I found this Script on the internet.
Now I am trying it out and some thing seems to be broken.
Can some tell me what is wrong here. I think the redirection is not working properly.
The Reply message and forward message doesn't seem to work.
Which is action(2) and action(3)
new and delete functions work great.
here are 3 files that are related.
Actions and Processing. I am very sure there is problem here.
mail_process.php
PHP Code:
<?
/*******
Some general include files
*********/
session_cache_limiter('nocache');
session_start();
db_connect(_DBHOSTNAME_,_DBUSERNAME_,_DBPASSWORD_,_DBNAME_,_PCONN_);
$topass=array();
$mailbox='inbox';
if ($_SERVER['REQUEST_METHOD']=='GET') {
if (isset($_GET['action']) && !empty($_GET['action'])) {
$error=0;
$action=addslashes_mq($_GET['action']);
$mailbox=isset($_GET['mailbox']) ? addslashes_mq($_GET['mailbox']) : '';
if ($action==2) { // reply to the message
check_login_member($access_matrix['mail_reply'][0]);
if (isset($_GET['mail_id']) && !empty($_GET['mail_id'])) {
$mail_id=addslashes_mq($_GET['mail_id']);
$topass['mail_id']=$mail_id;
$topass['action']='reply';
$topass['mailbox']=$mailbox;
redirect2page("mail_send.php",$topass);
}
} elseif ($action==3) { // forward message
check_login_member($access_matrix['mail_forward'][0]);
if (isset($_GET['mail_id']) && !empty($_GET['mail_id'])) {
$mail_id=addslashes_mq($_GET['mail_id']);
$topass['mail_id']=$mail_id;
$topass['action']='forward';
$topass['mailbox']=$mailbox;
redirect2page("mail_send.php",$topass);
}
} elseif ($action==1) { // delete message
check_login_member(min($access_matrix['inbox'][0],$access_matrix['outbox'][0],$access_matrix['sendbox'][0]));
if (isset($_GET['mail_id']) && !empty($_GET['mail_id'])) {
$mail_id=array(addslashes_mq($_GET['mail_id']));
delete_messages($_SESSION['user_id'],$mail_id,$mailbox);
$topass['message']=$_messages['core'][73];
}
} elseif ($action==4) { // delete selected messages
check_login_member(min($access_matrix['inbox'][0],$access_matrix['outbox'][0],$access_matrix['savedbox'][0]));
if (isset($_GET['del']) && !empty($_GET['del']) && is_array($_GET['del'])) {
$del=addslashes_mq($_GET['del']);
delete_messages($_SESSION['user_id'],$del,$mailbox);
$topass['message']=$_messages['core'][74];
}
} elseif ($action==5) { // block user
check_login_member($access_matrix['block_members'][0]);
if (isset($_GET['user_id']) && !empty($_GET['user_id'])) {
$blocked_id=addslashes_mq($_GET['user_id']);
if (!is_userblocked($_SESSION['user_id'],$blocked_id)) {
$query="INSERT INTO user_blocks SET user_id='".$_SESSION['user_id']."',blocked_id='$blocked_id'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
$topass['message']=$_messages['core'][75];
} else {
$topass['message']=$_messages['core'][76];
}
}
} elseif ($action==6) { // unblock user
check_login_member($access_matrix['block_members'][0]);
if (isset($_GET['user_id']) && !empty($_GET['user_id'])) {
$blocked_id=addslashes_mq($_GET['user_id']);
if (is_userblocked($_SESSION['user_id'],$blocked_id)) {
$query="DELETE FROM user_blocks WHERE blocked_id='$blocked_id' and user_id='".$_SESSION['user_id']."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
$topass['message']=$_messages['core'][77];
redirect2page("blocked_list.php",$topass);
} else {
$topass['message']=$_messages['core'][78];
}
}
} elseif ($action==7) { // new message
// check_login_member($access_matrix['mail_send'][0]); // don't check now, we'll check on mail_send page.
