fammsg.php

Time 4 Crime online

<?php /* ------------------------- */
  $OMNILOG				= 1;
  include("_include-jail.php");
  if(! check_login()) {
    header("Location: login.php");
    exit;
  }
  mysql_query("UPDATE `[users]` SET `online`=NOW() WHERE `login`='{$data->login}'");
/* ------------------------- */ ?>
<html>
<head>
<title>Worldcrime</title>
<link rel="stylesheet" type="text/css" href="<?php echo ($_COOKIE['v'] == 2) ? "css-v3.css" : "css-v3.css"; ?>">
<SCRIPT LANGUAGE="JavaScript1.1">
 
function right(e) {
if (navigator.appName == 'Netscape' && 
(e.which == 3 || e.which == 2))
return false;
else if (navigator.appName == 'Microsoft Internet Explorer' && 
(event.button == 2 || event.button == 3)) {
alert("Verboden rechtermuis knop te gebruiken");
return false;
}
return true;
}
document.onmousedown=right;
document.onmouseup=right;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
if (document.layers) window.captureEvents(Event.MOUSEUP);
window.onmousedown=right;
window.onmouseup=right;
//  End -->
</script>
</head>
<BODY onLoad="movein()">  
<body style="background: #333333; margin: 0px;">
<table width=40%>
  <td align=left background=topic.gif><b>Familie bericht</b></td></tr>
<?php /* ------------------------- */
  if($_GET['p'] == "msg") {
    
     if(isset($_POST['message'])) {
      $dbres				= mysql_query("SELECT * FROM `[temp]` WHERE `id`='{$_POST['id']}' AND `code`='{$_POST['code']}' AND `area`='message'");
      if(($check = mysql_fetch_object($dbres)) && $check->IP == $clientIP) {
        $dbres				= mysql_query("SELECT `login` FROM `[users]` WHERE `Mobieltje`=1 AND `family`='{$data->family}'");
        while($member = mysql_fetch_object($dbres)) {
          $_POST['subject']		= preg_replace('/</','&#60;',$_POST['subject']);
          mysql_query("INSERT INTO `[messages]`(`time`,`IP`,`from`,`to`,`subject`,`message`) values(NOW(),'{$_SERVER['REMOTE_ADDR']}','Fam Message','{$member->login}','{$_POST['subject']}','{$_POST['message']}')");
          mysql_query("DELETE FROM `[temp]` WHERE `id`='{$_POST['id']}' AND `code`='{$_POST['code']}' AND `area`='message'");
        }      }
      print "  <tr><td class=\"mainTxt\">Bericht verzonden</td></tr>\n";
    }
    $code				= rand(100000,999999);
    mysql_query("INSERT INTO `[temp]`(login,IP,code,area,time) values('{$data->login}','$clientIP','$code','message',NOW())");
    $id					= mysql_insert_id();
    print <<<ENDHTML
  <tr><td class="mainTxt">
		<center>
	<form name="form1" method="POST" action="fammsg.php?p=msg"><table>
	<input type="hidden" name="id" value="$id">
	<input type="hidden" name="code" value="$code">
	<input type="hidden" name="subject" value="Familie: {$data->family}">
	<tr><td width=100>Van:</td>		<td>Family Message</td></tr>
	<tr><td width=100>Onderwerp:</td>	<td>Familie: {$data->family}</td></tr>
	<tr><td width=100 valign="top">Bericht:</td>
						<td><textarea name="message" cols=55 rows=15>{$_REQUEST['message']}</textarea></td></tr>
	<tr><td width=100></td>			<td align="right"><input type="submit" name="submit" value="Verzenden"></td></tr>
</center>
ENDHTML;
  }
/* ------------------------- */ ?>
</table>
</body>

</html>