ADMIN.PHP
-----------------------------------------------
[code]
<?
############################################
#  Filename   : ADMIN.PHP                  #
#------------------------------------------#
#  Written By : Dennis van den Hout        #
#  Email      : webmaster@scripters.nl     #
#  Website    : www.scripters.nl           #
#  Questions? : www.scripters.nl/forum     #
#------------------------------------------#
#   Editing source is allowed, unless you  #
#         give it to other users           #
#------------------------------------------#
############################################

error_reporting(E_ALL);
session_start();

include("config.php");
include("functions.php");

if(!isset($_SESSION['admin_login']))
{
	if(isset($_POST['login']))
	{
		if($_POST['username'] == $cfg['admin_user'] AND $_POST['password'] == $cfg['admin_pass'])
		{
			header("Location: admin.php");
			$_SESSION['admin_login'] = 1;
		}
		else
		{
			echo "<script>alert('Login Incorrect.'); document.location.href=('admin.php')</script>";
		}
	}
	else
	{
?>

<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="username"><br>
Password : <input type="password" name="password"><br><br>

<input type="Submit" value="Login"><br><br>

<?
	}
}
else
{
	echo "<script src=\"javascript.js\"></script>";

	if(!isset($_GET['act']))
	{
?>
<b>Options</b><br>
<a href="admin.php?act=config">Configuration</a><br>
<a href="admin.php?act=mass_pm">Mass PM</a><br>
<a href="admin.php?act=smiles">Smiles</a><br>
<br>
<b>Maintenance</b><br>
<a href="admin.php?act=repair">Repair &amp; Optimize Database</a><br>
<a href="javascript:delete_members()">Delete all members</a><br>
<a href="javascript:delete_messages()">Delete all messages</a><br>
<a href="javascript:uninstall()">UN-Install</a><br>
<br>
<b>Others</b><br>
<a href="index.php">Index Page</a><br>
<a href="admin.php?act=newest_members">Last 10 Registered</a><br>
<a href="admin.php?act=member_list">Memberlist</a><br>
<a href="logoff.php">Log Off</a>
<?
	}
	else
	{
		if($_GET['act'] == "member_list")
		{
			if(isset($_GET['order_by']))
			{
				if($_GET['order_by'] == "user_name")
				{
					$order_by = "user_name";
				}
				elseif($_GET['order_by'] == "user_email")
				{
					$order_by = "user_email";
				}
				elseif($_GET['order_by'] == "user_url")
				{
					$order_by = "user_url";
				}
				elseif($_GET['order_by'] == "user_regdate")
				{
					$order_by = "user_regdate";
				}
				else
				{
					$order_by = "user_id";
				}
			}
			else
			{
				$order_by = "user_id";
			}

			$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);

			if(!isset($_GET['page']) OR $_GET['page'] < 1)
			{
				$page = 0;
				$prev = "[ Previous " . $cfg['per_page'] . " ]";
			}
			else
			{
				$page = $_GET['page'];
			}

			$start = $page * $cfg['per_page'];

			$pages = $total / $cfg['per_page'];
			$pageplus = $page + 1;
			$pagemin = $page - 1;

			if(($page + 1) < $pages)
			{
				$next = "[ <a href=\"admin.php?act=member_list&order_by=" . $order_by . "&page=" . $pageplus . "\">Next " . $cfg['per_page'] . "</a> ]";
			}

			if(($page - 1) < $pages AND $page)
			{
				$prev = "[ <a href=\"admin.php?act=member_list&order_by=" . $order_by . "&page=" . $pagemin . "\">Previous " . $cfg['per_page'] . "</a> ]";
			}
			else
			{
				$prev = "[ Previous " . $cfg['per_page'] . " ]";
			}

			if($pageplus > $pages OR $pageplus == "$pages")
			{
				$next = "[ Next " . $cfg['per_page'] . " ]";
			}

			$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_public = '1' ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);

			if(!empty($result))
			{
				echo "<center>" . $prev ." &nbsp; [ <a href=\"index.php\">Main Page</a> ] &nbsp; ". $next . "<center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
  <tr>
    <td width="21%"><b><a href="admin.php?act=member_list&order_by=user_name&page=<? echo $_GET['page'] ?>">Username</a></b></td>
    <td width="26%"><b><a href="admin.php?act=member_list&order_by=user_email&page=<? echo $_GET['page'] ?>">Email</b></td>
    <td width="23%"><b><a href="admin.php?act=member_list&order_by=user_url&page=<? echo $_GET['page'] ?>">Website</b></td>
    <td width="20%"><b><a href="admin.php?act=member_list&order_by=user_regdate&page=<? echo $_GET['page'] ?>">Registered</b></td>
    <td width="10%" align="center"><b>Options</b></td>
  </tr>
<?
				while($row = mysql_fetch_assoc($query))
				{
					$format_date = date("$cfg[admin_date]", $row['user_regdate']);
?>
  <tr>
    <td width="21%"><a href="profile.php?act=view&user_id=<? echo $row['user_id'] ?>"><? echo htmlspecialchars($row['user_name']) ?></a></td>
    <td width="26%"><a href="mailto:<? echo htmlspecialchars($row['user_email']) ?>"><? echo htmlspecialchars($row['user_email']) ?></a></td>
<?
					$split_url = substr($row['user_url'],0,7);

					if($split_url != "http://")
					{
						$url = "http://" . $row['user_url'];
					}
					else
					{
						$url = $row['user_url'];
					}
?>
    <td width="23%"><a href="<? echo $url ?>" target="_blank"><? echo $row['user_url'] ?></a></td>
    <td width="20%"><? echo $format_date ?></td>
    <td width="10%" align="center"><a href="admin.php?act=edit&user_id=<? echo $row['user_id'] ?>">Edit this user</a></td>
  </tr>
<?
				}
			echo "</table>";
			echo "<center>" . $prev ." &nbsp; [ <a href=\"index.php\">Main Page</a> ] &nbsp; ". $next . "<center>";
			}
			else
			{
				echo "<script>alert('No members yet.'); history.go(-1)</script>";
			}
		}

		if($_GET['act'] == "config" AND !isset($_POST['update_config']))
		{
			$query = mysql_query("SELECT * FROM tbl_config");

			while($row = mysql_fetch_assoc($query))
			{
?>
<form method="POST">
<input type="hidden" value="1" name="update_config">
<b>Antiflood :</b><br>
<input type="text" name="antiflood" value="<? echo $row['cfg_antiflood'] ?>" size="5"><br>

<b>Max messages in inbox :</b><br>
<input type="text" name="maxmsg" value="<? echo $row['cfg_maxmsg'] ?>" size="5"><br>

<b>Enable Registrations :</b><br>
<select name="register">
<?
				if(!empty($row['cfg_register']))
				{
					$selected = "";
				}
				else
				{
					$selected = " selected";
				}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>

<b>Enable Smiles :</b><br>
<select name="smiles">
<?
				if(!empty($row['cfg_smiles']))
				{
					$selected = "";
				}
				else
				{
					$selected = " selected";
				}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>

<b>Enable UBB-Codes :</b><br>
<select name="ubb">
<?
				if(!empty($cfg['ubb']))
				{
					$selected = "";
				}
				else
				{
					$selected = " selected";
				}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>

<b>Member Per Page :</b><br>
<input type="text" name="perpage" value="<? echo $row['cfg_perpage'] ?>" size="5"><br>

<b>Messages Per Page :</b><br>
<input type="text" name="perpageinbox" value="<? echo $row['cfg_perpageinbox'] ?>" size="5"><br>

<b>Admin Dateformat :</b><br>
<input type="text" name="dateformat" value="<? echo $row['cfg_admindate'] ?>" size="10"><br><br>

<b>Admin Username :</b><br>
<input type="text" name="adminuser" value="<? echo $row['cfg_adminuser'] ?>" size="5"><br>

<b>Admin Password :</b><br>
<input type="text" name="adminpass" value="<? echo $row['cfg_adminpass'] ?>" size="5"><br>

