Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include('layout.php');
- ?>
- </div>
- <div class="content">
- <?php
- if(isset($_SESSION['id']) && isset($_SESSION['username'])){
- ///////////////////
- //Inbox weergave///
- ///////////////////
- $queryquestions = mysql_query("SELECT * FROM c2am_messages WHERE answered = 1 && author = '". mysql_real_escape_string($_SESSION['username'])."'");
- $rowquestions = mysql_num_rows($queryquestions);
- $queryfriends = mysql_query("SELECT * FROM c2am_friends WHERE accepted = 1 && user2 = '". mysql_real_escape_string($_SESSION['id'])."'");
- $rowfriends = mysql_num_rows($queryfriends);
- $querypms = mysql_query("SELECT * FROM c2am_pm WHERE readed = 1 && receiver = '". mysql_real_escape_string($_SESSION['username'])."'");
- $rowpms = mysql_num_rows($querypms);
- echo '
- <form action="" method="post">
- <div class="inboxtop">
- <div class="inboxtoptext">
- <table>
- <tr>
- <td style="width: 125px;" align="center"><b><a href="user.php?username='. $_SESSION['username'] .'">'. $_SESSION['username'] .'</b></td>';
- if(isset($_POST['inbox']) OR isset($_POST['reply']) OR isset($_POST['deletepm'])
- OR isset($_POST['clickpm']) OR isset($_POST['sendreply']) OR isset($_POST['sendreply2'])
- OR isset($_POST['return']) OR isset($_POST['newpm']) OR isset($_POST['sendpm'])
- OR isset($_POST['forwardpm'])){
- echo '
- <td><input class="submitstyle" type="submit" name="newpm" value="New pm" /></td>
- <td><input class="submitstyle" type="submit" name="reply" value="Reply" /></td>
- <td><input class="submitstyle" type="submit" name="deletepm" value="Delete" /></td>
- <td><input class="submitstyle" type="submit" name="forwardpm" value="Forward" /></td>
- <td><input class="submitstyle" type="submit" name="readpm" value="Read PM" /></td>
- ';
- }
- else if(isset($_POST['questions']) OR isset($_POST['answerquestions']) OR isset($_POST['deletequestions'])
- OR isset($_POST['giveanswer'])){
- echo '
- <td><input class="submitstyle" type="submit" name="answerquestions" value="Give answer" /></td>
- <td><input class="submitstyle" type="submit" name="deletequestions" value="Delete" /></td>
- ';
- }
- else if(isset($_POST['acceptfriend']) OR isset($_POST['deletefriend']) OR isset($_POST['friendrequests'])){
- echo '
- <td><input class="submitstyle" type="submit" name="acceptfriend" value="Accept" /></td>
- <td><input class="submitstyle" type="submit" name="deletefriend" value="Decline" /></td>
- ';
- }
- else{
- echo '
- <td><input class="submitstyle" type="submit" name="newpm" value="New pm" /></td>
- <td><input class="submitstyle" type="submit" name="reply" value="Reply" /></td>
- <td><input class="submitstyle" type="submit" name="deletepm" value="Delete" /></td>
- <td><input class="submitstyle" type="submit" name="forwardpm" value="Forward" /></td>
- <td><input class="submitstyle" type="submit" name="readpm" value="Read PM" /></td>
- ';
- }
- echo '
- </tr>
- </table>
- </div>
- </div>
- <div class="inboxleft">
- <table>
- <tr><td><input class="submitstyle" type="submit" name="inbox" value="Inbox" /></td><td>('. $rowpms .')</td></tr>
- <tr><td><input class="submitstyle" type="submit" name="questions" value="Questions" /></td><td>('. $rowquestions .')</td></tr>
- <tr><td><input class="submitstyle" type="submit" name="friendrequests" value="Friend requests" /></td><td>('. $rowfriends .')</td></tr>
- </table>
- </div>
- <div class="inboxtext">';
- ////////////////////////////////////
- //HOOFDPAGINA!!!!!!!!!!!!!!!!!!!!!//
- ////////////////////////////////////
- if(!isset($_GET['type']) && !isset($_POST['answerquestions']) && !isset($_POST['giveanswer'])
- && !isset($_POST['deletequestions']) && !isset($_POST['delete']) && !isset($_POST['questions'])
