[b]index.php[/b] ( buiten alle mappen houden )
[code]<?
header('Location: messaging/index.php');
?>[/code]
[b]config.php[/b] ( In de map include )
[code]<?
mysql_connect('localhost','username','wachtwoord');
mysql_select_db('database naam');

$controle = mysql_query("UPDATE pb SET deleted = 1 WHERE DATEDIFF(NOW(),datum) > 13 && voor = '".$_SESSION['UID']."' && saved = 0");
?>[/code]
[b]functions.php[/b] ( in de map include )
[code]<?
function query_fouten($error)
{
	$file = '../logs/mysql/fouten.txt';

	if(!$handle = fopen($file,'ab'))
	{
		header('Location: ' . $_SERVER['PHP_SELF']);
	}
	if(!fwrite($handle,$error . chr(13) . chr(10)))
	{
		header('Location: ' . $_SERVER['PHP_SELF']);
	}
	fclose($handle);
}

function ubb($bericht)
{
	$bericht = preg_replace('#\[b\](.+?)\[/b\]#is','<b>\\1</b>',$bericht);
	$bericht = preg_replace('#\[i\](.+?)\[/i\]#is','<i>\\1</i>',$bericht);
	$bericht = preg_replace('#\[u\](.+?)\[/u\]#is','<u>\\1</u>',$bericht);
	$bericht = preg_replace('#\[center\](.+?)\[/center\]#is','<p style="padding: 0px; margin: 0px; text-align:center ;">\\1</p>',$bericht);
	
	while (preg_match('#\[quote=(.+?)\](.+?)\[/quote\]#is', $bericht))
	{
		$bericht = preg_replace('#\[quote=(.+?)\](.+?)\[/quote\]#is','<hr style="border:1px dashed orange;" noshade /><div class="quote"><b><small><i><span style="color: #999;">\\1</span></i></b><small>\\2</small></div>',$bericht);
	}
	return $bericht;
}
?>[/code]
[b]style.css[/b] ( in de map include )
[code]body
{
	background-color: #000;
	color: #FFF;
	font-family: Verdana;
	font-size: 8pt;
}

table
{
	font-family: Verdana;
	font-size: 8pt;
}

td.top
{
	background-color: #EE7600;
	color: #000;
	border: 1px;
	border-style: outset;
	border-color: #FF6103 #FF6103;
}

td
{
	background-color: #000;
}

img
{
	border: 0px;
	border-style: solid;
}

.inbox
{
	font-family: Verdana;
	font-size: 8pt;
	border: 0px;
	border-style: solid;
	background-color: #829DAF;
}

.input
{
	background-color: #000;
	border: 1px;
	border-style: solid;
	border-color: #333333 #333333 #333333 #333333;
}

input
{
	background-color: #000;
	border: 1px;
	border-style: solid;
	border-color: #829DAF;
	color: #FFFFFF;
	font-family: Verdana;
	font-size: 8pt;
}

textarea
{
	background-color: #FFF;
	border: 1px;
	border-style: solid;
}

a:link
{
	font-weight: none;
	color: #829DAF;
	text-decoration: none;
}

a:visited
{
	font-weight: none;
	color: #829DAF;
	text-decoration: none;
}

a:hover
{
	font-weight: none;
	color: #829DAF;
	text-decoration: none;
}

a:active
{
	font-weight: none;
	color: #829DAF;
	text-decoration: none;
}

.quote
{
	background-color: #000;
	border: 1px solid #000;
}[/code]
[b]login.php[/b] ( in de map login )
[code]<?
session_start();

include('../include/config.php');
include('../include/functions.php');

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
	if(isset($_POST['login']))
	{
		$username = htmlentities($_POST['username']);
		$username = stripslashes($username);

		$password = sha1($_POST['password']);

		$sql = "SELECT * FROM members WHERE username = '" . $username . "' AND password = '" . $password . "' AND active = 1";
		if(!$res = mysql_query($sql))
		{
			query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
		}
		$bestaat = mysql_num_rows($res);

		if($bestaat == false)
		{
			header('Location: no-access.php');
		}
		else {
			$_SESSION['login'] = true;
			$_SESSION['timeout'] = time()+86400;

			$info = mysql_fetch_array($res);
				$_SESSION['status'] = $info['status'];
				$_SESSION['UID'] = $info['id'];
				$_SESSION['username'] = $info['username'];

			header('Location: ../messaging/index.php');

