mail.php - orodlin-1-pub in Orodlin v.1

<?php
/**
 *   File functions:
 *   Messages to other players
 *
 *   @name                 : mail.php
 *   @copyright            : (C) 2004,2005,2006,2007 Vallheru Team based on Gamers-Fusion ver 2.5
 *   @author               : thindil <thindil@users.sourceforge.net>
 *   @author               : eyescream <tduda@users.sourceforge.net>
 *   @version              : 1.4
 *   @since                : 25.04.2007
 *
 */

//
//
//       This program is free software; you can redistribute it and/or modify
//   it under the terms of the GNU General Public License as published by
//   the Free Software Foundation; either version 2 of the License, or
//   (at your option) any later version.
//
//   This program is distributed in the hope that it will be useful,
//   but WITHOUT ANY WARRANTY; without even the implied warranty of
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//   GNU General Public License for more details.
//
//   You should have received a copy of the GNU General Public License
//   along with this program; if not, write to the Free Software
//   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
//
// $Id$

$title = 'Wiadomości';
require_once('includes/head.php');

/**
* Get the localization for game
*/
require_once('languages/'.$player -> lang.'/mail.php');

if (!isset($_GET['view']) && !isset($_GET['read']) && !isset($_GET['zapisz']) && !isset($_GET['kasuj']))
{
    $mail = $db -> Execute('SELECT * FROM `mail` WHERE `owner`='.$player -> id.' AND `unread`=\'F\' AND `zapis`=\'N\' AND `send`=0 ORDER BY `id` DESC');
    $arrsender = array();
    $arrsenderid = array();
    $arrsubject = array();
    $arrid = array();
    $arrRead = array();
    $i = 0;
    while (!$mail -> EOF)
    {
        $arrsender[$i] = $mail -> fields['sender'];
        $arrsenderid[$i] = $mail -> fields['senderid'];
        $arrsubject[$i] = $mail -> fields['subject'];
        $arrid[$i] = $mail -> fields['id'];
        $arrRead[$i] = ($mail -> fields['unread'] == 'F') ? 'Y' : 'N';
        $mail -> MoveNext();
        $i++;
    }
    $mail -> Close();
    require_once('includes/bbcode.php');
    $arrsubject = censorship($arrsubject);
    $smarty -> assign_by_ref ('Sender', $arrsender);
    $smarty -> assign_by_ref ('Senderid', $arrsenderid);
    $smarty -> assign_by_ref ('Subject', $arrsubject);
    $smarty -> assign_by_ref ('Mailid', $arrid);
}

/**
 * Mail inbox
 */
if (isset ($_GET['view']) && $_GET['view'] == 'inbox')
{
    $mail = $db -> Execute('SELECT * FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'N\' AND `send`=0 ORDER BY `id` DESC');
    $arrsender = array();
    $arrsenderid = array();
    $arrsubject = array();
    $arrid = array();
    $arrRead = array();
    $i = 0;
    while (!$mail -> EOF)
    {
        $arrsender[$i] = $mail -> fields['sender'];
        $arrsenderid[$i] = $mail -> fields['senderid'];
        $arrsubject[$i] = $mail -> fields['subject'];
        $arrid[$i] = $mail -> fields['id'];
        $arrRead[$i] = ($mail -> fields['unread'] == 'F') ? 'Y' : 'N';
        $mail -> MoveNext();
        $i++;
    }
    $mail -> Close();
    require_once('includes/bbcode.php');
    $arrsubject = censorship($arrsubject);
    $smarty -> assign_by_ref ('Sender', $arrsender);
    $smarty -> assign_by_ref ('Senderid', $arrsenderid);
    $smarty -> assign_by_ref ('Subject', $arrsubject);
    $smarty -> assign_by_ref ('Mailid', $arrid);
    $smarty -> assign_by_ref ('Mread', $arrRead);
    if (isset ($_GET['step']) && $_GET['step'] == 'clear')
    {
        $db -> Execute('DELETE FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'N\' AND `send`=0');
        error (MAIL_DEL.'. (<a href="mail.php?view=inbox">'.A_REFRESH.'</a>)');
    }
}

if (isset ($_GET['view']) && $_GET['view'] == 'zapis')
{
    $mail = $db -> Execute('SELECT * FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'Y\' ORDER BY `id` DESC');
    $arrsender = array();
    $arrsenderid = array();
    $arrsubject = array();
    $arrid = array();
    $i = 0;
    while (!$mail -> EOF)
    {
        $arrsender[$i] = $mail -> fields['sender'];
        $arrsenderid[$i] = $mail -> fields['senderid'];
        $arrsubject[$i] = $mail -> fields['subject'];
        $arrid[$i] = $mail -> fields['id'];
        $mail -> MoveNext();
        $i++;
    }
    $mail -> Close();
    $smarty -> assign_by_ref ('Sender', $arrsender);
    $smarty -> assign_by_ref ('Senderid', $arrsenderid);
    $smarty -> assign_by_ref ('Subject', $arrsubject);
    $smarty -> assign_by_ref ('Mailid', $arrid);
    if (isset ($_GET['step']) && $_GET['step'] == 'clear')
    {
        $db -> Execute('DELETE FROM `mail` WHERE `owner`='.$player -> id.' AND zapis=\'Y\'');
        error (MAIL_DEL.'. (<a href=mail.php?view=zapis>'.A_REFRESH.'</a>)');
    }
}

if (isset ($_GET['view']) && $_GET['view'] == 'send')
{
    $mail = $db -> Execute('SELECT * FROM `mail` WHERE `send`!=0 AND `owner`='.$player -> id.' AND `zapis`=\'N\' ORDER BY `id` DESC');
    $arrsend = array();
    $arrsubject = array();
    $arrid = array();
    $i = 0;
    while (!$mail -> EOF)
    {
        $arrsend[$i] = $mail -> fields['send'];
        $arrsubject[$i] = $mail -> fields['subject'];
        $arrid[$i] = $mail -> fields['id'];
        $mail -> MoveNext();
        $i++;
    }
    $mail -> Close();
    $smarty -> assign_by_ref ('Send1', $arrsend);
    $smarty -> assign_by_ref ('Subject', $arrsubject);
    $smarty -> assign_by_ref ('Mailid', $arrid);
    if (isset ($_GET['step']) && $_GET['step'] == 'clear')
    {
        $db -> Execute('DELETE FROM `mail` WHERE `send`!=0 AND `owner`='.$player -> id);
        error (MAIL_DEL.'. (<a href="mail.php?view=send">'.A_REFRESH.'</a>)');
    }
}

