<?php // rnmessages.php include_once 'rnheader.php'; if (!isset($_SESSION['user'])) die("<br /><br />You need to login to view this page"); $user = $_SESSION['user']; if (isset($_GET['view'])) $view = sanitizeString($_GET['view']); else $view = $user; if (isset($_POST['text'])) { $text = sanitizeString($_POST['text']); if ($text != "") { $pm = substr(sanitizeString($_POST['pm']),0,1); $time = time(); mysqli_query($con,"INSERT INTO rnmessages VALUES(NULL, '$user', '$view', '$pm', $time, '$text')"); } } if ($view != "") { if ($view == $user) { $name1 = "Your"; $name2 = "Your"; } else { $name1 = "<a href='rnmembers.php?view=$view'>$view</a>'s"; $name2 = "$view's"; } echo "<h3>$name1 Messages</h3>"; showProfile($view); echo "<form method='post' action='rnmessages.php?view=$view'> Type here to leave a message:<br /> <textarea name='text' cols='40' rows='3'></textarea><br /> Public<input type='radio' name='pm' value='0' checked='checked' /> Private<input type='radio' name='pm' value='1' /> <input type='submit' value='Post Message' /></form>"; if (isset($_GET['erase'])) { $erase = sanitizeString($_GET['erase']); mysqli_query($con,"DELETE FROM rnmessages WHERE id=$erase AND recip='$user'"); } $query = mysqli_query($con,"SELECT * FROM rnmessages WHERE recip='$view' ORDER BY time DESC"); //$result = queryMysql($query); $num = mysqli_num_rows($query); for ($j = 0 ; $j < $num ; ++$j) { $row = mysqli_fetch_row($query); if ($row[3] == 0 || $row[1] == $user || $row[2] == $user) { echo date('M jS \'y g:sa:', $row[4]); echo " <a href='rnmessages.php?"; echo "view=$row[1]'>$row[1]</a> "; if ($row[3] == 0) { echo "wrote: "$row[5]" "; } else { echo "whispered: <i><font color='#006600'>"$row[5]"</font></i> "; } if ($row[2] == $user) { echo "[<a href='rnmessages.php?view=$view"; echo "&erase=$row[0]'>erase</a>]"; } echo "<br>"; } } } if (!$num) echo "<li>No messages yet</li><br />"; echo "<br><a href='rnmessages.php?view=$view'>Refresh messages</a>"; echo " | <a href='rnfriends.php?view=$view'>View $name2 friends</a>"; ?>
You have javascript disabled. You will not be able to edit any code.