1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261:
<?php
function MessageList($UID = 0) {
global $SysValue,$link_db;
$display = null;
$sql = Page_messages($UID);
$result = mysqli_query($link_db,$sql);
while ($row = mysqli_fetch_array($result)) {
$UID = $row['UID'];
$AID = $row['AID'];
if ($AID) {
$sqlad = 'select * from ' . $SysValue['base']['table_name19'] . ' WHERE id=' . intval($AID);
$resultad = mysqli_query($link_db,$sqlad);
$rowad = mysqli_fetch_array($resultad);
if (strlen($rowad['name'])) {
$name = $rowad['name'];
} else {
$name = __('');
}
$color = 'style="background:#C0D2EC;"';
} else {
$sqlus = 'select * from ' . $SysValue['base']['table_name27'] . ' WHERE id=' . intval($UID);
$resultus = mysqli_query($link_db,$sqlus);
$rowus = mysqli_fetch_array($resultus);
$name = $rowus['name'];
$color = '';
}
$DataTime = $row['DateTime'];
$Subject = PHPShopSecurity::TotalClean($row['Subject']);
$Message = strip_tags($row['Message'],'<b><hr><br>');
if (strlen($Subject) > 1) {
$Subject = '<B>' . $Subject . '</B><BR>';
}
$display.="<tr >
<td " . $color . ">
$DataTime<BR>
".__('').": <B>$name</B>
</td>
<td " . $color . ">
$Subject
$Message</td></tr>";
}
return $display;
}
function Page_messages($UID = 0) {
global $SysValue;
$p = $SysValue['nav']['id'];
if (empty($p))
$p = 1;
$num_row = 10;
$num_ot = 0;
$q = 0;
while ($q < $p) {
$sql = "select * from " . $SysValue['base']['table_name37'] . " where (UID=" . $UID . ") order by DateTime DESC LIMIT $num_ot, $num_row ";
$q++;
$num_ot = $num_ot + $num_row;
}
return $sql;
}
function NumFrom($from_base, $query) {
global $SysValue,$link_db;
$sql = "select COUNT('id') as count from " . $SysValue['base'][$from_base] . " " . $query;
@$result = mysqli_query($link_db,$sql);
@$row = mysqli_fetch_array(@$result);
@$num = $row['count'];
return @$num;
}
function Nav_messages($UID = 0) {
global $SysValue;
$navigat = $nava = null;
$p = $SysValue['nav']['id'];
if (empty($p))
$p = 1;
$num_row = 10;
$num_page = NumFrom("table_name37", " where (UID=" . intval($UID) . ")");
$i = 1;
$num = $num_page / $num_row;
while ($i < $num + 1) {
if ($i != $p) {
if ($i == 1) {
$pageOt = $i + $pageDo;
} else {
$pageOt = $i + $pageDo - $i;
}
$pageDo = $i * $num_row;
$navigat.="\n<a href=\"./message_" . $i . ".html\">" . $pageOt . "-" . $pageDo . "</a> | ";
} else {
if ($i == 1) {
$pageOt = $i + @$pageDo;
} else {
$pageOt = $i + @$pageDo - $i;
}
$pageDo = $i * $num_row;
$navigat.="\n<b>" . $pageOt . "-" . $pageDo . "</b> | ";
}
$i++;
}
if ($num > 1) {
if ($p > $num) {
$p_to = $i - 1;
} else {
$p_to = $p + 1;
}
$nava = "<table cellpadding=\"0\" cellpadding=\"0\" border=\"0\"><tr><td>
" . $SysValue['lang']['page_now'] . ":
<a href=\"./message_" . ($p - 1) . ".html\">" . ($p - 1) . "</a>
$navigat <a href=\"./message_" . $p_to . ".html\">$p_to</a>
</td></tr></table>";
}
return $nava;
}
function user_message($obj) {
global $SysValue,$link_db;
$statusMail = null;
$sql = "select * from " . $SysValue['base']['table_name27'] . " where id=" . intval($obj->UsersId) . " LIMIT 0, 1";
