= 300) { $username = $CURUSER["username"]; $body = <<) mail($user["email"], "You have received a PM from " . $username . "!", $body, "From: $SITENAME <$SITEEMAIL>"); } } if ($origmsg && $delete == "yes") do_mysql_query("DELETE FROM messages WHERE id=$origmsg") or sqlerr(); stderr( _("Message Sent"), _("Message was sent successfully!"), _("Success") ); } } //if ($receiver) { // $res = do_mysql_query("SELECT * FROM users WHERE username='$receiver'") or die(mysql_error()); // $user = mysql_fetch_assoc($res); //} if ($replyto) { $res = do_mysql_query("SELECT * FROM messages WHERE id=$replyto") or sqlerr(); $msga = mysql_fetch_assoc($res); if ($msga["receiver"] != $CURUSER["id"]) stderr( _("Error"), _("Weird things going on with your ID!") ); $res = do_mysql_query("SELECT * FROM users WHERE id=" . $msga["sender"]) or sqlerr(); $usra = mysql_fetch_assoc($res); $body = "\n\n\n-------- ".$usra['username']." "._('wrote').": --------\n".$msga['msg']."\n"; } if ($deleteid) { if (!is_valid_id($deleteid)) stderr( _("Error"), _("The ID is invalid!") ); // make sure message is owned by CURUSER $res = do_mysql_query("SELECT receiver FROM messages WHERE id=" . sqlesc($deleteid)) or die("barf"); $arr = mysql_fetch_array($res) or die("Bad message ID"); if ($arr["receiver"] != $CURUSER["id"]) stderr( _("Error"), _("That file is not yours!") ); do_mysql_query("DELETE FROM messages WHERE id=" . sqlesc($deleteid)) or die('Delete Failed => database Crashed!'); header("Refresh: 0; url=account.php?deleted=1"); die; } stdhead( _("Send a message"), false); begin_frame( _("Send a Message"), 'center'); if ($message) stderr( _("Error") , $message); ?>
:
:
Delete message you are replying to