<input type="submit" value="Save">
<input type="reset" value="Reset">
<?
			}
		}

		if($_GET['act'] == "repair")
		{
			mysql_query("REPAIR TABLE tbl_config,tbl_msg,tbl_smiles,tbl_users") or die("<script>alert('Tables could not be repaired.')</script>");
			mysql_query("OPTIMIZE TABLE tbl_config") or die("<script>alert('Tables could not be optimized.')</script>");
			mysql_query("OPTIMIZE TABLE tbl_msg") or die("<script>alert('Tables could not be optimized.')</script>");
			mysql_query("OPTIMIZE TABLE tbl_smiles") or die("<script>alert('Tables could not be optimized.')</script>");
			mysql_query("OPTIMIZE TABLE tbl_users") or die("<script>alert('Tables could not be optimized.')</script>");

			echo "<script>alert('Tables repaired & optimized.'); document.location.href=('admin.php')</script>";
		}

		if($_GET['act'] == "delete_members")
		{
			$users = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);

			if(!empty($users))
			{
				mysql_query("DELETE FROM tbl_users") or die("<script>alert('Could not delete members.')</script>");

				echo "<script>alert('All users have been deleted.'); document.location.href=('admin.php')</script>";
			}
			else
			{
				echo "<script>alert('No users found.'); document.location.href=('admin.php')</script>";
			}
		}

		if($_GET['act'] == "delete_messages")
		{
			$messages = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg"),0);

			if(!empty($messages))
			{
				mysql_query("DELETE FROM tbl_msg") or die("<script>alert('Could not delete message.')</script>");

				echo "<script>alert('All messages have been deleted.'); document.location.href=('admin.php')</script>";
			}
			else
			{
				echo "<script>alert('No messages found.'); document.location.href=('admin.php')</script>";
			}
		}

		if($_GET['act'] == "edit" AND !isset($_POST['update_user']))
		{
			if(isset($_GET['user_id']))
			{
				$user_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'"),0);

				if(!empty($_GET['user_id']) AND isset($_GET['user_id']) AND !empty($user_exists))
				{
					if(isset($_SESSION['admin_login']))
					{
						$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'");

						while($row = mysql_fetch_assoc($query))
						{
?>
<form method="POST">
<input type="hidden" value="<? echo $_GET['user_id'] ?>" name="user_id">
<input type="hidden" value="1" name="update_user">
<b>Username :</b><br>
<input type="text" name="user" value="<? echo htmlspecialchars($row['user_name']) ?>"><br>

<b>Email :</b><br>
<input type="text" name="email" value="<? echo htmlspecialchars($row['user_email']) ?>"><br>

<b>Website :</b><br>
<input type="text" name="url" value="<? echo htmlspecialchars($row['user_url']) ?>"><br>

<b>Date Format :</b><br>
<input type="text" name="date" value="<? echo htmlspecialchars($row['user_dateformat']) ?>">
<a href="http://www.php.net/date" target="_blank">More info</a><br>

<b>User IP: </b><br>
<input type="text" value="<? echo $row['user_ip'] ?>" disabled><br>

<b>Registered: </b><br>
<input type="text" value="<? echo date("$cfg[admin_date]",$row['user_regdate']); ?>" size="25" disabled><br>

<b>Show Email :</b><br>
<select name="showmail">
<?
							if(!empty($row['user_showmail']))
							{
								$selected = "";
							}
							else
							{
								$selected = " selected";
							}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>

<b>Enabled PM :</b><br>
<select name="pm">
<?
							if(!empty($row['user_pm']))
							{
								$selected = "";
							}
							else
							{
								$selected = " selected";
							}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select> If "No" all messages will be deleted<br>

<b>Public Profile :</b><br>
<select name="public">
<?
							if(!empty($row['user_public']))
							{
								$selected = "";
							}
							else
							{
								$selected = " selected";
							}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>

<b>Account Activated :</b><br>
<select name="activated">
<?
							if($row['user_activated'] == "1")
							{
								$is_activated = " selected";
							}
							elseif(empty($row['user_activated']))
							{
								$not_activated = " selected";
							}
							else
							{
								$pending_activated = " selected";
							}
?>
<option value="1"<? if(isset($is_activated)){ echo $is_activated; } ?>>Yes</option>
<option value="0"<? if(isset($not_activated)){ echo $not_activated; } ?>>No</option>
<option value="<? echo $row['user_activated'] ?>"<? if(isset($pending_activated)){ echo $pending_activated; } ?>>Pending</option>
</select> * Pending means that the user has to activate his account<br><br>

<b>Admin Comment :</b><br>
<textarea cols="25" rows="5" name="admcom"><? echo $row['user_admcom'] ?></textarea><br>

<b>Password :</b><br>
<input type="password" name="pass"><br><br>

<input type="checkbox" name="deluser" value="1"> Delete User<br><br>

<input type="submit" value="Save">
<input type="reset" value="Reset">

<?
						}
					}
					else
					{
						echo "<script>alert('You\'re not logged in'.); document.location.href=('admin.php')</script>";
					}
				}
				else
				{
					echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
				}
			}
			else
			{
				echo "<script>alert('No ID defined.'); history.go(-1);</script>";
			}
		}

		if($_GET['act'] == "mass_pm" AND !isset($_POST['send_masspm']))
		{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="send_masspm">

<b>Title :</b><br>
<input type="text" name="title" size="50"><br>

<b>Message :</b><br>
<?
			echo_ubb();
			echo "<textarea cols=\"75\" rows=\"20\" name=\"message\"></textarea>";
			echo "<br>\n";
			echo_smiles();
			echo "<br>\n";
?>

<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
		}

		if($_GET['act'] == "smiles")
		{
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
  <tr>
    <td width="35%"><b>Name</b></td>
    <td width="20%"><b>Tag</b></td>
    <td width="20%"><b>Preview</b></td>
    <td width="10%" align="center"><b>Options</b></td>
  </tr>
<?
			$query = mysql_query("SELECT * FROM tbl_smiles ORDER BY smile_name ASC");
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles"),0);

			if(!empty($result))
			{
				while($row = mysql_fetch_assoc($query))
				{
?>
  <tr>
    <td width="35%"><? echo htmlspecialchars($row['smile_name']) ?></td>
    <td width="20%"><? echo htmlspecialchars($row['smile_tag']) ?></td>
    <td width="20%"><img src="smiles/<? echo $row['smile_file'] ?>"></td>
    <td width="10%" align="center"><a href="admin.php?act=edit_smile&smile_id=<? echo $row['smile_id'] ?>">Edit</a> |
    <a href="javascript:del_smile('<? echo $row['smile_id'] ?>')">Delete</a></td>
  </tr>
<?
				}
			}

			echo "</table>";
			echo "<br>\n";
			echo "<a href=\"admin.php?act=add_smile\">Add Smile</a>";
			echo "<br>\n";
			echo "<a href=\"admin.php\">Admin Index</a>";
		}

		if($_GET['act'] == "edit_smile" AND !isset($_POST['save_smile']))
		{
			$query = mysql_query("SELECT * FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'");
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'"),0);

			if(!empty($result))
			{
				while($row = mysql_fetch_assoc($query))
				{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="save_smile">
<input type="hidden" value="<? echo $_GET['smile_id'] ?>" name="id">

<b>Smile Name :</b><br>
<input type="text" name="name" value="<? echo $row['smile_name'] ?>"><br>

<b>Smile Tag :</b><br>
<input type="text" name="tag" value="<? echo $row['smile_tag'] ?>" size="5"><br>

<b>Smile File :</b><br>
<select name="file" onChange="showimage()"><?