			$file = '../logs/' . $username . '.txt';
			$content = 'INGELOGD --- op '.date('d-m-Y').' om '.date('G:i:s');

			if(!$handle = fopen($file,'ab'))
			{
				echo 'Kan het bestand ' . $file . ' niet openen';
				exit;
			}
			if(!fwrite($handle,$content . chr(13) . chr(10)))
			{
				echo 'Kan niet schrijven naar ' . $file;
				exit;
			}
			fclose($handle);
		}
	}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
	<head>
		<title></title>
		<link rel="stylesheet" type="text/css" href="../include/style.css">
	</head>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF'] ?>">
	<table>
		<tr>
			<td>Gebruikersnaam:</td>
			<td><input type="text" name="username" value="<?=$username; ?>"></td>
		</tr>
		<tr>
			<td>Password:</td>
			<td><input type="password" name="password"></td>
		</tr>
		<tr>
			<td colspan="2"><input type="submit" name="login" value="Login"></td>
		</tr>
	</table>
</form>
</body>
</html>[/code]
[b]no-access.php[/b] ( in de map login )
[code]Deze even zelf maken :)
Gewoon een simpel verhaaltje dat het inloggen niet is gelukt en een linkje naar login.php[/code]
[b]index.php[/b] ( in de map messaging )
[code]<?
ini_set('display_errors', 0);
error_reporting(E_ALL);

session_start();

// pagina's includen
include('../include/config.php');
include('../include/functions.php');
	
// controleren of de gebruiker is ingelogd.
if($_SESSION['login'] && $_SESSION['timeout']>time())
{

	// variabelen defineren
	
	$table = 'pb';
	$berichten_per_pagina = 5;
	$max_archive = '50';
	$error = '<br /><center>Je kan dit bericht om een van de volgende redenen niet bekijken:<ul><li>Het opgevraagde bericht bestaat niet (meer).</li><li>Het bericht is niet voor jou bestemd.</li></center>';
	$error_archive = '<br /><center>Je kan dit bericht om een van de volgende redenen niet bekijken:<ul><li>Het opgevraagde bericht bestaat niet (meer).</li><li>Er staan al maximaal '.$max_archive.' berichten in je archief.</li></ul></center>';

	// lege variabelen maken om notices te voorkomen

	$folder = '';
	$msg = '';
	$PID = '';
	
	// $folder en $msg aanmaken

	$arr_folder = array('inbox','archive','sent');
	$arr_msg = array('read','del','save','reply');
	
	if(isset($_GET['folder']))
	{
		if(!in_array($_GET['folder'],$arr_folder,true))
		{
			header('Location: ' . $_SERVER['PHP_SELF']);
		}
		else {
			$folder = $_GET['folder'];
		}
	}

	if(isset($_POST['folder']))
	{
		if(!in_array($_POST['folder'],$arr_folder,true))
		{
			header('Location: ' . $_SERVER['PHP_SELF']);
		}
		else {
			$folder = $_POST['folder'];
		}
	}

	if(isset($_GET['msg']))
	{
		if(!in_array($_GET['msg'],$arr_msg,true))
		{
			header('Location: ' . $_SERVER['PHP_SELF']);
		}
		else {
			$msg = $_GET['msg'];
		}
	}
	if(isset($_POST['msg']))
	{
		if(!in_array($_POST['msg'],$arr_msg,true))
		{
			header('Location: ' . $_SERVER['PHP_SELF']);
		}
		else {
			$msg = $_POST['msg'];
		}
	}
	
	// controleren of PID numeric is.

	if(isset($_GET['PID']))
	{
		if(!is_numeric($_GET['PID']))
		{
			header('Location: ' . $_SERVER['PHP_SELF']);
		}
		else {
			$PID = $_GET['PID'];
		}
	}

	// $start maken

	if($_SERVER['REQUEST_METHOD'] == 'GET')
	{
		if(isset($_GET['start']))
		{
			if(!is_numeric($_GET['start']))
			{
				header('Location: ' . $_SERVER['PHP_SELF']);
			}
			else {
				$start = $_GET['start'];
			}
		}
		else {
			$start = 0;
		}
	}
	else {
		$start = 0;
	}

