PageRenderTime 53ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/mybookbag/readmsg.php

https://bitbucket.org/s2223902/mybookbag
PHP | 190 lines | 189 code | 0 blank | 1 comment | 1 complexity | e91bee4b96bf32d6a6e933615687b942 MD5 | raw file
    

  1. <?php
    2. 

  2. session_start();
    3. 

  3. include('db_connection.php');
    4. 

  4. include('functions.php');
    5. 

  5. //We check if the user is logged
    6. 

  6. if(isset($_SESSION['username']))
    7. 

  7. {
    8. 

  8. ?>
    9. 

  9. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    10. 

  10. <html xmlns="http://www.w3.org/1999/xhtml">
    11. 

  11.     <head>
    12. 

  12.         <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    13. 

  13.         <link rel="stylesheet" href="css/formstyles.css" type="text/css" />
    14. 

  14. 		       <link href='http://fonts.googleapis.com/css?family=Varela+Round' rel='stylesheet' type='text/css'>
    15. 

  15. 		<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
    16. 

  16. 		<link href="css/toolbar.css" rel="stylesheet" type="text/css" />
    17. 

  17. 				<script type="text/javascript" src="js/Placeholders.js"></script>
    18. 

  18. 		<script type="text/javascript">
    19. 

  19. 			Placeholders.init({
    20. 

  20. 			live: true,
    21. 

  21. 			hideOnFocus: true});
    22. 

  22. 		</script>
    23. 

  23.         <title><?php echo $_SESSION['username'];?>'s Messages</title>
    24. 

  24.     </head>
    25. 

  25.     <body>
    26. 

  26.     	<?php include ("php/random-bg.php"); ?>
    27. 

  27. <div id="mainContainer">    
    28. 

  28. <div id="carbonForm2">
    29. 

  29. <div id="logo2">
    30. 

  30. 		<img src="img/logo.png" />
    31. 

  31. 		<p>Welcome <b><?php echo $_SESSION['username'];?></b></p>
    32. 

  32. 	</div>
    33. 

  33. 	<ul id="nav">
    34. 

  34. 	<a href="page.php">Home</a></li>
    35. 

  35. 	<li><a href="mybooks.php">MyBookBag</a>
    36. 

  36. 		<ul>
    37. 

  37. 			<li><a href="mybooks.php">My Books</a></li>
    38. 

  38. 			<li><a href="myebooks.php">My eBooks</a></li>
    39. 

  39. 			<li><a href="myjournals.php">My journals</a></li>
    40. 

  40. 			<li><a href="adddoc.php">Add Books</a></li>
    41. 

  41. 		</ul>
    42. 

  42. 	</li>
    43. 

  43. 	<li class="current"><a href="friends.php">My Friends</a>
    44. 

  44. 		<ul>
    45. 

  45. 			<li><a href="friends.php">My Friends</a></li>
    46. 

  46. 			<li><a href="messages.php">Messages (<?php echo checkMessages();?>)</a></li>
    47. 

  47. 			<li><a href="addfriend.php">Add friends</a></li>
    48. 

  48. 			<li><a href="requests.php">Friend Requests</a></li>
    49. 

  49. 		</ul>
    50. 

  50. 	</li>
    51. 

  51. 	
    52. 

  52. 	<li><a href="settings.php">Settings</a>
    53. 

  53. 		<ul>
    54. 

  54. 		<li><a href="passreset.php">Change Password</a></li>
    55. 

  55. 		</ul>
    56. 

  56. 		</li>
    57. 

  57. 	<li><a href="contact.php">Contact</a></li>
    58. 

  58. 	<li><a href="logout.php">Log Out</a></li>
    59. 

  59. 	</ul>
    60. 

  60. 	<div class="fieldContainer">
    61. 

  61. <?php
    62. 

  62. 

  63. //We check if the ID of the discussion is defined
    64. 

  64. if(isset($_GET['id']))
    65. 

  65. {
    66. 

  66. $id = intval($_GET['id']);
    67. 

  67. //We get the title and the narators of the discussion
    68. 

  68. $req1 = mysql_query('select title, user1, user2 from pm where id="'.$id.'" and id2="1"') or die ("fetch1".mysql_error());
    69. 

  69. $dn1 = mysql_fetch_array($req1);
    70. 

  70. //We check if the discussion exists
    71. 

  71. if(mysql_num_rows($req1)==1)
    72. 

  72. {
    73. 

  73. //We check if the user have the right to read this discussion
    74. 

  74. if($dn1['user1']==$_SESSION['id'] or $dn1['user2']==$_SESSION['id'])
    75. 

  75. {
    76. 

  76. //The discussion will be placed in read messages
    77. 

  77. if($dn1['user1']==$_SESSION['id'])
    78. 

  78. {
    79. 

  79.         mysql_query('update pm set user1read="yes" where id="'.$id.'" and id2="1"') or die ("fetch2".mysql_error());
    80. 

  80.         $user_partic = 2;
    81. 

  81. }
    82. 

  82. else
    83. 

  83. {
    84. 

  84.         mysql_query('update pm set user2read="yes" where id="'.$id.'" and id2="1"') or die ("fetch3".mysql_error());
    85. 

  85.         $user_partic = 1;
    86. 

