<?php
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
include("include.php");
if (!$logged_in) {
if (isset($_GET['id'])) {
header("Location: $GLOBALS[base_url]" . "login.php?back=send_pmsg.php?id=$_GET[id]");
} else {
header("Location: $GLOBALS[base_url]" . "login.php?back=send_pmsg.php");
}
}
/* Begin message process/insert */
if ((isset($_POST['submit'])) && ($_POST['submit'] == "send message")) {
/* if (!preg_match("/(view_pmsg.php|send_pmsg.php)/", $_SERVER['HTTP_REFERER'])) {
error("Hacker's are stupid.");
}*/
// We want to see if the user is over the max amount of messages and if he/she is
// we want to stop them from sending a message until they delete some.
$message_limit_array = bco_check_message_limit($user_array['myuserid'], $user_array['username']);
if ($message_limit_array['message_amount'] >= $message_limit_array['limit']) {
$err_msg = "You are over the allowed message limit. The limit is $message_limit_array[limit] messages.";
$err_msg .= "<br />Please delete some of your messages.";
unset($message_limit_array);
bco_error($err_msg);
}
unset($message_limit_array);
$to_userid = bco_get_users_id(urldecode($_POST['username_to']));
// Let's see if the to userid variable is actually real.
$userid_exists_query = "select id from users where id=$to_userid";
if (pg_num_rows(pg_query($userid_exists_query)) != 1) {
bco_error("This userid does not exist");
}
$subject = addslashes(trim(strip_tags($_POST['subject'])));
if ($subject == "") {
bco_error("Your subject is empty");
}
$msgbody = addslashes(trim(bco_clean_html($_POST['msgbody'])));
if ($msgbody == "") {
bco_error("The message body is empty");
}
$forward_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
if ($forward_ip == '') {
$forward_ip = '0.0.0.0';
}
// Insert message here!
$insert_msg_query = "insert into private_messages";
$insert_msg_query .= " (to_userid, to_username, from_userid, from_username, ip, ip_forwarded_for, date, subject, msgbody, type, owner, viewed)";
$insert_msg_query .= " values";
$insert_msg_query .= " ($to_userid, '$_POST[username_to]', $user_array[myuserid], '$user_array[username]', '$_SERVER[REMOTE_ADDR]',";
$insert_msg_query .= " '$forward_ip', NOW(), '$subject', '$msgbody', 1, '$to_userid', 0)";
if (!pg_query($insert_msg_query)) {
bco_error("MySQL said: " . pg_last_error() . "<br />$insert_msg_query");
}
if ($_POST['outbox'] == "1") {
$insert_outbox_query = "insert into private_messages";
$insert_outbox_query .= " (to_userid, to_username, from_userid, from_username, ip, date, subject, msgbody, type, owner, viewed)";
$insert_outbox_query .= " values";
$insert_outbox_query .= " ($to_userid, '$_POST[username_to]', $user_array[myuserid], '$user_array[username]', '$_SERVER[REMOTE_ADDR]', NOW(), '$subject', '$msgbody', 2, '$user_array[myuserid]', 1)";
if (!pg_query($insert_outbox_query)) {
bco_error("MySQL said: " . pg_last_error());
}
}
// Set new_message to 1 so the user knows they have a new message.
$update_new_message_query = "update users set new_message='1' where id=$to_userid";
if (!pg_query($update_new_message_query)) {
bco_error("MySQL said: " . pg_last_error());
}
bco_html_header("Message sent to " . urldecode($_POST['username_to']));
bco_index_menu("Message sent to " . urldecode($_POST['username_to']));
echo "\n<br />";
echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
echo "\n <tr>";
echo "\n <td align=\"center\" class=\"tr1\">";
echo "\n <a href=\"messages.php?folder=inbox\" class=\"tr1\">Go back to your messages.</a>";
echo "\n <br />";
echo "\n <br />";
echo "\n <a href=\"index.php\" class=\"tr1\">Go back to the index.</a>";
echo "\n </td>";
echo "\n </tr>";
echo "\n</table>";
bco_html_footer();
exit;
}
/* End message process/insert */
if (isset($_GET['id'])) {
if (is_numeric($_GET['id'])) {
$username_to = bco_get_username(trim($_GET['id']));
}
}
bco_html_header("Send a new private message.");
bco_index_menu("Send a message.");
$message_limit_array = bco_check_message_limit($user_array['myuserid'], $user_array['username']);
if ($message_limit_array['message_amount'] >= $message_limit_array['limit']) {
$amount_over_limit = $message_limit_array['message_amount'] - $message_limit_array['limit'];
if ($amount_over_limit == 0) {
echo "<span class=\"title\">You are at message limit of $message_limit_array[limit]";
echo "<br />You can not send any new messages until you remove some.</span><br />";
} else {
echo "<span class=\"title\">You are $amount_over_limit messages over the limit of $message_limit_array[limit] messages.";
echo "<br />You can not send any new messages until you remove some.</span><br />";
}
} else {
echo "\n<br />";
echo "\n<form method=\"post\" action=\"$PHP_SELF\">";
echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
echo "\n <tr>";
echo "\n <td width=\"100\" align=\"right\">to:</td>";
echo "\n <td align=\"left\"><input type=\"text\" name=\"username_to\" value=\"$username_to\" class=\"textfield\" /></td>";
echo "\n </tr>";
echo "\n <tr>";
echo "\n <td width=\"100\" align=\"right\">subject:</td>";
echo "\n <td align=\"left\"><input type=\"text\" name=\"subject\" class=\"textfield\" /></td>";
echo "\n </tr>";
echo "\n <tr>";
echo "\n <td width=\"100\" align=\"right\" valign=\"top\">message:</td>";
echo "\n <td aligh=\"left\"><textarea name=\"msgbody\" cols=\"65\" rows=\"6\" class=\"textfield\"></textarea></td>";
echo "\n </tr>";
echo "\n <tr>";
echo "\n <td width=\"100\" align=\"right\"> </td>";
echo "\n <td align=\"left\">";
echo "\n <input type=\"submit\" name=\"submit\" value=\"send message\" class=\"button\" />";
echo "\n <input type=\"checkbox\" name=\"outbox\" value=\"1\" /> Copy to outbox";
echo "\n </td>";
echo "\n </tr>";
echo "\n</table>";
echo "\n</form>";
}
bco_html_footer();
?>