- && !isset($_POST['friendrequests']) && !isset($_POST['acceptfriend']) && !isset($_POST['deletefriend'])
- && !isset($_POST['acceptthefriend']) && !isset($_POST['acceptthefriend']) && !isset($_POST['deleterequest'])
- && !isset($_POST['clickpm']) && !isset($_POST['reply']) && !isset($_POST['sendreply'])
- && !isset($_POST['sendreply2']) && !isset($_POST['deletepm']) && !isset($_POST['newpm'])
- && !isset($_POST['sendpm']) && !isset($_POST['forwardpm']) && !isset($_POST['forwardpmnow'])
- && !isset($_POST['readpm'])){
- $querymessage = "SELECT * FROM c2am_pm WHERE receiver = '". mysql_real_escape_string($_SESSION['username'])."' ORDER BY date DESC";
- $resultmessage = mysql_query($querymessage) or die ("Error in query: $querymessage. " . mysql_error());
- echo '<table>
- <tr><td style="width: 50px;"><b>Select</b></td><td style="width: 25px;"></td><td style="width: 125px;"><b>From</b></td><td style="width: 200px;"><b>Subject</b></td><td><b>Date</b></td></tr>';
- while($rowmessage = mysql_fetch_assoc($resultmessage)){
- if($rowmessage['readed'] == 1){
- echo '
- <tr>
- <td align="center"><input type="radio" name="radioid" value="'. $rowmessage['id'] .'">
- <input type="hidden" name="replyid" value="'. $rowmessage['id'] .'"/></td>
- <td></td>
- <td>'. $rowmessage['sender'] .'</td>
- <td>'. stripslashes(nl2br(htmlentities($rowmessage['subject']))) .'</td>
- <td>'. date('F j, Y, g:i a',$rowmessage['date']) .'</td>
- </tr>';
- }
- else{
- echo '
- <tr>
- <td align="center"><input type="radio" name="radioid" value="'. $rowmessage['id'] .'">
- <input type="hidden" name="replyid" value="'. $rowmessage['id'] .'"/></td>
- <td></td>
- <td><b>'. $rowmessage['sender'] .'</b></td>
- <td><b>'. stripslashes(nl2br(htmlentities($rowmessage['subject']))) .'</b></td>
- <td><b>'. date('F j, Y, g:i a',$rowmessage['date']) .'</b></td>
- </tr>';
- }
- }
- echo '</table></form>';
- $num_rows = mysql_num_rows($resultmessage);
- if($num_rows == 0){
- echo 'You don\'t have any items in your inbox...';
- }
- }
- ///////////////////////////////
- //Als er op new pm is geklikt//
- ///////////////////////////////
- if(isset($_POST['newpm']) && !isset($_POST['sendpm'])){
- $querynew = mysql_query("SELECT * FROM c2am_users WHERE id = '". mysql_real_escape_string($_SESSION['id']) ."'");
- $rownew = mysql_fetch_assoc($querynew);
- echo '
- Sender:<br />'
- . $_SESSION['username'] .'<br />
- To:<br />
- <input type="text" name="receiver" value="" /><br />
- Or select a friend:<br />
- <form method="post" action="">
- <select name="receiver2">';
- $queryfriends = "SELECT c2am_users.username
- FROM c2am_friends
- INNER JOIN c2am_users
- ON (c2am_users.id = c2am_friends.user1 OR c2am_users.id = c2am_friends.user2) AND c2am_users.id <> '". $_SESSION['id'] ."'
- WHERE c2am_friends.user1 = '". $_SESSION['id'] ."' OR c2am_friends.user2 = '". $_SESSION['id'] ."'
- ";
- $resultfriends = mysql_query($queryfriends) or die ("Error in query: $queryfriends. " . mysql_error());
- echo '<option value="">-----Select a friend------</option>';
- while($row = mysql_fetch_assoc($resultfriends)){
- echo '<option value="'.$row['username'].'">'.$row['username'].'</option>';
- }
- echo '
- </select>
- </form><br />
- Subject: <br />
- <input type="text" name="subject" value="" /><br />
- Message:<br />
- <textarea name="message" cols="45" rows="7"></textarea><br />
- <input type="submit" name="sendpm" value="Send pm" />
- ';
- }
- ///////////////////////////////
- //Als er op sendpm is gedrukt//
- ///////////////////////////////
- if(isset($_POST['sendpm'])){
- $ip = $_SERVER['REMOTE_ADDR'];
- $spamcheck = mysql_query("SELECT * FROM c2am_pm WHERE sender = '".mysql_real_escape_string($_SESSION['username'])."'