/**
* Write new message
*/
if (isset ($_GET['view']) && $_GET['view'] == 'write')
{
    $objBan = $db -> Execute('SELECT `id` FROM `ban_mail` WHERE `owner`=0 AND `id`='.$player -> id);
    if ($objBan -> fields['id'])
    {
        error(YOU_CANNOT);
    }
    $objBan -> Close();
    if (!isset ($_GET['to']))
    {
        $_GET['to'] = '';
    }
    if (!isset ($_GET['re']))
    {
        $_GET['re'] = '';
    }
    $body = '';
    if (!empty ($_GET['id']))
    {
        if (!ereg("^[1-9][0-9]*$", $_GET['id']))
        {
            error (ERROR);
        }
        $mail = $db -> Execute('SELECT `body`, `owner`, `sender` FROM `mail` WHERE `id`='.$_GET['id']);
        if ($mail -> fields['owner'] != $player -> id)
        {
            error(NOT_YOUR);
        }
        require_once('includes/bbcode.php');
        $postbody = htmltobbcode($mail -> fields['body']);
        $body = PLAYER.' '.$mail -> fields['sender'].' '.WROTE.' [quote]'.$postbody.'[/quote]';
        $mail -> Close();
    }
    $smarty -> assign_by_ref ('To', $_GET['to']);
    $smarty -> assign_by_ref ('Reply', $_GET['re']);
    $smarty -> assign_by_ref ('Body', $body);
    if (isset ($_GET['step']) && $_GET['step'] == 'send')
    {
        if (empty ($_POST['to']) || empty ($_POST['body']))
        {
            error (EMPTY_FIELDS);
        }
        if (empty ($_POST['subject']))
        {
            $_POST['subject'] = 'Brak';
        }
        if (!ereg("^[1-9][0-9]*$", $_POST['to']))
        {
            error (ERROR.'1');
        }
        $rec = $db -> Execute('SELECT `id`, `user` FROM `players` WHERE `id`='.$_POST['to']);
        if (!$rec -> fields['id'])
        {
            error (NO_PLAYER);
        }
        if ($_POST['to'] == $player -> id)
        {
            error(YOURSELF);
        }
        if( $player -> rank != 'Admin' && $player -> rank != 'Staff')
        {
            $objBan = $db -> Execute('SELECT `id` FROM `ban_mail` WHERE `owner`='.$_POST['to'].' AND `id`='.$player -> id);
            if ($objBan -> fields['id'])
            {
                error(YOU_CANNOT);
            }
            $objBan -> Close();
        }
        $_POST['subject'] = strip_tags($_POST['subject']);
        require_once('includes/bbcode.php');
        $_POST['body'] = bbcodetohtml($_POST['body']);
        $strBody = $db -> qstr($_POST['body'], get_magic_quotes_gpc());
        $strSubject = $db -> qstr($_POST['subject'], get_magic_quotes_gpc());
        $strDate = $db -> DBDate($newdate);
        $db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`, `date`) VALUES(\''.$player -> user.'\','.$player -> id.','.$_POST['to'].', '.$strSubject.' , '.$strBody.', '.$strDate.')');
        $db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`,  `send`, `date`) VALUES(\''.$player -> user.'\','.$player -> id.','.$player -> id.', '.$strSubject.', '.$strBody.','.$_POST['to'].', '.$strDate.')');
        error (YOU_SEND.$rec -> fields['user'].'.');
    }
}

if (isset ($_GET['read']))
{
    if (!ereg("^[1-9][0-9]*$", $_GET['read']))
    {
        error (ERROR);
    }
    $mail = $db -> Execute('SELECT * FROM `mail` WHERE id='.$_GET['read']);
    if (!$mail -> fields['id'])
    {
        error (NO_MAIL);
    }
    if ($mail -> fields['owner'] != $player -> id)
    {
        error (NOT_YOUR);
    }

    $addreprefix = true;
    if (strpos ($mail->fields['subject'], REPLY_PREFIX) !== false)
    {
        $addreprefix = false;
    }

    if (isset ($_GET['option']) && $_GET['option'] == 'c')
    {
        require_once('includes/bbcode.php');
        $mail -> fields['body'] = censorship($mail -> fields['body']);
    }
    $db -> Execute('UPDATE `mail` SET `unread`=\'T\' WHERE id='.$mail -> fields['id']);
    $strDay = ($mail -> fields['date']) ? T_DAY.$mail -> fields['date'] : '';
    $smarty -> assign_by_ref ('Sender', $mail -> fields['sender']);
    $smarty -> assign_by_ref ('Body', $mail -> fields['body']);
    $smarty -> assign_by_ref ('Mailid', $mail -> fields['id']);
    $smarty -> assign_by_ref ('Senderid', $mail -> fields['senderid']);
    $smarty -> assign_by_ref ('Subject', $mail -> fields['subject']);
    $smarty -> assign_by_ref ('AddReplyPrefix', $addreprefix);
    $smarty -> assign_by_ref ('Tday', $strDay);
    $mail -> Close();
}

if (isset ($_GET['zapisz']))
{
    if (!ereg("^[1-9][0-9]*$", $_GET['zapisz']))
    {
        error (ERROR);
    }
    $mail = $db -> Execute('SELECT `id`, `owner` FROM `mail` WHERE `id`='.$_GET['zapisz']);
    if (!$mail -> fields['id'])
    {
        error (NO_MAIL);
    }
    if ($mail -> fields['owner'] != $player -> id)
    {
        error (NOT_YOUR);
    }
    $db -> Execute('UPDATE `mail` SET `zapis`=\'Y\' WHERE id='.$_GET['zapisz']);
    error (MAIL_SAVE.'. (<a href="mail.php">'.A_REFRESH.'</a>)');
}

if (isset ($_GET['kasuj']))
{
    if (!ereg("^[1-9][0-9]*$", $_GET['kasuj']))
    {
        error (ERROR);
    }
    $mail = $db -> Execute('SELECT `id`, `owner` FROM `mail` WHERE `id`='.$_GET['kasuj']);
    if (!$mail -> fields['id'])
    {
        error (NO_MAIL);
    }
    if ($mail -> fields['owner'] != $player -> id)
    {
        error (NOT_YOUR);
    }
    $db -> Execute('DELETE FROM `mail` WHERE `id`='.$_GET['kasuj']);
    error (MAIL_DEL.'. (<a href="mail.php">'.A_REFRESH.'</a>)');
}