	// header maken naar send.php

	if($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		if(isset($_POST['compose']))
		{
			header('Location: send.php');
		}
	}
	
	// query's voor het tellen
	
	$totaal_inbox = "SELECT COUNT(PID) AS totaal FROM $table WHERE voor = '".$_SESSION['UID']."' && saved = 0 && deleted = 0";
	if(!$totaal_inbox_res = mysql_query($totaal_inbox))
	{
		query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
	}

	$gelezen_inbox = "SELECT COUNT(gelezen) AS ongelezen FROM $table WHERE gelezen = 0 && voor = '".$_SESSION['UID']."' && deleted = 0";
	if(!$gelezen_inbox_res = mysql_query($gelezen_inbox))
	{
		query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
	}
	$totaal_archive = "SELECT COUNT(PID) AS totaal FROM $table WHERE saved = 1 && voor = '".$_SESSION['UID']."' && deleted = 0 Limit 0,50";
	if(!$totaal_archive_res = mysql_query($totaal_archive))
	{
		query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
	}
	$totaal_sent = "SELECT COUNT(PID) AS totaal FROM $table WHERE van = '".$_SESSION['UID']."' Limit 0,50";
	if(!$totaal_sent_res = mysql_query($totaal_sent))
	{
		query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
	}

	$inbox = mysql_fetch_array($totaal_inbox_res);
	$gelezen = mysql_fetch_array($gelezen_inbox_res);
	$archive = mysql_fetch_array($totaal_archive_res);
	$sent = mysql_fetch_array($totaal_sent_res);

	// Reply'en

	if($msg == 'reply')
	{
		header('Location: send.php?ID='.$PID);
	}

	// Bericht verwijderen

	if($msg == 'del')
	{
		$delete = "UPDATE pb SET deleted = 1 WHERE PID = '".$PID."' && voor = '".$_SESSION['UID']."'";
		if(!$delete_res = mysql_query($delete))
		{
			query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
		}
		header('Location:' . $_SERVER['PHP_SELF'] . '?folder='.$folder.'&start='.$start);
	}

	// Bericht opslaan

	if($msg == 'save')
	{
		$save = "UPDATE pb SET saved = 1 WHERE PID = '".$PID."' && voor = '".$_SESSION['UID']."' && saved = 0 && '".$archive."' <= 50";
		if(!$save_res = mysql_query($save))
		{
			query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
		}
		echo $error_archive;
		//header('Location:' . $_SERVER['PHP_SELF'] . '?folder='.$folder.'7start='.$start);
	}

	// inbox legen

	if($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		if(isset($_POST['clear']))
		{
			$delete_all = "UPDATE pb SET deleted = 1 WHERE voor = '".$_SESSION['UID']."' && saved = 0 && deleted = 0";
			if(!$delete_all_res = mysql_query($delete_all))
			{
				query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
			}
		}
	}

	// archief legen

	if($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		if(isset($_POST['delete_arch']))
		{
			$delete_arch = "UPDATE pb set deleted = 1 WHERE voor = '".$_SESSION['UID']."' && saved = 1 && deleted = 0";
			if(!$delete_arch_res = mysql_query($delete_arch))
			{
				query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
			}
		}
	}
	
	// query voor het tonen van de berichten
	
	$sql = "SELECT * FROM $table WHERE PID = '".$PID."'";
	if(!$res = mysql_query($sql))
	{
		query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
	}
	$num = mysql_num_rows($res);
	$row = mysql_fetch_array($res);

	// aantal standaardt functies over de berichten heen halen

	$row['titel'] = htmlentities($row['titel']);
	$row['titel'] = stripslashes($row['titel']);
	
	$row['bericht'] = htmlentities($row['bericht']);
	$row['bericht'] = stripslashes($row['bericht']);
	$row['bericht'] = nl2br($row['bericht']);

	// eigen functies over de berichten heen halen

	$row['bericht'] = ubb($row['bericht']);
	?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
	<head>
		<title></title>
		<link rel="stylesheet" type="text/css" href="../include/style.css" />
	</head>
<body>

