code verbeterd en notices eruit gehaald.
personal-message-system-login
[b]index.php[/b] ( buiten alle mappen houden )
[code]<?
header('Location: messaging/index.php');
?>[/code]
[b]config.php[/b] ( In de map include )
[code]<?
mysql_connect('localhost','username','wachtwoord');
mysql_select_db('database naam');
$controle = mysql_query("UPDATE pb SET deleted = 1 WHERE DATEDIFF(NOW(),datum) > 13 && voor = '".$_SESSION['UID']."' && saved = 0");
?>[/code]
[b]functions.php[/b] ( in de map include )
[code]<?
function query_fouten($error)
{
$file = '../logs/mysql/fouten.txt';
if(!$handle = fopen($file,'ab'))
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(!fwrite($handle,$error . chr(13) . chr(10)))
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
fclose($handle);
}
function ubb($bericht)
{
$bericht = preg_replace('#\[b\](.+?)\[/b\]#is','<b>\\1</b>',$bericht);
$bericht = preg_replace('#\[i\](.+?)\[/i\]#is','<i>\\1</i>',$bericht);
$bericht = preg_replace('#\[u\](.+?)\[/u\]#is','<u>\\1</u>',$bericht);
$bericht = preg_replace('#\[center\](.+?)\[/center\]#is','<p style="padding: 0px; margin: 0px; text-align:center ;">\\1</p>',$bericht);
while (preg_match('#\[quote=(.+?)\](.+?)\[/quote\]#is', $bericht))
{
$bericht = preg_replace('#\[quote=(.+?)\](.+?)\[/quote\]#is','<hr style="border:1px dashed orange;" noshade /><div class="quote"><b><small><i><span style="color: #999;">\\1</span></i></b><small>\\2</small></div>',$bericht);
}
return $bericht;
}
?>[/code]
[b]style.css[/b] ( in de map include )
[code]body
{
background-color: #000;
color: #FFF;
font-family: Verdana;
font-size: 8pt;
}
table
{
font-family: Verdana;
font-size: 8pt;
}
td.top
{
background-color: #EE7600;
color: #000;
border: 1px;
border-style: outset;
border-color: #FF6103 #FF6103;
}
td
{
background-color: #000;
}
img
{
border: 0px;
border-style: solid;
}
.inbox
{
font-family: Verdana;
font-size: 8pt;
border: 0px;
border-style: solid;
background-color: #829DAF;
}
.input
{
background-color: #000;
border: 1px;
border-style: solid;
border-color: #333333 #333333 #333333 #333333;
}
input
{
background-color: #000;
border: 1px;
border-style: solid;
border-color: #829DAF;
color: #FFFFFF;
font-family: Verdana;
font-size: 8pt;
}
textarea
{
background-color: #FFF;
border: 1px;
border-style: solid;
}
a:link
{
font-weight: none;
color: #829DAF;
text-decoration: none;
}
a:visited
{
font-weight: none;
color: #829DAF;
text-decoration: none;
}
a:hover
{
font-weight: none;
color: #829DAF;
text-decoration: none;
}
a:active
{
font-weight: none;
color: #829DAF;
text-decoration: none;
}
.quote
{
background-color: #000;
border: 1px solid #000;
}[/code]
[b]login.php[/b] ( in de map login )
[code]<?
session_start();
include('../include/config.php');
include('../include/functions.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['login']))
{
$username = htmlentities($_POST['username']);
$username = stripslashes($username);
$password = sha1($_POST['password']);
$sql = "SELECT * FROM members WHERE username = '" . $username . "' AND password = '" . $password . "' AND active = 1";
if(!$res = mysql_query($sql))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$bestaat = mysql_num_rows($res);
if($bestaat == false)
{
header('Location: no-access.php');
}
else {
$_SESSION['login'] = true;
$_SESSION['timeout'] = time()+86400;
$info = mysql_fetch_array($res);
$_SESSION['status'] = $info['status'];
$_SESSION['UID'] = $info['id'];
$_SESSION['username'] = $info['username'];
header('Location: ../messaging/index.php');
$file = '../logs/' . $username . '.txt';
$content = 'INGELOGD --- op '.date('d-m-Y').' om '.date('G:i:s');
if(!$handle = fopen($file,'ab'))
{
echo 'Kan het bestand ' . $file . ' niet openen';
exit;
}
if(!fwrite($handle,$content . chr(13) . chr(10)))
{
echo 'Kan niet schrijven naar ' . $file;
exit;
}
fclose($handle);
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="../include/style.css">
</head>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF'] ?>">
<table>
<tr>
<td>Gebruikersnaam:</td>
<td><input type="text" name="username" value="<?=$username; ?>"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="login" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>[/code]
[b]no-access.php[/b] ( in de map login )
[code]Deze even zelf maken :)
Gewoon een simpel verhaaltje dat het inloggen niet is gelukt en een linkje naar login.php[/code]
[b]index.php[/b] ( in de map messaging )
[code]<?