$result = mysqli_query($link_db,$sql);
$row = mysqli_fetch_array($result);
$id = $row['id'];
$login = $row['login'];
$mail = $row['mail'];
$name = $row['name'];
if (!empty($_POST['message'])) {
$zag_adm = __("")." " . $name;
$content_adm = "
" . $obj->PHPShopSystem->getName() . "'
" . $name . "
" . $login . "
---------------------------------------------------------
" . PHPShopSecurity::TotalClean($_POST['message'], 2) . "
" . date("d-m-y H:i a") . "
IP:" . $_SERVER['REMOTE_ADDR'];
new PHPShopMail($obj->PHPShopSystem->getValue('adminmail2'), $obj->PHPShopSystem->getValue('adminmail2'), $zag_adm, Parser($content_adm), false,false,array('replyto'=>$mail));
$sql = 'select * from ' . $SysValue['base']['table_name37'] . ' where (UID=' . $id . ') order by DateTime DESC';
$result = mysqli_query($link_db,$sql);
$row = mysqli_fetch_array($result);
if ($row['AID'] == "0") {
$DateTime = $row['DateTime'];
$message = PHPShopSecurity::TotalClean($_POST['message'], 2) . "<HR>" . $row['DateTime'] . ": " . $row['Message'];
$sql = 'UPDATE ' . $SysValue['base']['table_name37'] . ' SET Message="' . $message . '", DateTime="' . date("Y-m-d H:i:s") . '", enabled=\'0\' WHERE ID=' . $row['ID'];
$result = mysqli_query($link_db,$sql);
$p = $SysValue['nav']['id'];
if (empty($p))
$p = 1;
if ($p > 1) {
$nav = '_' . $p;
} else {
$nav = '';
}
header("Location: ./message$nav.html");
} else {
$sql = 'INSERT INTO ' . $SysValue['base']['table_name37'] . ' VALUES ("",0,' . $id . ',\'\',\'' . date("Y-m-d H:i:s") . '\',\'' . PHPShopSecurity::TotalClean($_POST['Subject'], 2) . '\',\'' . PHPShopSecurity::TotalClean($_POST['message'], 2) . '\',"0")';
$result = mysqli_query($link_db,$sql);
header("Location: ./message.html");
}
}
$display = MessageList($id);
$sql = 'select * from ' . $SysValue['base']['table_name37'] . ' where (UID=' . intval($id) . ') order by DateTime DESC';
$result = mysqli_query($link_db,$sql);
$i = mysqli_num_rows($result);
$row = mysqli_fetch_array($result);
if (($row['AID'] == 0) && ($i)) {
$Subject = $row['Subject'];
$Subjectreadonly = ' readonly disabled';
$message = $row['Message'];
$oldmessage = '';
} else {
$Subject = '';
$Subjectreadonly = '';
$message = '';
$oldmessage = '';
}
if ($i) {
$display = '
<table id="allspecwhite" cellpadding="1" cellspacing="1" width="100%" class="table table-striped">
<tr>
</tr>
' . $display . '</table>' . Nav_messages($id);
} else {
$display = '';
}
$disp = '
<table class="user-table-fix">
<tr>
<td>
<form method="post" name="forma_message" id="forma_message">
<input type="TEXT" style="width:80%;" value="' . $Subject . '" ' . $Subjectreadonly . ' name="Subject"><BR>
' . $oldmessage . '
<textarea style="height:100px;" name="message" id="message"></textarea>
<div>
<br>
\'function\') checkMessageText();">
</div>
</form>
</td>
</tr>
</table>
' . $display;
$obj->set('formaTitle', __(''));
$obj->set('formaContent', $disp);
$obj->ParseTemplate($obj->getValue('templates.users_page_list'));
}
?>