group_check.php
<?php
session_start();
require ('config.php');
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
$query = "SELECT group1 FROM $table_name WHERE username = '$_SESSION[user_name]'";
$result = mysql_query($query);
$group_check = mysql_fetch_assoc($result);
?>
test.php what I'm trying to do starts on line 85
<?php
require ('check/group_check.php');
$user = $_SESSION['user_name'];
include 'db.php';
if(!$user)
{
echo "<br><p>Error: Not logged in</p><br>";
}
else
{
$sql = mysql_query ("SELECT pm_count FROM authorize WHERE username='$user'");
$row = mysql_fetch_array ($sql);
$pm_count = $row['pm_count'];
//This is the math to figure out the percentage.
//Will edit for admin later
$percent = $pm_count/'50';
$percent = $percent * '100';
?>
<br>
<center>
<b><p><a href="index.php">Inbox</a> | <a href="compose.php">Compose</a> | <a href="sent.php">Sentbox</a></b>
<b><p><?php echo "$pm_count"." of 50 Total | "."$percent"."% full"; ?></p></b>
</center>
<br>
<?php
$reciever = $_POST['username'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$error = '0';
if(!$reciever AND !$subject AND !$message)
{
?>
<p><b>Please compose a message.</b></p>
<br>
<?php
}
{
if (!$reciever)
{
$error = 'You must enter a reciever to your message';
}
if (!$subject)
{
$error = 'You must enter a subject';
}
if (!$message)
{
$error = 'You must enter a message';
}
if($error != '0')
{
echo "<p>$error</p><br>";
}
{
$user_check = mysql_query("SELECT username FROM authorize WHERE username='$reciever'");
$user_check = mysql_num_rows($user_check);
if($user_check > '0')
{
$time = $_SESSION['time'];
if($time > '0')
{
$old_time = $time;
}
$time = date('is');
$difference = $time - $old_time;
$_SESSION['time'] = $time;
if($difference >= '15')
{
$sql = mysql_query ("SELECT pm_count FROM authorize WHERE username='$reciever'");
$row = mysql_fetch_array ($sql);
$pm_count = $row['pm_count'];
if ($group_check == "Administrators") {
if($pm_count == '50000')
{
$error = 'The user you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.';
}
}
else if($group_check == "Users") {
if($pm_count == '50') {
$error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.';
}
}
else
{
mysql_query("INSERT INTO messages (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error());
$pm_count++;
mysql_query("UPDATE authorize SET pm_count='$pm_count' WHERE username='$reciever'");
}
echo "<p><b>You have successfully sent a private message!</b></p><br>";
}
else
{
$error = 'You must wait 15 seconds before sending another private message';
}
}
{
$error = 'That username does not exist, please try again. Remember to check your spelling.';
}
}
}
if($error != '0')
{
echo "<p>$error</p><br>";
}
else
{
?>
<form name="send" method="post" action="test.php">
<table width="80%">
<tr>
<td width="150px" align="left" valign="top"><p>Username</p></td>
<td width="" align="left" valign="top"><input name="username" type="text" id="username" value="<?php echo "$reciever"; ?>"></td>
</tr>
<tr>
<td width="150px" align="left" valign="top"><p>Subject</p></td>
<td width="" align="left" valign="top"><input name="subject" type="text" id="subject" value="<?php echo "$subject"; ?>"></td>
</tr>
<tr>
<td width="150px" align="left" valign="top"><p>Message Body</p></td>
<td width="" align="left" valign="top"><textarea name="message" type="text" id="message" value="" cols="50" rows="10"></textarea></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="Submit" value="Send Message"></td>
</tr>
</table>
</center>
</form>
<?php
}
}
?>
