PageRenderTime 39ms CodeModel.GetById 11ms RepoModel.GetById 0ms app.codeStats 0ms

/MXP3/src/scripts/privatemessages.php

http://mxprojects.googlecode.com/
PHP | 280 lines | 190 code | 52 blank | 38 comment | 29 complexity | 21725787ff3e9c91824e0fc43db758a9 MD5 | raw file
    

  1. <?php

    2. 

  2. // Include config file

    3. 

  3. include('./common.php');

    4. 

  4. 

    5. 

  5. // Connect to database

    6. 

  6. $link = dbConnect();

    7. 

  7. 

    8. 

  8. // Attempt to auth user with database

    9. 

  9. $user = auth($_POST['username'], $_POST['password']);

    10. 

  10. 

    11. 

  11. if($user == ""){

    12. 

  12.    	echo "output=badLogin";

    13. 

  13. 	return;

    14. 

  14. }

    15. 

  15. 

    16. 

  16. //see where we are so we know what we gotta do

    17. 

  17. switch($_POST['location']){

    18. 

  18. 	case "inbox":

    19. 

  19. 	case "outbox":

    20. 

  20. 	case "trash":

    21. 

  21. 		loadMessages($_POST['location'], $user['id']);

    22. 

  22. 	break;

    23. 

  23. 	

    24. 

  24. 	case PM_READ_MESSAGE:

    25. 

  25. 	case PM_TRASH_MESSAGE:

    26. 

  26. 	case PM_DELETE_MESSAGE:

    27. 

  27. 		//check if we are deleting multiples

    28. 

  28. 		if(strrpos($_POST['messageID'], ":") !== false){

    29. 

  29. 			deleteMultiple($user['id'], $_POST['messageID'], $_POST['location']);

    30. 

  30. 		}else{

    31. 

  31. 			//handle the normal status

    32. 

  32. 			updateStatus($user['id'], $_POST['messageID'], $_POST['location'], $_POST['senderID'], $_POST['recipientID']);

    33. 

  33. 		}

    34. 

  34. 		

    35. 

  35. 		//if it all went ok, update

    36. 

  36. 		echo "output=".$_POST['location'];

    37. 

  37. 	break;

    38. 

  38. 	

    39. 

  39. 	case "sendPrivateMessage":

    40. 

  40. 		sendMessage($user['id'], $user['username']);

    41. 

  41. 	break;

    42. 

  42. 	

    43. 

  43. 	case "checkMessages":

    44. 

  44. 		$limit = $_POST['privateMessageLimit'];

    45. 

  45. 		echo "output=success&username=".$user['username'].privateMessages($user['id'], $limit)."&admin=".checkAdminPermissions($user['id']);

    46. 

  46. 	break;

    47. 

  47. }

    48. 

  48. 

    49. 

  49. //close the database

    50. 

  50. mysql_close($link);

    51. 

  51. 

    52. 

  52. 

    53. 

  53. function deleteMultiple($userID, $messages, $statusToUpdate){

    54. 

  54. 	//we are going to build an array of the message IDs and also snag up the type they are (sender or receiver)

    55. 

  55. 	$messageArray = explode(",", $messages);

    56. 

  56. 	

    57. 

  57. 	//loop through the new array and set each status

    58. 

  58. 	for($i = 0; $i < count($messageArray); $i++){

    59. 

  59. 		//explode again and send it off to the server

    60. 

  60. 		$chunks = explode(":", $messageArray[$i]);

    61. 

  61. 		

    62. 

  62. 		//send it off

    63. 

  63. 		$senderID = 0;

    64. 

  64. 		$recipientID = 0;

    65. 

  65. 		

    66. 

  66. 		if($chunks[1] == "recipient"){

    67. 

  67. 			$recipientID = $userID;

    68. 

  68. 		}else{

    69. 

  69. 			$senderID = $userID;

    70. 

  70. 		}

    71. 

  71. 		

    72. 

  72. 		//time to update the status

    73. 

  73. 		updateStatus($userID, $chunks[0], $statusToUpdate, $senderID, $recipientID);

    74. 

  74. 	}

    75. 

  75. }

    76. 

  76. 

    77. 

  77. function updateStatus($userID, $messageID, $statusToUpdate, $sendID, $recipID){

    78. 

