<?php
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
include("include.php");
if (!$logged_in) {
header("Location: $GLOBALS[base_url]" . "login.php?back=messages.php");
exit;
}
if (!bco_authorize_user($user_array['username'],$user_array['password'])) {
bco_error("Fuck you.");
// header("Location: http://www.heavensfantasy.com/cool/");
exit;
}
switch ($_GET['order']) {
case "asc":
$order = "asc";
break;
case "desc":
$order = "desc";
break;
default:
$order = "desc";
break;
}
if ((isset($_GET[start])) && (is_numeric($_GET[start]))) {
$start = $_GET[start];
} else {
$start = 0;
}
// This gets the amount of messages we need to display so the pagenumbers function works correctly with the amount of messages returned.
$private_message_amount_query = "select config_value from bco_config where config_name='private_message_amount'";
$private_message_amount = pg_fetch_result(pg_query($private_message_amount_query), 0);
$query = "select id from users where lower(username)=lower('" . pg_escape_string($user_array['username']) . "')";
$query .= " and password='" . md5($user_array['password']) . "'";
if (!$result = pg_query($query)) {
bco_error("In " . __FILE__ . " at line: " . __LINE__ . "<br />SQL Error: " . pg_last_error());
}
$row = pg_fetch_assoc($result);
$user_id = $row['id'];
// This helps us pick which "folder" we're getting the messages from.. sent, or received.
switch ($_GET['folder']) {
case "inbox":
$type = "1";
$delivery = "received";
$column_header = "from";
$folder = "inbox";
$select_messages_query = "select id, to_userid, to_username, from_userid, from_username, extract(epoch from date) as date,";
$select_messages_query .= " subject, viewed from private_messages";
$select_messages_query .= " where owner=$user_id";
$select_messages_query .= " and type=1 order by viewed asc, date $order limit $private_message_amount offset $start";
break;
case "outbox":
$type = "2";
$delivery = "sent";
$column_header = "to";
$folder = "outbox";
$select_messages_query = "select id, to_userid, to_username, from_userid, from_username, extract(epoch from date) as date,";
$select_messages_query .= " subject, viewed from private_messages";
$select_messages_query .= " where owner=$user_id and type=2 order by viewed asc, date $order limit $private_message_amount offset $start";
break;
default:
$type = "1";
$delivery = "received";
$column_header = "from";
// Since this is where they come from after a delete let's set $folder to default to inbox
$folder = "inbox";
$select_messages_query = "select id, to_userid, to_username, from_userid, from_username, extract(epoch from date) as date,";
$select_messages_query .= " subject, viewed from private_messages";
$select_messages_query .= " where owner=$user_id and type=1 order by viewed asc, date $order limit $private_message_amount offset $start";
break;
}
if (!$result = pg_query($select_messages_query)) {
bco_error("MySQL said:: " . pg_last_error() . "<br />$select_messages_query");
}
// Let's count the messages..
$total_messages_query = "select id from private_messages where to_userid=$user_id and type=$type";
if (!$total_messages_result = pg_query($total_messages_query)) {
bco_error("Could not count total number of messages.<br />MySQL said: " . pg_last_error());
}
$number_of_msgs = pg_num_rows($total_messages_result);
if ($number_of_msgs > $private_message_amount) {
$page_numbers = bco_makepagenumbers("messages.php?folder=$_GET[folder]", $number_of_msgs, $private_message_amount, $start, $order);
} else {
$page_numbers = "";
}
bco_html_header("Private messages");
bco_index_menu("Private messages for $user_array[username] - $number_of_msgs messages $delivery.");
/* If there are no messages, let's tell the user nicely */
if (pg_num_rows($result) == 0) {
echo "\n<br />";
echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
echo "\n <tr>";
echo "\n <td align=\"left\" colspan=\"4\" class=\"tr1\">";
echo "<div align=\"center\"><h3>Sorry, you have no $delivery messages.</h3></div></td>";
echo "\n </tr>";
echo "\n</table>";
bco_html_footer();
exit;
}
echo <<< END
\n<br />
<table width="100%" cellpadding="2" cellspacing="0" class="replytbl">
<tr>
<td align="left" class="header" nowrap="nowrap">$column_header</td>
<td align="left" width="70%" class="header" nowrap="nowrap">message subject</td>
<td align="left" class="header" nowrap="nowrap">date</td>
</tr>
END;
// Outputting data begins here!
while (($row = pg_fetch_assoc($result)) && ($count++ < pg_num_rows($result))) {
$id = $row[id];
$to_userid = $row[to_userid];
$from_userid = $row[from_userid];
$to_username = $row['to_username'];
$from_username = $row['from_username'];
$date = date("h:i A m-d-y", $row['date']);
$subject = stripslashes($row['subject']);
$viewed = $row['viewed'];
if ($viewed == "0") {
$row_class = " class=\"mypost\"";
$link_class = "mypost";
} elseif ($count%2 == 0) {
$row_class = " class=\"tr2\"";
$link_class = "tr2";
} else {
$row_class = " class=\"tr1\"";
$link_class = "tr1";
}
if ($viewed == "0") {
$subject = "<strong><a href=\"view_pmsg.php?folder=$folder&id=$id\" class=\"$link_class\">$subject</a></strong>";
} else {
$subject = "<a href=\"view_pmsg.php?folder=$folder&id=$id\" class=\"$link_class\">$subject</a>";
}
if ($type == 1) {
$userid = $from_userid;
$username = $from_username;
} else {
$userid = $to_userid;
$username = $to_username;
}
echo "\n <tr>";
echo "\n <td align=\"left\"$row_class><a href=\"view_profile.php?id=$userid\" class=\"$link_class\">$username</a></td>";
echo "\n <td width=\"70%\" align=\"left\"$row_class>$subject</td>";
echo "\n <td align=\"left\" nowrap=\"nowrap\"$row_class>$date</td>";
echo "\n </tr>";
}
echo <<< END
</table>
$page_numbers
END;
bco_html_footer();
?>