					$handle = opendir('smiles');

					while(false!==($file = readdir($handle)))
					{
						if($file != "." AND $file != "..")
						{
							if($file == $row['smile_file'])
							{
								$selected = " selected";
							}
							else
							{
								$selected = " ";
							}

							echo "<option value=\"" . $file . "\"" . $selected . ">" . $file . "</option>\n";
						}
					}

					closedir($handle);
?>
    </select><img src="smiles/<? echo $row['smile_file'] ?>" name="icons" hspace="10"><br>

<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
				}
			}
			else
			{
				echo "<script>alert('Smile with this ID doesn\'t excist'); history.go(-1)</script>";
			}
		}

		if($_GET['act'] == "add_smile" AND !isset($_POST['add_smile']))
		{
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="add_smile">

<b>Smile Name :</b><br>
<input type="text" name="name"><br>

<b>Smile Tag :</b><br>
<input type="text" name="tag" size="5"><br>

<b>Smile File :</b><br>
<select name="file" onChange="showimage()"><?

			$handle = opendir('smiles');

			while(false!==($file = readdir($handle)))
			{
				if($file != "." AND $file != "..")
				{
					if(!isset($first_smile))
					{
						$first_smile = $file;
					}

				echo "<option value=\"" . $file . "\">" . $file . "</option>\n";
				}
			}

			closedir($handle);
?>
    </select><img src="smiles/<? echo $first_smile ?>" name="icons" hspace="10"><br>

<input type="submit" value="Save">
<input type="reset" value="Reset">
</form>
<?
		}

		if($_GET['act'] == "del_smile")
		{
			if(isset($_GET['smile_id']))
			{
				$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'"),0);

				if(!empty($result))
				{
					mysql_query("DELETE FROM tbl_smiles WHERE smile_id = '" . $_GET['smile_id'] . "'");
				}
				else
				{
					echo "<script>alert('Smile with this ID doesn\'t excist.'); history.go(-1)</script>";
				}
			}
			else
			{
				echo "<script>alert('Please validate a smile ID.'); history.go(-1)</script>";
			}
		}

		if($_GET['act'] == "newest_members")
		{
			$query = mysql_query("SELECT * FROM tbl_users ORDER BY user_id DESC LIMIT 0,10");
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);

			if(empty($result))
			{
				echo "<script>alert('No members yet.'); history.go(-1)</script>";
			}
			else
			{
				while($row = mysql_fetch_assoc($query))
				{
					echo $row['user_id'] . ". <a href=\"profile.php?act=view&user_id=" . $row['user_id'] . "\">" . $row['user_name'] . "</a><br>";
				}
			}
		}

		if($_GET['act'] == "uninstall")
		{
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);

			if(!empty($result))
			{
				mysql_query("DROP TABLE tbl_config");
				mysql_query("DROP TABLE tbl_msg");
				mysql_query("DROP TABLE tbl_smiles");
				mysql_query("DROP TABLE tbl_users");

				echo "SNP Login Script successfully uninstalled, you can now remove all files of SNP Login Script.";
				echo "<br>\n<br>\n";
				echo "<script>window.close()</script>";
			}
			else
			{
				echo "<script>alert('SNP Login Script has already been uninstalled, delete the directory containing this file to finish the un-installation.'); window.close()</script>";
			}
		}
	}

	if(isset($_POST['update_user']))
	{
		if(empty($_POST['deluser']))
		{
			if(!empty($_POST['pass']))
			{
				mysql_query("UPDATE tbl_users SET user_pass = '" . md5($_POST['pass']) . "' WHERE user_id = '" . $_POST['user_id'] . "'") or die(mysql_error());
			}

			mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_activated = '" . $_POST['activated'] . "', user_admcom = '" . $_POST['admcom'] . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_POST['user_id'] . "'") or die(mysql_error());

			echo "Information successfully updated !";
			echo "<br>\n<br>\n";
			echo "<a href=\"admin.php?act=member_list\">Back to memberlist</a>";
			echo "<br>\n";
			echo "<a href=\"admin.php\">Admin Index</a>";
		}
		else
		{
			$user_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_POST['user_id'] . "'"),0);

			if(!empty($user_exists))
			{
				mysql_query("DELETE FROM tbl_users WHERE user_id = '" . $_POST['user_id'] . "'");
				mysql_query("DELETE FROM tbl_msg WHERE msg_to = '" . $_POST['user_id'] . "' OR msg_from = '" . $_POST['user_id'] . "'");

				echo "<script>alert('User successfully deleted.'); document.location.href=('admin.php?act=member_list')</script>";
			}
			else
			{
				echo "<script>alert('User doesn\'t exist.'); document.location.href=('admin.php?act=member_list')</script>";
			}
		}
	}

	if(isset($_POST['update_config']))
	{
		mysql_query("UPDATE tbl_config SET cfg_antiflood = '" . $_POST['antiflood'] . "', cfg_maxmsg = '" . $_POST['maxmsg'] . "', cfg_register = '" . $_POST['register'] . "', cfg_smiles = '" . $_POST['smiles'] . "', cfg_ubbcode = '" . $_POST['ubb'] . "', cfg_perpage = '" . $_POST['perpage'] . "', cfg_perpageinbox = '" . $_POST['perpageinbox'] . "', cfg_admindate = '" . $_POST['dateformat'] . "', cfg_adminuser = '" . $_POST['adminuser'] . "', cfg_adminpass = '" . $_POST['adminpass'] . "'") or die(mysql_error());

		echo "Configuration successfully updated !";
		echo "<br>\n<br>\n";
		echo "<a href=\"admin.php\">Admin Index</a>";
	}

	if(isset($_POST['send_masspm']))
	{
		$query = mysql_query("SELECT * FROM tbl_users ORDER BY user_id ASC");
		$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);

		if(!empty($result))
		{
			while($row = mysql_fetch_assoc($query))
			{
				mysql_query("INSERT INTO tbl_msg VALUES ('','" . $_POST['title'] . "',NOW(),'" . $_POST['message'] . "','0','" . $row['user_id'] . "','0','" . $_ENV['REMOTE_ADDR'] . "')");
			}

			echo "Mass PM Sent to all members.";
			echo "<br>\n<br>\n";
			echo "<a href=\"admin.php?act=inbox\">My Inbox</a>";
			echo "<br>\n";
			echo "<a href=\"admin.php\">Admin Index</a>";
		}
		else
		{
			echo "<script>alert('Can\'t send message: No members yet.')</script>";
		}
	}

	if(isset($_POST['save_smile']))
	{
		mysql_query("UPDATE tbl_smiles SET smile_name = '" . $_POST['name'] . "', smile_tag = '" . $_POST['tag'] . "', smile_file = '" . $_POST['file'] . "' WHERE smile_id = '" . $_POST['id'] . "'") or die(mysql_error());

		echo "Configuration successfully updated !";
		echo "<br>\n<br>\n";
		echo "<a href=\"admin.php\">Admin Index</a>";
	}

	if(isset($_POST['add_smile']))
	{
		$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles WHERE smile_file = '" . $_POST['file'] . "'"),0);

		if(empty($result))
		{
			mysql_query("INSERT INTO tbl_smiles VALUES ('','" . $_POST['name'] . "', '" . $_POST['tag'] . "', '" . $_POST['file'] . "')");

			echo "Smiles successfully added !";
			echo "<br>\n<br>\n";
			echo "<a href=\"admin.php\">Admin Index</a>";
		}
		else
		{
			echo "<script>alert('Smile already excists'); history.go(-1)</script>";
		}
	}
}
?>
[/code]
-----------------------------------------------










CONFIG.PHP
-----------------------------------------------
[code]
<?
############################################
#  Filename   : CONFIG.PHP                 #
#------------------------------------------#
#  Written By : Dennis van den Hout        #
#  Email      : webmaster@scripters.nl     #
#  Website    : www.scripters.nl           #
#  Questions? : www.scripters.nl/forum     #
#------------------------------------------#
#   Editing source is allowed, unless you  #
#         give it to other users           #
#------------------------------------------#
############################################

$hostname = "localhost";
$username = "user";
$password = "";
$database = "login";

mysql_connect($hostname,$username,$password) or die(mysql_error());
mysql_select_db($database);

