Jump to content
MakeWebGames

Mailbox Help!


SMOKEY_TEK
 Share

Recommended Posts

My mailbox works just fine, it's just that I have no idea on how to get rid of the "rn" for a new line, I can insert a new line when typing out the message in the message text area, but when I send a message and look at the message it inserts the "rn" instead of the actual new line..

Can anyone help me to fix this, I've tried using

$mailBody = stripslashes(str_replace("\rn", "[br\]", $_POST['mailBody']));

 

<?php
include (DIRNAME(__FILE__) . '/header.php');

if ($user_class->mailban == 1){
echo '
<div class="content">
<h3>Mailbox</h3>
<b style="font-size:18px"><center>You have been mail banned for <span style="color:#FF0000;">';
?>
<? echo $user_class->days; ?> </span> days.</b><br><br>
<b>Reason:</b><br>
<? echo $user_class->mb_reason; ?></center></div></div>
<?
die();
}

echo "
<div class='content'>
<h3>Mailbox</h3>

<table width='100%'>
<tr>
	<td width='25%' align='center'><a href='mailbox.php?mail=new'>New Message</a></td>
	<td width='25%' align='center'><a href='mailbox.php?mail=inbox'>Inbox</a></td>
	<td width='25%' align='center'><a href='mailbox.php?mail=saved'>Saved Mail</a></td>
	<td width='25%' align='center'><a href='mailbox.php?mail=sent'>Sent Mail</a></td>
</tr>
</table>";

$_GET['mail'] = isset($_GET['mail']) && ctype_alpha($_GET['mail']) ? trim($_GET['mail']) : 'mail_inbox';

switch($_GET['mail'])
{
	case 'inbox' : mail_inbox(); break;
	case 'new' : mail_new(); break;
	case 'send' : send_mail(); break;
	case 'saved' : mail_saved(); break;
	case 'sent' : mail_sent(); break;
	default: mail_inbox(); break;
}
$delete = $_REQUEST['delete'];
$checkbox = $_REQUEST['checkbox'];
$count = count($_REQUEST['checkbox']);

if($delete){
for($i=0;$i<$count;$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM `mailbox` WHERE id='$del_id'";
$result = mysql_query($sql);
}

// if successful redirect to delete_multiple.php
if($result){
	echo "<meta http-equiv=\"refresh\" content=\"0;URL=mailbox.php\">";
}
 }
function mail_inbox()
{

if($_POST['mailRead']){
$sql = "DELETE FROM `mailbox` WHERE `mailRead` = '1'";
$result = mysql_query($sql);
}
if($result){
	echo "<meta http-equiv=\"refresh\" content=\"0;URL=mailbox.php\">";
}
?>
<h3>Inbox</h3>

<form method='post' onSubmit='return confirmAction("Are you sure you want to delete read/selected mail?");'>
<table width='100%'>
<tr>
	<td colspan='2'><h4>Subject</h4></td>
	<td><h4>Sender</h4></td>
	<td><h4>Received</h4></td>
	<td align='center'><h4> <input type='checkbox' name='delete' onClick='allCheckUncheck(this);'> </h4></td>
</tr>

<?php	
$userid = $_SESSION['id'];
$result = mysql_query("SELECT * FROM `mailbox` ORDER BY `mailTime` DESC LIMIT 25");
while($row = mysql_fetch_array($result)){ 
$newmails = mysql_num_rows($result);
if (strtoupper($row['mailTo']) == strtoupper($userid)) {
$from_user_class = new User($row['mailFrom']);
$subject = ($row['mailSubject'] == "") ? "No Subject" : $row['mailSubject'];

if ($row['mailRead'] == "0"){
$mailUnread = "<a href='mailbox_read.php?id=".$row['id']."' class='mailUnread' title='Unread'></a>";
$mail = "<a href='mailbox_read.php?id=".$row['id']."'><b>$subject</b></a>";
} else {
$mailUnread = "<a href='mailbox_read.php?id=".$row['id']."' class='mailRead' title='Read'></a>";
$mail = "<a href='mailbox_read.php?id=".$row['id']."'>$subject</a>";
}