  86. }
    87. 

  87. //We get the list of the messages
    88. 

  88. $req2 = mysql_query('select pm.timestamp, pm.message, users.id as userid, users.username from pm, users where pm.id="'.$id.'" and users.id=pm.user1 order by pm.id2') or die ("fetch3".mysql_error());
    89. 

  89. //We check if the form has been sent
    90. 

  90. if(isset($_POST['message']) and $_POST['message']!='')
    91. 

  91. {
    92. 

  92.         $message = $_POST['message'];
    93. 

  93.         //We remove slashes depending on the configuration
    94. 

  94.         if(get_magic_quotes_gpc())
    95. 

  95.         {
    96. 

  96.                 $message = stripslashes($message);
    97. 

  97.         }
    98. 

  98.         //We protect the variables
    99. 

  99.         $message = mysql_real_escape_string(nl2br(htmlentities($message, ENT_QUOTES, 'UTF-8')));
    100. 

  100.         //We send the message and we change the status of the discussion to unread for the recipient
    101. 

  101.         if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values
    102. 

  102. 		("'.$id.'", 
    103. 

  103. 		"'.(intval(mysql_num_rows($req2))+1).'", 
    104. 

  104. 		"", 
    105. 

  105. 		"'.$_SESSION['id'].'", 
    106. 

  106. 			"6", 
    107. 

  107. 		"'.$message.'", 
    108. 

  108. 		"'.time().'", 
    109. 

  109. 		"", 
    110. 

  110. 		"")') 
    111. 

  111. 		and mysql_query('update pm set user'.$user_partic.'read="yes" where id="'.$id.'" and id2="1"') or die ("fetch4".mysql_error()))
    112. 

  112.         {
    113. 

  113. ?>
    114. 

  114. <div class="message">Your message has successfully been sent.<br />
    115. 

  115. <a href="readmsg.php?id=<?php echo $id; ?>">Go to the discussion</a></div>
    116. 

  116. <?php
    117. 

  117.         }
    118. 

  118.         else
    119. 

  119.         {
    120. 

  120. ?>
    121. 

  121. <div class="message">An error occurred while sending the message.<br />
    122. 

  122. <a href="readmsg.php?id=<?php echo $id; ?>">Go to the discussion</a></div>
    123. 

  123. <?php
    124. 

  124.         }
    125. 

  125. }
    126. 

  126. else
    127. 

  127. {
    128. 

  128. //We display the messages
    129. 

  129. ?>
    130. 

  130. <div class="content">
    131. 

  131. <h1><?php echo $dn1['title']; ?></h1>
    132. 

  132. <table class="messages_table">
    133. 

  133.         <tr>
    134. 

  134.         <th class="author">User</th>
    135. 

  135.         <th>Message</th>
    136. 

  136.     </tr>
    137. 

  137. <?php
    138. 

  138. while($dn2 = mysql_fetch_array($req2))
    139. 

  139. {
    140. 

  140. ?>
    141. 

  141.         <tr>
    142. 

  142.         <td class="author center">
    143. 

  143. 

  144. <br /><a href="profile.php?id=<?php echo $dn2['id']; ?>"><?php echo $dn2['username']; ?></a></td>
    145. 

  145.         <td class="left"><div class="date">Sent: <?php echo date('m/d/Y H:i:s' ,$dn2['timestamp']); ?></div>
    146. 

  146.         <?php echo $dn2['message']; ?></td>
    147. 

  147.     </tr>
    148. 

  148. <?php
    149. 

  149. }
    150. 

  150. //We display the reply form
    151. 

  151. ?>
    152. 

  152. </table><br />
    153. 

  153. <h2>Reply</h2>
    154. 

  154. <div class="center">
    155. 

  155.     <form action="readmsg.php?id=<?php echo $id; ?>" method="post">
    156. 

  156.         <label for="message" class="center">Message</label><br />
    157. 

  157.         <textarea cols="40" rows="5" name="message" id="message"></textarea><br />
    158. 

  158.         <br /><input type="submit" id="submit" value="Send" /><br />
    159. 

  159.     </form>
    160. 

  160. </div>
    161. 

  161. </div>
    162. 

  162. <?php
    163. 

  163. }
    164. 

  164. }
    165. 

  165. else
    166. 

  166. {
    167. 

  167.         echo '<div class="message">You dont have the rights to access this page.</div>';
    168. 

  168. }
    169. 

  169. }
    170. 

  170. else
    171. 

  171. {
    172. 

  172.         echo '<div class="message">This discussion does not exists.</div>';
    173. 

  173. }
    174. 

  174. }
    175. 

  175. else
    176. 

  176. {
    177. 

  177.         echo '<div class="message">The discussion ID is not defined.</div>';
    178. 

  178. }
    179. 

  179. }
    180. 

  180. else
    181. 

  181. {
    182. 

  182.         echo '<div class="message">You must be logged to access this page.</div>';
    183. 

  183. }
    184. 

  184. ?>
    185. 

  185.                 <div class="foot"><a href="messages.php">Go to my Personal messages</a></div>
    186. 

  186. 			</div>
    187. 

  187. 			</div>
    188. 

  188. 			</div>
    189. 

  189.         </body>
    190. 

  190. </html>
    191.