$select_config = mysql_query("SELECT * FROM tbl_config");

while($config = mysql_fetch_assoc($select_config))
{
	$cfg['antiflood'] = $config['cfg_antiflood'];
	$cfg['max_msg'] = $config['cfg_maxmsg'];
	$cfg['register'] = $config['cfg_register'];
	$cfg['smiles'] = $config['cfg_smiles'];
	$cfg['ubb'] = $config['cfg_ubbcode'];
	$cfg['per_page'] = $config['cfg_perpage'];
	$cfg['per_pageinbox'] = $config['cfg_perpageinbox'];
	$cfg['admin_date'] = $config['cfg_admindate'];
	$cfg['admin_user'] = $config['cfg_adminuser'];
	$cfg['admin_pass'] = $config['cfg_adminpass'];
}
?>[/code]
-----------------------------------------------










FUNCTIONS.PHP
-----------------------------------------------
[code]
<?
############################################
#  Filename   : FUNCTIONS.PHP              #
#------------------------------------------#
#  Written By : Dennis van den Hout        #
#  Email      : webmaster@scripters.nl     #
#  Website    : www.scripters.nl           #
#  Questions? : www.scripters.nl/forum     #
#------------------------------------------#
#   Editing source is allowed, unless you  #
#         give it to other users           #
#------------------------------------------#
############################################

include("config.php");

function echo_ubb()
{
	global $cfg;

	if(!empty($cfg['ubb']))
	{
		echo "<input type=\"button\" OnClick=\"smile('[b][/b]')\" style=\"font-weight: bold; width: 30pt\" value=\"B\"> ";
		echo "<input type=\"button\" OnClick=\"smile('[u][/u]')\" style=\"text-decoration: underline; width: 30pt\" value=\"U\"> ";
		echo "<input type=\"button\" OnClick=\"smile('[i][/i]')\" style=\"font-style: italic; width: 30pt\" value=\"I\"> ";
		echo "<input type=\"button\" OnClick=\"smile('[quote][/quote]')\" style=\"width: 50pt\" value=\"Quote\"> ";
		echo "<input type=\"button\" OnClick=\"smile('[img][/img]')\" style=\"width: 50pt\" value=\"Image\">";
		echo "<br>\n";
	}
}

function echo_smiles()
{
	global $cfg;

	if(!empty($cfg['smiles']))
	{
		$query = mysql_query("SELECT * FROM tbl_smiles");
		$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_smiles"),0);

		if(!empty($result))
		{
			while($row = mysql_fetch_assoc($query))
			{
				echo " <a href=\"javascript:smile('" . addslashes($row['smile_tag']) . "')\"><img src=\"smiles/" . $row['smile_file'] . "\" border=\"0\"></a>";
			}

			echo "<br>\n";
		}
	}
}
?>
[/code]
-----------------------------------------------










INDEX.PHP
-----------------------------------------------
[code]
<?
############################################
#  Filename   : INDEX.PHP                  #
#------------------------------------------#
#  Written By : Dennis van den Hout        #
#  Email      : webmaster@scripters.nl     #
#  Website    : www.scripters.nl           #
#  Questions? : www.scripters.nl/forum     #
#------------------------------------------#
#   Editing source is allowed, unless you  #
#         give it to other users           #
#------------------------------------------#
############################################

error_reporting(E_ALL);
session_start();

include("config.php");

if(!isset($_SESSION['user_id']))
{
	if(isset($_POST['login']))
	{
		$query = mysql_query("SELECT * FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_pass = '" . md5($_POST['pass']) . "'");
		$result = mysql_num_rows($query);

		if(empty($result))
		{
			echo "<script>alert('Login Incorrect.'); document.location.href=('index.php')</script>";
		}
		else
		{
			while($row = mysql_fetch_assoc($query))
			{
				$user_id = $row['user_id'];
			}

			header("Location: index.php");
			$_SESSION['user_id'] = $user_id;
		}
	}
	else
	{
?>

<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="user"><br>
Password : <input type="password" name="pass"><br><br>

<input type="Submit" value="Login"><br><br>
<a href="register.php">Register</a><br>
<a href="memberlist.php">Memberlist</a>

<?
	}
}
else
{
	$query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");

	while($row = mysql_fetch_assoc($query))
	{
		echo "Username : <b>" . $row['user_name']. "</b>";

		if($row['user_pm'])
		{
			$msg = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);

			if(empty($msg))
			{
				$msg = "<font color=\"#008000\">Empty</font>";
			}
			elseif($msg >= $cfg['max_msg'])
			{
				$msg = "<font color=\"#FF0000\">FULL</font>";
			}
			else
			{
				$msg = $msg . " / " . $cfg['max_msg'];
			}

			echo "<br>\n";
			echo "Inbox : <b>". $msg ."</b> ( <a href=\"msg.php?act=inbox\">Open</a> )";
		}
	}

	echo "<br>\n<br>\n";

	if(isset($_SESSION['admin_login']))
	{
		
		echo "<a href=\"admin.php\">Admin Page</a>";
		echo "<br>\n";
	}

	echo "<a href=\"memberlist.php\">Memberlist</a>";
	echo "<br>\n";
	echo "<a href=\"profile.php?act=edit_profile\">Change Profile</a>";
	echo "<br>\n";
	echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
	echo "<br>\n";
	echo "<a href=\"logoff.php\">Log Off</a>";
}
?>[/code]
-----------------------------------------------










JAVASCRIPT.JS
-----------------------------------------------
[code]
function clr_inbox()
{
	if(confirm("Are you sure you want to clear all messages ?"))
	{
		document.location.href = 'msg.php?act=del_inbox';
	}
}

function del_msg(value)
{
	if(confirm("Are you sure you want to delete this message ?"))
	{
		document.location.href = 'msg.php?act=delmsg&msg_id=' + value;
	}
}

function del_smile(value)
{
	if(confirm("Are you sure you want to delete this smile ?"))
	{
		document.location.href = 'admin.php?act=del_smile&smile_id=' +value;
	}
}

function smile(tag)
{
	document.form.message.value += ""+tag;
	document.form.message.focus();
}

function delete_members()
{
	if(confirm("Are you sure you want to delete all members ?"))
	{
		document.location.href = 'admin.php?act=delete_members';
	}
}

function delete_messages()
{
	if(confirm("Are you sure you want to delete all messages ?"))
	{
		document.location.href = 'admin.php?act=delete_messages';
	}
}

function uninstall()
{
	if(confirm("Are you sure you want to uninstall SNP Login Script ?"))
	{
		document.location.href = 'admin.php?act=uninstall';
	}
}

function showimage()
{
	if(!document.images)return;
	document.images.icons.src="smiles/"+document.form.file.options[document.form.file.selectedIndex].value;
}
[/code]
-----------------------------------------------









LOGOFF.PHP
-----------------------------------------------
[code]
<?
############################################
#  Filename   : LOGOFF.PHP                 #
#------------------------------------------#
#  Written By : Dennis van den Hout        #
#  Email      : webmaster@scripters.nl     #
#  Website    : www.scripters.nl           #
#  Questions? : www.scripters.nl/forum     #
#------------------------------------------#
#   Editing source is allowed, unless you  #
#         give it to other users           #
#------------------------------------------#
############################################

session_start();

if(isset($_SESSION))
{
	if(isset($_SESSION['user_id']))
	{
		unset($_SESSION['user_id']);
	}
	if(isset($_SESSION['admin_login']))
	{
		unset($_SESSION['admin_login']);
	}

	header("Location: index.php");
}
else
{
		echo "<script>alert('Your not logged in.')</script>";
}
?>
[/code]
-----------------------------------------------