/**
* Send mail to admin or staff
*/
if (isset ($_GET['send']))
{
    $sid = $db -> Execute('SELECT `id`, `user` FROM `players` WHERE `rank`=\'Admin\' OR `rank`=\'Staff\'');
    $arrid = array();
    $arrname = array();
    $i = 0;
    while (!$sid -> EOF)
    {
        $arrid[$i] = $sid -> fields['id'];
        $arrname[$i] = $sid -> fields['user'];
        $sid -> MoveNext();
        $i++;
    }
    $sid -> Close();
    $smarty -> assign_by_ref ('Send', $_GET['send']);
    $smarty -> assign_by_ref ('Staffid', $arrid);
    $smarty -> assign_by_ref ('Name', $arrname);
    if (isset ($_GET['step']) && $_GET['step'] == 'send')
    {
        if (!ereg("^[1-9][0-9]*$", $_POST['staff']))
        {
            error (ERROR);
        }
        if (!ereg("^[1-9][0-9]*$", $_POST['mid']))
        {
            error (ERROR);
        }
        $arrtest = $db -> Execute('SELECT `id`, `user`, `rank` FROM `players` WHERE `id`='.$_POST['staff']);
        if (!$arrtest -> fields['id'])
        {
            error (NO_PLAYER);
        }
        if ($arrtest -> fields['rank'] != 'Admin' && $arrtest -> fields['rank'] != 'Staff')
        {
            error (NOT_STAFF);
        }
        $arrmessage = $db -> Execute('SELECT * FROM `mail` WHERE `id`='.$_POST['mid']);
        if (!$arrmessage -> fields['id'])
        {
            error (NOT_MAIL);
        }
        if ($arrmessage -> fields['owner'] != $player -> id)
        {
            error (NOT_YOUR);
        }
        $strDate = $db -> DBDate($newdate);
        $db -> Execute('INSERT INTO `log` (`owner`, `log`, `czas`) VALUES('.$arrtest -> fields['id'].',\''.L_PLAYER.'<a href="view.php?view='.$player -> id.'">'.$player -> user.'</a>'.L_ID.$player -> id.SEND_YOU.$arrmessage -> fields['sender'].L_ID.$arrmessage -> fields['senderid'].'.\', '.$strDate.')');
        if (($arrtest -> fields['rank'] == 'Admin' || $arrtest -> fields['rank'] == 'Staff') && ($player -> rank == 'Admin' || $player -> rank == 'Staff'))
        {   // Staff to staff - change only address.
            $db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`, `date`) VALUES(\''.$arrmessage -> fields['sender'].'\','.$arrmessage -> fields['senderid'].','.$arrtest -> fields['id'].',\''.$arrmessage -> fields['subject'].'\',\''.$arrmessage -> fields['body'].'\', '.$strDate.')');
        }
            else
        {   // Normal player to staff - write detailed, helpful info.
            $db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`, `date`) VALUES(\''.$player -> user.'\',\''.$player -> id.'\','.$arrtest -> fields['id'].',\''.M_TITTLE.$arrmessage -> fields['sender'].L_ID.$arrmessage -> fields['senderid'].'\',\''.M_TITLE2.$arrmessage -> fields['subject'].M_DATE.$arrmessage -> fields['date'].M_BODY.$arrmessage -> fields['body'].'\', '.$strDate.')');
        }
        error (YOU_SEND.$arrtest -> fields['user'].'. <a href="mail.php">'.A_REFRESH.'</a>');
    }
}

/**
* Delete, save, mark as read/unread selected messages
*/
if (isset($_GET['step']) && $_GET['step'] == 'mail')
{
    if (!isset($_GET['box']))
    {
        error(ERROR);
    }
    $arrType = array('I', 'W', 'S');
    if (!in_array($_GET['box'], $arrType))
    {
        error(ERROR);
    }
    if ($_GET['box'] == 'I')
    {
        $objMid = $db -> Execute('SELECT `id` FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'N\' AND `send`=0');
    }
    if ($_GET['box'] == 'W')
    {
        $objMid = $db -> Execute('SELECT `id` FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'Y\'');
    }
    if ($_GET['box'] == 'S')
    {
        $objMid = $db -> Execute('SELECT `id` FROM `mail` WHERE `send`!=0 AND `owner`='.$player -> id);
    }
    $arrId = array();
    $i = 0;
    while (!$objMid -> EOF)
    {
        $arrId[$i] = $objMid -> fields['id'];
        $i = $i + 1;
        $objMid -> MoveNext();
    }
    $objMid -> Close();
    foreach ($arrId as $bid)
    {
        if (isset($_POST['delete']))
        {
            if (isset($_POST[$bid]))
            {
                $db -> Execute('DELETE FROM `mail` WHERE `id`='.$bid);
            }
        }
        if (isset($_POST['write']))
        {
            if (isset($_POST[$bid]))
            {
                $db -> Execute('UPDATE `mail` SET `zapis`=\'Y\' WHERE `id`='.$bid);
            }
        }
        if (isset($_POST['read2']))
        {
            if (isset($_POST[$bid]))
            {
                $db -> Execute('UPDATE `mail` SET `unread`=\'T\' WHERE `id`='.$bid);
            }
        }
        if (isset($_POST['unread']))
        {
            if (isset($_POST[$bid]))
            {
                $db -> Execute('UPDATE `mail` SET `unread`=\'F\' WHERE `id`='.$bid);
            }
        }
    }
    if (isset($_POST['delete']))
    {
        error(DELETED);
    }
    if (isset($_POST['write']))
    {
        error(SAVED);
    }
    if (isset($_POST['read2']))
    {
        error(MARK_AS_READ);
    }
    if (isset($_POST['unread']))
    {
        error(MARK_AS_UNREAD);
    }
}