  78. 	global $link;

    79. 

  79. 	

    80. 

  80. 	//make the IDs nice for mySQL

    81. 

  81. 	$id = mysql_real_escape_string($messageID);

    82. 

  82. 	$senderID = mysql_real_escape_string($sendID);

    83. 

  83. 	$recipientID = mysql_real_escape_string($recipID);

    84. 

  84. 	

    85. 

  85. 	//figure out if the logged in user is the sender or the recipient

    86. 

  86. 	$userType = "recipient";

    87. 

  87. 	if($userID == $senderID){

    88. 

  88. 		$userType = "sender";

    89. 

  89. 	}

    90. 

  90. 	

    91. 

  91. 	//fire it off

    92. 

  92. 	$result = mysql_query("UPDATE ".TABLE_PREFIX."_private SET ".$userType."Status = ".$statusToUpdate." WHERE messageID = ".$id);

    93. 

  93. 	

    94. 

  94. 	if(!$result){

    95. 

  95. 		echo "output=mySqlError&error=".mysql_error();

    96. 

  96. 		return;

    97. 

  97. 	}

    98. 

  98. 	

    99. 

  99. 	//if they are doing a perma delete let's see if we should delete it from the dbase

    100. 

  100. 	if($statusToUpdate == PM_DELETE_MESSAGE){

    101. 

  101. 		$result = mysql_query("DELETE FROM 	".TABLE_PREFIX."_private 

    102. 

  102. 							   WHERE messageID = ".$id." 

    103. 

  103. 							   AND recipientStatus = ".PM_DELETE_MESSAGE." 

    104. 

  104. 							   AND senderStatus = ".PM_DELETE_MESSAGE);

    105. 

  105. 		if(!$result){

    106. 

  106. 			echo "output=mySqlError&error=".mysql_error();

    107. 

  107. 			return;

    108. 

  108. 		}

    109. 

  109. 	}

    110. 

  110. }

    111. 

  111. 

    112. 

  112. function loadMessages($location, $userID){

    113. 

  113. 	global $link;

    114. 

  114. 	

    115. 

  115. 	$privateMessagesPerPage = mysql_real_escape_string($_POST['privateMessagesPerPage']);

    116. 

  116. 	

    117. 

  117. 	//use this for the dBase to get the PMs

    118. 

  118. 	if (!isset($_POST['page']) || empty($_POST['page'])) {

    119. 

  119.     	$page = 1;

    120. 

  120. 	}else{

    121. 

  121. 		$page = mysql_real_escape_string($_POST['page']);

    122. 

  122. 	}

    123. 

  123. 	$offset = ($page - 1) * $privateMessagesPerPage;

    124. 

  124. 

    125. 

  125. 	//setup some basic stuff that will help with the query

    126. 

  126. 	$where = "";

    127. 

  127. 	$and = "";

    128. 

  128. 	

    129. 

  129. 	//get the location we are in

    130. 

  130. 	switch($location){

    131. 

  131. 		

    132. 

  132. 		default:

    133. 

  133. 			//inbox is the default

    134. 

  134. 			$where = "p.recipientID = ".$userID." AND recipientStatus != ".PM_DELETE_MESSAGE." AND recipientStatus != ".PM_TRASH_MESSAGE;

    135. 

  135. 			$and = "u.userID = p.senderID";

    136. 

  136. 		break;

    137. 

  137. 		

    138. 

  138. 		case "outbox":

    139. 

  139. 			$where = "p.senderID = ".$userID." AND senderStatus != ".PM_DELETE_MESSAGE." AND senderStatus != ".PM_TRASH_MESSAGE;

    140. 

  140. 			$and = "u.userID = p.recipientID";

    141. 

  141. 		break;

    142. 

  142. 		

    143. 

  143. 		case "trash":

    144. 

  144. 			//this trash one makes sure that what you see in the trash's "FROM" header is correct

    145. 

  145. 			//so PMs from you to someone else will show from you and PMs that youv'e recieved will have the sender's name

    146. 

  146. 			

    147. 

  147. 			$where = "CASE WHEN p.recipientStatus = ".PM_TRASH_MESSAGE." 

    148. 

  148. 					       THEN u.userID = p.senderID

    149. 