<center>
<?
echo '<b>Inbox</b> <span style="color: #829DAF;">'.$gelezen[0].'/'.$inbox[0].'</span> | 
<b>Archive</b> <span style="color: #829DAF;">'.$archive[0].'/'.$max_archive.'</span> | 
<b>Sent</b> <span style="color: #829DAF;">'.$sent[0].'</span><br /><br />';

switch($folder)
{
	case 'archive':
		echo '<span style="color:#829daf;">Up to ' . $max_archive . ' messages can be saved. Saved messages will not be deleted!</span>';
	break;
	case 'sent':
		echo '<span style="color:#829daf;">A max of 50 messages will be shown here. Sent messages can\'t be deleted!</span>';
	break;
	default;
		echo '<span style="color:#829daf;">All unsaved messages older than 7 days will be deleted!</span>';
	break;
}
?>
</center><br />
<table align="center" class="inbox" width="200" cellpadding="5" cellspacing="1">
	<tr>
		<td align="center">
			<?
			if($folder == 'sent' || $folder == 'archive' || $folder == 'inbox' && $msg == 'read')
			{
				echo '<a href="index.php">Inbox</a>';
			}
			else {
				echo 'Inbox';
			}
			?>
		</td>
		
		<td align="center">
			<?
			if($folder == 'sent' || $folder == 'inbox' || $folder == '' || $folder == 'archive' && $msg == 'read')
			{
				echo '<a href="index.php?folder=archive">Archive</a>';
			}
			else {
				echo 'Archive';
			}
			?>
		</td>

		<td align="center">
			<?
			if($folder == 'archive' || $folder == 'inbox' || $folder == '' || $folder == 'sent' && $msg == 'read')
			{
				echo '<a href="index.php?folder=sent">Sent</a>';
			} else {
				echo 'Sent';
			}
			?>
		</td>
	</tr>
</table>
<br />
<table align="center" width="300" cellpadding="5" cellspacing="0">
	<tr>
	<form method="post" action="<?=$_SERVER['PHP_SELF'] ?>">
		<td align="left" width="150">
			<input class="input" type="submit" name="compose" value="Compose" />
		</td>
	</form>
		
		<td align="right" width="150">
			<?
			switch($folder.$msg)
			{
				case 'sent' . 'read':
					echo '&nbsp;';
				break;
				case 'sent' . '':
					$page_sent = "
					SELECT *
					FROM $table
					WHERE van = '".$_SESSION['UID']."'
					ORDER BY datum DESC
					LIMIT $start, $berichten_per_pagina";
					if(!$res_page_sent = mysql_query($page_sent))
					{
						query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
					}
					$num_page_sent = mysql_num_rows($res_page_sent);

					$aantal_paginas = ceil($sent[0] / $berichten_per_pagina);
					$huidige_pagina = $start / $berichten_per_pagina + 1;

					for($i = 1; $i <= $aantal_paginas; $i++)
					{
						$start_pb = ($i - 1) * $berichten_per_pagina;
						if($i == $huidige_pagina)
						{
							echo '<strong><sup>[' . $i . ']</sup></strong>&nbsp;';
						}
						else {
							echo '<a href="?folder=sent&amp;start=' . $start_pb .'">' . $i . '</a>&nbsp;';
						}
					}
				break;
				case 'inbox' . 'read':
					echo '&nbsp;';
				break;
				case 'archive' . 'read':
					echo '&nbsp;';
				break;
				case 'archive':
					$page_archive = "
					SELECT *
					FROM $table
					WHERE saved = 1 && deleted = 0 && van = '".$_SESSION['UID']."'
					ORDER BY datum DESC
					LIMIT $start, $berichten_per_pagina";
					if(!$res_page_archive = mysql_query($page_archive))
					{
						query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
					}
					$page_archive_num = mysql_num_rows($res_page_archive);

					$aantal_paginas = ceil($archive[0] / $berichten_per_pagina);
					$huidige_pagina = $start / $berichten_per_pagina + 1;

					for($i = 1; $i <= $aantal_paginas; $i++)
					{
						$start_pb = ($i - 1) * $berichten_per_pagina;
						if($i == $huidige_pagina)
						{
							echo '<strong><sup>[' . $i . ']</sup></strong>&nbsp;';
						}
						else {
							echo '<a href="?folder=archive&amp;start=' . $start_pb .'">' . $i . '</a>&nbsp;';
						}
					}
				break;
				default;
					$page_inbox = "
					SELECT *
					FROM $table
					WHERE saved = 0 && voor = '".$_SESSION['UID']."' && deleted = 0
					ORDER BY datum DESC
					LIMIT $start, $berichten_per_pagina";
					if(!$res_page_inbox = mysql_query($page_inbox))
					{
						query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
					}
					$num_page_inbox = mysql_num_rows($res_page_inbox);