MEMBERLIST.PHP
-----------------------------------------------
[code]
<?
############################################
#  Filename   : MEMBERLIST.PHP             #
#------------------------------------------#
#  Written By : Dennis van den Hout        #
#  Email      : webmaster@scripters.nl     #
#  Website    : www.scripters.nl           #
#  Questions? : www.scripters.nl/forum     #
#------------------------------------------#
#   Editing source is allowed, unless you  #
#         give it to other users           #
#------------------------------------------#
############################################

session_start();
error_reporting(E_ALL);

include("config.php");

if(isset($_GET['order_by']))
{
	if($_GET['order_by'] == "user_name")
	{
		$order_by = "user_name";
	}
	elseif($_GET['order_by'] == "user_email")
	{
		$order_by = "user_email";
	}
	elseif($_GET['order_by'] == "user_url")
	{
		$order_by = "user_url";
	}
	elseif($_GET['order_by'] == "user_regdate")
	{
		$order_by = "user_regdate";
	}
	elseif($_GET['order_by'] == "user_pm")
	{
		$order_by = "user_pm";
	}
	else
	{
		$order_by = "user_id";
	}
}
else
{
	$order_by = "user_id";
}

$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);

if(!isset($_GET['page']) OR $_GET['page'] < 1)
{
	$page = 0;
	$prev = "[ Previous " . $cfg['per_page'] . " ]";
}
else
{
	$page = $_GET['page'];
}

$start = $page * $cfg['per_page'];

$pages = $total / $cfg['per_page'];
$pageplus = $page + 1;
$pagemin = $page - 1;

if(($page + 1) < $pages)
{
	$next = "[ <a href=\"memberlist.php?page=" . $pageplus . "&order_by=" . $order_by . "\">Next " . $cfg['per_page'] . "</a> ]";
}

if(($page - 1) < $pages AND $page)
{
	$prev = "[ <a href=\"memberlist.php?page=" . $pagemin . "&order_by=" . $order_by . "\">Previous " . $cfg['per_page'] . "</a> ]";
}
else
{
	$prev = "[ Previous " . $cfg['per_page'] . " ]";
}

if($pageplus > $pages OR $pageplus == "$pages")
{
	$next = "[ Next " . $cfg['per_page'] . " ]";
}

if(isset($_SESSION['user_id']))
{
	$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
}
else
{
	$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_public = '1' ORDER BY " . $order_by . " ASC LIMIT $start," . $cfg['per_page'] . "");
}
	$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users"),0);

if(!empty($result))
{
	echo "<center>" . $prev ." &nbsp; [ <a href=\"index.php\">Main Page</a> ] &nbsp; ". $next . "<center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
  <tr>
    <td width="21%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_name">Username</a></b></td>
    <td width="26%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_email">Email</b></td>
    <td width="23%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_url">Website</b></td>
    <td width="20%"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_regdate">Registered</b></td>
    <td width="10%" align="center"><b><a href="memberlist.php?page=<? echo $_GET['page'] ?>&order_by=user_pm">Enabled PM</a></b></td>
  </tr>
<?
	while($row = mysql_fetch_assoc($query))
	{
		if(isset($_SESSION['user_id']))
		{
			$date_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");

			while($date = mysql_fetch_assoc($date_select))
			{
				$date_format = $date['user_dateformat'];
			}

			$format_date = date("$date_format",$row['user_regdate']);
		}
		else
		{
			$format_date = date("d-m-Y H:i:s", $row['user_regdate']);
		}
?>
  <tr>
    <td width="21%"><a href="profile.php?act=view&user_id=<? echo $row['user_id'] ?>"><? echo htmlspecialchars($row['user_name']) ?></a></td>
    <td width="26%">
<?
		if(!empty($row['user_showmail']))
		{
			echo "<a href=\"mailto:" . htmlspecialchars($row['user_email']) . "\">" . htmlspecialchars($row['user_email']) . "</a></td>";
		}

		if(!empty($row['user_url']))
		{
			$split_url = substr($row['user_url'],0,7);

			if($split_url != "http://")
			{
				$url = "http://" . $row['user_url'];
			}
			else
			{
				$url = $row['user_url'];
			}
		}
?>
    <td width="23%"><a href="<? echo $url ?>" target="_blank"><? echo $row['user_url'] ?></a></td>
    <td width="20%"><? echo $format_date ?></td>
<?
		if(!empty($row['user_pm']))
		{
			$user_pm = "<font color=\"#008000\">Yes</font>";
		}
		else
		{
			$user_pm = "<font color=\"#FF0000\">No</font>";
		}
?>
    <td width="10%" align="center"><? echo $user_pm ?></td>
  </tr>
<?
	}

echo "</table>";
echo "<center>" . $prev ." &nbsp; [ <a href=\"index.php\">Main Page</a> ] &nbsp; ". $next . "<center>";
}
else
{
	echo "<script>alert('No members yet.'); history.go(-1)</script>";
}
?>[/code]
-----------------------------------------------










MSG.PHP
-----------------------------------------------
[code]<?
############################################
#  Filename   : MSG.PHP                    #
#------------------------------------------#
#  Written By : Dennis van den Hout        #
#  Email      : webmaster@scripters.nl     #
#  Website    : www.scripters.nl           #
#  Questions? : www.scripters.nl/forum     #
#------------------------------------------#
#   Editing source is allowed, unless you  #
#         give it to other users           #
#------------------------------------------#
############################################

error_reporting(E_ALL);

session_start();
include("config.php");
include("functions.php");

if(isset($_POST['send_msg']))
{
	if($_POST['user_id'] == $_SESSION['user_id'])
	{
		echo "<script>alert('You can\'t send messages to yourself.'); history.go(-1)</script>";
	}
	else
	{
		if(!isset($_COOKIE['antiflood']))
		{
			$inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_POST['user_id'] . "'"),0);

			if($inbox >= $cfg['max_msg'])
			{
				$send = 0;
			}
			else
			{
				$send = 1;
			}

			if(!empty($send))
			{

				if(!empty($_POST['title']) AND !empty($_POST['message']))
				{
					mysql_query("INSERT INTO tbl_msg VALUES ('','" . $_POST['title'] . "',NOW(),'" . $_POST['message'] . "','" . $_SESSION['user_id'] . "','" . $_POST['user_id'] . "','0','" . $_ENV['REMOTE_ADDR'] . "')") or die(mysql_error());
					setcookie("antiflood",true,time()+$cfg['antiflood']);

					echo "Message successfully sent !";
					echo "<br>\n<br>\n";
					echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
					echo "<br>\n";
					echo "<a href=\"index.php\">Main Page</a>";
				}
				else
				{
					echo "<script>alert('Please fill in all fields.'); history.go(-1)</script>";
				}
			}
			else
			{
				echo "<script>alert('We\'re sorry but the inbox of this user is full or the user disabled Private Messages.'); history.go(-1)</script>";
			}
		}
		else
		{
			echo "Antiflood is still active, this means you can only send 1 message per <b style=\"color: #FF0000\">" . $cfg['antiflood'] . "</b> seconds.";
			echo "<br>\n<br>\n";
			echo "<a href=\"javascript:window.location.reload()\">Refresh Page</a>";
			echo "<br>\n";
			echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
			echo "<br>\n";
			echo "<a href=\"msg.php?act=new\">Write new message</a>";
		}
	}
}

echo "<script src=\"javascript.js\"></script>";

if(isset($_SESSION['user_id']))
{
	if(isset($_GET['act']))
	{
		if($_GET['act'] == "inbox")
		{
			$total = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);

			if(!isset($_GET['page']) OR $_GET['page'] < 1)
			{
				$page = 0;
				$prev = "[ Previous " . $cfg['per_pageinbox'];
			}
			else
			{
				$page = $_GET['page'];
			}

			$start = $page * $cfg['per_pageinbox'];

			$pages = $total / $cfg['per_pageinbox'];
			$pageplus = $page + 1;
			$pagemin = $page - 1;

			if(($page + 1) < $pages)
			{
				$next = "[ <a href=\"msg.php?act=inbox&page=" . $pageplus . "\">Next " . $cfg['per_pageinbox'] . "</a> ]";
			}

			if(($page - 1) < $pages AND $page)
			{
				$prev = "[ <a href=\"msg.php?act=inbox&page=" . $pagemin . "\">Previous " . $cfg['per_pageinbox'] . "</a> ]";
			}
			else
			{
				$prev = "[ Previous " . $cfg['per_pageinbox'] . " ]";
			}

			if($pageplus > $pages OR $pageplus == "$pages")
			{
				$next = "[ Next " . $cfg['per_pageinbox'] . " ]";
			}