echo "
<tr>
	<td align='center'>".$mailUnread."</td>
	<td>".$mail."</td>
	<td>".$from_user_class->formattedname."</td>
	<td>".date(d." ".M." ".y.", ".g.":".i." ".a,$row['mailTime'])."</td>
	<td align='center'><input type='checkbox' name='checkbox[]' id='checkbox[]' value='".$row['id']."'></td>
</tr>";
} 
 }
echo "
<tr>
       <td colspan='5' align='right'>
           <input type='submit' name='mailRead' value='Delete All Read'>
		<input type='submit' name='delete' id='delete' value='Delete Selected'>
       </td>
   </tr>
</form>";

if($newmails < 1){
echo "
<tr>
	<td colspan='2'><i>There are no new mail.</i></td>
</tr>";
}

echo "
<tr>
       <td width='3%'></td>
	<td width='30%'></td>
       <td width='30%'></td>
       <td width='22%'></td>
       <td width='5%'></td>
   </tr>
   </table>
</div>";
}

function mail_new()
{

if ($_GET['reply'] != ""){
$result2 = mysql_query("SELECT * from `mailbox` WHERE `id`='".$_GET['reply']."'");
$worked2 = mysql_fetch_array($result2);
$from_user_class = new User($worked2['mailFrom']);
}
?>
<h3>New Message</h3>

<table width='100%'>
<form action='mailbox.php?mail=send' method='post'>
<tr>
	<td width='25%'><h4>Send To</h4></td>
	<td><input type='text' name='mailTo' size='15' maxlength='10' value='<?php echo $_GET['mailTo']; ?>'> 
	<select name='mailContactList' onChange='mailTo.value = this.value'>
	<option value='' style='font-weight: bold;'>   --- [Contacts] ---   </option>
<?php 
$userid = $_SESSION['id'];
$result = mysql_query("SELECT * FROM `contacts` WHERE `userID` = '".$userid."'");
while ($row = mysql_fetch_array($result)){
$contactList = new User($row['contactID']);
echo '<option value="'.$row['contactID'].'">'.$contactList->username.'</option>'; } ?> 
	</select></td>
</tr>
<tr>
	<td><h4>Subject</h4></td>
	<td><input type='text' name='mailSubject' size='70' value='<? echo ($_GET['reply'] != "") ? "Re: ".$worked2['mailSubject'] : "";  ?>'></td>
</tr>
<tr>
	<td colspan='2'><h4>Message</h4></td>
</tr>
<tr>
	<td colspan='2' align='center'><textarea name='mailBody' cols='70' rows='10'></textarea></td>
</tr>
<tr>
	<td colspan='2' align='center'><input type='submit' value='Send' /></td>
</tr>
</form>
</table>
</div>
<?php
}

function send_mail()
{
$userid = $_SESSION['id'];
$mailTime = time();
$mailFrom = $userid;
$mailTo = abs(intval($_POST['mailTo']));
$mailSubject = stripslashes($_POST['mailSubject']);
$mailBody = stripslashes(str_replace("\rn", "[br\]", $_POST['mailBody']));

if(!$_POST['mailBody']){
echo "
<h3>New Message</h3>
<p>You must enter a message for this mail. <br><br>
<a href='mailbox.php?mail=new'>Back</a></p></div>"; die();
} elseif(!$_POST['mailTo']) {
echo "
<h3>New Message</h3>
<p>You must enter a player ID for this mail. <br><br>
<a href='mailbox.php?mail=new'>Back</a></p></div>"; die();
} else {
$checkuser = mysql_query("SELECT `id` FROM `users` WHERE `id` = '".$mailTo."'");
$username_exist = mysql_num_rows($checkuser);

   if($username_exist > 0){
$result = mysql_query("INSERT INTO `mailbox` (`mailTo`, `mailFrom`, `mailTime`, `mailSubject`, `mailBody`)".
"VALUES ('$mailTo', '$mailFrom', '$mailTime', '$mailSubject', '$mailBody')");

