Location: PHPKode > projects > top serious project > bco/send_pmsg.php
<?php

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

include("include.php");

if (!$logged_in) {
    if (isset($_GET['id'])) {
        header("Location: $GLOBALS[base_url]" . "login.php?back=send_pmsg.php?id=$_GET[id]");
    } else {
        header("Location: $GLOBALS[base_url]" . "login.php?back=send_pmsg.php");
    }
}

/* Begin message process/insert */
if ((isset($_POST['submit'])) && ($_POST['submit'] == "send message")) {
/*    if (!preg_match("/(view_pmsg.php|send_pmsg.php)/", $_SERVER['HTTP_REFERER'])) {
        error("Hacker's are stupid.");
    }*/

	// We want to see if the user is over the max amount of messages and if he/she is
	// we want to stop them from sending a message until they delete some.
	$message_limit_array = bco_check_message_limit($user_array['myuserid'], $user_array['username']);

	if ($message_limit_array['message_amount'] >= $message_limit_array['limit']) {
		$err_msg  = "You are over the allowed message limit. The limit is $message_limit_array[limit] messages.";
		$err_msg .= "<br />Please delete some of your messages.";
		unset($message_limit_array);
		bco_error($err_msg);
	}
	unset($message_limit_array);

    $to_userid = bco_get_users_id(urldecode($_POST['username_to']));
    // Let's see if the to userid variable is actually real.
    $userid_exists_query = "select id from users where id=$to_userid";
    if (pg_num_rows(pg_query($userid_exists_query)) != 1) {
        bco_error("This userid does not exist");
    }

    $subject = addslashes(trim(strip_tags($_POST['subject'])));

    if ($subject == "") {
        bco_error("Your subject is empty");
    }

    $msgbody = addslashes(trim(bco_clean_html($_POST['msgbody'])));

    if ($msgbody == "") {
        bco_error("The message body is empty");
    }

	$forward_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    if ($forward_ip == '') {
        $forward_ip = '0.0.0.0';
    }

    // Insert message here!
    $insert_msg_query  = "insert into private_messages";
    $insert_msg_query .= " (to_userid, to_username, from_userid, from_username, ip, ip_forwarded_for, date, subject, msgbody, type, owner, viewed)";
    $insert_msg_query .= " values";
    $insert_msg_query .= " ($to_userid, '$_POST[username_to]', $user_array[myuserid], '$user_array[username]', '$_SERVER[REMOTE_ADDR]',";
	$insert_msg_query .= " '$forward_ip', NOW(), '$subject', '$msgbody', 1, '$to_userid', 0)";
    if (!pg_query($insert_msg_query)) {
        bco_error("MySQL said: " . pg_last_error() . "<br />$insert_msg_query");
    }
    if ($_POST['outbox'] == "1") {
        $insert_outbox_query  = "insert into private_messages";
        $insert_outbox_query .= " (to_userid, to_username, from_userid, from_username, ip, date, subject, msgbody, type, owner, viewed)";
        $insert_outbox_query .= " values";
        $insert_outbox_query .= " ($to_userid, '$_POST[username_to]', $user_array[myuserid], '$user_array[username]', '$_SERVER[REMOTE_ADDR]', NOW(), '$subject', '$msgbody', 2, '$user_array[myuserid]', 1)";
        if (!pg_query($insert_outbox_query)) {
            bco_error("MySQL said: " . pg_last_error());
        }
    }
    // Set new_message to 1 so the user knows they have a new message.
    $update_new_message_query = "update users set new_message='1' where id=$to_userid";
    if (!pg_query($update_new_message_query)) {
        bco_error("MySQL said: " . pg_last_error());
    }
    
    bco_html_header("Message sent to " . urldecode($_POST['username_to']));

    bco_index_menu("Message sent to " . urldecode($_POST['username_to']));

    echo "\n<br />";
    echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
    echo "\n    <tr>";
    echo "\n        <td align=\"center\" class=\"tr1\">";
    echo "\n        <a href=\"messages.php?folder=inbox\" class=\"tr1\">Go back to your messages.</a>";
    echo "\n        <br />";
    echo "\n        <br />";
    echo "\n        <a href=\"index.php\" class=\"tr1\">Go back to the index.</a>";
    echo "\n        </td>";
    echo "\n    </tr>";
    echo "\n</table>";

    bco_html_footer();
    exit;
    
}
/* End message process/insert */

if (isset($_GET['id'])) {
    if (is_numeric($_GET['id'])) {
        $username_to = bco_get_username(trim($_GET['id']));
    }
}

bco_html_header("Send a new private message.");

bco_index_menu("Send a message.");

$message_limit_array = bco_check_message_limit($user_array['myuserid'], $user_array['username']);

if ($message_limit_array['message_amount'] >= $message_limit_array['limit']) {
    $amount_over_limit = $message_limit_array['message_amount'] - $message_limit_array['limit'];
    if ($amount_over_limit == 0) {
        echo "<span class=\"title\">You are at message limit of $message_limit_array[limit]";
        echo "<br />You can not send any new messages until you remove some.</span><br />";
    } else {
        echo "<span class=\"title\">You are $amount_over_limit messages over the limit of $message_limit_array[limit] messages.";
        echo "<br />You can not send any new messages until you remove some.</span><br />";
    }
} else {
	echo "\n<br />";
    echo "\n<form method=\"post\" action=\"$PHP_SELF\">";
    echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
    echo "\n    <tr>";
    echo "\n        <td width=\"100\" align=\"right\">to:</td>";
    echo "\n        <td align=\"left\"><input type=\"text\" name=\"username_to\" value=\"$username_to\" class=\"textfield\" /></td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td width=\"100\" align=\"right\">subject:</td>";
    echo "\n        <td align=\"left\"><input type=\"text\" name=\"subject\" class=\"textfield\" /></td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td width=\"100\" align=\"right\" valign=\"top\">message:</td>";
    echo "\n        <td aligh=\"left\"><textarea name=\"msgbody\" cols=\"65\" rows=\"6\" class=\"textfield\"></textarea></td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td width=\"100\" align=\"right\">&nbsp;</td>";
    echo "\n        <td align=\"left\">";
    echo "\n            <input type=\"submit\" name=\"submit\" value=\"send message\" class=\"button\" />";
    echo "\n            <input type=\"checkbox\" name=\"outbox\" value=\"1\" /> Copy to outbox";
    echo "\n        </td>";
    echo "\n    </tr>";
    echo "\n</table>";
    echo "\n</form>";
}

bco_html_footer();

?>
Return current item: top serious project