Location: PHPKode > projects > ACollab > inbox/send_message.php
<?php
/****************************************************************************************/
/* ACollab                                                                              */
/****************************************************************************************/
/* Copyright (c) 2002-2004  Adaptive Technology Resource Centre / University of Toronto */
/*                                                                                      */
/* http://atutor.ca/acollab                                                             */
/*                                                                                      */
/* This program is free software. You may redistribute it and/or                        */
/* modify it under the terms of the GNU General Public License                          */
/* as published by the Free Software Foundation; either version 2 of the License,       */
/* or (at your option) any later version.                                               */
/*                                                                                      */
/* This program is distributed in the hope that it will be useful, but                  */
/* WITHOUT ANY WARRANTY; without even the implied warranty of                           */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                                 */
/* See the GNU General Public License for more details.                                 */
/*                                                                                      */
/* You may access the GNU General Public License at:                                    */
/* http://www.opensource.org/licenses/gpl-license.php                                   */
/*                                                                                      */
/* You may contact the Adaptive Technology Resource Centre at                           */
/* Robarts Library, University of Toronto                                               */
/* 130 St. George Street, Toronto, Ontario, Canada M5S 1A5                              */
/* Further contact information is available at http://www.utoronto.ca/atrc/             */
/****************************************************************************************/
/* Programmer:                                                                          */
/* Joel Kronenberg - ATRC                                                               */
/****************************************************************************************/
// $Id: send_message.php 467 2005-03-10 15:13:02Z shozubq $

define('AC_INCLUDE_PATH', '../include/');

require(AC_INCLUDE_PATH.'vitals.inc.php');
authenticate(USER_CLIENT, USER_GROUP_ADMIN, USER_ADMIN);

if (isset($_POST['cancel'])) {
	header('Location: index.php');
	exit;
}

$_SECTION[0][0] = _AC('home');
$_SECTION[0][1] = 'home.php';
$_SECTION[1][0] = _AC('inbox');
$_SECTION[1][1] = 'inbox/';
$_SECTION[2][0] = _AC('send_message');
$_SECTION[2][1] = 'inbox/';


if (isset($_POST['submit']) || isset($_POST['submit_delete'])) {
	$_POST['subject'] = str_replace('<', '&lt;', $_POST['subject']);
	$_POST['message'] = str_replace('<', '&lt;', $_POST['message']);

	if ($_POST['message'] == '') {
		$errors[] = E_MSG_BODY_EMPTY;
	}

	if (!is_array($_POST['to']) || ($_POST['to'][0] == '')) {
		 $errors[] = E_MSG_NO_RECIPIENT;
	}

	if (!isset($errors)) {
		$_POST['subject'] = $addslashes($_POST['subject']);
		$_POST['message'] = $addslashes($_POST['message']);

		if ($_POST['subject'] == '') {
			$_POST['subject'] = '&lt; '._AC('no_subject').' &gt;';
		}

		$my_group = get_group($_SESSION['group_id']); 

		$_POST['subject'] = "[".addslashes($my_group['title'])."] ".$_POST['subject'];
	
		if (is_array($_POST['to'])) {
			$num_to = count($_POST['to']);
			$sql = 'INSERT INTO '.TABLE_PREFIX.'messages VALUES ';
			for($i=0; $i<$num_to; $i++) {
				$sql .= "(0, $_SESSION[group_id], $_SESSION[member_id], ".$_POST['to'][$i].", NOW(), 1, 0, '$_POST[subject]', '$_POST[message]'),";
			}
			$sql = substr($sql, 0, -1);
		} else {
			$sql = "INSERT INTO ".TABLE_PREFIX."messages VALUES (0, $_SESSION[group_id], $_SESSION[member_id], $_POST[to], NOW(), 1, 0, '$_POST[subject]', '$_POST[message]')";
		}
		mysql_query($sql,$db);
		$f = F_MSG_SENT;
		
		if ($_POST['replied'] != '') {
			mysql_query("UPDATE ".TABLE_PREFIX."messages SET replied=1 WHERE message_id=$_POST[replied]",$db);
		}