redirect2page("mail_send.php");
} elseif ($action==8) { // save to savedbox
check_login_member($access_matrix['savedbox'][0]);
if (isset($_GET['del']) && !empty($_GET['del']) && is_array($_GET['del'])) {
$del=addslashes_mq($_GET['del']);
$from='mail_inbox';
if ($mailbox=='inbox') {
$from='mail_inbox';
} elseif ($mailbox=='outbox') {
$from='mail_outbox';
} elseif ($mailbox=='savedbox') {
$from='mail_savedbox';
}
$mails2move=join("','",array_values($del));
$query="INSERT INTO mail_savedbox (read_status,user_id,from_id,from_name,subject,body,link,date_sent,message_type) SELECT read_status,user_id,from_id,from_name,subject,body,link,date_sent,message_type FROM $from WHERE mail_id IN ('$mails2move') AND user_id='".$_SESSION['user_id']."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
$query="DELETE FROM $from WHERE mail_id IN ('$mails2move') AND user_id='".$_SESSION['user_id']."'";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
$topass['message']=$_messages['core'][115];
}
}
}
}
redirect2page("mailbox.php",$topass,"mailbox=$mailbox");
?>
Here is the mail_send.php the file that is running together with the template page.
PHP Code:
<?
/*
File location: processors/mail_send.php
*/
session_cache_limiter('nocache');
session_start();
require_once("../includes/functions.inc.php");
require_once("../includes/templates.inc.php");
require_once("../includes/apt_functions.inc.php");
require_once("../includes/vars.inc.php");
$access_level=$access_matrix['mail_send'][0];
db_connect(_DBHOSTNAME_,_DBUSERNAME_,_DBPASSWORD_,_DBNAME_,_PCONN_);
$topass=array();
if ($_SERVER['REQUEST_METHOD']=='POST') {
$error=false;
if (isset($_POST['to']) && !empty($_POST['to'])) {
if ((strpos($_POST['to'],"\r")!==false) || (strpos($_POST['to'],"\n")!==false)) {
// dont send the email and show an error message
$error=true;
$topass['message']="There appears to be a problem in the \"to\" field of the form. We cannot process the message at this time";
}
$to_id=get_userid_by_name(addslashes_mq($_POST['to']));
if (empty($to_id)) {
$error=true;
$topass['message']=$_messages['core'][67];
}
if (is_userblocked($to_id,$_SESSION['user_id'])) {
$error=true;
$topass['message']=$_messages['core'][68];
}
} else {
$error=true;
$topass['message']=$_messages['core'][66];
}
$subject="";
$body="";
if (isset($_POST['subject']) && !empty($_POST['subject'])) {
if ((strpos($_POST['subject'],"\r")!==false) || (strpos($_POST['subject'],"\n")!==false)) {
// dont send the email and show an error message
$error=true;
$topass['message']="There appears to be a problem in the \"subject\" field of the form. We cannot process the message at this time";
}
$subject=addslashes_mq($_POST['subject'],true);
if (empty($subject)) {
$error=true;
$topass['message']=$_messages['core'][69];
}
} else {
$subject=$_messages['core'][116];
}
if (isset($_POST['writehere']) && !empty($_POST['writehere'])) {
$body=addslashes_mq($_POST['writehere'],true);
if (empty($body)) {
$error=true;
$topass['message']=$_messages['core'][70];
}
} else {
$error=true;
$topass['message']=$_messages['core'][70];
}
if (isset($_SESSION['topass']) && !empty($_SESSION['topass'])) {
$oldtopass=$_SESSION['topass'];
$_SESSION['topass']="";
if (isset($oldtopass['action'])) {
if ($oldtopass['action']=='reply') {
$access_level=$access_matrix['mail_reply'][0];
if ($oldtopass['to']!=addslashes_mq($_POST['to'])) {
$access_level=$access_matrix['mail_send'][0]; // attempting to trick us? :)
}
} elseif ($oldtopass['action']=='forward') {
$access_level=$access_matrix['mail_forward'][0];
}
}
unset($oldtopass);
}
$max_messages=get_site_option('max_messages');
if ((get_messages_sent_today()>=$max_messages) && !empty($max_messages)) {
$error=true;
$topass['message']=$_messages['core'][71];
}
if (!$error) {
check_login_member($access_level);
$senderlevel=$_SESSION['membership'];