ini_set('display_errors', 0);
error_reporting(E_ALL);
session_start();
// pagina's includen
include('../include/config.php');
include('../include/functions.php');
// controleren of de gebruiker is ingelogd.
if($_SESSION['login'] && $_SESSION['timeout']>time())
{
// variabelen defineren
$table = 'pb';
$berichten_per_pagina = 5;
$max_archive = '50';
$error = '<br /><center>Je kan dit bericht om een van de volgende redenen niet bekijken:<ul><li>Het opgevraagde bericht bestaat niet (meer).</li><li>Het bericht is niet voor jou bestemd.</li></center>';
$error_archive = '<br /><center>Je kan dit bericht om een van de volgende redenen niet bekijken:<ul><li>Het opgevraagde bericht bestaat niet (meer).</li><li>Er staan al maximaal '.$max_archive.' berichten in je archief.</li></ul></center>';
// lege variabelen maken om notices te voorkomen
$folder = '';
$msg = '';
$PID = '';
// $folder en $msg aanmaken
$arr_folder = array('inbox','archive','sent');
$arr_msg = array('read','del','save','reply');
if(isset($_GET['folder']))
{
if(!in_array($_GET['folder'],$arr_folder,true))
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
else {
$folder = $_GET['folder'];
}
}
if(isset($_POST['folder']))
{
if(!in_array($_POST['folder'],$arr_folder,true))
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
else {
$folder = $_POST['folder'];
}
}
if(isset($_GET['msg']))
{
if(!in_array($_GET['msg'],$arr_msg,true))
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
else {
$msg = $_GET['msg'];
}
}
if(isset($_POST['msg']))
{
if(!in_array($_POST['msg'],$arr_msg,true))
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
else {
$msg = $_POST['msg'];
}
}
// controleren of PID numeric is.
if(isset($_GET['PID']))
{
if(!is_numeric($_GET['PID']))
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
else {
$PID = $_GET['PID'];
}
}
// $start maken
if($_SERVER['REQUEST_METHOD'] == 'GET')
{
if(isset($_GET['start']))
{
if(!is_numeric($_GET['start']))
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
else {
$start = $_GET['start'];
}
}
else {
$start = 0;
}
}
else {
$start = 0;
}
// header maken naar send.php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['compose']))
{
header('Location: send.php');
}
}
// query's voor het tellen
$totaal_inbox = "SELECT COUNT(PID) AS totaal FROM $table WHERE voor = '".$_SESSION['UID']."' && saved = 0 && deleted = 0";
if(!$totaal_inbox_res = mysql_query($totaal_inbox))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$gelezen_inbox = "SELECT COUNT(gelezen) AS ongelezen FROM $table WHERE gelezen = 0 && voor = '".$_SESSION['UID']."' && deleted = 0";
if(!$gelezen_inbox_res = mysql_query($gelezen_inbox))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$totaal_archive = "SELECT COUNT(PID) AS totaal FROM $table WHERE saved = 1 && voor = '".$_SESSION['UID']."' && deleted = 0 Limit 0,50";
if(!$totaal_archive_res = mysql_query($totaal_archive))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$totaal_sent = "SELECT COUNT(PID) AS totaal FROM $table WHERE van = '".$_SESSION['UID']."' Limit 0,50";
if(!$totaal_sent_res = mysql_query($totaal_sent))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$inbox = mysql_fetch_array($totaal_inbox_res);
$gelezen = mysql_fetch_array($gelezen_inbox_res);
$archive = mysql_fetch_array($totaal_archive_res);
$sent = mysql_fetch_array($totaal_sent_res);
// Reply'en
if($msg == 'reply')
{
header('Location: send.php?ID='.$PID);
}
// Bericht verwijderen
if($msg == 'del')
{
$delete = "UPDATE pb SET deleted = 1 WHERE PID = '".$PID."' && voor = '".$_SESSION['UID']."'";
if(!$delete_res = mysql_query($delete))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