					$aantal_paginas = ceil($inbox[0] / $berichten_per_pagina);
					$huidige_pagina = $start / $berichten_per_pagina + 1;

					for($i = 1; $i <= $aantal_paginas; $i++)
					{
						$start_pb = ($i - 1) * $berichten_per_pagina;
						if($i == $huidige_pagina)
						{
							echo '<strong><sup>[' . $i . ']</sup></strong>&nbsp;';
						}
						else {
							echo '<a href="?start=' . $start_pb .'">' . $i . '</a>&nbsp;';
						}
					}
				}
			?>
		</td>
	</tr>
</table>
<br />
<?
switch($folder.$msg)
{
	case 'sent'.'read':
		if($row['van'] == $_SESSION['UID'])
		{
			echo '
				<table class="inbox" border="0" align="center" width="350" cellpadding="5" cellspacing="0">
					<tr>
						<td style="border: 1px solid #829DAF; padding: 5px;">
							<div><small><b>'.$row['titel'].'</b></small><hr size="1" noshade width="150px" align="left" style="color: #829DAF;">
							</div>
							' . $row['bericht'] . '
						</td>
					</tr>
				</table>
				';
		} else {
		echo $error;
		}
	break;
	case 'sent':
		if($num_page_sent >= 1)
		{
			while($berichten_sent = mysql_fetch_array($res_page_sent))
			{
				$van_sent = "SELECT username FROM members WHERE id = '".$berichten_sent['voor']."'";
				if(!$van_sent_res = mysql_query($van_sent))
				{
					query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
				}
				$fetch_sent = mysql_fetch_array($van_sent_res);

				$berichten_sent['titel'] = htmlentities($berichten_sent['titel']);
				$berichten_sent['titel'] = stripslashes($berichten_sent['titel']);

				if(strlen($berichten_sent['titel']) > 25)
				{
					$berichten_sent['titel'] = substr($berichten_sent['titel'],0,20) . ' ...';
				}
				?>
				
				<table class="inbox" align="center" width="270" cellpadding="5" cellspacing="1">
					<tr>
						<td width="100%">
							<span style="color:#289DAF;">
							<a href="?folder=sent&amp;msg=read&amp;PID=<?=$berichten_sent['PID'] ?>"><?=$berichten_sent['titel'] ?></a>
							</span>
						</td>
					</tr>
					<tr>
						<td colspan="2" align="left">
							Sent to <span style="color:#829DAF;">
							<a href="profile.php?UID=<?=$berichten_sent['voor'] ?>"><?=$fetch_sent['username'] ?></a>
							</span>
							On <span style="color:#829DAF;">
							<?=$berichten_sent['datum'] ?>
							</span>
						</td>
					</tr>
				</table>
				<br />
<?
		}
	}
	else {
		echo '
		<table align="center" class="inbox" width="270" cellpadding="5" cellspacing="1">
			<tr>
				<td align="center">You haven\'t sent any messages yet!</td>
			</tr>
		</table>
			';
	}
	break;
	case 'archive'.'read':
		if($row['voor'] == $_SESSION['UID'])
		{
			$update_inbox_archive = "UPDATE $table SET gelezen = 1 WHERE PID = '".$PID."'";
			if(!$update_inbox_archive_res = mysql_query($update_inbox_archive))
			{
				query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
			}
			echo '
				<table class="inbox" border="0" align="center" width="350" cellpadding="5" cellspacing="0">
					<tr>
						<td style="border: 1px solid #829DAF; padding: 5px;">
							<div><small><b>'.$row['titel'].'</b></small><hr size="1" noshade width="150px" align="left" style="color: #829DAF;">
							</div>
							' . $row['bericht'] . '<br /><br />
							<div style="text-align: right;">
							<a href="?PID='.$PID.'&amp;msg=reply">reply</a> | 
							<a href="?folder=archive&amp;PID='.$PID.'&amp;msg=del">delete</a>
							</div>
						</td>
					</tr>
				</table>
				';
		} else {
		echo $error;
		}
	break;
	case 'archive':
		if($page_archive_num >= 1)
		{
			while($berichten_arch = mysql_fetch_array($res_page_archive))
			{
				$van_arch = "SELECT username FROM members WHERE id = '".$berichten_arch['van']."'";
				if(!$van_arch_res = mysql_query($van_arch))
				{
					query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
				}
				$fetch_arch = mysql_fetch_array($van_arch_res);