- && receiver = '". mysql_real_escape_string($_POST['receiver'])."'
- && receiver = '". mysql_real_escape_string($_POST['receiver2'])."'
- && subject = '". mysql_real_escape_string($_POST['subject'])."'
- && message = '". mysql_real_escape_string($_POST['message'])."'
- && ip = '". $ip ."'")
- or die (mysql_error());
- if(mysql_num_rows($spamcheck) >= 1){
- echo 'Message has been sent already.';
- }
- else if(empty($_POST['receiver']) && empty($_POST['receiver2'])){
- echo 'Please enter a receiver.';
- }
- else if(empty($_POST['subject'])){
- echo 'please enter a subject.';
- }
- else if(empty($_POST['message'])){
- echo 'Please enter a message.';
- }
- else{
- if(!empty($_POST['receiver2'])){
- mysql_query ("INSERT INTO c2am_pm (sender, receiver, subject, message, date, ip)VALUES(
- '". mysql_real_escape_string($_SESSION['username']) ."',
- '". mysql_real_escape_string($_POST['receiver2']) ."',
- '". mysql_real_escape_string($_POST['subject']) ."',
- '". mysql_real_escape_string($_POST['message']) ."',
- '". time() ."',
- '". $ip ."'
- )");
- echo 'PM has been sent to '. $_POST['receiver2'];
- }
- else{
- mysql_query ("INSERT INTO c2am_pm (sender, receiver, subject, message, date, ip)VALUES(
- '". mysql_real_escape_string($_SESSION['username']) ."',
- '". mysql_real_escape_string($_POST['receiver']) ."',
- '". mysql_real_escape_string($_POST['subject']) ."',
- '". mysql_real_escape_string($_POST['message']) ."',
- '". time() ."',
- '". $ip ."'
- )");
- echo 'PM has been sent to '. $_POST['receiver'];
- }
- }
- }
- //////////////////////////////////
- //Als je op een pm hebt geklikt///
- //////////////////////////////////
- if(isset($_POST['readpm']) && !isset($_POST['reply']) && !isset($_POST['sendreply'])
- && !isset($_POST['sendreply2'])){
- mysql_query("UPDATE c2am_pm SET
- readed = '1'
- WHERE id = '". mysql_real_escape_string($_POST['radioid']) ."'");
- $queryreadpm = mysql_query("SELECT * FROM c2am_pm WHERE id = '". mysql_real_escape_string($_POST['radioid']) ."'");
- $rowreadpm = mysql_fetch_assoc($queryreadpm);
- echo '
- <b>PM from '. $rowreadpm['sender'] .'</b><br /><br />
- <b>Sent on: </b>'
- . date('F j, Y, g:i a',$rowreadpm['date']) .'<br />
- <b>Subject: </b>
- '. stripslashes(nl2br(htmlentities($rowreadpm['subject']))) .'<br /><br />
- <b>Message:</b><br />'
- . stripslashes(nl2br(htmlentities($rowreadpm['message']))) .'<br />
- <input type="hidden" name="replyid" value="'. $_POST['radioid'] .'"/>
- ';
- }
- //////////////////////////////
- //Als er op reply is geklikt//
- //////////////////////////////
- if(isset($_POST['reply']) && isset($_POST['replyid'])){
- $queryreplypm = mysql_query("SELECT * FROM c2am_pm WHERE id = '". mysql_real_escape_string($_POST['replyid']) ."'");
- $rowreplypm = mysql_fetch_assoc($queryreplypm);
- echo '
- <table>
- <form method="post" action="">
- <tr><td style="width: 100px;">Subject:</td><td><input type="text" name="subject" style="width: 300px;" value="Re: '. stripslashes(nl2br(htmlentities($rowreplypm['subject']))) .'"/>
- <tr><td>Message:</td><td><textarea name="message" rows="7" cols="35"></textarea></td></tr>
- <tr><td colspan="2">This will come under the message:</td></tr>
- <tr><td>'. stripslashes(nl2br(htmlentities($rowreplypm['message']))) .'</td></tr>
- <tr><td><input type="hidden" name="replyid" value="'. $_POST['replyid'] .'"/>
- <input type="submit" name="sendreply" value="Send"/></td></tr>
- </form>
- </table>
- ';
- }
- else if(isset($_POST['reply'])){
- echo 'Please choose a message.';
- }
- /////////////////////////////////////////////////
- //Als er op send is gedrukt vraagt ie ja of nee//
- /////////////////////////////////////////////////
- if(isset($_POST['sendreply']) && !isset($_POST['sendreply2'])){
- $queryreplypm = mysql_query("SELECT * FROM c2am_pm WHERE id = '". mysql_real_escape_string($_POST['replyid']) ."'");
- $rowreplypm = mysql_fetch_assoc($queryreplypm);
- echo '
- <form method="post" action="">
- <table>
- <tr><td colspan="2">Are you sure you want to send this pm?</td></tr>
- <tr><td style="width: 70px;"><b>Subject: </b></td><td><input type="hidden" name="subject" value="'. $_POST['subject'] . '"/>'. stripslashes(nl2br(htmlentities($_POST['subject']))) .'</td></tr>
- <tr><td><b>Receiver: </b></td><td>'. $rowreplypm['sender'] .'