header('Location:' . $_SERVER['PHP_SELF'] . '?folder='.$folder.'&start='.$start);
}
// Bericht opslaan
if($msg == 'save')
{
$save = "UPDATE pb SET saved = 1 WHERE PID = '".$PID."' && voor = '".$_SESSION['UID']."' && saved = 0 && '".$archive."' <= 50";
if(!$save_res = mysql_query($save))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
echo $error_archive;
//header('Location:' . $_SERVER['PHP_SELF'] . '?folder='.$folder.'7start='.$start);
}
// inbox legen
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['clear']))
{
$delete_all = "UPDATE pb SET deleted = 1 WHERE voor = '".$_SESSION['UID']."' && saved = 0 && deleted = 0";
if(!$delete_all_res = mysql_query($delete_all))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
}
}
// archief legen
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['delete_arch']))
{
$delete_arch = "UPDATE pb set deleted = 1 WHERE voor = '".$_SESSION['UID']."' && saved = 1 && deleted = 0";
if(!$delete_arch_res = mysql_query($delete_arch))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
}
}
// query voor het tonen van de berichten
$sql = "SELECT * FROM $table WHERE PID = '".$PID."'";
if(!$res = mysql_query($sql))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$num = mysql_num_rows($res);
$row = mysql_fetch_array($res);
// aantal standaardt functies over de berichten heen halen
$row['titel'] = htmlentities($row['titel']);
$row['titel'] = stripslashes($row['titel']);
$row['bericht'] = htmlentities($row['bericht']);
$row['bericht'] = stripslashes($row['bericht']);
$row['bericht'] = nl2br($row['bericht']);
// eigen functies over de berichten heen halen
$row['bericht'] = ubb($row['bericht']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="../include/style.css" />
</head>
<body>
<center>
<?
echo '<b>Inbox</b> <span style="color: #829DAF;">'.$gelezen[0].'/'.$inbox[0].'</span> |
<b>Archive</b> <span style="color: #829DAF;">'.$archive[0].'/'.$max_archive.'</span> |
<b>Sent</b> <span style="color: #829DAF;">'.$sent[0].'</span><br /><br />';
switch($folder)
{
case 'archive':
echo '<span style="color:#829daf;">Up to ' . $max_archive . ' messages can be saved. Saved messages will not be deleted!</span>';
break;
case 'sent':
echo '<span style="color:#829daf;">A max of 50 messages will be shown here. Sent messages can\'t be deleted!</span>';
break;
default;
echo '<span style="color:#829daf;">All unsaved messages older than 7 days will be deleted!</span>';
break;
}
?>
</center><br />
<table align="center" class="inbox" width="200" cellpadding="5" cellspacing="1">
<tr>
<td align="center">
<?
if($folder == 'sent' || $folder == 'archive' || $folder == 'inbox' && $msg == 'read')
{
echo '<a href="index.php">Inbox</a>';
}
else {
echo 'Inbox';
}
?>
</td>
<td align="center">
<?
if($folder == 'sent' || $folder == 'inbox' || $folder == '' || $folder == 'archive' && $msg == 'read')
{
echo '<a href="index.php?folder=archive">Archive</a>';
}
else {
echo 'Archive';
}
?>
</td>
<td align="center">
<?
if($folder == 'archive' || $folder == 'inbox' || $folder == '' || $folder == 'sent' && $msg == 'read')
{
echo '<a href="index.php?folder=sent">Sent</a>';
} else {
echo 'Sent';
}
?>
</td>
</tr>
</table>
<br />
<table align="center" width="300" cellpadding="5" cellspacing="0">
<tr>
<form method="post" action="<?=$_SERVER['PHP_SELF'] ?>">
<td align="left" width="150">
<input class="input" type="submit" name="compose" value="Compose" />
</td>
</form>
<td align="right" width="150">
<?
switch($folder.$msg)
{
case 'sent' . 'read':
echo ' ';
break;
case 'sent' . '':
$page_sent = "
SELECT *
FROM $table
WHERE van = '".$_SESSION['UID']."'
