/bote.php

<?php

/* bote.php - Front-end for "Bote" page
 *
 * Copyright (C) 2006, 2007, 2008 Kevin Read, Simone Schaefer
 *
 * This file is part of Selador, a browser-based fantasy strategy game
 *
 * This program is distributed under the terms of the GNU Affero General Public License.
 *
 *
 *   Selador is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU Affero General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   any later version.
 *
 *   Selador is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU Affero General Public License for more details.
 *
 *   You should have received a copy of the GNU Affero General Public License
 *   along with Selador.  If not, see <http://www.gnu.org/licenses/>.
 **/

// TODO: Hyprit has a nicely re-written but basic version of this. Bug him about it :)
// This code is in working condition but old and hastily put together.

require_once("php/base/world.inc.php");
require_once("php/base.php");
require_once("php/event.php");

// Don't auto-reload any of these pages when a counter expires.
$no_reload = 1;

require_once("headers.php");

$me->activevillage->update_stamp ();

?>
<script src="http://code.jquery.com/jquery-latest.js"></script>
<script type="text/javascript" src="/scripts/jquery.autocomplete.js"></script>
<link rel="stylesheet" href="/styles/jquery.autocomplete.css" type="text/css" />
<script type="text/javascript" src="/scripts/jquery.bgiframe.min.js"></script>
<script type="text/javascript">

   <!--

var allymsg = false;
var data = null;
function toggleAllyMsg ()
{
	if (allymsg == true)
		allymsg = false;
	else
		allymsg = true;

	var more = document.getElementById("more");
	var img = document.getElementById("addimg");
	more.innerHTML = "";
	var rec = document.getElementById("recipient0");

	if (allymsg)
	{
		rec.value = "[Ally]";
		rec.setAttribute('readonly', false, 'true');
		rec.className = "disabled";
		var err = document.getElementById("errormsg");
		err.innerHTML ="";
		img.innerHTML = "<img src=\"styles/<?php echo $_SESSION['theme']?>/add_disabled.png\" onclick=\"addRec()\">";
		reccounter = 1;

	}
	else
	{
		rec.value = "";
		rec.removeAttribute("readonly");
		rec.className = "defaults";
		img.innerHTML = "<img src=\"styles/<?php echo $_SESSION['theme']?>/add.png\" onclick=\"addRec()\">";

	}
}

var reccounter = 1;
function addRec ()
{
	//alert("hurra");
	var elem = document.getElementById("more");

	if (!allymsg)
	{
		{
			var id = '#recipient'+reccounter;

			var ni = document.getElementById('more');
			var newdiv = document.createElement('div');
			var divIdName = 'more'+reccounter;
			newdiv.setAttribute('id',divIdName);
			var toBeAppended = "";

			if (reccounter >= 5)
			{
				var errormsg = document.getElementById("errormsg");
				errormsg.innerHTML = '<div id="errormsg"><span class="error">Du kannst h&ouml;chstens f&uuml;nf Empf&auml;nger eingeben.</span></div>';
			}
			else
			{
				toBeAppended = '<input type="text" size="20" name="recipient['+reccounter+']" id="recipient'+reccounter+'" value=""><br>';
				newdiv.innerHTML = toBeAppended;
				ni.appendChild(newdiv);
				$(id).autocomplete(data);
				reccounter++;
			}

		}
		/*else
		{
			elem.innerHTML = '<span class="error">Du kannst h&ouml;chstens f&uuml;nf Empf&auml;nger eingeben.</span>';
		}*/
	}
	else
	{
		elem.innerHTML = '<span class="error">Allianznachricht kann keine zusätzlichen Empfänger haben. </span>';
	}

}

<?php
if ($_REQUEST['f'] == 2)
{
?>

$(document).ready(function() {
	<?php
	//javascript autocompletion
	//preload all bus stops from the database and fill in the js data array
	$query = 'select user from user order by user asc';
	if ($res = mysql_query($query)) {
		while ($row =mysql_fetch_array($res)) {
			if (isset($datastr))
				$datastr.=',';
			$datastr .= '"'.$row['user'].'"';
		}
	}

	?>
	data = [<?php echo $datastr; ?>].sort();

	$('#recipient0').autocomplete(data);
});
// Break out of frames. This facilitates the search working as expected
if (top.location.href != location.href) {
    top.location.href = location.href;
}
<?php
}
?>
function check_all ()
{
	var formElem = document.getElementById ("msgdel");
	var allCheckElem = document.getElementById ("allchecker");

	var boxCounter = 0;
	var boxElem;
	while ((boxElem = formElem.elements[boxCounter]))
	{
		if (boxElem.type == "checkbox")
			boxElem.checked = allCheckElem.checked;
		boxCounter++;
	}
}

function show_melden (submitname)
{
	var meldElem = document.getElementById ("meldarea");

	if (meldElem)
	{
		meldElem.innerHTML = '<p>Das freundliche Miteinander ist wichtig für den Spielspaß in Selador. Hier könnt ihr Beleidigungen, Diskriminierung und andere Tiefschläge melden. Auch Cheater, Skripter, Multis und Buguser können hier gemeldet werden.</p>Kurze Beschreibung des Problems:<br><textarea name="meldcont" rows="3" cols="80"></textarea><br><input type="submit" name="' + submitname + '" value="Melden" style="text-align: right;">';
	}
}
-->
</script>
<?php
// We include basic design parts here
require_once ("styles/php/base_design-".$_SESSION['theme'].".php");

if (isset ($_REQUEST['f']))
  $folder = (int)$_REQUEST['f'];
else
  $folder = 1;

if (isset ($_REQUEST['p']))
  $page = max (0, (int)$_REQUEST['p']);
else
  $page = 0;

?>

<div id="contentbox">
<div id="onecolumn">
<?php

// We should pass this on to the tutorial, if it is still going strong
if (is_object ($tutorial))
{
	if ($tutorial->active)
		$tutorial->is_in_messenger ($folder);
}

$msgs_per_page = 15;

/* Check for delete or archive commands */
if ((isset ($_REQUEST['msg_action'])) && ($_REQUEST['msg_action'] != "Antworten"))
{
  if (isset ($_REQUEST['o']))
    if (($_REQUEST['o'] == 3) || ($_REQUEST['o'] == 5))
    {
      $delsender = true;
    }

  if (isset ($_REQUEST['id']))
  {
    $id = (int)$_REQUEST['id'];


    if ($_REQUEST['msg_action'] == 'Melden')
    {
    	$query = "select A.body, A.sent, A.sender, B.user from messages A left join user B on (A.sender=B.uid) where A.id=".$id;

    	if (!($res = mysql_query ($query)))
    	{
    		$err = "Die Nachricht konnte leider nicht gemeldet werden, da ein Fehler aufgetreten ist";
    		log_err ("Error while crying about a message. Query: ".$query.", ".mysql_error ());
    	}
    	else
    	{
				if (($row = mysql_fetch_array ($res)))
				{
					$meldung = "Nachricht vom ".$row['sent'].":\n".$row['body'];
				}
				else
					$meldung = "Nachricht konnte nicht gefunden werden!!";

				$meldung = "Spieler ".$me->user." hat folgende Nachricht von Spieler ".$row['user']." (".$row['sender'].") gepetzt. Link zur Nachricht ist http://".$_SERVER['SERVER_NAME']."/".$_SERVER['PHP_SELF']."?id=".$id."\n\n".$meldung;

				if (isset($_REQUEST['meldcont']))
					$meldcont = mysql_real_escape_string(strip_tags(trim($_REQUEST['meldcont'])));
				else
					$meldcont = "keine Beschreibung";
				$meldung.= "\n\nBeschreibung: ".$meldcont;


				$query = "insert into messages values (NULL, ".$me->uid.", ".$support_uid.", \"Meldung\", \"".$meldung."\", 0, now(), 0, \"".$me->user."\", 1)";
				if (!mysql_query ($query))
				{
					$err = "Die Nachricht konnte leider nicht gemeldet werden, da ein Fehler aufgetreten ist";
					log_err ("Error while crying about a message. Query: ".$query.", ".mysql_error ());
				}
				else
				{
					$query = "update user set msgs=msgs+1 where uid=".$support_uid;

					mysql_query ($query);
				}
			}
    }

    if ($_REQUEST['msg_action'] == 'Löschen')
    {
      unset ($query);
      if ($delsender)
      {
        $query = "update messages set snd_del=1, sent=sent where id=".$id." and sender=".$me->uid;

        $folder = $_REQUEST['o'];
      }
      else
        $folder = 1;

      if (!isset ($query))
        $query = "update messages set archived=2, sent=sent where id=".$id." and recip=".$me->uid;
      @mysql_query ($query);
    }
    if ($_REQUEST['msg_action'] == 'Archivieren')
    {
      $query = "update messages set archived=1, sent=sent where id=".$id." and  recip=".$me->uid;
      @mysql_query ($query);

    }

    if ($_REQUEST['msg_action'] == 'Ungelesen')
    {
      $query = "update messages set msg_read=0, sent=sent where id=".$id." and  recip=".$me->uid;
      @mysql_query ($query);

      $folder = $_REQUEST['o'];

			$query = "select count(id) from messages where archived=0 and msg_read=0 and recip=".$me->uid;
			$res = mysql_query ($query);
			$row = mysql_fetch_row ($res);

			$query = "update user set msgs=".$row[0]." where uid=".$me->uid;
			@mysql_query ($query);

    }

  }

  if (isset ($_REQUEST['ids']))
  {
    $ids = $_REQUEST['ids'];

    if ($_REQUEST['msg_action'] == 'Löschen')
    {
      if ($delsender)	// FIXME EVIL SLOW do this with id in ()
        foreach ($ids as $this_id)
        {
          $query = "update messages set snd_del=1, sent=sent where id=".(int)$this_id." and sender=".$me->uid;
        	@mysql_query ($query);
        }
      else
        foreach ($ids as $this_id)
        {
          $query = "update messages set archived=2, sent=sent where id=".(int)$this_id." and recip=".$me->uid;
        	@mysql_query ($query);
        }
    }
    if ($_REQUEST['msg_action'] == 'Archivieren')
    {
      foreach ($ids as $this_id)
      {
	      $query = "update messages set archived=1, sent=sent where id=".(int)$this_id." and (sender=".$me->uid." or recip=".$me->uid.")";
      	@mysql_query ($query);
      }
    }

    $query = "select count(id) from messages where archived=0 and msg_read=0 and recip=".$me->uid;
    $res = mysql_query ($query);
    $row = mysql_fetch_row ($res);

    $query = "update user set msgs=".$row[0]." where uid=".$me->uid;
    @mysql_query ($query);
  }

  if (isset ($_REQUEST['o']))
    $folder = $_REQUEST['o'];
  else
    $folder = 1;
}

$no_go = false;
/* First, check for outgoing message data */
if (isset ($_REQUEST['msg_submit']))
{
	if (isset ($_REQUEST['c']) && ($_REQUEST['c'] == $me->reload_counter))
	{
		$me->reload_counter++;
		$recipients = $_REQUEST['recipient'];
		$empfaenger = false;
		foreach ($recipients as $idx => $rec)
		{
			if (strlen($rec) > 3)
			{
				if ($rec != "[Ally]")
					$empfaenger = true;
			}
		}
		if (($empfaenger == true) && ($_POST['to_all_members'] == "ON"))
		{
			$no_go = true;
			echo "<span class=\"error\">Du hast einen Empf&auml;nger eingegeben und zus&auml;tzlich \"Allianz-Rundmail verschicken\" angew&auml;hlt. Es geht aber nur eins von beidem!</span>";
		}
		else
		{
			if ($empfaenger == true)
			{
				$counter = 0;
				foreach ($recipients as $idx => $rec)
				{
					if ($counter > 5)
						break;
					if (strlen (trim ($rec)) > 0)
					{
						$query = "select uid from user where user=\"".trim($rec)."\"";
						$res = mysql_query ($query);
						if ($row = mysql_fetch_row ($res))
						{
							$recuid[] = $row[0];
							$recipients[$idx] = mysql_real_escape_string (trim ($rec));
						}
						else
						{
							unset ($recipients[$idx]);
							echo "<span class=\"error\">Empfänger ".$rec." nicht gefunden :(</span>\n";
							$no_go = true;
						}
					}
				}
				if (!$no_go)
				{
					if (isset ($_REQUEST['subject']))
					{
						$subject = mysql_real_escape_string (trim (strip_tags ($_REQUEST['subject'])));
						if (strlen ($subject) < 1)
							$subject = "Kein Betreff";

						if (isset ($_REQUEST['body']))
						{

							if (stristr($_REQUEST['body'], "<" ))
							{
								echo "<b>Fehler: Die Nachricht enth&auml;t ung&uuml;ltige Zeichen (<).<br> </b>";
								$no_go = true;
							}
							$body = mysql_real_escape_string (trim (strip_tags ($_REQUEST['body'])));
							//echo $body;

							if (strlen ($body) < 3)
							{
								echo "<b>Nachricht leer?</b>\n";
								$no_go = true;
							}

							if ($me->sat_by)
								$body = "Diese Nachricht wurde von einem Sitter verfasst:\n".$body;
						}
						else
						{
							echo "<b>Nachrichtentext kaputt??</b>\n";
							$no_go = true;
						}
					}
					else
					{
						echo "<b>Betreff defekt???</b>\n";
						$no_go = true;
					}
				}
			}
			else
			{
				//allianzrundmail
				if ($_POST['to_all_members'] != "ON")
				{
					echo "<span class=\"error\">Empfänger eingeben</span>";
					$no_go = true;
				}
				else
				{
					if (!$me->aid)
						echo "<span class=\"error\">Es ist ein Fehler beim Versenden der Nachricht aufgetreten!</span>";
					else
					{
						if (strlen($_REQUEST['subject']) > 0)
							$subject = "[Ally]".mysql_real_escape_string(strip_tags($_REQUEST['subject']));
						else
							$subject = "[Ally]kein Betreff";
						$already_sent = true;
						$query_select = "select uid,user from user where aid=".$me->aid." and uid!=".$me->uid;
						if (!$res = mysql_query($query_select))
							echo "<span class=\"error\">Es ist ein Fehler beim Versenden der Nachricht aufgetreten!</span>";
						else
						{

							if ($me->sat_by)
								$_REQUEST['body'] = "Diese Nachricht wurde von einem Sitter verfasst:\n".$_REQUEST['body'];
							//$body = mysql_real_escape_string(trim(strip_tags($REQUEST['body'])));

							$query_anfang = "insert into messages (sender,recip,subject,body,msg_read,sent,archived,name,snd_del) values ";
							while ($row = mysql_fetch_array($res) )
							{
								if (isset($query_rundmail))
									$query_rundmail .= ",";
								$query_rundmail .= "(".$me->uid.",".$row['uid'].",'".$subject."','".mysql_real_escape_string(trim(strip_tags($_REQUEST['body'])))."',0,now(),0,'".mysql_real_escape_string($me->user)."',0)";
							}
							$query_ally =  $query_anfang . $query_rundmail;
							if (!mysql_query($query_ally))
							{
								echo "<span class=\"error\">Es ist ein Datenbankfehler aufgetreten</span>";
								$me->log_err ("Cannot send ally mail. Query: ".$query_ally.", ".mysql_error ());
							}
							else
							{
								echo "<span class=\"success\">Erfolgreich verschickt</span>";
								$query = "update user set msgs=msgs+1 where aid=".$me->aid." and uid!=".$me->uid;

								if (!mysql_query ($query))
									$me->log_err ("Cannot update msgs after sending ally mail. Query: ".$query.", ".mysql_error ());
							}
							$folder=1;
							$already_sent = true;
						}
					}
				}
			}
		}

		if (!$no_go)
		{
			if (!$already_sent)
			{
				foreach ($recuid as $idx => $this_recip)
				{
					$query = "insert into messages (sender, recip, name, subject, body) values (".$me->uid.", ".$this_recip.", \"".mysql_real_escape_string($me->user)."\", \"".$subject."\", \"".$body."\")";
					if (@mysql_query ($query))
					{
						$me->reload_counter++;
						$folder = 1;
						$query = "update user set msgs=msgs+1 where uid=".$this_recip;
						@mysql_query ($query);
					}
					else
					{
						echo "<b>Nachricht konnte nicht an alle gesendet werden :(</b>\n";
						$folder = 2;
					}
				}
			}
			else
				$folder = 1;

		}
		else
		  $folder = 2;
  }
  else
  {
    $folder = 1;
  }
}

switch ($folder)
{
  case 1:
    $query = "select count(id) from messages where archived=0 and recip=".$me->uid;
    $res = mysql_query ($query);
    $row = mysql_fetch_row ($res);
    $num_msgs = $row[0];
    $pages = (int)(($num_msgs-1) / $msgs_per_page);

    if ($page-1 > $pages)
      $page = $pages;

    // FIXME: Left joins here, or messages won't be displayed if user deletes himself!
    $query = "select A.id, A.sender, A.subject, date_format(A.sent, \"%d.%c.%Y - %H:%i\") as sent, A.msg_read, B.user, B.uid, B.aid, C.tag, A.name from messages A left join user B on (A.sender=B.uid) left join allies C on (B.aid=C.aid) where archived=0 and recip=".$me->uid." order by A.sent desc limit ".($page*$msgs_per_page).",".$msgs_per_page;
    $tablehead = "<th width=\"20\" class=\"bold\">&nbsp;</th><th  class=\"bold\">Betreff</th><th class=\"bold\">Absender</th><th class=\"bold\">Ally</td><th  class=\"bold\">Gesendet</th>\n";
  case 3:

    if (!isset ($pages))
    {
	    $query = "select count(id) from messages where snd_del=0 and sender=".$me->uid;
	    $res = mysql_query ($query);
	    $row = mysql_fetch_row ($res);
	    $num_msgs = $row[0];
	    $pages = (int)(($num_msgs-1) / $msgs_per_page);

      if ($page-1 > $pages)
        $page = $pages;

	    $query = "select A.id, A.recip, A.subject, date_format(A.sent, \"%d.%c.%Y - %H:%i\") as sent, A.msg_read, B.user, B.uid, B.aid, C.tag, A.name from messages A  left join user B on (A.recip=B.uid) left join allies C on (B.aid=C.aid) where  snd_del=0 and sender=".$me->uid." order by A.sent desc limit ".($page*$msgs_per_page).",".$msgs_per_page;
      $tablehead = "<th width=\"24px\">&nbsp;</th><th  class=\"bold\">Betreff</th><th   class=\"bold\">Empfänger</th><th class=\"bold\">Ally</th><th  class=\"bold\">Gesendet</th>\n";


}

  case 4:
    if (!isset ($pages))
    {
	    $query = "select count(id) from messages where archived=1 and recip=".$me->uid;
	    $res = mysql_query ($query);
	    $row = mysql_fetch_row ($res);
	    $num_msgs = $row[0];
	    $pages = (int)(($num_msgs-1) / $msgs_per_page);

      if ($page-1 > $pages)
        $page = $pages;

	    $query = "select A.id, A.sender, A.subject, date_format(A.sent, \"%d.%c.%Y - %H:%i\") as sent, A.msg_read, B.user, B.uid, B.aid, C.tag, A.name from messages A left join user B on (A.sender=B.uid) left join allies C on (B.aid=C.aid) where archived=1 and recip=".$me->uid." order by A.sent desc limit ".($page*$msgs_per_page).",".$msgs_per_page;
      $tablehead = "<th class=\"bold\" width=\"24px\">&nbsp;</th><th class=\"bold\" >Betreff</th><th  class=\"bold\"  >Absender</th><th class=\"bold\">Ally</th><th  class=\"bold\">Gesendet</th>\n";
    }

//  case 5:
    /*if (!isset ($pages))
    {
	    $query = "select count(id) from messages where archived=1 and snd_del=0 and sender=".$me->uid;
	    $res = mysql_query ($query);
	    $row = mysql_fetch_row ($res);
	    $num_msgs = $row[0];
	    $pages = (int)(($num_msgs-1) / $msgs_per_page);

      if ($page-1 > $pages)
        $page = $pages;

	    $query = "select A.id, A.recip, A.subject, date_format(A.sent, \"%d.%c.%Y - %H:%i\") as sent, A.msg_read, B.user, B.uid, B.aid, C.tag from messages A left join user B on (A.recip=B.uid )  left join allies C  on (B.aid=C.aid) where archived=1 and snd_del=0 and sender=".$me->uid." order by A.sent desc limit ".($page*$msgs_per_page).",".$msgs_per_page;
      $tablehead = "<th  width=\"50%\">Betreff</th><th  width=\"120\">Empfänger</th><th>Ally</th><th width=\"120\">Gesendet</th>\n";
    }*/

    echo "<form name=\"msgdel\" id=\"msgdel\" action=\"bote.php\" method=\"POST\"><table class=\"border\" ><tr >";

    echo "<th width=\"22\" class=\"bold\">&nbsp;</th>".$tablehead."</tr>";


    $res = mysql_query ($query);
	$counter = 0;
    while ($row = mysql_fetch_array ($res))
    {
	if ($counter  % 2 == 0)
		$class = ' class="iterate"';
	else
		$class = '';
	$counter++;
      echo "<tr ".$class.">";
	echo "<td> ";
      if ($row['msg_read'] == 0)
		echo  '<img src="styles/'.$_SESSION['theme'].'/new.png" >';;
	echo "</td>\n";
      echo "<td ><input class=\"eingabe\" type=\"checkbox\" name=\"ids[]\" value=\"".$row['id']."\"></td>";


	echo "<td ><a href=\"bote.php?o=".$folder."&f=6&id=".$row['id']."\" class=\"dark\">".stripslashes ($row['subject'])."</a></td>";

      if ($row['uid'])
		echo "<td ><a href=\"profile.php?u=".$row['uid']."\">".$row['user']."</a>";
      else
      {
		if ($folder == 1)
			echo "<td >".$row['name']."";
		else
			echo "<td>(gel&ouml;scht)";
	}


	/*</td>";
      else*/
        echo "</td>";
	//if ($folder==1)
		echo "<td><a href=\"allianz.php?a=".$row['aid']."\">".$row['tag']."</a></td>";
//	if ($folder==3)
//		echo "<td><a href=\"allianz.php?a=".$row[7]."\">".$row[8]."</a></td>";
      echo "<td >".$row[3]."</td></tr>\n";
    }
    echo "</table>\n";
    echo "<input type=\"hidden\" name=\"f\" value=\"".$folder."\">\n";
    echo "<input type=\"hidden\" name=\"o\" value=\"".$folder."\">\n";
   // echo "</div>\n";

    // Correctly format and paint arrows - they shouldn't be links if we cannot scroll in this direction
    echo "</div><div id=\"leiste-unten\">";
    echo "<input class=\"eingabe\" type=\"checkbox\" id=\"allchecker\" onClick=\"check_all();\">Alle markieren&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";


    if ($page == 0)
      echo "<img src=\"styles/".$_SESSION['theme']."/pfeil_lang_links_grau.png\" alt=\"Nach links bl&auml;ttern!\" title=\"Nach links bl&auml;ttern!\">\n";
    else
      echo "<a href=\"".$_SERVER['PHP_SELF']."?p=".($page-1)."&f=".$folder."\"><img src=\"styles/".$_SESSION['theme']."/pfeil_lang_links.png\" border=\"0\" alt=\"Nach links bl&auml;ttern!\" title=\"Nach links bl&auml;ttern!\"></a>\n";
    if ($page < $pages)
      echo "<a href=\"".$_SERVER['PHP_SELF']."?p=".($page+1)."&f=".$folder."\"><img src=\"styles/".$_SESSION['theme']."/pfeil_lang_rechts.png\"  alt=\"Nach rechts bl&auml;ttern!\" title=\"Nach rechts bl&auml;ttern!\"></a>\n";
    else
    echo "<img src=\"styles/".$_SESSION['theme']."/pfeil_lang_rechts_grau.png\"  alt=\"Nach rechts bl&auml;ttern!\" title=\"Nach rechts bl&auml;ttern!\">\n";
    echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Seite ".($page+1)." von ".($pages+1)."";
    echo "";
    if ($folder < 4)		// Cannot archive already archived messages
    {
      echo "";
    }
     echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input class=\"eingabe\" type=\"submit\" name=\"msg_action\" value=\"Löschen\">";
     if ((($folder == 6 ) && $row['recip'] == $me->uid) || ($folder == 1))
     echo "&nbsp;&nbsp;&nbsp;<input class=\"eingabe\" type=\"submit\" name=\"msg_action\" value=\"Archivieren\"></form>\n";

    break;


  case 2:
    if (isset ($_REQUEST['r']))
      $recipients[] = $_REQUEST['r'];

    if (isset ($_REQUEST['subject']))
    {
	//$sub_tmp = split_string($_REQUEST['subject'], 2);
	$sub_tmp_array = explode(":", $_REQUEST['subject']);
	if (substr($sub_tmp_array[0], 0, 6) == "[Ally]")
	{
		//mixed str_replace  ( mixed $search  , mixed $replace  , mixed $subject  [, int &$count  ] )
		$sub_tmp_array[0] = str_replace("[Ally]", "", $sub_tmp_array[0]);
	}
	if (substr($sub_tmp_array[0], 0, 2) == "Re") // we answer to an answer. so we have to upgrade the counter
	{
		$counter = (int)substr($sub_tmp_array[0], 3);
		$counter++;
		$subject = "Re^".$counter;
		foreach ($sub_tmp_array as $idx => $value)
		{
			//ignore the "Re:"-entry
			if ($idx != 0)
			{
				$subject = $subject.":".stripslashes($sub_tmp_array[$idx]);
			}

		}
	}
	else // that message is the origin message. so we create the new counter
	{
		$subject = stripslashes ("Re^1: ".$_REQUEST['subject']);
	}
	//$subject = stripslashes ("Re: ".$_REQUEST['subject']);  // FIXME: Need more logic here
      }

    if (isset ($_REQUEST['body']))
    {
      if ($no_go)
      {
        $body = $_REQUEST['body'];    // This is the case if something went wrong while trying to send a submitted message
      }
      else
      {
        if (($_REQUEST['o'] == 3) || ($_REQUEST['o'] == 5))
          $body = "\n\n___________________________________________\nAm ".$_REQUEST['olddate']." schrieb ".stripslashes ($me->user).":\n".stripslashes ($_REQUEST['body']);
        else
          $body = "\n\n___________________________________________\nAm ".$_REQUEST['olddate']." schrieb ".stripslashes ($_REQUEST['r']).":\n".stripslashes ($_REQUEST['body']);
      }
    }

    echo "<div><form name=\"msg\" action=\"bote.php\" method=\"POST\"><table class=\"border\">\n";
     	echo "<tr><th class=\"bold\" colspan=\"2\">Empfänger</th></tr>";
		echo '<tr><td colspan="2"><span class="info">Du kannst mehrere Empfänger eingeben, indem du auf das Plus klickst.</span></td></tr>';
	echo "<tr><td colspan=\"2\"><input  id=\"recipient0\" name=\"recipient[0]\" value=\"".$_REQUEST['r']."\" size=\"20\">";
	echo "<div id=\"addimg\"><img src=\"styles/".$_SESSION['theme']."/add.png\" onclick=\"addRec()\"></div><div id=\"more\"></div><div id=\"errormsg\"></div></td></tr>\n";
    if ($me->aid)
    {
     	echo "<tr><td colspan=\"2\">oder <input type=\"checkbox\" name=\"to_all_members\" value=\"ON\" onclick=\"toggleAllyMsg()\">Allianz-Rundmail schreiben. ";
	echo '<span class="info">Du brauchst dann keinen Empf&auml;nger einzugeben.</span> </td></tr>';
}
	echo '<tr><th class="bold" colspan="2">Nachricht</th></tr>';
    echo "<tr><td align=\"left\">Betreff:</td><td ><input class=\"eingabe\" maxlength=\"30\" name=\"subject\" size=\"30\" value=\"".$subject."\"></td><tr>\n";
    echo "<tr><td colspan=\"3\" style=\"position:absolute; height:10px; overflow:visible;\"></td></tr>\n";
    echo "<tr><td colspan=\"3\"><textarea  name=\"body\" cols=\"80\" rows=\"13\">".$body."</textarea>\n";
    echo "<input class=\"eingabe\" type=\"submit\" name=\"msg_submit\" value=\"Absenden\"></td></tr>";
    echo "</table><input type=\"hidden\" name=\"f\" value=\"1\"><input type=\"hidden\" name=\"c\" value=\"".$me->reload_counter."\"></form>\n";
    break;

  case 6:
    if (isset ($_REQUEST['id']))
    {
      $id = $_REQUEST['id'];

      unset ($query);

      if (isset ($_REQUEST['o']))
      {
        if (($_REQUEST['o'] == 3) || ($_REQUEST['o'] == 5))
        {
          $query = "select A.*, date_format(A.sent, \"%d.%c.%Y um %H:%i\") as sent, B.user from messages A left join user B on (A.recip=B.uid) where A.id=".$id." and A.sender=".$me->uid;
          $title = "Empfänger";
        }
       }

      if (!isset ($query))
      {
        $query = "select A.*, date_format(A.sent, \"%d.%c.%Y um %H:%i\") as sent, B.user from messages A left join user B on (A.sender=B.uid) where A.id=".$id." and A.recip=".$me->uid;
        $title = "Absender";
      }

      $res = mysql_query ($query);
      if ($row = mysql_fetch_array ($res))
      {
        echo "<div><form name=\"message\" action=\"bote.php\" method=\"POST\">\n";
	      echo "<table class=\"border\">\n";
	      echo '<tr><th colspan="2" class="bold">'.stripslashes ($row['subject']).'';
	      echo "<tr><td >".$title.":</td><td >";

	      if ($row['user'])
	      	echo stripslashes ($row['user'])."</td></tr>\n";
	      else
	      	echo stripslashes ($row['name'])."</td></tr>\n";
	    //  echo "<tr><td >Betreff:</td><td >".stripslashes ($row['subject'])."</td></tr>\n";
	      echo "<tr><td >Gesendet am:</td><td>".stripslashes ($row['sent'])."</td></tr>\n";
	      echo "<tr><td colspan=\"2\" style=\"position:absolute; height:5px; overflow:visible;\"></td></tr>\n";
	      echo "<tr><td colspan=\"2\" align=\"left\"><textarea name=\"body\" cols=\"80\" rows=\"14\" readonly>".stripslashes ($row['body'])."</textarea></td></tr>\n";
	      echo "<tr><td colspan=\"2\" style=\"position:absolute; height:5px; overflow:visible;\"></td></tr>\n";

	      echo "<tr><td><input type=\"button\" onClick=\"show_melden ('msg_action');\" value=\"Melden\">&nbsp;<!--<small>Beleidigungen, Rassismus usw. melden--></small></td>\n";
	      echo "<td align=\"right\"><input type=\"submit\" name=\"msg_action\" value=\"Löschen\">&nbsp;&nbsp;";
	      echo "<input type=\"submit\" name=\"msg_action\" value=\"Ungelesen\">&nbsp;";

	      if (($row['archived'] == 0) && ($row['recip'] == $me->uid))
					echo "<input type=\"submit\" name=\"msg_action\" value=\"Archivieren\">&nbsp;&nbsp;";
	      echo "<input type=\"submit\" name=\"msg_action\" value=\"Antworten\"></td></tr>\n";
	      echo "</table><input type=\"hidden\" name=\"f\" value=\"2\">\n";
	      echo "<input type=\"hidden\" name=\"id\" value=\"".$id."\">";

        echo "<input type=\"hidden\" name=\"r\" value=\"".$row['user']."\">\n";
	      echo "<input type=\"hidden\" name=\"subject\" value=\"".$row['subject']."\">\n";
	      echo "<input type=\"hidden\" name=\"olddate\" value=\"".$row['sent']."\">\n";
	      echo "<input type=\"hidden\" name=\"c\" value=\"".$me->reload_counter."\">\n";
        if (isset ($_REQUEST['o']))
	        echo "<input type=\"hidden\" name=\"o\" value=\"".$_REQUEST['o']."\">\n";
	      echo '<div id="meldarea"></div>';
	      echo "</form></div>\n";

		if (($row['msg_read'] == 0) && ($title == "Absender"))
		{
	      	$query = "update messages set msg_read=1, sent=sent where id=".$id;
	      	if (!@mysql_query ($query))
	      	{
	      	  echo "Konnte nicht als gelesen markieren! ".mysql_error();
	      	}

					if ($user_row[1] > 0)
					{
	      		$query = "update user set msgs=msgs-1 where uid=".$me->uid;
	      		if (!@mysql_query ($query))
	      		{
	      		  echo "Konnte ungelesene Nachrichten nicht dekrementieren! ".mysql_error();
	      		}
	      	}
	      }
	    }
	    else
	      echo "<b>Nachricht existiert nicht!</b>\n";
	  }
	  break;
	  case 7:


	/*  echo "<table width=\"98%\"><tr><td colspan=\"2\" height=\"1px\"><img src=\"styles/".$_SESSION['theme']."/line_thin.gif\" width=\"98%\" height=\"1px\"></td></tr>";
	  echo "<tr><th colspan=\"2\">Offene Quests</th></tr>";
	  	echo "<tr><td colspan=\"2\" height=\"1px\"><img src=\"styles/".$_SESSION['theme']."/line_thin.gif\" width=\"98%\" height=\"1px\"></td></tr>";
	  echo "<tr><td>Quest 4 [draufklicklink] Name[/dkl]: </td><td>Lorem ipsum dolor sit amet, consectetur adipisici elit, sed eiusmod tempor incidunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquid ex ea commodi consequat. Quis aute iure reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint obcaecat cupiditat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</td>";
		echo "<tr><td colspan=\"2\" height=\"1px\"><img src=\"styles/".$_SESSION['theme']."/line_thin.gif\" width=\"98%\" height=\"1px\"></td></tr>";
	    echo "<tr><th colspan=\"2\">Abgeschlossene Quests</th></tr>";
	  	echo "<tr><td colspan=\"2\" height=\"1px\"><img src=\"styles/".$_SESSION['theme']."/line_thin.gif\" width=\"98%\" height=\"1px\"></td></tr>";
	  echo "<tr><td>Quest 3 [draufklicklink]: </td><td>Lorem ipsum dolor sit amet, consectetur adipisici elit, sed eiusmod tempor incidunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquid ex ea commodi consequat. Quis aute iure reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint obcaecat cupiditat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</td>";
		echo "<tr><td colspan=\"2\" height=\"1px\"><img src=\"styles/".$_SESSION['theme']."/line_thin.gif\" width=\"98%\" height=\"1px\"></td></tr>";
	  echo "<tr><td>Quest 2 [draufklicklink]: </td><td>+ Lorem ipsum dolor sit amet, consectetur adipisici ....</td>";
		echo "<tr><td colspan=\"2\" height=\"1px\"><img src=\"styles/".$_SESSION['theme']."/line_thin.gif\" width=\"98%\" height=\"1px\"></td></tr>";
		echo "<tr><td>Quest 1 [draufklicklink]: </td><td>+ Lorem ipsum dolor sit amet, consectetur adipisici ....</td>";
		echo "<tr><td colspan=\"2\" height=\"1px\"><img src=\"styles/".$_SESSION['theme']."/line_thin.gif\" width=\"98%\" height=\"1px\"></td></tr>";
	  echo "<table><tr><td></td><td></td>";*/

	  break;
}
?>
	  </form>
</div>
</div>

 <?php
require_once("footer.php");
 ?>