- <tr><td><b>Message: </b></td></tr>
- <tr><td colspan="2"><textarea name="message" cols="40" rows="10" READONLY>'. stripslashes(nl2br(htmlentities($_POST['message']))) ."\n\n" . 'Previous PM:'. "\n" . stripslashes(nl2br(htmlentities($rowreplypm['message']))) .'</textarea></td></tr>
- <tr><td><input type="submit" name="sendreply2" value="Send!"/><input type="hidden" name="replyid" value="'. $_POST['replyid'] .'"/></td></tr>
- </table>
- </form>
- ';
- }
- ////////////////////////
- //Verstuur reply hier //
- ////////////////////////
- if(isset($_POST['sendreply2'])){
- $ip = $_SERVER['REMOTE_ADDR'];
- $queryreplypm = mysql_query("SELECT * FROM c2am_pm WHERE id = '". mysql_real_escape_string($_POST['replyid']) ."'");
- $rowreplypm = mysql_fetch_assoc($queryreplypm);
- mysql_query ("INSERT INTO c2am_pm (sender, receiver, subject, message, date, ip)VALUES(
- '". mysql_real_escape_string($_SESSION['username']) ."',
- '". mysql_real_escape_string($rowreplypm['sender']) ."',
- '". mysql_real_escape_string($_POST['subject']) ."',
- '". mysql_real_escape_string($_POST['message']) ."',
- '". time() ."',
- '". $ip ."'
- )");
- echo '
- Your pm has been sent.<br />
- <input class="submitstyle2" type="submit" name="return" value="Please return!"/></a>
- ';
- }
- ////////////////////////////////////
- //Als er op delete pm word gedrukt//
- ////////////////////////////////////
- if(isset($_POST['deletepm']) && isset($_POST['radioid'])){
- mysql_query("DELETE FROM c2am_pm WHERE id = '". mysql_real_escape_string($_POST['radioid']) ."'");
- echo 'PM has been deleted.';
- }
- else if(isset($_POST['deletepm']) && !isset($_POST['radioid'])){
- echo 'Please choose a message.';
- }
- ////////////////////////////////
- //Als er op forward is gedrukt//
- ////////////////////////////////
- if(isset($_POST['forwardpm']) && isset($_POST['radioid'])){
- $forwardquery = mysql_query("SELECT * FROM c2am_pm WHERE id = '". mysql_real_escape_string($_POST['radioid']) ."'");
- $rowforward = mysql_fetch_assoc($forwardquery);
- echo '
- To:<br />
- <input type="text" name="receiver" value="" /><br />
- Or select a friend:<br />
- <form method="post" action="">
- <select name="receiver2">';
- $queryfriends = "SELECT c2am_users.username
- FROM c2am_friends
- INNER JOIN c2am_users
- ON (c2am_users.id = c2am_friends.user1 OR c2am_users.id = c2am_friends.user2) AND c2am_users.id <> '". $_SESSION['id'] ."'
- WHERE c2am_friends.user1 = '". $_SESSION['id'] ."' OR c2am_friends.user2 = '". $_SESSION['id'] ."'