echo "
<h3>New Message</h3>
<p>You successfully sent a message. <br><br>
	<a href='mailbox.php?mail=new'>Back</a></p>
</div>";
} else {
echo "
<h3>New Message</h3>
<p>The user you entered doesn't exist. <br><br>
<a href='mailbox.php?mail=new'>Back</a></p>
</div>";
}
 }
  }

function mail_saved()
{
$delete = $_REQUEST['delete'];
$checkbox = $_REQUEST['checkbox'];
$count = count($_REQUEST['checkbox']);

if($delete){
for($i=0;$i<$count;$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM `mailbox` WHERE id='$del_id'";
$result = mysql_query($sql);
}

// if successful redirect to delete_multiple.php
if($result){
	echo "<meta http-equiv=\"refresh\" content=\"0;URL=mailbox.php\">";
}
 }
?>
<h3>Saved Mail</h3>

<form method='post' onSubmit='return confirmAction("Are you sure you want to delete read/selected mail?");'>
<table width='100%'>
<tr>
	<td colspan='2'><h4>Subject</h4></td>
	<td><h4>Sender</h4></td>
	<td><h4>Received</h4></td>
	<td align='center'><h4> <input type='checkbox' name='delete' onClick='allCheckUncheck(this);'> </h4></td>
</tr>
<?php
$userid = $_SESSION['id'];
$result = mysql_query("SELECT * FROM `mailbox` WHERE `mailSaved` = 'Yes' ORDER BY `mailTime` DESC LIMIT 25");
while($row = mysql_fetch_array($result)){ 
$newmails = mysql_num_rows($result);
if (strtoupper($row['mailTo']) == strtoupper($userid)) {
$from_user_class = new User($row['mailFrom']);
$subject = ($row['mailSubject'] == "") ? "No Subject" : $row['mailSubject'];

echo "
<tr>
	<td colspan='2' align='center'><a href='mail_read.php?id=".$row['id']."'>".$subject."</a></td>
	<td align='center'>".$from_user_class->formattedname."</td>
	<td align='center'>".date(d." ".M." ".y.", ".g.":".i." ".a,$row['mailTime'])."</td>
	<td align='center'><input type='checkbox' name='checkbox[]' id='checkbox[]' value='".$row['id']."'></td>
</tr>";
} 
 }
echo "
<tr>
       <td colspan='5' align='right'>
           <input type='submit' name='mailRead' value='Delete All Read'>
		<input type='submit' name='delete' id='delete' value='Delete Selected'>
       </td>
   </tr>
</form>
<tr>
       <td width='3%'></td>
	<td width='30%'></td>
       <td width='30%'></td>
       <td width='22%'></td>
       <td width='5%'></td>
   </tr>
   </table>
</div>";
}

function mail_sent()
{
$delete = $_REQUEST['delete'];
$checkbox = $_REQUEST['checkbox'];
$count = count($_REQUEST['checkbox']);

if($delete){
for($i=0;$i<$count;$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM `mailbox` WHERE id='$del_id'";
$result = mysql_query($sql);
}

// if successful redirect to delete_multiple.php
if($result){
	echo "<meta http-equiv=\"refresh\" content=\"0;URL=mailbox.php?mail=sent\">";
}
 }
if($_POST['mailRead']){
$sql = "DELETE FROM `mailbox` WHERE `mailRead` = '1', `mailFrom` = '".$userid."'";
$result = mysql_query($sql);
}
if($result){
	echo "<meta http-equiv=\"refresh\" content=\"0;URL=mailbox.php?mail=sent\">";
}
?>
<h3>Sent Mail</h3>

<form method='post' onSubmit='return confirmAction("Are you sure you want to delete read/selected mail?");'>
<table width='100%'>
<tr>
	<td colspan='2'><h4>Subject</h4></td>
	<td><h4>Recipient</h4></td>
	<td><h4>Sent</h4></td>
	<td align='center'><h4> <input type='checkbox' name='delete' onClick='allCheckUncheck(this);'> </h4></td>
</tr>