			$query = mysql_query("SELECT *,UNIX_TIMESTAMP(msg_time) AS msg_time FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "' ORDER BY msg_id DESC LIMIT $start," . $cfg['per_pageinbox'] . "");
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);

			if(empty($result))
			{
				echo "No messages in your inbox";
				echo "<br>\n";
			}
			else
			{
				echo "<center>" . $prev ." &nbsp; ". $next . "</center>";
?>
<table style="border-collapse: collapse" cellpadding="2" cellspacing="0" width="100%" border="1" bordercolor="#000000">
  <tr>
    <td width="40%"><b>Title</b></td>
    <td width="25%"><b>From</b></td>
    <td width="30%"><b>Date</b></td>
    <td width="5%" align="center"><b>Read</b></td>
  </tr>
<?
				while($row = mysql_fetch_assoc($query))
				{
					$from_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_from'] . "'");

					while($from = mysql_fetch_assoc($from_select))
					{
						$from_name = $from['user_name'];
					}

					$to_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_to'] . "'");

					while($date = mysql_fetch_assoc($to_select))
					{
						$date_format = $date['user_dateformat'];
					}
?>
  <tr>
    <td width="40%">
<?
					echo "    <a href=\"msg.php?act=read&msg_id=" . $row['msg_id'] . "\">" . htmlspecialchars($row['msg_title']) . "</a>";
?>
    
    </td>
    <td width="25%">
<?
if(empty($row['msg_from']))
{
	echo "Administrator";
}
else
{
	echo "<a href=\"profile.php?act=view&user_id=". $row['msg_from'] ."\">" . htmlspecialchars($from_name) . "</a>";
}
?>

    </td>
    <td width="30%">
<?
					echo date("$date_format", $row['msg_time']);
?>

    </td>
    <td width="5%" align="center">
<?
					if(!empty($row['msg_read']))
					{
						echo "    <font color=\"#008000\">Yes</font>";
					}
					else
					{
						echo "    <font color=\"#FF0000\">No</font>";
					}
?>

    </td>
  </tr>
<?
				}

			echo "</table>";
			echo "<center>" . $prev ." &nbsp; ". $next . "</center>";
			}

			echo "<br>\n";
			echo "<a href=\"msg.php?act=new\">New Message</a>";

			if(!empty($result))
			{
				echo "<br>\n";
				echo "<a href=\"javascript:clr_inbox()\">Clear Inbox</a>";
			}

			echo "<br>\n";
			echo "<a href=\"index.php\">Main Page</a>";
		}

		if($_GET['act'] == "new" AND !isset($_POST['send_msg']))
		{
			if(isset($_GET['user_id']))
			{
				if($_GET['user_id'] == $_SESSION['user_id'] OR isset($_GET['quote']) == $_SESSION['user_id'])
				{
					echo "<script>alert('You can\'t reply to this message'); history.go(-1)</script>";
				}

				$enabled_pm = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_pm = 1 AND user_id = '" . $_GET['user_id'] . "'"),0);
				$inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_GET['user_id'] . "'"),0);

				if($inbox >= $cfg['max_msg'] OR empty($enabled_pm))
				{
					$send = 0;
				}
				else
				{
					$send = 1;
				}
			}
			else
			{
				$send = 1;
			}

			if(!empty($send))
			{
				$query = mysql_query("SELECT * FROM tbl_users WHERE user_pm = 1 ORDER BY user_name ASC");
?>
<form method="POST" name="form">
<input type="hidden" value="1" name="send_msg">
<b>To : </b><br><select name="user_id">
<?
				while($row = mysql_fetch_assoc($query))
				{
					if(isset($_GET['user_id']) OR isset($_GET['quote']))
					{
						if($row['user_id'] == $_GET['user_id'])
						{
							$selected = " selected";
						}
						else
						{
							$selected = "";
						}

						if(isset($_GET['user_id']))
						{
							$title = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = " . $_GET['msg_id'] . "");
						}

						if(isset($_GET['quote']))
						{
							$title = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = " . $_GET['quote'] . "");
						}

						while($msg = mysql_fetch_assoc($title))
						{
							$msg_title = str_replace("Re: ","", $msg['msg_title']);
							$msg_title = "Re: " . htmlspecialchars($msg_title);
						}
					}

					$user_select = mysql_query("SELECT * FROM tbl_users");

					while($user = mysql_fetch_assoc($user_select))
					{
						$user_name = $row['user_name'];
					}

				echo "<option value=\"" . $row['user_id'] . "\"" . $selected . ">" . $user_name . "</option>";
				}

				echo "</select>";
				echo "<br>\n";
?>

<b>Title :</b><br> <input type="text" name="title" value="<? if(isset($msg_title)){ echo $msg_title; } ?>" size="45" maxlength="50"><br>
<b>Message :</b><br>
<?
				echo echo_ubb();
?>
<textarea name="message" cols="40" rows="10"><?

				if(isset($_GET['quote']))
				{
					$select_quote = mysql_query("SELECT * FROM tbl_msg WHERE msg_id = '" . $_GET['quote'] . "'");

					while($quote = mysql_fetch_assoc($select_quote))
					{
						$quote_userid = $quote['msg_from'];
						$quote_message = $quote['msg_message'];
					}

					$select_user = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $quote_userid . "'");

					while($user = mysql_fetch_assoc($select_user))
					{
						$quote_username = $user['user_name'];
					}

				echo "[quote=" . $quote_username . "]" . $quote_message . "[/quote]";
				}
?></textarea><br>
<?
				echo_smiles();
				echo "<br>\n";
?>
<input type="submit" value="Send">
<input type="reset" value="Reset">

<?
			}
			else
			{
				echo "<script>alert('Inbox of this user is full or user disabled Private Messages.'); history.go(-1)</script>";
			}
		}

		if($_GET['act'] == "read" AND isset($_GET['msg_id']))
		{
			$query = mysql_query("SELECT *,UNIX_TIMESTAMP(msg_time) AS msg_time FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'");
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'"),0);

			if(empty($result))
			{
				echo "<script>alert('Message with this ID doesn\'t exist.'); document.location.href=('msg.php?act=inbox')</script>";
			}
			else
			{
				while($row = mysql_fetch_assoc($query))
				{
					if(empty($row['msg_read']))
					{
						mysql_query("UPDATE tbl_msg SET msg_read = 1 WHERE msg_id = '" . $_GET['msg_id'] . "'") or die(mysql_error());
					}

					echo "<b>Title : </b>". htmlspecialchars($row['msg_title']);
					echo "<br>\n";

					$from_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_from'] . "'");

					while($from = mysql_fetch_assoc($from_select))
					{
						$from_user = $from['user_name'];
					}

					$to_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['msg_to'] . "'");

					while($date = mysql_fetch_assoc($to_select))
					{
						$date_format = $date['user_dateformat'];
					}

					echo "<b>From : </b>";

					if(empty($row['msg_from']))
					{
						echo "Administrator";
					}
					else
					{
						echo "<a href=\"profile.php?act=view&user_id=". $row['msg_from'] ."\">" . htmlspecialchars($from_name) . "</a>";
					}

					echo "<br>\n";

					$row['msg_time'] = date("$date_format", $row['msg_time']);
					echo "<b>Time : </b>". htmlspecialchars($row['msg_time']);
					echo "<br>\n";
					echo "<b>Message: </b>";
					echo "<hr>\n";

					$row['msg_message'] = nl2br(htmlspecialchars($row['msg_message']));

					if(!empty($cfg['smiles']))
					{
						$smile_select = mysql_query("SELECT * FROM tbl_smiles ORDER BY smile_id ASC");

						while($smile = mysql_fetch_assoc($smile_select))
						{
							$smile['smile_tag'] = str_replace(">","&gt;", $smile['smile_tag']);
							$smile['smile_tag'] = str_replace("<","&lt;", $smile['smile_tag']);
							$row['msg_message'] = str_replace("$smile[smile_tag]","<img src=\"smiles/" . $smile['smile_file'] . "\">", $row['msg_message']);
						}
					}