- ";
- $resultfriends = mysql_query($queryfriends) or die ("Error in query: $queryfriends. " . mysql_error());
- echo '<option value="">-----Select a friend------</option>';
- while($row = mysql_fetch_assoc($resultfriends)){
- echo '<option value="'.$row['username'].'">'.$row['username'].'</option>';
- }
- echo '
- </select>
- </form><br />
- <b>This subject will be sent to a new person!</b><br />
- Fw:'. stripslashes(nl2br(htmlentities($rowforward['subject']))) .'<br />
- <b>This message will be sent to a new person!</b><br />'
- . stripslashes(nl2br(htmlentities($rowforward['message']))) .'<br />
- <input type="submit" name="forwardpmnow" value="Forward this pm" />
- <input type="hidden" name="forwardid" value="'. $_POST['radioid'] .'" />
- <input type="hidden" name="forwardmess" value="Original by:'. $rowforward['message'] .'"/>
- <input type="hidden" name="forwardsub" value="FW:'. $rowforward['subject'] .'"/>
- ';
- }
- else if(isset($_POST['forwardpm']) && !isset($_POST['radioid'])){
- echo 'Please choose a message.';
- }
- ///////////////////////////////////////
- //Als hij word verstuurd!forwardpmnow//
- ///////////////////////////////////////
- if(isset($_POST['forwardpmnow']) && isset($_POST['forwardid'])){
- $ip = $_SERVER['REMOTE_ADDR'];
- $spamcheck = mysql_query("SELECT * FROM c2am_pm WHERE sender = '".mysql_real_escape_string($_SESSION['username'])."'
- && receiver = '". mysql_real_escape_string($_POST['receiver'])."'
- && receiver = '". mysql_real_escape_string($_POST['receiver2'])."'
- && message = '". mysql_real_escape_string($_POST['forwardmess'])."'
- && subject = '". mysql_real_escape_string($_POST['forwardsub'])."'
- && ip = '". $ip ."'")
- or die (mysql_error());
- if(mysql_num_rows($spamcheck) >= 1){
- echo 'Message has been sent already.';
- }
- else if(empty($_POST['receiver']) && empty($_POST['receiver2'])){
- echo 'Please enter a receiver.';
- }
- else{
- if(!empty($_POST['receiver2'])){
- mysql_query ("INSERT INTO c2am_pm (sender, receiver, subject, message, date, ip)VALUES(
- '". mysql_real_escape_string($_SESSION['username']) ."',
- '". mysql_real_escape_string($_POST['receiver2']) ."',
- '". mysql_real_escape_string($_POST['forwardsub']) ."',
- '". mysql_real_escape_string($_POST['forwardmess']) ."',
- '". time() ."',
- '". $ip ."'
- )") or die(mysql_error());
- echo 'PM has been sent to '. $_POST['receiver2'];
- }
- else{
- mysql_query ("INSERT INTO c2am_pm (sender, receiver, subject, message, date, ip)VALUES(
- '". mysql_real_escape_string($_SESSION['username']) ."',
- '". mysql_real_escape_string($_POST['receiver']) ."',
- '". mysql_real_escape_string($_POST['forwardsub']) ."',
- '". mysql_real_escape_string($_POST['forwardmess']) ."',
- '". time() ."',
- '". $ip ."'