/**
 * Delete old messages
 */
if (isset($_GET['step']) && $_GET['step'] == 'deleteold')
{
    $arrType = array('I', 'W', 'S');
    $arrAmount = array(7, 14, 30);
    if (!in_array($_GET['box'], $arrType) || !in_array($_POST['oldtime'], $arrAmount))
    {
        error(ERROR);
    }
    $arrDate = explode("-", $data);
    $arrDate[0] = date("Y");
    $arrDate[2] = $arrDate[2] - $_POST['oldtime'];
    if ($arrDate[2] < 1)
    {
        $arrDays = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
        $arrDate[1] = $arrDate[1] - 1;
        if ($arrDate[1] == 0)
        {
            $arrDate[1] = 12;
        }
        $intKey = $arrDate[1] - 1;
        $arrDate[2] = $arrDays[$intKey] + $arrDate[2];
    }
    $strDate = implode("-", $arrDate);
    $strDate = $db -> DBDate($strDate);
    if ($_GET['box'] == 'I')
    {
        $db -> Execute('DELETE FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'N\' AND `send`=0 AND `date`<'.$strDate);
    }
    if ($_GET['box'] == 'W')
    {
        $db -> Execute('DELETE FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'Y\' AND `date`<'.$strDate);
    }
    if ($_GET['box'] == 'S')
    {
        $db -> Execute('DELETE FROM `mail` WHERE `send`!=0 AND `owner`='.$player -> id.' AND `date`<'.$strDate);
    }
    error(DELETED2);
}

/**
 * Ban/unban players on mail
 */
if (isset($_GET['block']))
{
    if (!ereg("^[1-9][0-9]*$", $_GET['block']))
    {
        error(ERROR);
    }
    $objPlayer = $db -> Execute('SELECT `id` FROM `players` WHERE `id`='.$_GET['block']);
    if (!$objPlayer -> fields['id'])
    {
        error(NO_PLAYER);
    }
    $objPlayer -> Close();
    $objBan = $db -> Execute('SELECT `id` FROM `ban_mail` WHERE `id`='.$_GET['block'].' AND `owner`='.$player -> id);
    if ($objBan -> fields['id'])
    {
        $db -> Execute('DELETE FROM `ban_mail` WHERE `id`='.$_GET['block'].' AND `owner`='.$player -> id);
        error(YOU_UNBLOCK);
    }
        else
    {
        $db -> Execute('INSERT INTO `ban_mail` (`id`, `owner`) VALUES('.$_GET['block'].', '.$player -> id.')');
        error(YOU_BLOCK);
    }
    $objBan -> Close();
}

/**
 * Blocked list
 */
if (isset($_GET['view']) && $_GET['view'] == 'blocks')
{
    $objBlocked = $db -> Execute('SELECT `id` FROM `ban_mail` WHERE `owner`='.$player -> id);
    $arrId = array(0);
    $arrName = array();
    $i = 0;
    while (!$objBlocked -> EOF)
    {
        $arrId[$i] = $objBlocked -> fields['id'];
        $objName = $db -> Execute('SELECT `user` FROM `players` WHERE `id`='.$objBlocked -> fields['id']);
        $arrName[$i] = $objName -> fields['user'];
        $objBlocked -> MoveNext();
        $i ++;
    }
    $objBlocked -> Close();
    $smarty -> assign_by_ref('Blockid', $arrId);
    $smarty -> assign_by_ref('Blockname', $arrName);
    if (isset($_GET['step']) && $_GET['step'] == 'unblock')
    {
        foreach ($arrId as $bid)
        {
            if (isset($_POST[$bid]))
            {
                $db -> Execute('DELETE FROM `ban_mail` WHERE `id`='.$bid.' AND `owner`='.$player -> id);
            }
        }
        error(YOU_UNBAN);
    }
}

/**
* Initialization of variables
*/
if (!isset($_GET['view']))
{
    $_GET['view'] = '';
}
if (!isset($_GET['read']))
{
    $_GET['read'] = '';
}
if (!isset($_GET['zapisz']))
{
    $_GET['zapisz'] = '';
}
if (!isset($_GET['kasuj']))
{
    $_GET['kasuj'] = '';
}
if (!isset($_GET['send']))
{
    $_GET['send'] = '';
}
if (!isset($_GET['step']))
{
    $_GET['step'] = '';
}
if (!isset($_GET['block']))
{
    $_GET['block'] = '';
}

/**
* Assign variables to template and display page
*/
$smarty -> assign(array('View' => $_GET['view'],
                        'Read' => $_GET['read'],
                        'Write' => $_GET['zapisz'],
                        'Delete' => $_GET['kasuj'],
                        'Send'  => $_GET['send'],
                        'Block' => $_GET['block'],
                        'Step' => $_GET['step']));
$smarty -> display ('mail.tpl');