				$berichten_arch['titel'] = htmlentities($berichten_arch['titel']);
				$berichten_arch['titel'] = stripslashes($berichten_arch['titel']);

				if(strlen($berichten_arch['titel']) > 25)
				{
					$berichten_arch['titel'] = substr($berichten_arch['titel'],0,20) . ' ...';
				}
				?>
				
				<table class="inbox" align="center" width="270" cellpadding="5" cellspacing="1">
					<tr>
						<td width="100%">
							<?
							if($berichten_arch['gelezen'] == 0)
							{
								echo '<img src="../include/img/bericht.gif" alt="envelope" />';
							}
							?>
							<span style="color:#289DAF;">
							<a href="?folder=archive&amp;msg=read&amp;PID=<?=$berichten_arch['PID'] ?>"><?=$berichten_arch['titel'] ?></a>
							</span>
						</td>
						
						<td style="padding: 0px;">
							<a href="?folder=<?=$folder ?>&amp;msg=del&amp;PID=<?=$berichten_arch['PID'] ?>&amp;start=<?=$start ?>"><img src="../include/img/prullenbak.gif" /></a>
						</td>
					</tr>
					
					<tr>
						<td colspan="2" align="left">
							Sent by <span style="color:#829DAF;">
							<a href="profile.php?UID=<?=$berichten_arch['van'] ?>"><?=$fetch_arch['username'] ?></a>
							</span>
							On <span style="color:#829DAF;">
							<?=$berichten_arch['datum'] ?>
							</span>
						</td>
					</tr>
				</table>
				<br />
<?
	}
		echo '
			<form method="post" action="{$_SERVER[PHP_SELF]}">
				<table align="center" width="300" cellpadding="5" cellspacing="0">
					<tr>
						<td width="150"><input class="input" type="submit" name="delete_archive" value="Delete all"></td>
						<td align="right" width="150"></td>
					</tr>
				</table>
			</form>
			<center>Unread messages are marked with an <img src="../include/img/bericht.gif" alt="envelope" /></center>
			';
	}
	else {
		echo '
		<table align="center" class="inbox" width="270" cellpadding="5" cellspacing="1">
			<tr>
				<td align="center">Your archive is empty!</td>
			</tr>
		</table>
			';
	}
	break;
	case 'inbox'.'read':
		if($row['voor'] == $_SESSION['UID'])
		{
			$update_inbox_read = "UPDATE $table SET gelezen = 1 WHERE PID = '".$PID."'";
			if(!$update_inbox_read_res = mysql_query($update_inbox_read))
			{
				query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
			}
			echo '
				<table class="inbox" border="0" align="center" width="350" cellpadding="5" cellspacing="0">
					<tr>
						<td style="border: 1px solid #829DAF; padding: 5px;">
							<div><small><b>'.$row['titel'].'</b></small><hr size="1" noshade width="150px" align="left" style="color: #829DAF;">
							</div>
							' . $row['bericht'] . '<br /><br />
							<div style="text-align: right;">
							<a href="?PID='.$PID.'&amp;msg=reply">reply</a> | 
							<a href="?PID='.$PID.'&amp;msg=save">save</a> | 
							<a href="?PID='.$PID.'&amp;msg=del">delete</a>
							</div>
						</td>
					</tr>
				</table>
				';
		} else {
		echo $error;
		}
	break;
	default;
		if($num_page_inbox >= 1)
		{
			while($berichten_inbox = mysql_fetch_array($res_page_inbox))
			{
				$van_inbox = "SELECT username FROM members WHERE id = '".$berichten_inbox['van']."'";
				if(!$van_inbox_res = mysql_query($van_inbox))
				{
					query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
				}
				$fetch_inbox = mysql_fetch_array($van_inbox_res);

				$berichten_inbox['titel'] = htmlentities($berichten_inbox['titel']);
				$berichten_inbox['titel'] = stripslashes($berichten_inbox['titel']);

				if(strlen($berichten_inbox['titel']) > 25)
				{
					$berichten_inbox['titel'] = substr($berichten_inbox['titel'],0,20) . ' ...';
				}
				?>
				