$receiverlevel=get_ownerlevel($to_id);
$paidlevel=_PAIDLEVEL_;
if(($receiverlevel < $paidlevel) || ($senderlevel < $paidlevel)){
if (get_site_option('filter_emails')) {
$body=remove_text_emails($body);
$subject=remove_text_emails($subject);
}
if (get_site_option('filter_urls')) {
$body=remove_text_urls($body);
$subject=remove_text_urls($subject);
}
if (get_site_option('filter_words')) {
$body=remove_text_words($body);
$subject=remove_text_words($subject);
}
}
$query="INSERT INTO mail_inbox SET message_type=1,user_id='$to_id',from_id='".$_SESSION['user_id']."',from_name='".$_SESSION['name']."',subject='$subject',body='$body',date_sent=now()";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
if (is_send_newmessage_alerts($to_id)) {
send_newmessage_alert($_SESSION['user_id'],$to_id);
}
$query="INSERT INTO mail_outbox SET message_type=1,user_id='".$_SESSION['user_id']."',from_id='$to_id',from_name='".addslashes_mq($_POST['to'])."',subject='$subject',body='$body',date_sent=now()";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
if (isset($_POST['save']) && !empty($_POST['save'])) {
$query="INSERT INTO mail_savedbox SET message_type=1,user_id='".$_SESSION['user_id']."',from_id='$to_id',from_name='".addslashes_mq($_POST['to'])."',subject='$subject',body='$body',date_sent=now()";
if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
}
$topass['message']=$_messages['core'][72];
redirect2page("mailbox.php",$topass,"mailbox=inbox");
} else {
$topass['to']=$_POST['to'];
$topass['subject']=$_POST['subject'];
$topass['body']=$_POST['writehere'];
}
}
redirect2page("mail_send.php",$topass);
?>
Here is the Template page that is calling the functions.
HTML Code:
<script type="text/javascript">
function set_action(newval) {
document.myform.action.value=newval;
}
</script>
<form name="myform" id="myform" action="processors/mail_process.php" method="get">
<input type="hidden" name="mail_id" value="{mail_id}" />
<input type="hidden" name="mailbox" value="{mailbox}" />
<input type="hidden" name="action" />
<table cellspacing="1" cellpadding="2" width="100%" border="0">
<tr>
<td colspan="2">
<table cellspacing="0" cellpadding="0" width="100%" border="0">
<tr>
<td>
<input class="button" type="submit" value="Delete" onclick="set_action(1)" />
<input class="button" type="submit" value="Reply" onclick="set_action(2)" />
<input class="button" type="submit" value="Forward" onclick="set_action(3)" />
</td>
<td><a href="mailbox.php?mailbox=inbox">Back to inbox</a></td>
<td>
<table><tr><td valign="middle"><a href="mail_read.php?mailbox={mailbox}&mail_id={mail_id}&move=1"><img src="{relative_path}images/uparrow2.gif" border="0" title="Previous" /></a></td><td valign="middle"> | </td><td valign="middle"> <a href="mail_read.php?mailbox={mailbox}&mail_id={mail_id}&move=-1"><img src="{relative_path}images/downarrow2.gif" border="0" title="Next" /></a></td></tr></table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="statusmenu" width="1%"><b>From: </b></td>
<td class="whiterows"> {from} | <a href="processors/mail_process.php?action=5&mailbox={mailbox}&user_id={from_id}">Block this user</a> | <a href="profile_view.php?user_id={from_id}">View profile</a></td>
</tr>
<tr>
<td class="statusmenu" width="1%"><b>Date: </b></td>
<td class="whiterows"> {date_sent}</td>
</tr>
<tr>
<td class="statusmenu" width="1%"><b>Subject: </b></td>
<td class="whiterows"> {subject}</td>
</tr>
<tr>
<td colspan="2" width="100%">
<table width="100%" cellpadding="5" cellspacing="0" border="0" height="300">
<tr>
<td valign="top" class="mailbody">
<br>
{body}<br><center>{link}</center>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2" align="center"><a href="mailbox.php?mailbox=inbox">Inbox</a> | <a href="mailbox.php?mailbox=outbox">Outbox</a> | <a href="mailbox.php?mailbox=savedbox">Savedbox</a></td>
</tr>
</table>
</form>