require_once('includes/foot.php');
?>

1	<?php
2	/**
3	* File functions:
4	* Messages to other players
5	*
6	* @name : mail.php
7	* @copyright : (C) 2004,2005,2006,2007 Vallheru Team based on Gamers-Fusion ver 2.5
8	* @author : thindil <thindil@users.sourceforge.net>
9	* @author : eyescream <tduda@users.sourceforge.net>
10	* @version : 1.4
11	* @since : 25.04.2007
12	*
13	*/
14
15	//
16	//
17	// This program is free software; you can redistribute it and/or modify
18	// it under the terms of the GNU General Public License as published by
19	// the Free Software Foundation; either version 2 of the License, or
20	// (at your option) any later version.
21	//
22	// This program is distributed in the hope that it will be useful,
23	// but WITHOUT ANY WARRANTY; without even the implied warranty of
24	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25	// GNU General Public License for more details.
26	//
27	// You should have received a copy of the GNU General Public License
28	// along with this program; if not, write to the Free Software
29	// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30	//
31	// $Id$
32
33	$title = 'Wiadomości';
34	require_once('includes/head.php');
35
36	/**
37	* Get the localization for game
38	*/
39	require_once('languages/'.$player -> lang.'/mail.php');
40
41	if (!isset($_GET['view']) && !isset($_GET['read']) && !isset($_GET['zapisz']) && !isset($_GET['kasuj']))
42	{
43	$mail = $db -> Execute('SELECT * FROM `mail` WHERE `owner`='.$player -> id.' AND `unread`=\'F\' AND `zapis`=\'N\' AND `send`=0 ORDER BY `id` DESC');
44	$arrsender = array();
45	$arrsenderid = array();
46	$arrsubject = array();
47	$arrid = array();
48	$arrRead = array();
49	$i = 0;
50	while (!$mail -> EOF)
51	{
52	$arrsender[$i] = $mail -> fields['sender'];
53	$arrsenderid[$i] = $mail -> fields['senderid'];
54	$arrsubject[$i] = $mail -> fields['subject'];
55	$arrid[$i] = $mail -> fields['id'];
56	$arrRead[$i] = ($mail -> fields['unread'] == 'F') ? 'Y' : 'N';
57	$mail -> MoveNext();
58	$i++;
59	}
60	$mail -> Close();
61	require_once('includes/bbcode.php');
62	$arrsubject = censorship($arrsubject);
63	$smarty -> assign_by_ref ('Sender', $arrsender);
64	$smarty -> assign_by_ref ('Senderid', $arrsenderid);
65	$smarty -> assign_by_ref ('Subject', $arrsubject);
66	$smarty -> assign_by_ref ('Mailid', $arrid);
67	}
68
69	/**
70	* Mail inbox
71	*/
72	if (isset ($_GET['view']) && $_GET['view'] == 'inbox')
73	{
74	$mail = $db -> Execute('SELECT * FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'N\' AND `send`=0 ORDER BY `id` DESC');
75	$arrsender = array();
76	$arrsenderid = array();
77	$arrsubject = array();
78	$arrid = array();
79	$arrRead = array();
80	$i = 0;
81	while (!$mail -> EOF)
82	{
83	$arrsender[$i] = $mail -> fields['sender'];
84	$arrsenderid[$i] = $mail -> fields['senderid'];
85	$arrsubject[$i] = $mail -> fields['subject'];
86	$arrid[$i] = $mail -> fields['id'];
87	$arrRead[$i] = ($mail -> fields['unread'] == 'F') ? 'Y' : 'N';
88	$mail -> MoveNext();
89	$i++;
90	}
91	$mail -> Close();
92	require_once('includes/bbcode.php');
93	$arrsubject = censorship($arrsubject);
94	$smarty -> assign_by_ref ('Sender', $arrsender);
95	$smarty -> assign_by_ref ('Senderid', $arrsenderid);
96	$smarty -> assign_by_ref ('Subject', $arrsubject);
97	$smarty -> assign_by_ref ('Mailid', $arrid);
98	$smarty -> assign_by_ref ('Mread', $arrRead);
99	if (isset ($_GET['step']) && $_GET['step'] == 'clear')
100	{
101	$db -> Execute('DELETE FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'N\' AND `send`=0');
102	error (MAIL_DEL.'. (<a href="mail.php?view=inbox">'.A_REFRESH.'</a>)');
103	}
104	}
105
106	if (isset ($_GET['view']) && $_GET['view'] == 'zapis')
107	{
108	$mail = $db -> Execute('SELECT * FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'Y\' ORDER BY `id` DESC');
109	$arrsender = array();
110	$arrsenderid = array();
111	$arrsubject = array();
112	$arrid = array();
113	$i = 0;
114	while (!$mail -> EOF)
115	{
116	$arrsender[$i] = $mail -> fields['sender'];
117	$arrsenderid[$i] = $mail -> fields['senderid'];
118	$arrsubject[$i] = $mail -> fields['subject'];
119	$arrid[$i] = $mail -> fields['id'];
120	$mail -> MoveNext();
121	$i++;
122	}
123	$mail -> Close();
124	$smarty -> assign_by_ref ('Sender', $arrsender);
125	$smarty -> assign_by_ref ('Senderid', $arrsenderid);
126	$smarty -> assign_by_ref ('Subject', $arrsubject);
127	$smarty -> assign_by_ref ('Mailid', $arrid);
128	if (isset ($_GET['step']) && $_GET['step'] == 'clear')
129	{
130	$db -> Execute('DELETE FROM `mail` WHERE `owner`='.$player -> id.' AND zapis=\'Y\'');
131	error (MAIL_DEL.'. (<a href=mail.php?view=zapis>'.A_REFRESH.'</a>)');
132	}
133	}
134
135	if (isset ($_GET['view']) && $_GET['view'] == 'send')
136	{
137	$mail = $db -> Execute('SELECT * FROM `mail` WHERE `send`!=0 AND `owner`='.$player -> id.' AND `zapis`=\'N\' ORDER BY `id` DESC');