					$quote_tags = substr_count($row['msg_message'], '[/quote]');
					for($i = 0; $i <= $quote_tags; $i++)
					{
						$row['msg_message'] = preg_replace('/\[quote=(.*?)\](.*?)\[\/quote\]/si', "<br><blockquote>\\1 Schreef:<br><table border=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#000000\" width=\"80%\" cellpadding=\"2\"><tr><td> \\2 </td></tr></table></blockquote>", $row['msg_message']);
					}

					$row['msg_message'] = preg_replace("/\[b\](.*?)\[\/b\]/si", "<b>\\1</b>",$row['msg_message']);
					$row['msg_message'] = preg_replace("/\[u\](.*?)\[\/u\]/si", "<u>\\1</u>",$row['msg_message']);
					$row['msg_message'] = preg_replace("/\[i\](.*?)\[\/i\]/si", "<i>\\1</i>",$row['msg_message']);
					$row['msg_message'] = preg_replace("/\[img\](.*?)\[\/img\]/si", "<img src=\"\\1\">",$row['msg_message']);

					$row['msg_message'] = ereg_replace("([ ]{2})","\\1&nbsp;",$row['msg_message']);

					$row['msg_message'] = eregi_replace("(^|[>[:space:]\n])([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])([<[:space:]\n]|$)","\\1<a href=\"\\2://\\3\\4\" target=\"_blank\">\\2://\\3\\4</a>\\5", $row['msg_message']);
					$row['msg_message'] = wordwrap($row['msg_message'], 100,"\t", 1);

					echo $row['msg_message'];

					$msg_from = $row['msg_from'];
					$msg_id = $row['msg_id'];
				}

				echo "<hr>\n";
				echo "<a href=\"javascript:del_msg('" . $_GET['msg_id'] . "')\">Delete message</a>";
				echo "<br>\n";
				echo "<a href=\"msg.php?act=new&user_id=" . $msg_from . "&msg_id=" . $msg_id . "\">Reply</a>";
				echo "<br>\n";
				echo "<a href=\"msg.php?act=new&user_id=" . $msg_from . "&quote=" . $msg_id . "\">Quote</a>";
				echo "<br>\n";
				echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
				echo "<br>\n";
				echo "<a href=\"index.php\">Main Page</a>";

			}
		}

		if($_GET['act'] == "delmsg" AND isset($_GET['msg_id']))
		{
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'"),0);

			if(empty($result))
			{
				echo "<script>alert('Message with this ID doesn\'t exist, you might have deleted it earlier.'); document.location.href=('msg.php?act=read&msg_id=" . $_GET['msg_id'] . "')</script>";
			}
			else
			{
				mysql_query("DELETE FROM tbl_msg WHERE msg_id = '" . $_GET['msg_id'] . "' AND msg_to = '" . $_SESSION['user_id'] . "'") or die(mysql_error());

				echo "Message successfully deleted !";
				echo "<br>\n<br>\n";
				echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
				echo "<br>\n";
				echo "<a href=\"index.php\">Main Page</a>";
			}
		}

		if($_GET['act'] == "del_inbox")
		{
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);

			if(empty($result))
			{
				echo "<script>alert('You have no messages in your inbox.'); document.location.href=('msg.php?act=inbox')</script>";
			}
			else
			{
				mysql_query("DELETE FROM tbl_msg WHERE msg_to = " . $_SESSION['user_id'] . "") or die(mysql_error());
				echo "Inbox successfully cleared !";
				echo "<br>\n<br>\n";
				echo "<a href=\"msg.php?act=inbox\">My Inbox</a>";
				echo "<br>\n";
				echo "<a href=\"index.php\">Main Page</a>";
			}
		}
	}

	else
	{
		echo "<script>alert('Undifined action.'); history.go(-1)</script>";
	}
}
else
{
	echo "<script>alert('You\'re not logged in.'); document.location.href=('index.php')</script>";
}
?>[/code]
-----------------------------------------------









PROFILE.PHP
-----------------------------------------------
[code]<?
############################################
#  Filename   : PROFILE.PHP                #
#------------------------------------------#
#  Written By : Dennis van den Hout        #
#  Email      : webmaster@scripters.nl     #
#  Website    : www.scripters.nl           #
#  Questions? : www.scripters.nl/forum     #
#------------------------------------------#
#   Editing source is allowed, unless you  #
#         give it to other users           #
#------------------------------------------#
############################################

error_reporting(E_ALL);
session_start();

include("config.php");

if(isset($_GET['act']))
{
	if($_GET['act'] == "view")
	{
		if(isset($_GET['user_id']))
		{
			$query = mysql_query("SELECT *,UNIX_TIMESTAMP(user_regdate) AS user_regdate FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'");
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_id = '" . $_GET['user_id'] . "'"),0);

			if(empty($result))
			{
				echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
			}
			else
			{
				while($row = mysql_fetch_assoc($query))
				{
					$public_profile = $row['user_public'];

					if(empty($public_profile))
					{
						if(isset($_SESSION['user_id']))
						{
							$show_profile = 1;
						}
						else
						{
							$show_profile = 0;
						}
					}
					else
					{
						$show_profile = 1;
					}

					if(!empty($show_profile))
					{
						echo "<b>Username : </b>" . htmlspecialchars($row['user_name']) . "<br>\n";

						if($row['user_showmail'])
						{
							echo "<b>Email : </b><a href=\"mailto:" . htmlspecialchars($row['user_email']) . "\">" . htmlspecialchars($row['user_email']) . "</a><br>\n";
						}

						if(!empty($row['user_url']))
						{
							$split_url = substr($row['user_url'],0,7);

							if($split_url != "http://")
							{
								$url = "http://" . $row['user_url'];
							}
							else
							{
								$url = $row['user_url'];
							}

							echo "<b>Website : </b><a href=\"" . htmlspecialchars($url) . "\" target=\"_blank\">" . htmlspecialchars($row['user_url']) . "</a><br>\n";
						}

						$date_select = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $row['user_id'] . "'");

						while($date = mysql_fetch_assoc($date_select))
						{
							$date_format = $date['user_dateformat'];
						}

						$row['user_regdate'] = date("$date_format", $row['user_regdate']);
						echo "<b>Registered : </b>" . $row['user_regdate'] . "<br>\n";

						if($row['user_pm'])
						{
							$user_pm = "Yes";
						}
						else
						{
							$user_pm = "No";
						}

						echo "<b>Enabled PM : </b>" . $user_pm . "<br>\n";

						$user_inbox = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = " . $_GET['user_id'] . ""),0);

						if(isset($row['user_pm']) AND !empty($row['user_pm']))
						{
							echo "<b>Inbox : </b>";

							if($user_inbox >= $cfg['max_msg'])
							{
								$user_inbox = "<font color=\"red\">" . $user_inbox;
								$cfg['max_msg'] = $cfg['max_msg'] . "</font>";
							}
							else
							{
								$user_inbox = "$user_inbox";
							}

						echo $user_inbox . " / " . $cfg['max_msg'];
						echo "<br>\n";
						}

						if($row['user_pm'] AND isset($_SESSION['user_id']) AND $user_inbox <= $cfg['max_msg'])
						{
							if($_GET['user_id'] != $_SESSION['user_id'])
							{
								echo "<br>\n";
								echo "<a href=\"msg.php?act=new&user_id=" . $_GET['user_id'] . "\">Send this user a Private Message</a>";
							}
						}

						echo "<br>\n";
						echo "<a href=\"index.php\">Main Page</a>";
					}
					else
					{
						echo "<script>alert('Only registered users can see this profile.'); history.go(-1);</script>";
					}
				}
			}
		}
		else
		{
			echo "<script>alert('User with this ID doesn\'t exist.'); history.go(-1);</script>";
		}
	}

	if($_GET['act'] = "edit_profile" AND !isset($_GET['user_id']) AND !isset($_POST['change_profile']))
	{
		if(isset($_SESSION['user_id']))
		{
			$query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");

			while($row = mysql_fetch_assoc($query))
			{
?>
<form method="POST">
<input type="hidden" value="1" name="change_profile">
<b>Username :</b><br>
<input type="text" name="user" value="<? echo htmlspecialchars($row['user_name']) ?>"><br>