				<table class="inbox" align="center" width="270" cellpadding="5" cellspacing="1">
					<tr>
						<td width="100%">
							<?
							if($berichten_inbox['gelezen'] == 0)
							{
								echo '<img src="../include/img/bericht.gif" alt="envelope" />';
							}
							?>
							<span style="color:#289DAF;">
							<a href="?folder=inbox&amp;msg=read&amp;PID=<?=$berichten_inbox['PID'] ?>"><?=$berichten_inbox['titel'] ?></a>
							</span>
						</td>
						
						<td style="padding: 0px;">
							<a href="?folder=<?=$folder ?>&amp;msg=save&amp;PID=<?=$berichten_inbox['PID'] ?>&amp;start=<?=$start ?>"><img src="../include/img/save.gif" /></a><a href="?folder=<?=$folder ?>&amp;msg=del&amp;PID=<?=$berichten_inbox['PID'] ?>&amp;start=<?=$start ?>"><img src="../include/img/prullenbak.gif" /></a>
						</td>
					</tr>
					
					<tr>
						<td colspan="2" align="left">
							Sent by <span style="color:#829DAF;">
							<a href="profile.php?UID=<?=$berichten_inbox['van'] ?>"><?=$fetch_inbox['username'] ?></a>
							</span>
							On <span style="color:#829DAF;">
							<?=$berichten_inbox['datum'] ?>
							</span>
						</td>
					</tr>
				</table>
				<br />
<?
	}
		echo '
			<form method="post" action='.$_SERVER[PHP_SELF].'>
				<table align="center" width="300" cellpadding="5" cellspacing="0">
					<tr>
						<td width="150"><input class="input" type="submit" name="clear" value="Clear inbox" /></td>
						<td align="right" width="150"></td>
					</tr>
				</table>
			</form>
			<center>New messages are marked with an <img src="../include/img/bericht.gif" alt="envelope" /></center>
			';
	}
	else {
		echo '
		<table align="center" class="inbox" width="270" cellpadding="5" cellspacing="1">
			<tr>
				<td align="center">Your inbox is empty!</td>
			</tr>
		</table>
			';
	}
}
echo '
</body>
</html>
	';
}
else {
	session_unset();
	session_destroy();
	header('Location: ../login/login.php');
}
?>[/code]
[b]send.php[/b] ( in de map messaging )
[code]<?
ini_set('display_errors', 1);
error_reporting(E_ALL);

session_start();

// bestanden includen

include('../include/config.php');
include('../include/functions.php');

// controleren of de gebruiker is ingelogd.

if(isset($_SESSION['login']) && $_SESSION['timeout']>time())
{
	if(isset($_POST['bericht']))
	{
		$bericht = htmlentities($_POST['bericht']);
		$bericht = stripslashes($bericht);
	}
	else {
		$bericht = '';
	}

	if(isset($_POST['titel']))
	{
		$titel = htmlentities($_POST['titel']);
		$titel = stripslashes($titel);
	}
	else {
		$titel = 'No Subject';
	}
	
	if(isset($_POST['aan']))
	{
		$aan = htmlentities($_POST['aan']);
		$aan = stripslashes($aan);
	}
	else {
		$aan = '';
	}

	// controleren of ID numeric is

	if(isset($_GET['ID']))
	{
		if(!is_numeric($_GET['ID']))
		{
			header('Location: ' . $_SERVER['PHP_SELF']);
		}
		else {
			$ID = $_GET['ID'];
			$reply = true;
		}
	}
	else {
		$ID = '';
		$reply = false;
	}

	// query maken om informatie op te halen uit de url.