138	$arrsend = array();
139	$arrsubject = array();
140	$arrid = array();
141	$i = 0;
142	while (!$mail -> EOF)
143	{
144	$arrsend[$i] = $mail -> fields['send'];
145	$arrsubject[$i] = $mail -> fields['subject'];
146	$arrid[$i] = $mail -> fields['id'];
147	$mail -> MoveNext();
148	$i++;
149	}
150	$mail -> Close();
151	$smarty -> assign_by_ref ('Send1', $arrsend);
152	$smarty -> assign_by_ref ('Subject', $arrsubject);
153	$smarty -> assign_by_ref ('Mailid', $arrid);
154	if (isset ($_GET['step']) && $_GET['step'] == 'clear')
155	{
156	$db -> Execute('DELETE FROM `mail` WHERE `send`!=0 AND `owner`='.$player -> id);
157	error (MAIL_DEL.'. (<a href="mail.php?view=send">'.A_REFRESH.'</a>)');
158	}
159	}
160
161	/**
162	* Write new message
163	*/
164	if (isset ($_GET['view']) && $_GET['view'] == 'write')
165	{
166	$objBan = $db -> Execute('SELECT `id` FROM `ban_mail` WHERE `owner`=0 AND `id`='.$player -> id);
167	if ($objBan -> fields['id'])
168	{
169	error(YOU_CANNOT);
170	}
171	$objBan -> Close();
172	if (!isset ($_GET['to']))
173	{
174	$_GET['to'] = '';
175	}
176	if (!isset ($_GET['re']))
177	{
178	$_GET['re'] = '';
179	}
180	$body = '';
181	if (!empty ($_GET['id']))
182	{
183	if (!ereg("^[1-9][0-9]*$", $_GET['id']))
184	{
185	error (ERROR);
186	}
187	$mail = $db -> Execute('SELECT `body`, `owner`, `sender` FROM `mail` WHERE `id`='.$_GET['id']);
188	if ($mail -> fields['owner'] != $player -> id)
189	{
190	error(NOT_YOUR);
191	}
192	require_once('includes/bbcode.php');
193	$postbody = htmltobbcode($mail -> fields['body']);
194	$body = PLAYER.' '.$mail -> fields['sender'].' '.WROTE.' [quote]'.$postbody.'[/quote]';
195	$mail -> Close();
196	}
197	$smarty -> assign_by_ref ('To', $_GET['to']);
198	$smarty -> assign_by_ref ('Reply', $_GET['re']);
199	$smarty -> assign_by_ref ('Body', $body);
200	if (isset ($_GET['step']) && $_GET['step'] == 'send')
201	{
202	if (empty ($_POST['to']) \|\| empty ($_POST['body']))
203	{
204	error (EMPTY_FIELDS);
205	}
206	if (empty ($_POST['subject']))
207	{
208	$_POST['subject'] = 'Brak';
209	}
210	if (!ereg("^[1-9][0-9]*$", $_POST['to']))
211	{
212	error (ERROR.'1');
213	}
214	$rec = $db -> Execute('SELECT `id`, `user` FROM `players` WHERE `id`='.$_POST['to']);
215	if (!$rec -> fields['id'])
216	{
217	error (NO_PLAYER);
218	}
219	if ($_POST['to'] == $player -> id)
220	{
221	error(YOURSELF);
222	}
223	if( $player -> rank != 'Admin' && $player -> rank != 'Staff')
224	{
225	$objBan = $db -> Execute('SELECT `id` FROM `ban_mail` WHERE `owner`='.$_POST['to'].' AND `id`='.$player -> id);
226	if ($objBan -> fields['id'])
227	{
228	error(YOU_CANNOT);
229	}
230	$objBan -> Close();
231	}
232	$_POST['subject'] = strip_tags($_POST['subject']);
233	require_once('includes/bbcode.php');
234	$_POST['body'] = bbcodetohtml($_POST['body']);
235	$strBody = $db -> qstr($_POST['body'], get_magic_quotes_gpc());
236	$strSubject = $db -> qstr($_POST['subject'], get_magic_quotes_gpc());
237	$strDate = $db -> DBDate($newdate);
238	$db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`, `date`) VALUES(\''.$player -> user.'\','.$player -> id.','.$_POST['to'].', '.$strSubject.' , '.$strBody.', '.$strDate.')');
239	$db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`, `send`, `date`) VALUES(\''.$player -> user.'\','.$player -> id.','.$player -> id.', '.$strSubject.', '.$strBody.','.$_POST['to'].', '.$strDate.')');
240	error (YOU_SEND.$rec -> fields['user'].'.');
241	}
242	}
243
244	if (isset ($_GET['read']))
245	{
246	if (!ereg("^[1-9][0-9]*$", $_GET['read']))
247	{
248	error (ERROR);
249	}
250	$mail = $db -> Execute('SELECT * FROM `mail` WHERE id='.$_GET['read']);
251	if (!$mail -> fields['id'])
252	{
253	error (NO_MAIL);
254	}
255	if ($mail -> fields['owner'] != $player -> id)
256	{
257	error (NOT_YOUR);
258	}
259
260	$addreprefix = true;
261	if (strpos ($mail->fields['subject'], REPLY_PREFIX) !== false)
262	{
263	$addreprefix = false;
264	}
265
266	if (isset ($_GET['option']) && $_GET['option'] == 'c')
267	{
268	require_once('includes/bbcode.php');
269	$mail -> fields['body'] = censorship($mail -> fields['body']);
270	}
271	$db -> Execute('UPDATE `mail` SET `unread`=\'T\' WHERE id='.$mail -> fields['id']);
272	$strDay = ($mail -> fields['date']) ? T_DAY.$mail -> fields['date'] : '';
273	$smarty -> assign_by_ref ('Sender', $mail -> fields['sender']);
274	$smarty -> assign_by_ref ('Body', $mail -> fields['body']);
275	$smarty -> assign_by_ref ('Mailid', $mail -> fields['id']);
276	$smarty -> assign_by_ref ('Senderid', $mail -> fields['senderid']);
277	$smarty -> assign_by_ref ('Subject', $mail -> fields['subject']);
278	$smarty -> assign_by_ref ('AddReplyPrefix', $addreprefix);
279	$smarty -> assign_by_ref ('Tday', $strDay);
280	$mail -> Close();
281	}
282