  149.                            WHEN p.senderStatus = ".PM_TRASH_MESSAGE." 

    150. 

  150.                            THEN u.userID = p.recipientID

    151. 

  151.                       END";

    152. 

  152.               

    153. 

  153. 			$and = "p.recipientID = ".$userID." 

    154. 

  154. 					AND p.recipientStatus = ".PM_TRASH_MESSAGE." 

    155. 

  155. 					OR p.senderID = ".$userID." 

    156. 

  156. 					AND p.senderStatus = ".PM_TRASH_MESSAGE;

    157. 

  157. 		break;

    158. 

  158. 	}

    159. 

  159. 	

    160. 

  160. 	// Build query to fetch the PMs

    161. 

  161. 	$result = mysql_query("SELECT SQL_CALC_FOUND_ROWS p.*, u.username

    162. 

  162. 							FROM ".TABLE_PREFIX."_users u, ".TABLE_PREFIX."_private p

    163. 

  163. 							WHERE ".$where."

    164. 

  164. 							AND ".$and."

    165. 

  165. 							GROUP BY messageID

    166. 

  166. 							ORDER BY sent DESC 

    167. 

  167. 							LIMIT $offset,$privateMessagesPerPage");

    168. 

  168. 	if(!$result){

    169. 

  169. 		echo "output=mySqlError&error=".mysql_error();

    170. 

  170. 		return;

    171. 

  171. 	}

    172. 

  172. 	//get the total PMs

    173. 

  173. 	$totalResult = mysql_query("SELECT FOUND_ROWS() AS totalMessages");

    174. 

  174. 	if(!$totalResult){

    175. 

  175. 		echo "output=mySqlError&error=".mysql_error();

    176. 

  176. 		return;

    177. 

  177. 	}

    178. 

  178. 	

    179. 

  179. 	$dataTotal = mysql_fetch_object($totalResult);

    180. 

  180. 	

    181. 

  181. 	//if we are down here then let's start outputting

    182. 

  182. 	$output = "output=$location&totalMessages=".$dataTotal->totalMessages;

    183. 

  183. 	$output .= "&currentPage=".$page."&totalPages=".ceil($dataTotal->totalMessages / $privateMessagesPerPage);

    184. 

  184. 	$output .= "&messageCount=".mysql_num_rows($result);

    185. 

  185. 	//loop through the results	

    186. 

  186. 	for($i = 0; $i < mysql_num_rows($result); $i++){

    187. 

  187. 		$pm = mysql_fetch_object($result);

    188. 

  188. 		 

    189. 

  189. 		//build the rest out

    190. 

  190. 		$output .= "&pm" . $i . "id=" . $pm->messageID;

    191. 

  191. 		$output .= "&pm" . $i . "subject=" . urlencode(stripslashes($pm->subject));

    192. 

  192. 		$output .= "&pm" . $i . "message=" . urlencode(htmlspecialchars(stripslashes($pm->body)));

    193. 

  193. 		$output .= "&pm" . $i . "username=" . urlencode(stripslashes($pm->username));

    194. 

  194. 		$output .= "&pm" . $i . "sent=" . urlencode(timeParse($pm->sent, true));

    195. 

  195. 		$output .= "&pm" . $i . "replied=" . urlencode(timeParse($pm->repliedTime, true));

    196. 

  196. 		$output .= "&pm" . $i . "recipientID=" . $pm->recipientID;

    197. 

  197. 		$output .= "&pm" . $i . "recipientStatus=" . $pm->recipientStatus;

    198. 

  198. 		$output .= "&pm" . $i . "senderID=" . $pm->senderID;

    199. 

  199. 		$output .= "&pm" . $i . "senderStatus=" . $pm->senderStatus;

    200. 

  200. 	}

    201. 

  201. 	

    202. 

  202. 	echo $output;

    203. 

  203. }

    204. 

  204. 

    205. 

  205. function sendMessage($userID, $username) {

    206. 

  206. 	global $link;

    207. 

  207. 	

    208. 

  208. 	$privateMessageLimit = $_POST['privateMessageLimit'];

    209. 

  209. 	

    210. 

  210. 	$recipient = mysql_real_escape_string($_POST['recipient']);

    211. 

  211. 	$subject = mysql_real_escape_string($_POST['subject']);

    212. 

