Location: PHPKode > projects > DarkCodex Forum System > darkcodex/sendmessage.php
<?php
include ("config.inc");
include ("forum.inc");

# -----------------
# Get the form input
$FORM = get_input();

# --------------------
# Assign the variables
$User  = $FORM[Username];
$Subject   = $FORM[Subject];
$Message   = $FORM[Message];
$Board     = $FORM[Board];
$oldnumber = $FORM[Number];
$page      = $FORM[page];
$what      = $FORM[what];
$view      = $FORM[view];
$mode      = $FORM[mode];
$sb        = $FORM[sb];

# -----------------------
# Connect to the database
$dbh =  db_connect();
$query = '';
$sth   = '';

# --------------------
# Authenticate the user
$cookie   = get_cookie();
$Username = $cookie[Username];
$Password = $cookie[Password];
$user     = authenticate($Username,$Password);
if (empty( $user[Username]) ) {
    not_right ("We could not authenticate your Username/Passord.");
}
$Sender = $user[Username];

# ----------------------------------------------
# Check to see if the username is in our database
$Username_q = db_quote($User);

$query = <<<END_SQL
    SELECT Username,Email,Notify
    FROM Users
    WHERE Username = $Username_q
END_SQL;

$sth = mysql_query($query,$dbh) or die ("Query syntax error: " . mysql_error() . ". Query: $query");

$rows = mysql_num_rows($sth);
list($Username,$Email,$Notify) = mysql_fetch_array($sth);
mysql_free_result($sth);

# ----------------------------------------------
# We didn't find that Username, so let them know
if ($rows < 1){
    not_right("We have no record of the Username '$User' that you are trying to send this message to.");
}

# ------------
# Get the time
$date = get_date();

# ------------------------------------------------------
# Insert the message into the database marked as N - New
$Username_q = db_quote($User);
$Status_q   = db_quote("N");
$Subject_q  = db_quote($Subject);
$Sender_q   = db_quote($Sender);
$Message_q  = db_quote($Message);

$query = <<<END_SQL
    INSERT INTO Messages
    (Username,Status,Subject,Sender,Message,Sent)
    VALUES ($Username_q, $Status_q, $Subject_q, $Sender_q, $Message_q, $date)
END_SQL;

mysql_query($query) or die ("Can't execute query: $query. Reason: " . mysql_error());
# -------------------------------------------------------------
# Now lets let them know they got a private message if they chose 
# to be notified
if ($Notify == "On"){
    $from    = $config[emailaddy];
    $subject = "You have new messages";
    $msg     = "You have received a private message from '$Sender' on the forum at $config[title].  You can go to $config[cgiurl]/wwwthreads.php to view it.";

    mail($Email, $subject, $msg, "From: $from" ) or die ("Can't mail message: $php_errorstr");
}

# -------------------------------------------------------
# Give them a success message and return them to the forum
if($what == "showpost") {
    send_header("Your message has been sent","<META HTTP-EQUIV=\"Refresh\" CONTENT=\"5;url=$config[cgiurl]/showpost.php?Board=$Board&Number=$oldnumber&page=$page&view=$view&mode=$mode&sb=$sb\">");
} else {
    send_header("Your message has been sent","<META HTTP-EQUIV=\"Refresh\" CONTENT=\"5;url=$config[cgiurl]/index.php?action=list&Board=$Board&page=$page&view=$view&sb=$sb\">");
}

table_header("Your message has been sent");
print"Your message has been sent.  You will now be returned to the forum.";

# ---------------
# Send the footer
send_footer();
?>
Return current item: DarkCodex Forum System