Location: PHPKode > projects > top serious project > bco/view_pmsg.php
<?php

/****************************************************************************/
/*                                                                          */
/*   This program is free software; you can redistribute it and/or modify   */
/*   it under the terms of the GNU General Public License as published by   */
/*   the Free Software Foundation; either version 2 of the License, or      */
/*   (at your option) any later version.                                    */
/*                                                                          */
/****************************************************************************/

include ("include.php");

if (!bco_check_login()) {
    header("Location: $GLOBALS[base_url]" . "login.php?back=");
}

//
// Deletes the message if the user clicks it.
//
if (!empty($_POST)) {
    if ($_POST['delete'] == "delete") {
        if ($_POST['confirm'] == "confirmed") {
            // Verify the user owns this message.
            $verify_query = "select id from private_messages where id=$_POST[id] and owner=$user_array[myuserid]";
            if (pg_num_rows(pg_query($verify_query)) == 1) {
                $delete_query = "delete from private_messages where id=$_POST[id] and owner=$user_array[myuserid]";
                if (!pg_query($delete_query)) {
                    bco_error("Cannot delete message.<br />MySQL said: " . pg_last_error());
                } else {
                    header("Location: $GLOBALS[base_url]" . "messages.php?folder=inbox");
                }
            } else {
                bco_error("Cannot delete message. Either this is not your message or something else is wrong.");
            }
        } else {
            bco_error("You must confirm the deletion of this message");
        }
    }
    exit;
}

/* Checks to make sure the id isn't a word, or letter or something equally dumb. */
if (!is_numeric($_GET['id'])) {
    header("Location: $GLOBALS[base_url]" . "messages.php");
}

$query  = "select id from users where lower(username)=lower('" . addslashes($user_array['username']) . "')";
$query .= " and password='" . md5($user_array['password']) . "'";

if (!$result = pg_query($query)) {
    bco_error("In " . __FILE__ . " at line: " . __LINE__ . "<br />SQL Error: " . pg_last_error());
}

$row = pg_fetch_assoc($result);
$user_id = $row['id'];

// This, based on the contents of $_GET['folder'] sets up what columns to select from.
switch ($_GET['folder']) {
case "inbox":
    $get_message_query  = "select to_userid, to_username, from_userid, from_username, subject, extract(epoch from date) as date, msgbody from private_messages";
    $get_message_query .= " where id=$_GET[id] and to_userid=$user_id and type='1' and owner=$user_id";
    $method = "Received from: ";
    $delivery = " from ";
    break;

case "outbox":
    $get_message_query  = "select to_userid, to_username, from_userid, from_username, subject, extract(epoch from date) as date, msgbody from private_messages";
    $get_message_query .= " where id=$_GET[id] and from_userid=$user_id and type='2' and owner=$user_id";
    $method = "Sent to: ";
    $delivery = " to ";
    break;

default:
    $get_message_query  = "select to_userid, to_username, from_userid, from_username, subject, extract(epoch from date) as date, msgbody from private_messages";
    $get_message_query .= " where id=$_GET[id] and to_userid=$user_id";
    $method = "Received from: ";
    $delivery = " from ";
    break;

}
 
if (!$result = pg_query($get_message_query)) {
    bco_error("MySQL said: " . pg_last_error());
}

/* Let's see if the message actually exists. */
if (pg_num_rows($result) != 1) {
    bco_error("This message does not exist, or is not yours.");
}

/* This if is here just so it's easy to make sure the message get's marked unread */
if ($row = pg_fetch_row($result)) {
    if ($_GET['folder'] == "inbox") {
        $mark_as_read = "update private_messages set viewed=1 where to_userid=$user_array[myuserid] and id=$_GET[id]";
        if (!pg_query($mark_as_read)) {
            bco_error("Could not mark message as having been read.");
        }
    }
}