- )") or die(mysql_error());
- echo 'PM has been sent to '. $_POST['receiver'];
- }
- }
- }
- ////////////////////////////////////
- //Als answerquestions is ingedrukt//
- ////////////////////////////////////
- if(isset($_POST['answerquestions'])){
- $queryquestion = mysql_query("SELECT * FROM c2am_messages WHERE id = '". mysql_real_escape_string($_POST['radioid']) ."'");
- $rowquestion = mysql_fetch_assoc($queryquestion);
- echo '
- Question:<br />
- <b>'. stripslashes(nl2br(htmlentities($rowquestion['question']))) .'</b><br />
- Answer:<br />
- <textarea name="answer" rows="7" cols="40"></textarea><br />
- <input type="hidden" name="radiovalueanswer" value="'. $_POST['radioid'] .'" />
- <input type="submit" name="giveanswer" value="Give answer"/>
- ';
- }
- ////////////////////////////////
- //Als giveanswer is ingedrukt///
- ////////////////////////////////
- if(isset($_POST['giveanswer'])){
- mysql_query("UPDATE c2am_messages SET
- answer = '". mysql_real_escape_string($_POST['answer']) ."',
- date = '". time() ."',
- answered = '1'
- WHERE id = '". mysql_real_escape_string($_POST['radiovalueanswer']) ."'");
- echo 'The question has been answered,<br />you can see it <a href="user.php?username='.$_SESSION['username'].'">HERE.</a>';
- }
- /////////////////////////////////////
- //Als deletequestions is ingedrukt///
- /////////////////////////////////////
- if(isset($_POST['deletequestions'])){
- $queryquestion = mysql_query("SELECT * FROM c2am_messages WHERE id = '". mysql_real_escape_string($_POST['radioid']) ."'");
- $rowquestion = mysql_fetch_assoc($queryquestion);
- echo '
- Are you sure you want to delete the item:<br />
- <b>'. stripslashes(nl2br(htmlentities($rowquestion['question']))) .'</b><br />
- <input type="hidden" name="radiovaluedel" value="'. $_POST['radioid'] .'" />
- <input type="submit" name="delete" value="Delete"/>
- ';
- }
- ////////////////////////////
- //Als delete is ingedrukt///
- ////////////////////////////
- if(isset($_POST['delete'])){
- mysql_query("DELETE FROM c2am_messages WHERE id = '". mysql_real_escape_string($_POST['radiovaluedel']) ."'");
- echo 'The item has been deleted.';
- }
- ////////////////////////////////////////////////
- //Als je op friends of questions hebt geklikt///
- ////////////////////////////////////////////////
- if(isset($_POST['questions'])){
- $querymessage = "SELECT * FROM c2am_messages WHERE answered = 1 && author = '". mysql_real_escape_string($_SESSION['username'])."' ORDER BY date DESC";
- $resultmessage = mysql_query($querymessage) or die ("Error in query: $querymessage. " . mysql_error());
- echo '<table>
- <tr><td style="width: 50px;"><b>Select</b></td><td style="width: 25px;"></td><td style="width: 200px;"><b>Question</b></td><td><b>Date</b></td></tr>';
- while($rowmessage = mysql_fetch_assoc($resultmessage)){
- echo '<tr>
- <td align="center"><input type="radio" name="radioid" value="'. $rowmessage['id'] .'"></td>
- <td></td>
- <td>'. stripslashes(nl2br(htmlentities($rowmessage['question']))) .'</td>
- <td>'. date('F j, Y, g:i a',$rowmessage['date']) .'</tr>';
- }
- echo '</table></form>';
- $num_rows = mysql_num_rows($resultmessage);
- if($num_rows == 0){
- echo 'You don\'t have any questions...';
- }
- }
- ///////////////////////////////////
- //Als je op friends hebt gedrukt///
- ///////////////////////////////////
- if(isset($_POST['friendrequests'])){
- $querymessage = "SELECT * FROM c2am_friends WHERE accepted = 1 && user2 = '". mysql_real_escape_string($_SESSION['id'])."'";
- $resultmessage = mysql_query($querymessage) or die ("Error in query: $querymessage. " . mysql_error());
- echo '<table>
- <tr><td style="width: 50px;"><b>Select</b></td><td style="width: 25px;"></td><td style="width: 125px;"><b>From</b></td><td style="width: 150px;"><b>To</b></td><td><b>Message</b></td></tr>';
- while($rowmessage = mysql_fetch_assoc($resultmessage)){
- $queryuser = mysql_query("SELECT * FROM c2am_users WHERE id = '". mysql_real_escape_string($rowmessage['user1']) ."'");
- $rowuser = mysql_fetch_assoc($queryuser) or die (mysql_error());
- echo '<tr>
- <td align="center"><input type="radio" name="radiofriend" value="'. $rowmessage['id'] .'"></td>
- <td></td>
- <td><input type="hidden" name="friendrequest" value="'. $rowuser['username'] .'"/>'. $rowuser['username'] .'</td>
- <td>'. $_SESSION['username'] .'</td>