<?php
$userid = $_SESSION['id'];
$result = mysql_query("SELECT * FROM `mailbox` ORDER BY `mailTime` DESC LIMIT 25");
while($row = mysql_fetch_array($result)){ 
$sentmails = mysql_num_rows($result);
if (strtoupper($row['mailFrom']) == strtoupper($userid)) {
$to_user_class = new User($row['mailTo']);
$subject = ($row['mailSubject'] == "") ? "No Subject" : $row['mailSubject'];

if ($row['mailRead'] == "0"){
$mailUnread = "<a href='mailbox_read.php?sent=".$row['id']."' class='mailUnread' title='Unread'></a>";
$mail = "<a href='mailbox_read.php?sent=".$row['id']."'><b>$subject</b></a>";
} else {
$mailUnread = "<a href='mailbox_read.php?sent=".$row['id']."' class='mailRead' title='Read'></a>";
$mail = "<a href='mailbox_read.php?sent=".$row['id']."'>$subject</a>";
}

echo "
<tr>
	<td align='center'>".$mailUnread."</td>
	<td>".$mail."</td>
	<td>".$to_user_class->formattedname."</td>
	<td>".date(d." ".M." ".y.", ".g.":".i." ".a,$row['mailTime'])."</td>
	<td align='center'><input type='checkbox' name='checkbox[]' id='checkbox[]' value='".$row['id']."'></td>
</tr>";
}
 }

echo "
<tr>
       <td colspan='5' align='right'>
           <input type='submit' name='mailRead' value='Delete All Read'>
		<input type='submit' name='delete' id='delete' value='Delete Selected'>
       </td>
   </tr>
</form>";

if($sentmails < 1){
echo "
<tr>
	<td colspan='2'><i>There is no mail to display.</i></td>
</tr>";
}

echo "
<tr>
       <td width='3%'></td>
	<td width='30%'></td>
       <td width='30%'></td>
       <td width='22%'></td>
       <td width='5%'></td>
   </tr>
   </table>
</div>";
}
Link to comment
Share on other sites

To be honest instead of:

$mailBody = stripslashes(str_replace("\rn", "[br\]", $_POST['mailBody']));

Why not replace it with:

$mailBody = mysql_real_escape_string(htmlentities($_POST['mailBody']));

It's securing the whole line and you don't have to worry about that error your getting... security is not that hard.It's the mind and thinking process that makes it seem like it is....

change $_request to $_GET or $_POST...$_REQUEST is bad all away around, easily for a hackers to grab cookies and rewrite your vars.

Edited by lucky3809
Link to comment
Share on other sites

This is the file that reads the messages.. It's called mailbox_read.php

 

<?php
include (DIRNAME(__FILE__) . '/header.php');
include (DIRNAME(__FILE__) . '/parser.php');

$_GET['sent'] = abs(intval($_GET['sent']));
if($_GET['sent']){
echo "
<div class='content'>
<h3>Mailbox</h3>
<table width='100%'>";

$result = mysql_query("SELECT * from `mailbox` WHERE `id`='".$_GET['sent']."'");
$row = mysql_fetch_array($result);
   $from_user_class = new User($row['mailFrom']);
$mailBody = $row['mailBody'];
$subject = ($row['mailSubject'] == "") ? "No Subject" : $row['mailSubject'];
if ($_GET['sent'] != ""){
   echo "
					<table width='100%'>

           <tr>
               <td width='25%'><h4>Sender</h4></td>
               <td>".$from_user_class->formattedname."</td>
           </tr>
           <tr>
               <td width='25%'><h4>Received</h4></td>

               <td>".date(F." ".d.", ".Y." ".g.":".i.":".sa,$row['mailTime'])."</td>
           </tr>
           <tr>
               <td width='25%'><h4>Subject</h4></td>
               <td>".$subject."</td>
           </tr>
           <tr>