ORDER BY datum DESC
LIMIT $start, $berichten_per_pagina";
if(!$res_page_sent = mysql_query($page_sent))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$num_page_sent = mysql_num_rows($res_page_sent);
$aantal_paginas = ceil($sent[0] / $berichten_per_pagina);
$huidige_pagina = $start / $berichten_per_pagina + 1;
for($i = 1; $i <= $aantal_paginas; $i++)
{
$start_pb = ($i - 1) * $berichten_per_pagina;
if($i == $huidige_pagina)
{
echo '<strong><sup>[' . $i . ']</sup></strong> ';
}
else {
echo '<a href="?folder=sent&start=' . $start_pb .'">' . $i . '</a> ';
}
}
break;
case 'inbox' . 'read':
echo ' ';
break;
case 'archive' . 'read':
echo ' ';
break;
case 'archive':
$page_archive = "
SELECT *
FROM $table
WHERE saved = 1 && deleted = 0 && van = '".$_SESSION['UID']."'
ORDER BY datum DESC
LIMIT $start, $berichten_per_pagina";
if(!$res_page_archive = mysql_query($page_archive))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$page_archive_num = mysql_num_rows($res_page_archive);
$aantal_paginas = ceil($archive[0] / $berichten_per_pagina);
$huidige_pagina = $start / $berichten_per_pagina + 1;
for($i = 1; $i <= $aantal_paginas; $i++)
{
$start_pb = ($i - 1) * $berichten_per_pagina;
if($i == $huidige_pagina)
{
echo '<strong><sup>[' . $i . ']</sup></strong> ';
}
else {
echo '<a href="?folder=archive&start=' . $start_pb .'">' . $i . '</a> ';
}
}
break;
default;
$page_inbox = "
SELECT *
FROM $table
WHERE saved = 0 && voor = '".$_SESSION['UID']."' && deleted = 0
ORDER BY datum DESC
LIMIT $start, $berichten_per_pagina";
if(!$res_page_inbox = mysql_query($page_inbox))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$num_page_inbox = mysql_num_rows($res_page_inbox);
$aantal_paginas = ceil($inbox[0] / $berichten_per_pagina);
$huidige_pagina = $start / $berichten_per_pagina + 1;
for($i = 1; $i <= $aantal_paginas; $i++)
{
$start_pb = ($i - 1) * $berichten_per_pagina;
if($i == $huidige_pagina)
{
echo '<strong><sup>[' . $i . ']</sup></strong> ';
}
else {
echo '<a href="?start=' . $start_pb .'">' . $i . '</a> ';
}
}
}
?>
</td>
</tr>
</table>
<br />
<?
switch($folder.$msg)
{
case 'sent'.'read':
if($row['van'] == $_SESSION['UID'])
{
echo '
<table class="inbox" border="0" align="center" width="350" cellpadding="5" cellspacing="0">
<tr>
<td style="border: 1px solid #829DAF; padding: 5px;">
<div><small><b>'.$row['titel'].'</b></small><hr size="1" noshade width="150px" align="left" style="color: #829DAF;">
</div>
' . $row['bericht'] . '
</td>
</tr>
</table>
';
} else {
echo $error;
}
break;
case 'sent':
if($num_page_sent >= 1)
{
while($berichten_sent = mysql_fetch_array($res_page_sent))
{
$van_sent = "SELECT username FROM members WHERE id = '".$berichten_sent['voor']."'";
if(!$van_sent_res = mysql_query($van_sent))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$fetch_sent = mysql_fetch_array($van_sent_res);
$berichten_sent['titel'] = htmlentities($berichten_sent['titel']);
$berichten_sent['titel'] = stripslashes($berichten_sent['titel']);
if(strlen($berichten_sent['titel']) > 25)
{
$berichten_sent['titel'] = substr($berichten_sent['titel'],0,20) . ' ...';
}
?>
<table class="inbox" align="center" width="270" cellpadding="5" cellspacing="1">
<tr>
<td width="100%">
<span style="color:#289DAF;">
<a href="?folder=sent&msg=read&PID=<?=$berichten_sent['PID'] ?>"><?=$berichten_sent['titel'] ?></a>
</span>
</td>
</tr>
<tr>
<td colspan="2" align="left">
Sent to <span style="color:#829DAF;">
<a href="profile.php?UID=<?=$berichten_sent['voor'] ?>"><?=$fetch_sent['username'] ?></a>
</span>
On <span style="color:#829DAF;">
<?=$berichten_sent['datum'] ?>
</span>
</td>
</tr>
</table>
<br />
<?