  212. 	$message = mysql_real_escape_string($_POST['message']);

    213. 

  213. 	$replyMessageID = mysql_real_escape_string($_POST['replyMessageID']);

    214. 

  214. 	

    215. 

  215. 	$recipientID = getUserID($recipient);

    216. 

  216. 	

    217. 

  217. 	//see if we've snagged a match

    218. 

  218. 	if($recipientID == -1){

    219. 

  219. 		echo "output=userNotFound";

    220. 

  220. 		return;

    221. 

  221. 	}

    222. 

  222. 	

    223. 

  223. 	//get the userID of the person we are sending this to (and a current count of the PMs they have)

    224. 

  224. 	$result = mysql_query("SELECT COUNT(p.recipientID) AS currentMessages 

    225. 

  225. 						   FROM ".TABLE_PREFIX."_private p

    226. 

  226. 						   WHERE p.recipientID = ".$recipientID);

    227. 

  227. 	if(!$result){

    228. 

  228. 		echo "output=mySqlError&error=".mysql_error();

    229. 

  229. 		return;

    230. 

  230. 	}

    231. 

  231. 	

    232. 

  232. 	//let's see if we can send them a message

    233. 

  233. 	$data = mysql_fetch_object($result);

    234. 

  234. 	$currentMessageCount = $data->currentMessages;

    235. 

  235. 	

    236. 

  236. 	if($currentMessageCount >= $privateMessageLimit){

    237. 

  237. 		//tell them it's full

    238. 

  238. 		echo "output=mailboxFull";

    239. 

  239. 		return;

    240. 

  240. 	}

    241. 

  241. 	

    242. 

  242. 	//if we have the green light let's send the message!

    243. 

  243. 	$result = mysql_query("INSERT INTO ".TABLE_PREFIX."_private (recipientID, senderID, subject, body, sent)

    244. 

  244. 						   VALUES ($recipientID, $userID, '$subject', '$message', ".time().")");

    245. 

  245. 	

    246. 

  246. 	if(!$result){

    247. 

  247. 		echo "output=mySqlError&error=".mysql_error();

    248. 

  248. 		return;

    249. 

  249. 	}

    250. 

  250. 	

    251. 

  251. 	//if this was a reply message, make sure to update that messages reply time

    252. 

  252. 	if($replyMessageID > 0){

    253. 

  253. 		$result = mysql_query("UPDATE ".TABLE_PREFIX."_private SET repliedTime = ".time()." WHERE messageID = $replyMessageID");

    254. 

  254. 		if(!$result){

    255. 

  255. 			echo "output=mySqlError&error=".mysql_error();

    256. 

  256. 			return;

    257. 

  257. 		}

    258. 

  258. 	}

    259. 

  259. 	

    260. 

  260. 	//if all is well let flash know

    261. 

  261. 	echo "output=success";

    262. 

  262. 	

    263. 

  263. 	//send an email to the recipient letting them know they have a new private message

    264. 

  264. 	$result = mysql_query("SELECT username, email FROM ".TABLE_PREFIX."_users WHERE userID = $recipientID");

    265. 

  265. 	

    266. 

  266. 	if(mysql_num_rows($result) > 0){

    267. 

  267. 		$data = mysql_fetch_object($result);

    268. 

  268. 		

    269. 

  269. 		//send it off

    270. 

  270. 		//$message = str_replace("\r", "\n", $message);

    271. 

  271. 		$newPrivateMessage = $_POST['newPrivateMessage'];

    272. 

  272. 		$clickToRead = $_POST['clickToRead'];

    273. 

  273. 		$mailMessage = $data->username.",\n\n".$newPrivateMessage." ".$username.".\n\n".$clickToRead."\n\n";

    274. 

  274. 		$mailMessage .= $_POST['installDirectory']."\n\n-----------------\n".$_POST['subjectWord'].": ".$_POST['subject']."\n\n";

    275. 

  275. 		$mailMessage .= $_POST['messageWord'].":\n".$_POST['message'];

    276. 

  276. 		

    277. 

  277. 		sendMail($data->email, $newPrivateMessage." ".$username, $mailMessage, $_POST['boardName'], $_POST['boardEmail']);

    278. 

  278. 	}

    279. 

  279. }

    280. 

  280. ?>
    281.