		if ($_POST['submit_delete']) {
			$result = mysql_query("DELETE FROM ".TABLE_PREFIX."messages WHERE message_id=$_POST[replied] AND to_member_id=$_SESSION[member_id]",$db);
			$f = F_MSG_SENT_DELETE;
		}

		header('Location: index.php?f='.$f);
		exit;
	}
}


if ($_GET['reply'] != '') {
	$onload = 'onload="document.form.body.focus()"';
} else if (!isset($_GET['l'])){
	$onload = 'onload="document.form.to.focus()"';
}

require(AC_INCLUDE_PATH.'header.inc.php');

if (isset($errors)) {
	print_errors($errors);
}

if ($_GET['reply'] != '') {
	if ($_GET['id']) {
		$reply_to	= intval($_GET['id']);
	}
	else {
		$_GET['reply'] = intval($_GET['reply']);

		// get the member_id of the sender
		$sql = "SELECT from_member_id,subject,body FROM ".TABLE_PREFIX."messages WHERE message_id=$_GET[reply] AND to_member_id=$_SESSION[member_id]";
		$result = mysql_query($sql,$db);
		if ($row = mysql_fetch_assoc($result)) {
			$reply_to	= $row['from_member_id'];
			$subject	= $row['subject'];
			$body		= $row['body'];
		}
	}
}

if (isset($_GET['l'])) {
	$reply_to = intval($_GET['l']);
}

?>
<br />
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form">
	<input type="hidden" name="replied" value="<?php echo $_GET['reply']; ?>" />
	<table border="0" cellspacing="0" cellpadding="2" align="center" class="box2">
	<tr>
		<th colspan="4" class="box"><h3><?php echo _AC('send_message'); ?></h3></th>
	</tr>
	<tr>
		<td colspan="4" class="row1"><img src="images/clr.gif" height="1" width="1" alt="" /><br /><?php
			echo _AC('denotes_required', '<img src="images/required.gif" height="14" width="14" alt="'._AC('required_field').'" />');
		?><br /></td>
	</tr>
	<tr bgcolor="white">
		<td class="row1" align="right" valign="top"><b><label for="to"><?php echo _AC('recipient'); ?>:</label></b></td>
		<td class="row1" valign="top"><img src="images/required.gif" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" class="img" /></td>
		<td class="row1" valign="top"><?php

			if (($_GET['reply'] == '') && (!isset($reply_to))) {
				echo _AC('only_group_members').'<br />'._AC('use_ctrl_mass_mail').'<br />';

				if (authenticate(USER_ADMIN, USER_RETURN_CHECK)) {
					$sql	= "SELECT M.* FROM ".MEMBERS_TABLE_PREFIX."members M WHERE M.member_id<>$_SESSION[member_id]";					
					if (!defined('AT_PATH') || !AT_PATH) {
						$sql .= " AND M.eusa<>'0000-00-00'";
					}
					$sql .= " ORDER BY M.login";
				} else if ($_SESSION['course_id']) {
					$sql	= "SELECT DISTINCT M.login, M.member_id, M.status, G.privileges FROM ".MEMBERS_TABLE_PREFIX."members M, ".TABLE_PREFIX."groups_members G WHERE ((G.group_id=$_SESSION[group_id] AND M.member_id=G.member_id AND M.member_id<>$_SESSION[member_id]) OR M.status=".USER_ADMIN.")";
					if (defined('EUSA') && EUSA) {
						$sql .= " AND M.eusa<>'0000-00-00'";
					}
					$sql .= "GROUP BY M.login ORDER BY M.login";
				} else {
					$sql = "SELECT DISTINCT M.login, M.member_id, G.privileges FROM ".TABLE_PREFIX."groups_members G INNER JOIN ".TABLE_PREFIX."members M USING(member_id) WHERE G.group_id=$_SESSION[group_id]";

					if (defined('EUSA') && EUSA) {
						$sql .= " AND M.eusa<>'0000-00-00'";
					}
					$sql .= " ORDER BY M.login";
				}

