<%@LANGUAGE="VBSCRIPT"%>
<%
'===============================================
' Personals System 2002					
' Š2002 vSpin.net. www.vspin.net
'===============================================
' All rights reserved.							
' Use of this code is covered by the terms and	
' conditions in the license agreement. No		
' unauthorized duplication or distribution is	
' permitted. vSpin.net copyright notices must	
' remain in the ASP sections of the code.		
'===============================================
%>
<!--#include file="config.asp"-->
<!--#include file="connection/cookie.asp"-->
<%
' *** Restrict Access To Page: Grant or deny access to this page
Dim MM_authorizedUsers, MM_authFailedURL, MM_grantAccess
MM_authorizedUsers="user,admin"
MM_authFailedURL="login.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
  If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
    MM_grantAccess = true
  End If
End If
If Not MM_grantAccess Then
  MM_qsChar = "?"
  If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
  MM_referrer = Request.ServerVariables("URL")
  if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
  MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
  Response.Redirect(MM_authFailedURL)
End If
%>
<%
dim xxxxm, rsheadUpdatee, rsheadUpdatee_numRows
Dim rsVerifyMember, rsVerifyMember_numRows, user, subj, rsAd, rsAd_numRows, field1, field2, field3, field4, field5, rsignores, rsignores_numRows, Conn, pos, sql1

Function sqlsafe(s) 
pos = InStr(s, "'")
      While pos > 0
           s = Mid(s, 1, pos) & "'" & Mid(s, pos + 1)
           pos = InStr(pos + 2, s, "'")
      Wend
sqlsafe=s
End Function

Dim rsVerifyMember__MMColParam
rsVerifyMember__MMColParam = "1"
if (Request.Form("user") <> "") then rsVerifyMember__MMColParam = Request.Form("user")
%>
<%
set rsVerifyMember = Server.CreateObject("ADODB.Recordset")
rsVerifyMember.ActiveConnection = MM_conn_STRING
rsVerifyMember.Source = "SELECT p_user, p_email, p_first, p_last, p_ban FROM p_users WHERE p_user = '" + Replace(rsVerifyMember__MMColParam, "'", "''") + "'"
rsVerifyMember.CursorType = 0
rsVerifyMember.CursorLocation = 2
rsVerifyMember.LockType = 3
rsVerifyMember.Open()
rsVerifyMember_numRows = 0

 user = Request.Querystring("user")
 subj = Request.Querystring("subj")
 If NOT rsVerifyMember.EOF And NOT rsVerifyMember.BOF then
 p_ban= rsVerifyMember("p_ban")
end if

If (CStr(Request("MM_insert")) <> "") Then

If request("subject") = "" then
message=49
elseIf request("mess") = "" then
message=50
elseIf rsVerifyMember.EOF And rsVerifyMember.BOF AND request("user") <> "Administration" Then
writeno="y"

elseIf NOT rsVerifyMember.EOF And NOT rsVerifyMember.BOF AND NOT p_ban = "" Then
rsVerifyMember.close
set rsVerifyMember = nothing
MM_conn_STRING.close
set MM_conn_STRING = nothing
response.redirect("write.asp?message=44")
elseIf NOT rsVerifyMember.EOF And NOT rsVerifyMember.BOF Or request("user") = "Administration" Then

if request.form("a") = "true" AND rsSession("p_access") = "admin" OR rsSession("p_access") = "admin2" Then
		field1 = "Administration"
else
		field1 = rsSession("p_user")
end if
		field2 = request.form("user")
		field3 = request.form("mess")
		field4 = request.form("subject")
		field5 = request.form("inclu")

		 set rsignores = Server.CreateObject("ADODB.Recordset")
rsignores.ActiveConnection = MM_conn_STRING
rsignores.Source = "SELECT p_user, p_ignore FROM p_ignores WHERE p_user = '" + Replace(field2, "'", "''") + "' AND p_ignore = '" + Replace(field1, "'", "''") + "'"
rsignores.CursorType = 0
rsignores.CursorLocation = 2
rsignores.LockType = 3
rsignores.Open()
rsignores_numRows = 0

If NOT rsignores.EOF And NOT rsignores.BOF then
rsVerifyMember.close
set rsVerifyMember = nothing
MM_conn_STRING.close
set MM_conn_STRING = nothing
rsignores.close
set rsignores = nothing
response.redirect("default.asp?message=1")
end if