}
}
else {
echo '
<table align="center" class="inbox" width="270" cellpadding="5" cellspacing="1">
<tr>
<td align="center">You haven\'t sent any messages yet!</td>
</tr>
</table>
';
}
break;
case 'archive'.'read':
if($row['voor'] == $_SESSION['UID'])
{
$update_inbox_archive = "UPDATE $table SET gelezen = 1 WHERE PID = '".$PID."'";
if(!$update_inbox_archive_res = mysql_query($update_inbox_archive))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
echo '
<table class="inbox" border="0" align="center" width="350" cellpadding="5" cellspacing="0">
<tr>
<td style="border: 1px solid #829DAF; padding: 5px;">
<div><small><b>'.$row['titel'].'</b></small><hr size="1" noshade width="150px" align="left" style="color: #829DAF;">
</div>
' . $row['bericht'] . '<br /><br />
<div style="text-align: right;">
<a href="?PID='.$PID.'&msg=reply">reply</a> |
<a href="?folder=archive&PID='.$PID.'&msg=del">delete</a>
</div>
</td>
</tr>
</table>
';
} else {
echo $error;
}
break;
case 'archive':
if($page_archive_num >= 1)
{
while($berichten_arch = mysql_fetch_array($res_page_archive))
{
$van_arch = "SELECT username FROM members WHERE id = '".$berichten_arch['van']."'";
if(!$van_arch_res = mysql_query($van_arch))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$fetch_arch = mysql_fetch_array($van_arch_res);
$berichten_arch['titel'] = htmlentities($berichten_arch['titel']);
$berichten_arch['titel'] = stripslashes($berichten_arch['titel']);
if(strlen($berichten_arch['titel']) > 25)
{
$berichten_arch['titel'] = substr($berichten_arch['titel'],0,20) . ' ...';
}
?>
<table class="inbox" align="center" width="270" cellpadding="5" cellspacing="1">
<tr>
<td width="100%">
<?
if($berichten_arch['gelezen'] == 0)
{
echo '<img src="../include/img/bericht.gif" alt="envelope" />';
}
?>
<span style="color:#289DAF;">
<a href="?folder=archive&msg=read&PID=<?=$berichten_arch['PID'] ?>"><?=$berichten_arch['titel'] ?></a>
</span>
</td>
<td style="padding: 0px;">
<a href="?folder=<?=$folder ?>&msg=del&PID=<?=$berichten_arch['PID'] ?>&start=<?=$start ?>"><img src="../include/img/prullenbak.gif" /></a>
</td>
</tr>
<tr>
<td colspan="2" align="left">
Sent by <span style="color:#829DAF;">
<a href="profile.php?UID=<?=$berichten_arch['van'] ?>"><?=$fetch_arch['username'] ?></a>
</span>
On <span style="color:#829DAF;">
<?=$berichten_arch['datum'] ?>
</span>
</td>
</tr>
</table>
<br />
<?
}
echo '
<form method="post" action="{$_SERVER[PHP_SELF]}">
<table align="center" width="300" cellpadding="5" cellspacing="0">
<tr>
<td width="150"><input class="input" type="submit" name="delete_archive" value="Delete all"></td>
<td align="right" width="150"></td>
</tr>
</table>
</form>
<center>Unread messages are marked with an <img src="../include/img/bericht.gif" alt="envelope" /></center>
';
}
else {
echo '
<table align="center" class="inbox" width="270" cellpadding="5" cellspacing="1">
<tr>
<td align="center">Your archive is empty!</td>
</tr>
</table>
';
}
break;
case 'inbox'.'read':
if($row['voor'] == $_SESSION['UID'])
{
$update_inbox_read = "UPDATE $table SET gelezen = 1 WHERE PID = '".$PID."'";
if(!$update_inbox_read_res = mysql_query($update_inbox_read))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
echo '
<table class="inbox" border="0" align="center" width="350" cellpadding="5" cellspacing="0">
<tr>
<td style="border: 1px solid #829DAF; padding: 5px;">
<div><small><b>'.$row['titel'].'</b></small><hr size="1" noshade width="150px" align="left" style="color: #829DAF;">
</div>
' . $row['bericht'] . '<br /><br />
<div style="text-align: right;">
<a href="?PID='.$PID.'&msg=reply">reply</a> |
<a href="?PID='.$PID.'&msg=save">save</a> |
<a href="?PID='.$PID.'&msg=del">delete</a>
</div>
</td>
</tr>
</table>
';
} else {
echo $error;
}
break;
default;
if($num_page_inbox >= 1)
{
while($berichten_inbox = mysql_fetch_array($res_page_inbox))
{
$van_inbox = "SELECT username FROM members WHERE id = '".$berichten_inbox['van']."'";
if(!$van_inbox_res = mysql_query($van_inbox))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$fetch_inbox = mysql_fetch_array($van_inbox_res);
$berichten_inbox['titel'] = htmlentities($berichten_inbox['titel']);
$berichten_inbox['titel'] = stripslashes($berichten_inbox['titel']);
if(strlen($berichten_inbox['titel']) > 25)
{
$berichten_inbox['titel'] = substr($berichten_inbox['titel'],0,20) . ' ...';
}
?>
<table class="inbox" align="center" width="270" cellpadding="5" cellspacing="1">
<tr>
<td width="100%">
<?
if($berichten_inbox['gelezen'] == 0)
{
echo '<img src="../include/img/bericht.gif" alt="envelope" />';
}
?>
<span style="color:#289DAF;">
<a href="?folder=inbox&msg=read&PID=<?=$berichten_inbox['PID'] ?>"><?=$berichten_inbox['titel'] ?></a>
</span>
</td>
<td style="padding: 0px;">
<a href="?folder=<?=$folder ?>&msg=save&PID=<?=$berichten_inbox['PID'] ?>&start=<?=$start ?>"><img src="../include/img/save.gif" /></a><a href="?folder=<?=$folder ?>&msg=del&PID=<?=$berichten_inbox['PID'] ?>&start=<?=$start ?>"><img src="../include/img/prullenbak.gif" /></a>
</td>
</tr>
<tr>
<td colspan="2" align="left">
Sent by <span style="color:#829DAF;">
<a href="profile.php?UID=<?=$berichten_inbox['van'] ?>"><?=$fetch_inbox['username'] ?></a>
</span>
On <span style="color:#829DAF;">
<?=$berichten_inbox['datum'] ?>
</span>
</td>
</tr>
</table>
<br />
<?
}
echo '
<form method="post" action='.$_SERVER[PHP_SELF].'>
<table align="center" width="300" cellpadding="5" cellspacing="0">
<tr>
<td width="150"><input class="input" type="submit" name="clear" value="Clear inbox" /></td>
<td align="right" width="150"></td>
</tr>
</table>
</form>
<center>New messages are marked with an <img src="../include/img/bericht.gif" alt="envelope" /></center>
';
}
else {
echo '
<table align="center" class="inbox" width="270" cellpadding="5" cellspacing="1">
<tr>
<td align="center">Your inbox is empty!</td>
</tr>
</table>
';
}
}
echo '
</body>
</html>
';
}
else {
session_unset();
session_destroy();
header('Location: ../login/login.php');
}
?>[/code]
[b]send.php[/b] ( in de map messaging )
[code]<?
ini_set('display_errors', 1);
error_reporting(E_ALL);
session_start();
// bestanden includen
include('../include/config.php');
include('../include/functions.php');
// controleren of de gebruiker is ingelogd.
if(isset($_SESSION['login']) && $_SESSION['timeout']>time())
{
if(isset($_POST['bericht']))
{
$bericht = htmlentities($_POST['bericht']);
$bericht = stripslashes($bericht);
}
else {
$bericht = '';
}
if(isset($_POST['titel']))
{
$titel = htmlentities($_POST['titel']);
$titel = stripslashes($titel);
}
else {
$titel = 'No Subject';
}
if(isset($_POST['aan']))
{
$aan = htmlentities($_POST['aan']);
$aan = stripslashes($aan);
}
else {
$aan = '';
}
// controleren of ID numeric is
if(isset($_GET['ID']))
{
if(!is_numeric($_GET['ID']))
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
else {
$ID = $_GET['ID'];
$reply = true;
}
}
else {
$ID = '';
$reply = false;
}
// query maken om informatie op te halen uit de url.