$userid             = $row[0];
$username           = $row[1];
$from_userid        = $row[2];
$from_username      = $row[3];
$subject            = stripslashes($row[4]);
$date               = date("M dS, Y \a\\t h:i:s a", $row[5]);
$msgbody            = nl2br(stripslashes($row[6]));

// Prepare the message and subject for the reply text fields.
$reply_msgbody = "\n\n\nOn $date, $from_username said:\n> " . str_replace("\n", "\n> ", $row[6]);
if (!preg_match("/^RE: /", $subject)) {
    $reply_subject = "RE: " . $subject;
} else {
    $reply_subject = $subject;
}

bco_html_header("Private message $delivery $from_username.");

bco_index_menu("Viewing message $delivery $from_username.");

echo "\n<span class=\"title\">Subject: $subject</span>";
echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytbl\">";
echo "\n    <tr>";
echo "\n        <td align=\"left\" class=\"header\">$method $from_username on $date:</td>";
echo "\n    </tr>";
echo "\n        <td align=\"left\" valign=\"top\" class=\"tr1\">$msgbody</td>";
echo "\n    </tr>";
echo "\n</table>";
echo "\n<br />";
echo "\n<form method=\"post\" action=\"$PHP_SELF\">";
echo "\n    <input type=\"hidden\" name=\"id\" value=\"$_GET[id]\" />";
echo "\n    <input type=\"submit\" name=\"delete\" value=\"delete\" class=\"button\" />";
echo "\n    <input type=\"checkbox\" name=\"confirm\" value=\"confirmed\" /> Confirm?";
echo "\n    <input type=\"hidden\" name=\"id\" value=\"$_GET[id]\" />";
echo "\n</form>";
echo "\n<br />";

if ($_GET['folder'] == "inbox") {
	$message_limit_array = bco_check_message_limit($user_array['myuserid'], $user_array['username']);

    if ($message_limit_array['message_amount'] >= $message_limit_array['limit']) {
        
		$amount_over_limit = $message_limit_array['message_amount'] - $message_limit_array['limit'];
        
		if ($amount_over_limit == 0) {
            echo "<span class=\"title\">You are at message limit of $message_limit_array[limit]";
            echo "<br />You can not send any new messages until you remove some.</span><br />";
        } else {
            echo "<span class=\"title\">You are $amount_over_limit messages over the limit of $message_limit_array[limit] messages.";
            echo "<br />You can not send any new messages until you remove some.</span><br />";
        }
	} else {
        echo "\n<form method=\"post\" action=\"./send_pmsg.php\">";
        echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"replytable\">";
        echo "\n    <tr>";
        echo "\n        <td width=\"120\" align=\"right\">Subject:</td>";
        echo "\n        <td align=\"left\"><input type=\"text\" name=\"subject\" value=\"$reply_subject\" class=\"textfield\" /></td>";
        echo "\n    </tr>";
        echo "\n    <tr>";
        echo "\n        <td width=\"120\" align=\"right\" valign=\"top\">Message:</td>";
        echo "\n        <td align=\"left\" valign=\"top\">";
        echo "<textarea name=\"msgbody\" cols=\"60\" rows=\"5\" class=\"textfield\">$reply_msgbody</textarea></td>";
        echo "\n    </tr>";
        echo "\n        <td width=\"120\" align=\"right\">&nbsp;</td>";
        echo "\n        <td align=\"left\"><input type=\"submit\" name=\"submit\" value=\"send message\" class=\"button\" />";
        echo "<input type=\"checkbox\" name=\"outbox\" value=\"1\" /> Copy to outbox</td>";
        echo "\n    </tr>";
        echo "\n</table>";
        echo "\n<input type=\"hidden\" name=\"to_userid\" value=\"$from_userid\" />";
        echo "\n<input type=\"hidden\" name=\"username_to\" value=\"". urlencode($from_username) . "\" />";
        echo "\n</form>";
	}
}

bco_html_footer();

?>

Return current item: top serious project