		Set Conn = Server.CreateObject("ADODB.Connection")
		Conn.Open MM_conn_STRING
			sql1 = "insert into p_messages (field1,field2,field3,field4,field5) values('"& field1 & "','"& field2 & "','"& sqlsafe(field3) & "','"& sqlsafe(field4) & "','"& field5 & "')"
			conn.execute(sql1)

                        If NOT request("user") = "Administration" Then
                        uemail = rsVerifyMember("p_email")
                        ufirst = rsVerifyMember("p_first")
                        ulast = rsVerifyMember("p_last")

            body = "Hello " & ufirst  & (" ") & ulast  & vbCrLf & vbCrLf
   			body = body & "You have received a new message. You can use the link below to login (if not already). After you are logged in click the Read Messages link to read your new message. " & vbCrLf & vbCrLf
   			body = body & weburl & "login.asp" & vbCrLf

Dim objCDO, objConfig
set objCDO = createobject("cdo.message")
set objConfig = createobject("cdo.configuration")

' Setting the SMTP Server
Set Flds = objConfig.Fields
Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.abac.com"
Flds.update

Set objCDO.Configuration = objConfig
objCDO.To = uemail
objCDO.From = webemail
objCDO.Subject = "You have Received a New Message!"
objCDO.TextBody = body 
objCDO.fields.update
objCDO.Send

set objCDO = nothing
set objConfig = nothing

			conn.close
			set conn = nothing
			rsVerifyMember.close
            set rsVerifyMember = nothing

                        End If
if request.form("a") = "true" AND rsSession("p_access") = "admin" OR rsSession("p_access") = "admin2" AND request("subject") = "Warning from Administration" Then
            MM_conn_STRING.close
            set MM_conn_STRING = nothing
			response.redirect("admin.asp?mode=ban&message=1")
elseif request.form("a") = "true" AND rsSession("p_access") = "admin" OR rsSession("p_access") = "admin2" Then
            MM_conn_STRING.close
            set MM_conn_STRING = nothing
			response.redirect("admin.asp?mode=reports&message=1")
else
            MM_conn_STRING.close
            set MM_conn_STRING = nothing
			response.redirect("default.asp?message=1")
end if

End if
End If
%>

<%

if request("a") = "true" AND rsSession("p_access") = "admin" OR rsSession("p_access") = "admin2" Then
rsAd__MMColParam = "Administration"
else
Dim rsAd__MMColParam
rsAd__MMColParam = "1"
if (Session("MM_Username") <> "") then rsAd__MMColParam = Session("MM_Username")
end if

set rsAd = Server.CreateObject("ADODB.Recordset")
rsAd.ActiveConnection = MM_conn_STRING
rsAd.Source = "SELECT p_user, p_active FROM p_ads WHERE p_user = '" + Replace(rsAd__MMColParam, "'", "''") + "'"
rsAd.CursorType = 0
rsAd.CursorLocation = 2
rsAd.LockType = 3
rsAd.Open()
rsAd_numRows = 0
%>
<!--#include file="header.asp"-->
<SCRIPT LANGUAGE="JavaScript">

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
   var submitcount=0;
   function checkSubmit() {

      if (submitcount == 0)
      {
      submitcount++;
      document.Surv.submit();
      }
   }

function textCounter(field, countfield, maxlimit) {
  if (field.value.length > maxlimit)
      {field.value = field.value.substring(0, maxlimit);}
      else
      {countfield.value = maxlimit - field.value.length;}
  }
//  End -->
</script>
<form name="form16" method="POST" action="write.asp"> 
          <table border="0" cellpadding="0" cellspacing="0" width="617">
            <tr>
              <td height="40">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0">&nbsp;<font size="3" color="#717070"><b>Write Message</b></font>
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
				<td height="40" align="right"><a href="advice.asp"><img border="0" src="images/advice.gif" width="120" height="19"></a></td>
								<td width="20" height="40">&nbsp;&nbsp;</td>
            </tr>
			</table>
		       <table border="0" cellpadding="0" cellspacing="0" width="617">
            <tr>
              <td colspan="5" background="images/horzline.gif" height="1">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><img border="0" src="images/horzline.gif" width="3" height="1"></td>
            </tr>
<% if request("a") = "true" then %>
            <tr>
              <td width="5" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>             
              <td width="64" align="right" height="30" colspan="2">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><b><font face="Arial" size="2">From:&nbsp;</font></b></td>
              <td width="438" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><font face="Arial" size="2">Administration</font></td>
              <td width="110" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
            </tr>
<% end if %>
	<% if not user = "" then %>
            <tr>
              <td width="5" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>             
              <td width="64" align="right" height="30" colspan="2">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><b><font face="Arial" size="2">To:&nbsp;</font></b></td>
              <td width="438" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0">
                <input type="text" class="fields" maxlength="14" name="user" value="<%= user %>" size="20"></td>
              <td width="110" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
            </tr>
	<% elseif user = "" then %>
            <tr>
              <td width="5" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>             
              <td width="64" align="right" height="30" colspan="2">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><b><font face="Arial" size="2">To:&nbsp;</font></b></td>
              <td width="438" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0">
                <input type="text" class="fields" name="user" value="<% = request.form("user") %>" size="20"></td>
              <td width="110" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
            </tr>