283	if (isset ($_GET['zapisz']))
284	{
285	if (!ereg("^[1-9][0-9]*$", $_GET['zapisz']))
286	{
287	error (ERROR);
288	}
289	$mail = $db -> Execute('SELECT `id`, `owner` FROM `mail` WHERE `id`='.$_GET['zapisz']);
290	if (!$mail -> fields['id'])
291	{
292	error (NO_MAIL);
293	}
294	if ($mail -> fields['owner'] != $player -> id)
295	{
296	error (NOT_YOUR);
297	}
298	$db -> Execute('UPDATE `mail` SET `zapis`=\'Y\' WHERE id='.$_GET['zapisz']);
299	error (MAIL_SAVE.'. (<a href="mail.php">'.A_REFRESH.'</a>)');
300	}
301
302	if (isset ($_GET['kasuj']))
303	{
304	if (!ereg("^[1-9][0-9]*$", $_GET['kasuj']))
305	{
306	error (ERROR);
307	}
308	$mail = $db -> Execute('SELECT `id`, `owner` FROM `mail` WHERE `id`='.$_GET['kasuj']);
309	if (!$mail -> fields['id'])
310	{
311	error (NO_MAIL);
312	}
313	if ($mail -> fields['owner'] != $player -> id)
314	{
315	error (NOT_YOUR);
316	}
317	$db -> Execute('DELETE FROM `mail` WHERE `id`='.$_GET['kasuj']);
318	error (MAIL_DEL.'. (<a href="mail.php">'.A_REFRESH.'</a>)');
319	}
320
321	/**
322	* Send mail to admin or staff
323	*/
324	if (isset ($_GET['send']))
325	{
326	$sid = $db -> Execute('SELECT `id`, `user` FROM `players` WHERE `rank`=\'Admin\' OR `rank`=\'Staff\'');
327	$arrid = array();
328	$arrname = array();
329	$i = 0;
330	while (!$sid -> EOF)
331	{
332	$arrid[$i] = $sid -> fields['id'];
333	$arrname[$i] = $sid -> fields['user'];
334	$sid -> MoveNext();
335	$i++;
336	}
337	$sid -> Close();
338	$smarty -> assign_by_ref ('Send', $_GET['send']);
339	$smarty -> assign_by_ref ('Staffid', $arrid);
340	$smarty -> assign_by_ref ('Name', $arrname);
341	if (isset ($_GET['step']) && $_GET['step'] == 'send')
342	{
343	if (!ereg("^[1-9][0-9]*$", $_POST['staff']))
344	{
345	error (ERROR);
346	}
347	if (!ereg("^[1-9][0-9]*$", $_POST['mid']))
348	{
349	error (ERROR);
350	}
351	$arrtest = $db -> Execute('SELECT `id`, `user`, `rank` FROM `players` WHERE `id`='.$_POST['staff']);
352	if (!$arrtest -> fields['id'])
353	{
354	error (NO_PLAYER);
355	}
356	if ($arrtest -> fields['rank'] != 'Admin' && $arrtest -> fields['rank'] != 'Staff')
357	{
358	error (NOT_STAFF);
359	}
360	$arrmessage = $db -> Execute('SELECT * FROM `mail` WHERE `id`='.$_POST['mid']);
361	if (!$arrmessage -> fields['id'])
362	{
363	error (NOT_MAIL);
364	}
365	if ($arrmessage -> fields['owner'] != $player -> id)
366	{
367	error (NOT_YOUR);
368	}
369	$strDate = $db -> DBDate($newdate);
370	$db -> Execute('INSERT INTO `log` (`owner`, `log`, `czas`) VALUES('.$arrtest -> fields['id'].',\''.L_PLAYER.'<a href="view.php?view='.$player -> id.'">'.$player -> user.'</a>'.L_ID.$player -> id.SEND_YOU.$arrmessage -> fields['sender'].L_ID.$arrmessage -> fields['senderid'].'.\', '.$strDate.')');
371	if (($arrtest -> fields['rank'] == 'Admin' \|\| $arrtest -> fields['rank'] == 'Staff') && ($player -> rank == 'Admin' \|\| $player -> rank == 'Staff'))
372	{ // Staff to staff - change only address.
373	$db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`, `date`) VALUES(\''.$arrmessage -> fields['sender'].'\','.$arrmessage -> fields['senderid'].','.$arrtest -> fields['id'].',\''.$arrmessage -> fields['subject'].'\',\''.$arrmessage -> fields['body'].'\', '.$strDate.')');
374	}
375	else
376	{ // Normal player to staff - write detailed, helpful info.
377	$db -> Execute('INSERT INTO `mail` (`sender`, `senderid`, `owner`, `subject`, `body`, `date`) VALUES(\''.$player -> user.'\',\''.$player -> id.'\','.$arrtest -> fields['id'].',\''.M_TITTLE.$arrmessage -> fields['sender'].L_ID.$arrmessage -> fields['senderid'].'\',\''.M_TITLE2.$arrmessage -> fields['subject'].M_DATE.$arrmessage -> fields['date'].M_BODY.$arrmessage -> fields['body'].'\', '.$strDate.')');
378	}
379	error (YOU_SEND.$arrtest -> fields['user'].'. <a href="mail.php">'.A_REFRESH.'</a>');
380	}
381	}
382
383	/**
384	* Delete, save, mark as read/unread selected messages
385	*/
386	if (isset($_GET['step']) && $_GET['step'] == 'mail')
387	{
388	if (!isset($_GET['box']))
389	{
390	error(ERROR);
391	}
392	$arrType = array('I', 'W', 'S');
393	if (!in_array($_GET['box'], $arrType))
394	{
395	error(ERROR);
396	}
397	if ($_GET['box'] == 'I')
398	{
399	$objMid = $db -> Execute('SELECT `id` FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'N\' AND `send`=0');
400	}
401	if ($_GET['box'] == 'W')
402	{
403	$objMid = $db -> Execute('SELECT `id` FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'Y\'');
404	}
405	if ($_GET['box'] == 'S')
406	{
407	$objMid = $db -> Execute('SELECT `id` FROM `mail` WHERE `send`!=0 AND `owner`='.$player -> id);
408	}
409	$arrId = array();
410	$i = 0;
411	while (!$objMid -> EOF)
412	{
413	$arrId[$i] = $objMid -> fields['id'];
414	$i = $i + 1;
415	$objMid -> MoveNext();
416	}
417	$objMid -> Close();
418	foreach ($arrId as $bid)
419	{
420	if (isset($_POST['delete']))
421	{
422	if (isset($_POST[$bid]))