- <td><input type="hidden" name="friendmessage" value="'. $rowmessage['message'] .'"/>'. stripslashes(nl2br(htmlentities($rowmessage['message']))) .'</tr>';
- }
- echo '</table>';
- $num_rows = mysql_num_rows($resultmessage);
- if($num_rows == 0){
- echo 'You don\'t have any friend requests...';
- }
- }
- //////////////////////////////
- //Als er een radiobutton is //
- //geselecteerd EN op /////////
- //acceptfriend is gedrukt/////
- //////////////////////////////
- if(isset($_POST['acceptfriend']) && isset($_POST['radiofriend'])){
- $queryaccept = mysql_query("SELECT * FROM c2am_users WHERE username = '". mysql_real_escape_string($_POST['friendrequest']) ."'");
- $rowaccept = mysql_fetch_assoc($queryaccept);
- echo '
- <form method="post" action="">
- The message '. $_POST['friendrequest'] .' left behind:<br />
- <b>'. $_POST['friendmessage'] .'<b><br />
- <input type="hidden" name="radiovaluefriend" value="'. $_POST['radiofriend'] .'" />
- <input type="submit" name="acceptthefriend" value="Accept as friend"/>
- </form>
- ';
- }
- /////////////////////////////////////////
- //Als er op declinethefriend is gedrukt//
- /////////////////////////////////////////
- if(isset($_POST['acceptthefriend'])){
- mysql_query("UPDATE c2am_friends SET
- accepted = '1'
- WHERE id = '". mysql_real_escape_string($_POST['radiovaluefriend']) ."'") or die(mysql_error());
- echo 'Friend is accepted!';
- }
- /////////////////////////////////
- //als er is gedrukt(delete)//////
- /////////////////////////////////
- if(isset($_POST['deletefriend']) && isset($_POST['radiofriend'])){
- $queryaccept = mysql_query("SELECT * FROM c2am_users WHERE username = '". mysql_real_escape_string($_POST['friendrequest']) ."'");
- $rowaccept = mysql_fetch_assoc($queryaccept);
- echo '
- <form method="post" action="">
- The message '. $_POST['friendrequest'] .' left behind:<br />
- <b>'. $_POST['friendmessage'] .'<b><br />
- <input type="hidden" name="radiovaluefriend" value="'. $_POST['radiofriend'] .'" />
- <input type="submit" name="deleterequest" value="Decline request"/>
- </form>
- ';
- }
- //////////////////////////////
- //Als er een radiobutton is //
- //geselecteerd EN op /////////
- //Deletefriend is gedrukt/////
- //////////////////////////////
- if(isset($_POST['deleterequest'])){
- mysql_query("DELETE FROM c2am_friends WHERE id = '". $_POST['radiovaluefriend'] ."'");
- echo 'Friend invite has been declined.';
- }
- ////////////////////////////////////////////
- echo '</form>';
- }
- else{
- echo'
- <div class="indextext">';
- if($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['login'])){
- //////////////////////////////////////////////////
- //( STAP 1 ) Query die kijkt of de data overeen///
- //komt(dit staat boven zodat het direct update////
- //////////////////////////////////////////////////
- $sql = "SELECT * FROM c2am_users WHERE username='".mysql_real_escape_string($_POST['username'])."' and password='".md5($_POST['password'])."'";
- $result = mysql_query($sql) or die(mysql_errorlogin());
- $row = mysql_fetch_assoc($result);
- if(mysql_num_rows($result) == 1){
- $_SESSION['id'] = $row['id'];
- $_SESSION['username'] = $row['username'];
- }
- else{
- $errorlogin = "Wrong username or password";
- }
- }
- ///////////////////////////////////////////////////////////
- //( STAP 2) login form laten zien als niet ingelogd zien///
- ///////////////////////////////////////////////////////////
- if(!isset($_SESSION['id'])){
- echo "<form method='post' action=''>
- <div class='table'>Username:</div>
- <div class='field'><input name='username' type='text' value='' size='28'/></div>
- <div class='table'>Password:</div>
- <div class='field'><input name='password' type='password' value='' size='28'/></div><br />
- <div class='field'><input name='login' type='submit' value='Login' style='height: 25px; width: 195px' /></div>
- <div class='table'><a href='register.php'>Or register</a></div><br />
- </form>";
- }
- /////////////////////////////////////////////////////////////
- //( STAP 3 )als er al een sessie is laat hij een menu zien///
- /////////////////////////////////////////////////////////////
- else if(isset($_SESSION['id'])){
- echo '
- You are logged in...<br />
- Click <a href="user.php?username='. $_SESSION['username'] .'">HERE</a> to go to your profile
- ';
- }
- if(isset($errorlogin)){
- echo $errorlogin;
- }
- echo '
- </div>';
- }
- ?>
- </div>
- </div>
- <?php
- include('layoutx.php');
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement