Request updated!

"; $query11 = "UPDATE users set msgalert='$val' WHERE username='$username'"; mysql_query($query11); endpage(); } $str = "SELECT msgalert from users where username='$username'"; $query1 = mysql_query($str); list($value) = mysql_fetch_row($query1); //Collect message information $query = "SELECT * FROM msgs WHERE addrto= '$username' AND boolread='0'"; $result = mysql_query($query); $num = mysql_num_rows($result); switch($_GET["function"]){ case "inbox"; switch($_GET["request"]){ case "mail_mark"; $unencode = base64_decode($_POST["mark_id"]); //addrto=Kingsley|addrfrom=Katherine|id=60|date=03-04-2007 $unencode = str_replace(" ","",$unencode); $split = explode("|",$unencode); $addr2 = str_replace("addrto=","",$split[0]); $addrfrom = str_replace("addrfrom=","",$split[1]); $id1 = str_replace("id=","",$split[2]); $date = str_replace("date=","",$split[3]); $addr2 = addslashes(trim($addr2)); $addrfrom = addslashes(trim($addrfrom)); $id1 = addslashes(trim($id1)); $date = addslashes(trim($date)); if($addr2 == $_SESSION["user"]["name"]){ $query2 = mysql_query("SELECT msg_id, date FROM msgs WHERE addrto='$addr2' AND addrfrom='$addrfrom' AND date='$date' AND msg_id='$id1'"); list($id2, $recdate2) = mysql_fetch_array($query2); $checksum = md5($id2.$recdate2.$addr2); $check2 = md5($id1.$date.$_SESSION["user"]["name"]); if($checksum == $check2){ mysql_query("UPDATE msgs set boolread='1' WHERE addrto='$addr2' AND addrfrom='$addrfrom' AND msg_id='$id1' AND date='$date'"); startpage("Mark message"); print "Message marked."; endpage(); } else { error("Incorrect information", "You can not do this action."); } } else { error("Incorrect information", "You can not do this action."); } break; case "mail_delete"; $unencode = base64_decode($_POST["del_id"]); //addrto=Kingsley|addrfrom=Katherine|id=60|date=03-04-2007 $split = explode("|",$unencode); $addr2 = str_replace("addrto=","",$split[0]); $addrfrom = str_replace("addrfrom=","",$split[1]); $id1 = str_replace("id=","",$split[2]); $date = str_replace("date=","",$split[3]); $addr2 = addslashes(trim($addr2)); $addrfrom = addslashes(trim($addrfrom)); $id1 = addslashes(trim($id1)); $date = addslashes(trim($date)); if($addr2 == $_SESSION["user"]["name"]){ $query2 = mysql_query("SELECT msg_id, date FROM msgs WHERE addrto='$addr2' AND addrfrom='$addrfrom' AND date='$date' AND msg_id='$id1'"); list($id, $recdate) = mysql_fetch_array($query2); $checksum = md5($id.$recdate.$addr2); $check2 = md5($id1.$date.$_SESSION["user"]["name"]); if($checksum == $check2){ mysql_query("delete from msgs where addrto='$addr2' and addrfrom='$addrfrom' and msg_id='$id1' and date='$date'"); startpage("Message delete"); print "Message deleted"; endpage(); } else { error("Incorrect information", "You can not do this action."); } } else { error("Incorrect information", "You can not do this action."); } break; } //Collect message information $query = "SELECT * FROM msgs WHERE addrto= '$username' AND boolread='0'"; $result = mysql_query($query); $numnew = mysql_num_rows($result); startpage("Mail inbox"); if($numnew == 0){ echo "Welcome to your inbox $username
You have no new messages.

"; } elseif($numnew == 1) { echo "Welcome to your inbox $username
You have a new message.

"; } else { echo "Welcome to your inbox $username
You have ($numnew) new messages.

"; } $query2 = "SELECT * FROM msgs WHERE addrto= '$username' order by date DESC"; $result2 = mysql_query($query2); $realnum = mysql_num_rows($result2); if($realnum > 0){ ?> ",$row["message"]); if($row["boolread"] == 0){ echo "\n \n \n \n
Message from: Subject: Message: Date: Options:
New: {$row['addrfrom']}{$row['subject']}$msg".date("d-n-Y g:i:s A", $row['date']).""; ?>
">
">
" /> " />
" />
" /> " />
"; } ?>

To: (username) " />
Subject:
Message:

0){ startpage("Sent mail"); ?> ",$row["message"]); echo "\n \n \n \n "; } ?>
Message to: Subject: Message: Date:
".$row["addrto"]."".$row["subject"]."$msg".date("d-n-Y g:i:s A", $row["date"])."
Welcome to your inbox, you have no new messages.

"; } elseif($num == 1) { echo "Hello $username
Welcome to your inbox, you have ($num) new message.

"; } else { echo "Hello $username
Welcome to your inbox, you have ($num) new messages.

"; } ?>

My Inbox

Send message

Sent messages


Don't alert me of new mail (on login)"; } if($value == 0){ echo ""; } ?>