               <td colspan='2'><h4>Message</h4></td>
           </tr>
           <tr>
               <td colspan='2'><p>";
?>
<?php 
$formatted_text=bb_code(bbcode($mailBody));
echo $formatted_text;
echo "</p></td></td>
       </tr>
       <tr>
		<td colspan='2'><h4>Actions</h4></td>
       </tr>
       <tr>
       <td colspan='2'>
	<table width='100%'>
       <tr>
		<td width='25%' align='center'><a href='mailbox.php?mail=new&mailTo=".$from_user_class->id."&reply=".$row['id']."'>Reply</a></td>
           <td width='25%' align='center'><a href='mailbox_read.php?id=".$row['id']."&save=1'>Save</a></td>
           <td width='25%' align='center'><a href='mailbox_read.php?id=".$row['id']."&del=true'>Delete</a></td>
           <td width='25%' align='center'><a href='mailbox_read.php?id=".$row['id']."&report=yes'>Report</a></td>
       </tr>
       <tr>
           <td width='25%' align='center'><a href='contacts_add.php?id=".$from_user_class->id."'>Add Contact</a></td>
		<td width='25%' align='center'><a href='ignores_add.php?id=".$from_user_class->id."'>Ignore</a></td>
           <td width='25%' align='center'> </td>
           <td width='25%' align='center'> </td>
       </tr>
       </table>
               </td>
           </tr>

       </table>

       <p><a href='mailbox.php?mail=inbox'>Back</a></p>
	</div>"; die();
 }
  }
?>
<div class='content'>
<h3>Mailbox</h3>
<table width='100%'>
<?php
$_GET['id'] = abs(intval($_GET['id']));

$result = mysql_query("SELECT * from `mailbox` WHERE `id`='".$_GET['id']."'");
$row = mysql_fetch_array($result);
    $from_user_class = new User($row['mailFrom']);
 $mailBody = $row['mailBody'];
 $subject = ($row['mailSubject'] == "") ? "No Subject" : $row['mailSubject'];
if ($_GET['id'] != ""){
   if (strtoupper($row['mailTo']) == strtoupper($user_class->id)) {
   echo "
					<table width='100%'>

           <tr>
               <td width='25%'><h4>Sender</h4></td>
               <td>".$from_user_class->formattedname."</td>
           </tr>
           <tr>
               <td width='25%'><h4>Received</h4></td>

               <td>".date(F." ".d.", ".Y." ".g.":".i.":".sa,$row['mailTime'])."</td>
           </tr>
           <tr>
               <td width='25%'><h4>Subject</h4></td>
               <td>".$subject."</td>
           </tr>
           <tr>

               <td colspan='2'><h4>Message</h4></td>
           </tr>
           <tr>
               <td colspan='2'><p>";
?>
<?php 
$formatted_text=bb_code(bbcode($mailBody));
echo $formatted_text;
echo "</p></td></td>
       </tr>
       <tr>
		<td colspan='2'><h4>Actions</h4></td>
       </tr>
       <tr>
       <td colspan='2'>
	<table width='100%'>
       <tr>
		<td width='25%' align='center'><a href='mailbox.php?mail=new&mailTo=".$from_user_class->id."&reply=".$row['id']."'>Reply</a></td>
           <td width='25%' align='center'><a href='mailbox_read.php?id=".$row['id']."&save=1'>Save</a></td>
           <td width='25%' align='center'><a href='mailbox_read.php?id=".$row['id']."&del=true'>Delete</a></td>
           <td width='25%' align='center'><a href='mailbox_read.php?id=".$row['id']."&report=yes'>Report</a></td>
       </tr>
       <tr>
           <td width='25%' align='center'><a href='contacts_add.php?id=".$from_user_class->id."'>Add Contact</a></td>
		<td width='25%' align='center'><a href='ignores_add.php?id=".$from_user_class->id."'>Ignore</a></td>
           <td width='25%' align='center'> </td>
           <td width='25%' align='center'> </td>
       </tr>
       </table>
               </td>
           </tr>

       </table>

       <p><a href='mailbox.php?mail=inbox'>Back</a></p>";

$result2 = mysql_query("UPDATE `mailbox` SET `mailRead` = '1' WHERE `id`='".$row['id']."'");
}
 }
?>
</div>
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...