				$result = mysql_query($sql, $db);
				$row	= mysql_fetch_assoc($result);
				echo '<select class="formfield" multiple="multiple" name="to[]" size="'.min(4, mysql_num_rows($result)).'" id="to" onfocus="this.className=\'input highlight\'" onblur="this.className=\'input\'">';
				do {
					$name = str_replace('<','&lt;',$row['login']);
					echo '<option value="'.$row['member_id'].'"';
					if ($reply_to == $row['member_id']){
						echo ' selected="selected"';
					}
					if ($log == $name){
						echo ' selected="selected"';
					}
					echo '>'.$name;
					if ($row['status'] == USER_ADMIN) {
						echo ' ('._AC('admin').')';
					} else if ($row['privileges'] == USER_GROUP_ADMIN) {
						echo ' ('._AC('group_admin').')';
					}
					echo '</option>';
				} while ($row = mysql_fetch_assoc($result));
				echo '</select>';
			} else {
				echo '<strong>'.get_login($reply_to).'</strong>';
				echo '<input type="hidden" name="to[]" value="'.$reply_to.'" />';
			}
		?></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr bgcolor="white">
		<td class="row1" align="right"><b><label for="subject"><?php echo _AC('subject'); ?>:</label></b></td>
		<td class="row1">&nbsp;</td>
		<td class="row1"><input class="input" type="text" name="subject" id="subject" value="<?php
			if (($subject != '') && ($_POST['subject'] == '')) {
				if (!(substr($subject, 0, 2) == 'Re')) {
					$subject = '&gt; '.$subject;
				}
				echo $subject;
			} else {
				echo $_POST['subject'];
			}
			?>" size="40" maxlength="100" onfocus="this.className='input highlight'" onblur="this.className='input'" /></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr bgcolor="white">
		<td class="row1" align="right" valign="top"><b><label for="body"><?php echo _AC('message'); ?>:</label></b></td>
		<td class="row1" valign="top"><img src="images/required.gif" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" class="img" /></td>
		<td class="row1"><textarea class="input" name="message" id="body" rows="10" cols="55" onfocus="this.className='input highlight'" onblur="this.className='input'"><?php
		if ($body != '') {
			if (strlen($body) > 400){
				$body = substr($body,0,400);
				$pos = strrpos($body,' ');
				$body = substr($body,0,$pos);
				$body .= ' ...';
			}
			$body  = "\n\n\n"._AC('in_reply_to').":\n".$body;
			echo $body;
		} else {
			echo $_POST['message'];
		}
		?></textarea><small><br />&middot; <?php echo _AC('links_enabled'); ?><br />&middot; <?php echo  _AC('html_disabled'); ?></small><br /></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr bgcolor="white">
		<td class="row1" colspan="3"><a href="inbox/send_message.php?reply=<?php echo $_GET['reply']; ?>#jumpcodes" title="<?php echo _AC('jump_code'); ?>"><img src="images/clr.gif" height="1" width="1" alt="<?php echo _AC('jump_code'); ?>" border="0" /></a><?php require('../forums/include/code_picker.inc.php'); ?></td>
		<td class="row1"><a name="jumpcodes"></a>&nbsp;</td>
	</tr>
	<tr bgcolor="white">
		<td class="row1" colspan="3" align="right"><br /><input type="submit" name="submit" value=" <?php echo _AC('send'); ?> " class="submitY" onfocus="this.className='submitY highlight'" onblur="this.className='submitY'" /> &nbsp; <?php
		if ($reply != '') {
			echo '<input type="submit" name="submit_delete" value="'._AC('send_delete').'" accesskey="n" class="submitY" onfocus="this.className=\'submitY highlight\'" onblur="this.className=\'submitY\'" />&nbsp;';
		}
		?> &nbsp; <input type="submit" name="cancel" value="<?php echo _AC('cancel'); ?>" class="submitN" onfocus="this.className='submitN highlight'" onblur="this.className='submitN'" /><br /><br /></td>
		<td class="row1">&nbsp;</td>
	</tr>
	</table>
</form> 

<?php
	require(AC_INCLUDE_PATH.'footer.inc.php');
?>
Return current item: ACollab