$url_info = "SELECT titel,bericht,van,datum FROM pb WHERE PID = '".$ID."' && voor = '".$_SESSION['UID']."'";
$url_res = mysql_query($url_info);
$fetch_info = mysql_fetch_array($url_res);
if(isset($fetch_info['bericht'],$fetch_info['titel'],$fetch_info['van']))
{
$fetch_info['bericht'] = htmlentities($fetch_info['bericht']);
$fetch_info['bericht'] = stripslashes($fetch_info['bericht']);
$fetch_info['titel'] = htmlentities($fetch_info['titel']);
$fetch_info['titel'] = stripslashes($fetch_info['titel']);
}
else {
$fetch_info['bericht'] = '';
$fetch_info['titel'] = '';
$fetch_info['van'] = '';
$fetch_info['datum'] = '';
}
// query maken om nr in naam over te zetten
$change = "SELECT username FROM members WHERE id = '".$fetch_info['van']."'";
if(!$change_res = mysql_query($change))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$fetch_change = mysql_fetch_array($change_res);
// Query om te controleren of de gebruikersnaam bestaat
$nick_exists = "SELECT username FROM members WHERE username = '".$aan."'";
if(!$nick_res = mysql_query($nick_exists))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['verstuur']))
{
if($aan == isset($SESSION['username']))
{
$error = 'You can\'t send messages to yourself.';
}
if($nick_num = mysql_num_rows($nick_res) == 0)
{
$error = 'De gebruiker bestaat niet.';
}
if(empty($aan) OR empty($bericht))
{
$error = 'Verplicht(e) veld(en) is / zijn leeg.';
}
}
if(isset($error))
{
echo $error;
}
else {
$invoer_voor = mysql_real_escape_string($_POST['aan']);
$invoer_titel = mysql_real_escape_string(strtolower($_POST['titel']));
$invoer_titel = ucfirst($invoer_titel);
$invoer_bericht = mysql_real_escape_string($_POST['bericht']);
$UID = "SELECT id FROM members WHERE username = '".$invoer_voor."'";
if(!$fetch_res = mysql_query($UID))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
$fetch = mysql_fetch_array($fetch_res);
$sql = "INSERT INTO pb (voor,van,datum,titel,bericht) VALUES (".$fetch['id'].",".$_SESSION['UID'].",NOW(),'".$invoer_titel."','".$invoer_bericht."')";
if(!$res = mysql_query($sql))
{
query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
}
header('Location: index.php');
$file = '../logs/' . $invoer_voor . '.txt';
$content = 'Bericht verzonden --- op '.date('d-m-Y').' om '.date('G:i:s').' naar '.$invoer_voor.'['.$fetch['id'].']';
if(!$handle = fopen($file,'ab'))
{
echo 'Kan het bestand ' . $file . ' niet openen';
exit;
}
if(!fwrite($handle,$content . chr(13) . chr(10)))
{
echo 'Kan niet schrijven naar ' . $file;
exit;
}
fclose($handle);
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="../include/style.css">
</head>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'] ?>">
<table align="left" cellpadding="1" cellspacing="2">
<tr>
<td class="top" colspan="2"><b>Verstuur een bericht</b></td>
</tr>
<tr>
<td width="75">Aan:</td>
<td><input type="text" name="aan" size="40" maxlength="30" value="<?=$fetch_change['username'] ?>"></td>
</tr>
<tr>
<td width="75">Titel:</td>
<td><input type="text" name="titel" size="50" maxlength="50" value="<?=$fetch_info['titel'] ?>"></td>
</tr>
<tr>
<td>Bericht:</td>
<td>
<textarea cols="50" rows="10" name="bericht"><? if($reply == true){ echo "\n\n[quote=".$fetch_change['username']." wrote on: ".$fetch_info['datum']."]\n".$fetch_info['bericht']."[/quote]"; } ?></textarea>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="verstuur" value="Verstuur"></td>
</tr>
</table>
</form>
</body>
</html>
<?
} else {
session_unset();
session_destroy();
header('Location: ../login/login.php');
}
?>[/code]
Reacties
0