	$url_info = "SELECT titel,bericht,van,datum FROM pb WHERE PID = '".$ID."' && voor = '".$_SESSION['UID']."'";
	$url_res = mysql_query($url_info);
	$fetch_info = mysql_fetch_array($url_res);

	if(isset($fetch_info['bericht'],$fetch_info['titel'],$fetch_info['van']))
	{
		$fetch_info['bericht'] = htmlentities($fetch_info['bericht']);
		$fetch_info['bericht'] = stripslashes($fetch_info['bericht']);

		$fetch_info['titel'] = htmlentities($fetch_info['titel']);
		$fetch_info['titel'] = stripslashes($fetch_info['titel']);
	}
	else {
		$fetch_info['bericht'] = '';
		$fetch_info['titel'] = '';
		$fetch_info['van'] = '';
		$fetch_info['datum'] = '';
	}

	// query maken om nr in naam over te zetten

	$change = "SELECT username FROM members WHERE id = '".$fetch_info['van']."'";
	if(!$change_res = mysql_query($change))
	{
		query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
	}
	$fetch_change = mysql_fetch_array($change_res);

	// Query om te controleren of de gebruikersnaam bestaat

	$nick_exists = "SELECT username FROM members WHERE username = '".$aan."'";
	if(!$nick_res = mysql_query($nick_exists))
	{
		query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
	}

	if($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		if(isset($_POST['verstuur']))
		{
			if($aan == isset($SESSION['username']))
			{
				$error = 'You can\'t send messages to yourself.';
			}

			if($nick_num = mysql_num_rows($nick_res) == 0)
			{
				$error = 'De gebruiker bestaat niet.';
			}

			if(empty($aan) OR empty($bericht))
			{
				$error = 'Verplicht(e) veld(en) is / zijn leeg.';
			}
		}
		if(isset($error))
		{
			echo $error;
		}
		else {
			$invoer_voor = mysql_real_escape_string($_POST['aan']);
			$invoer_titel = mysql_real_escape_string(strtolower($_POST['titel']));
			$invoer_titel = ucfirst($invoer_titel);
			$invoer_bericht = mysql_real_escape_string($_POST['bericht']);

			$UID = "SELECT id FROM members WHERE username = '".$invoer_voor."'";
			if(!$fetch_res = mysql_query($UID))
			{
				query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
			}
			$fetch = mysql_fetch_array($fetch_res);

			$sql = "INSERT INTO pb (voor,van,datum,titel,bericht) VALUES (".$fetch['id'].",".$_SESSION['UID'].",NOW(),'".$invoer_titel."','".$invoer_bericht."')";
			if(!$res = mysql_query($sql))
			{
				query_fouten(mysql_error() . chr(13) . chr(10) . 'In bestand: ' . __FILE__ . chr(13) . chr(10) . 'Op regel: ' . __LINE__ . chr(13) . chr(10));
			}
			header('Location: index.php');
			
			$file = '../logs/' . $invoer_voor . '.txt';
			$content = 'Bericht verzonden --- op '.date('d-m-Y').' om '.date('G:i:s').' naar '.$invoer_voor.'['.$fetch['id'].']';

			if(!$handle = fopen($file,'ab'))
			{
				echo 'Kan het bestand ' . $file . ' niet openen';
				exit;
			}
			if(!fwrite($handle,$content . chr(13) . chr(10)))
			{
				echo 'Kan niet schrijven naar ' . $file;
				exit;
			}
			fclose($handle);
		}
	}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
	<head>
		<title></title>
		<link rel="stylesheet" type="text/css" href="../include/style.css">
	</head>
<body>

<form method="post" action="<?=$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'] ?>">

<table align="left" cellpadding="1" cellspacing="2">
	<tr>
		<td class="top" colspan="2"><b>Verstuur een bericht</b></td>
	</tr>
	<tr>
		<td width="75">Aan:</td>
		<td><input type="text" name="aan" size="40" maxlength="30" value="<?=$fetch_change['username'] ?>"></td>
	</tr>
	<tr>
		<td width="75">Titel:</td>

		<td><input type="text" name="titel" size="50" maxlength="50" value="<?=$fetch_info['titel'] ?>"></td>
	</tr>
	<tr>
		<td>Bericht:</td>
		<td>
		<textarea cols="50" rows="10" name="bericht"><? if($reply == true){ echo "\n\n[quote=".$fetch_change['username']." wrote on: ".$fetch_info['datum']."]\n".$fetch_info['bericht']."[/quote]"; } ?></textarea>
		</td>
	</tr>
	<tr>
		<td>&nbsp;</td>
		<td><input type="submit" name="verstuur" value="Verstuur"></td>
	</tr>
</table>

</form>

</body>
</html>

<?
} else {
	session_unset();
	session_destroy();
	header('Location: ../login/login.php');
}
?>[/code]