<b>Email :</b><br>
<input type="text" name="email" value="<? echo htmlspecialchars($row['user_email']) ?>"><br>

<b>Website :</b><br>
<input type="text" name="url" value="<? echo htmlspecialchars($row['user_url']) ?>"><br>

<b>Show Email :</b><br>
<select name="showmail">
<?
				if(!empty($row['user_showmail']))
				{
					$selected = "";
				}
				else
				{
					$selected = " selected";
				}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>

<b>Public Profile :</b><br>
<select name="public">
<?
				if(!empty($row['user_public']))
				{
					$selected = "";
				}
				else
				{
					$selected = " selected";
				}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select><br>

<b>Date Format :</b><br>
<input type="text" name="date" value="<? echo htmlspecialchars($row['user_dateformat']) ?>">
<a href="http://www.php.net/date" target="_blank">More info</a><br>

<b>Enable PM :</b><br>
<select name="pm">
<?
				if(!empty($row['user_pm']))
				{
					$selected = "";
				}
				else
				{
					$selected = " selected";
				}
?>
<option value="1" selected>Yes</option>
<option value="0"<? echo $selected ?>>No</option>
</select> If "No" all messages will be deleted<br><br>

<i>Change Password</i><br>
<b>Password :</b><br>
<input type="password" name="pass"><br>

<b>Password [Confirm] :</b><br>
<input type="password" name="pass2"><br><br>

<input type="submit" value="Save">
<input type="reset" value="Reset"><br><br>

<?
			}
		}
		else
		{
			echo "<script>alert('You\'re not logged in.'); document.location.href=('index.php')</script>";
		}
	}

	if(isset($_POST['change_profile']))
	{
		$name_exists = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_id <> " . $_SESSION['user_id'] . ""),0);

		if(empty($name_exists))
		{
			if(preg_match("/^([a-z0-9_\-]+\.)*?[a-z0-9_\-]+@([a-z0-9\-_]{2,})\.[a-z0-9\-_]*(\.[a-z0-9\-_]{2,})*$/i",$_POST['email']))
			{
				if(!empty($_POST['pass']) OR !empty($_POST['pass2']))
				{
					if($_POST['pass'] != $_POST['pass2'])
					{
						echo "<script>alert('Passwords are not the same.'); history.go(-1)</script>";
					}
					else
					{
						mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_pass = '" . md5($_POST['pass']) . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());

						echo "Information + Password successfully updated !";
						echo "<br>\n<br>\n";
						echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
						echo "<br>\n";
						echo "<a href=\"index.php\">Main Page</a>";
					}
				}
				else
				{
					mysql_query("UPDATE tbl_users SET user_name = '" . $_POST['user'] . "', user_email = '" . $_POST['email'] . "', user_url = '" . $_POST['url'] . "', user_dateformat = '" . $_POST['date'] . "', user_showmail = '" . $_POST['showmail'] . "', user_public = '" . $_POST['public'] . "', user_pm = '" . $_POST['pm'] . "' WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());

					echo "Information successfully updated !";
					echo "<br>\n<br>\n";
					echo "<a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
					echo "<br>\n";
					echo "<a href=\"index.php\">Main Page</a>";
				}

				if(empty($_POST['pm']))
				{
					$result= mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'");

					if(!empty($result))
					{
						mysql_query("DELETE FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
					}
				}
			}
			else
			{
				echo "<script>alert('Email address incorrect.'); history.go(-1)</script>";
			}
		}
		else
		{
			echo "<script>alert('Username already in use.'); history.go(-1)</script>";
		}
	}
}
else
{
	echo "<script>alert('No ID Validated'); history.go(-1);</script>";
}

?>[/code]
-----------------------------------------------









REGISTER.PHP
-----------------------------------------------
[code]<?
############################################
#  Filename   : REGISTER.PHP               #
#------------------------------------------#
#  Written By : Dennis van den Hout        #
#  Email      : webmaster@scripters.nl     #
#  Website    : www.scripters.nl           #
#  Questions? : www.scripters.nl/forum     #
#------------------------------------------#
#   Editing source is allowed, unless you  #
#         give it to other users           #
#------------------------------------------#
############################################

error_reporting(E_ALL);

include("config.php");

if(!empty($cfg['register']))
{
	if(!isset($_POST['reg_user']))
	{
?>
<form method="POST">
<input type="hidden" value="1" name="reg_user">
<b>Username :</b><br>
<input type="text" name="user" maxlength="30"><br>

<b>Email :</b><br>
<input type="text" name="email" maxlength="125"><br>

<b>Password :</b><br>
<input type="password" name="pass" maxlength="12"> (At least 5 chars)<br>

<b>Password [Confirm] :</b><br>
<input type="password" name="pass2" maxlength="12"> (At least 5 chars)<br><br>

<input type="Submit" value="Register"><br><br>
<?
	}
	else
{
		if(!empty($_POST['user']) AND !empty($_POST['email']) AND !empty($_POST['pass']) AND !empty($_POST['pass2']))
		{
			$result = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_users WHERE user_name = '" . $_POST['user'] . "'"),0);

			if(!empty($result))
			{
				echo "<script>alert('Username already in use'); history.go(-1)</script>";
			}
			else
			{
				if(preg_match("/^([a-z0-9_\-]+\.)*?[a-z0-9_\-]+@([a-z0-9\-_]{2,})\.[a-z0-9\-_]*(\.[a-z0-9\-_]{2,})*$/i",$_POST['email']))
				{
					if(strlen($_POST['pass']) <= 4)
					{
						echo "<script>alert('Password too short.'); history.go(-1)</script>";
					}
					else
					{
						if($_POST['pass'] != $_POST['pass2'])
						{
							echo "<script>alert('Passwords are not the same.'); history.go(-1)</script>";
						}
						else
						{
							mysql_query("INSERT INTO tbl_users VALUES ('','" . $_POST['user'] . "','" . $_POST['email'] . "',NULL,'" . md5($_POST['pass']) . "',NOW(),'d-m-Y H:i:s',1,1,1,NULL,NULL,NULL,'" . $_ENV['REMOTE_ADDR'] . "')") or die(mysql_error());

						echo "Successfully registered, you can now log in";
						echo "<br><br><a href=\"index.php\">Log in</a>";
						}
					}
				}
				else
				{
					echo "<script>alert('Email address incorrect.'); history.go(-1)</script>";
				}
			}
		}
		else
		{
			echo "<script>alert('Please fill in all fields.'); history.go(-1)</script>";
		}
	}
}
else
{
	echo "<script>alert('Registering of new user has been disabled by the site admin.'); history.go(-1)</script>";
}
?>[/code]
-----------------------------------------------









TABLES.SQL
-----------------------------------------------
[code]CREATE TABLE tbl_config (
  cfg_antiflood int(10) unsigned default '0',
  cfg_maxmsg int(5) unsigned default '0',
  cfg_register int(1) unsigned default '0',
  cfg_smiles int(1) unsigned default '0',
  cfg_ubbcode int(1) unsigned default '0',
  cfg_perpage int(5) unsigned default '0',
  cfg_perpageinbox int(5) unsigned default '0',
  cfg_admindate char(25) default '0',
  cfg_adminuser char(15) default '0',
  cfg_adminpass char(32) default '0'
) TYPE=MyISAM;

INSERT INTO tbl_config VALUES("60", "50", "1", "1", "1", "25", "25", "D d F g:i A", "admin", "1234");

CREATE TABLE tbl_msg (
  msg_id int(10) unsigned NOT NULL auto_increment,
  msg_title varchar(50) default '0',
  msg_time datetime default NULL