423	{
424	$db -> Execute('DELETE FROM `mail` WHERE `id`='.$bid);
425	}
426	}
427	if (isset($_POST['write']))
428	{
429	if (isset($_POST[$bid]))
430	{
431	$db -> Execute('UPDATE `mail` SET `zapis`=\'Y\' WHERE `id`='.$bid);
432	}
433	}
434	if (isset($_POST['read2']))
435	{
436	if (isset($_POST[$bid]))
437	{
438	$db -> Execute('UPDATE `mail` SET `unread`=\'T\' WHERE `id`='.$bid);
439	}
440	}
441	if (isset($_POST['unread']))
442	{
443	if (isset($_POST[$bid]))
444	{
445	$db -> Execute('UPDATE `mail` SET `unread`=\'F\' WHERE `id`='.$bid);
446	}
447	}
448	}
449	if (isset($_POST['delete']))
450	{
451	error(DELETED);
452	}
453	if (isset($_POST['write']))
454	{
455	error(SAVED);
456	}
457	if (isset($_POST['read2']))
458	{
459	error(MARK_AS_READ);
460	}
461	if (isset($_POST['unread']))
462	{
463	error(MARK_AS_UNREAD);
464	}
465	}
466
467	/**
468	* Delete old messages
469	*/
470	if (isset($_GET['step']) && $_GET['step'] == 'deleteold')
471	{
472	$arrType = array('I', 'W', 'S');
473	$arrAmount = array(7, 14, 30);
474	if (!in_array($_GET['box'], $arrType) \|\| !in_array($_POST['oldtime'], $arrAmount))
475	{
476	error(ERROR);
477	}
478	$arrDate = explode("-", $data);
479	$arrDate[0] = date("Y");
480	$arrDate[2] = $arrDate[2] - $_POST['oldtime'];
481	if ($arrDate[2] < 1)
482	{
483	$arrDays = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
484	$arrDate[1] = $arrDate[1] - 1;
485	if ($arrDate[1] == 0)
486	{
487	$arrDate[1] = 12;
488	}
489	$intKey = $arrDate[1] - 1;
490	$arrDate[2] = $arrDays[$intKey] + $arrDate[2];
491	}
492	$strDate = implode("-", $arrDate);
493	$strDate = $db -> DBDate($strDate);
494	if ($_GET['box'] == 'I')
495	{
496	$db -> Execute('DELETE FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'N\' AND `send`=0 AND `date`<'.$strDate);
497	}
498	if ($_GET['box'] == 'W')
499	{
500	$db -> Execute('DELETE FROM `mail` WHERE `owner`='.$player -> id.' AND `zapis`=\'Y\' AND `date`<'.$strDate);
501	}
502	if ($_GET['box'] == 'S')
503	{
504	$db -> Execute('DELETE FROM `mail` WHERE `send`!=0 AND `owner`='.$player -> id.' AND `date`<'.$strDate);
505	}
506	error(DELETED2);
507	}
508
509	/**
510	* Ban/unban players on mail
511	*/
512	if (isset($_GET['block']))
513	{
514	if (!ereg("^[1-9][0-9]*$", $_GET['block']))
515	{
516	error(ERROR);
517	}
518	$objPlayer = $db -> Execute('SELECT `id` FROM `players` WHERE `id`='.$_GET['block']);
519	if (!$objPlayer -> fields['id'])
520	{
521	error(NO_PLAYER);
522	}
523	$objPlayer -> Close();
524	$objBan = $db -> Execute('SELECT `id` FROM `ban_mail` WHERE `id`='.$_GET['block'].' AND `owner`='.$player -> id);
525	if ($objBan -> fields['id'])
526	{
527	$db -> Execute('DELETE FROM `ban_mail` WHERE `id`='.$_GET['block'].' AND `owner`='.$player -> id);
528	error(YOU_UNBLOCK);
529	}
530	else
531	{
532	$db -> Execute('INSERT INTO `ban_mail` (`id`, `owner`) VALUES('.$_GET['block'].', '.$player -> id.')');
533	error(YOU_BLOCK);
534	}
535	$objBan -> Close();
536	}
537
538	/**
539	* Blocked list
540	*/
541	if (isset($_GET['view']) && $_GET['view'] == 'blocks')
542	{
543	$objBlocked = $db -> Execute('SELECT `id` FROM `ban_mail` WHERE `owner`='.$player -> id);
544	$arrId = array(0);
545	$arrName = array();
546	$i = 0;
547	while (!$objBlocked -> EOF)
548	{
549	$arrId[$i] = $objBlocked -> fields['id'];
550	$objName = $db -> Execute('SELECT `user` FROM `players` WHERE `id`='.$objBlocked -> fields['id']);
551	$arrName[$i] = $objName -> fields['user'];
552	$objBlocked -> MoveNext();
553	$i ++;
554	}
555	$objBlocked -> Close();
556	$smarty -> assign_by_ref('Blockid', $arrId);
557	$smarty -> assign_by_ref('Blockname', $arrName);
558	if (isset($_GET['step']) && $_GET['step'] == 'unblock')
559	{
560	foreach ($arrId as $bid)
561	{
562	if (isset($_POST[$bid]))
563	{
564	$db -> Execute('DELETE FROM `ban_mail` WHERE `id`='.$bid.' AND `owner`='.$player -> id);
565	}
566	}
567	error(YOU_UNBAN);
568	}
569	}
570
571	/**
572	* Initialization of variables
573	*/
574	if (!isset($_GET['view']))
575	{
576	$_GET['view'] = '';
577	}
578	if (!isset($_GET['read']))
579	{
580	$_GET['read'] = '';
581	}
582	if (!isset($_GET['zapisz']))
583	{
584	$_GET['zapisz'] = '';
585	}
586	if (!isset($_GET['kasuj']))
587	{
588	$_GET['kasuj'] = '';
589	}
590	if (!isset($_GET['send']))
591	{
592	$_GET['send'] = '';
593	}
594	if (!isset($_GET['step']))
595	{
596	$_GET['step'] = '';
597	}
598	if (!isset($_GET['block']))
599	{
600	$_GET['block'] = '';
601	}
602
603	/**
604	* Assign variables to template and display page
605	*/
606	$smarty -> assign(array('View' => $_GET['view'],
607	'Read' => $_GET['read'],
608	'Write' => $_GET['zapisz'],
609	'Delete' => $_GET['kasuj'],
610	'Send' => $_GET['send'],
611	'Block' => $_GET['block'],
612	'Step' => $_GET['step']));
613	$smarty -> display ('mail.tpl');
614
615	require_once('includes/foot.php');
616	?>

Gitorious