<?php ini_set('display_errors', 'On'); error_reporting(E_ALL); $time = microtime(); $time = explode(' ', $time); $time = $time[1] + $time[0]; $start = $time; session_start(); define("DB_HOST","mysql117.loopia.se"); define("DB_USER","normal@i103189"); define("DB_PASS","KungMicke87"); define("DB_NAME","indiehjaerta_com"); if (isset($_POST['send'])) { if (isset($_SESSION['username']) && isset($_SESSION['id'])) { // Connect to MySQLi $sqli = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die(mysqli_errno()); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $fromid = $_SESSION['id']; $subject = mysqli_real_escape_string($sqli, $_POST['subject']); $text = mysqli_real_escape_string($sqli, $_POST['text']); $tousername = mysqli_real_escape_string($sqli, $_POST['username']); $postMessage = TRUE; $emptySubject = FALSE; $emptyText = FALSE; $toid = 0; $query = mysqli_query($sqli, "SELECT * FROM members WHERE username='".$tousername."'") or die("Error: ".mysqli_error($sqli)); $checkuser = mysqli_num_rows($query); if (empty($subject)) { $emptySubject = TRUE; $postMessage = FALSE; } elseif (empty($text)) { $emptyText = TRUE; $postMessage = FALSE; } elseif ($checkuser == 0) { $noValidUsername = TRUE; $postMessage = FALSE; } if ($postMessage == TRUE) { $row = mysqli_fetch_array($query); $toid = $row[id]; $timestamp = date('Y-m-d H:i:s'); $query = mysqli_query($sqli,"INSERT INTO privatemessages (`fromid`, `toid`, `subject`, `text`, `timestamp`) VALUES ('$fromid', '$toid', '$subject', '$text', '$timestamp')") or die("Error: ".mysqli_error($sqli)); header("location:messages.php?action=sent"); } else { $error = "There was an error posting the message."; } } } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8" /> <title>indiehjaerta.com - Messages</title> <link href="style_test.css" rel="stylesheet" type="text/css" /> </head> <body> <a href="login.php">Login<a/> - <a href="admin.php">Admin<a/> - <a href="members.php">Members<a/> - <a href="register.php">Register<a/> - <a href="blog.php">Blog<a/> - <a href="news.php">News<a/> - <a href="event.php">Event<a/> - <a href="forum.php">Forum<a/> - <a href="profile.php">Profile<a/> - <a href="messages.php">Messages<a/> - <a href="logout.php">Logout<a/> <br /> <hr /> <br /> <?php if (isset($_SESSION['username']) && isset($_SESSION['id'])) { if (isset($_GET['action']) && ($_GET['action'] == 'send')) { ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td> <strong>Message</strong> </td> </tr> <tr> <form method="post" action=""> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Send Message</strong></td> </tr> <tr> <td colspan="3"><?php if(isset($error)) { echo $error; } ?></td> </tr> <tr> <td width="78"><strong>To</strong></td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td width="78"><strong>Subject</strong></td> <td width="6">:</td> <td width="294"><input name="subject" type="text" id="subject"></td> </tr> <tr> <td>Text</td> <td>:</td> <td><textarea name="text" type="text" id="text" rows="3"></textarea></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="send" value="Send"></td> </tr> </table> </td> </form> </tr> </table> <?php } else { if (isset($_GET['action']) && ($_GET['action'] == 'sent')) { ?> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3">Message sent!</td> </tr> </table> <br /> <?php } // Connect to MySQLi $sqli = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die("Error: ".mysqli_error($sqli)); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $id = $_SESSION['id']); $query = mysqli_query($sqli, "SELECT * FROM members WHERE toid='$id'") or die("Error: ".mysqli_error($sqli)); $nummessages = mysqli_num_rows($query); ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td> <strong>Messages</strong> </td> </tr> <tr> <td> <?php if ($nummessages == 0) { ?> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3">Message box empty :(</td> </tr> </table> <?php } else { ?> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <th><strong>Read:</strong></th> <th><strong>Subject:</strong></th> <th><strong>From:</strong></th> <th><strong>Time:</strong></th> </tr> <? while ($row = mysqli_fetch_array($query)) { ?> <tr> <td> <?php if ($row['read'] == true) { echo "Yes"; } else { echo "No"; } ?> </td> <td><?php echo $row['subject'] ?></td> <td> <?php $uid = $row['fromid']; if ($uid == 0) { echo "SYSTEM"; } else { $userquery = mysqli_query($sqli, "SELECT * FROM members WHERE id='$uid'") or die("Error: ".mysqli_error($sqli)); $userexists = mysqli_num_rows($query); if ($userexists == 0) { echo "<deleted user>"; } else { $userrow = mysqli_fetch_array($userquery); echo $userquery['username']; } } ?> </td> <td><?php echo $row['timestamp'] ?></td> </tr> <?php } ?> </table> <?php } ?> </td> </tr> </table> <hr /> <a href="?action=send">Send Message</a> <?php } } else { ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td> <strong>Messages</strong> </td> </tr> <tr> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3">Can't fetch your messages since you're not logged in!</td> </tr> </table> </td> </tr> </table> <?php } ?> <hr /> <?php $time = microtime(); $time = explode(' ', $time); $time = $time[1] + $time[0]; $finish = $time; $total_time = round(($finish - $start), 4); echo '<span class="text">Page generated in '.$total_time.' seconds.</span><br />'; ?> </body> </html>
You have javascript disabled. You will not be able to edit any code.