	<% end if %>
	<% if not subj = "" then %>
    <input type="hidden" name="subject" value="<%= subj %>">
            <tr>
              <td width="5" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
              <td width="64" align="right" height="30" colspan="2">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><b><font face="Arial" size="2">Subject:&nbsp;</font></b></td>
              <td width="438" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><font face="Arial" size="2"><%= subj %></font></td>
              <td width="110" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
            </tr>
	<% elseif subj = "" then %>
            <tr>
              <td width="5" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
              <td width="64" align="right" height="30" colspan="2">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><b><font face="Arial" size="2">Subject:&nbsp;</font></b></td>
              <td width="438" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0">
                <input type="text" class="fields" name="subject" maxlength="50" value="<% = request.form("subject") %>" size="20"><font face="Arial" size="1" color="#717070">&nbsp;(50 characters max)</font></td>
              <td width="110" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
            </tr>
	<% end if %>

            <tr>
              <td width="5" rowspan="2">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
              <td width="64" align="right" height="30" colspan="2">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><b><font face="Arial" size="2">Message:&nbsp;</font></b></td>
              <td width="438" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><font face="Arial" size="1" color="#717070">(2000 characters max)</font></td>
              <td width="110" rowspan="2">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
            </tr>
            <tr>
              <td width="502" colspan="3">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><textarea class="fields" name="mess" cols="80" rows="9" wrap="hard" onKeyDown="textCounter(this.form.mess,this.form.remLentext,2000);" onKeyUp="textCounter(this.form.mess,this.form.remLentext,2000);"><% = request.form("mess") %></textarea><br>
                <font face="Arial" size="1">Characters remaining: </font><input type=box readonly class="fields" name=remLentext size=3 value=2000>
                </td>
            </tr>
            <tr>
              <td colspan="5" background="images/horzline.gif" height="1">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><img border="0" src="images/horzline.gif" width="3" height="1"></td>
            </tr>
  <% If Not rsAd.EOF Or Not rsAd.BOF Then %>
  <% if rsAd("p_active")=1 then %>
  <% else %>
            <tr>
              <td width="5">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
              <td width="502" colspan="3" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><input type="checkbox" name="inclu" value="y"  <% if request.form("inclu") ="y" then %>checked<% end if %>>
                <font face="Arial" size="2">Click here to include your 
    personals ad with the message.</font></td>
              <td width="110">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
            </tr>
            <tr>
              <td colspan="5" background="images/horzline.gif" height="1">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"><img border="0" src="images/horzline.gif" width="3" height="1"></td>
            </tr>
  <% end if %>
  <% End If ' end Not rsAd.EOF Or NOT rsAd.BOF %>
            <tr>
              <td width="3" height="30">
                </td>
              <td width="64" height="30">
                </td>
              <td colspan="2" align="right" width="438" height="30">
              <br><font size="1">Although all messages are sent, any user that may<br>have ignored you will not receive this message.</font><br><br><input type="submit" name="Submit" class="fields" value="Send Message">
<input type="hidden" name="a" value="<% = request("a") %>">
<input type="hidden" name="MM_insert" value="true">
              </td>
              <td width="110" height="30">
                <p style="word-spacing: 0; margin-top: 0; margin-bottom: 0"></td>
            </tr>
          </table>
</form>
<!--#include file="footer.asp"-->
<%
rsAd.close
set rsad = nothing
MM_conn_STRING.close
set MM_conn_STRING = nothing
%>