PageRenderTime 44ms CodeModel.GetById 19ms RepoModel.GetById 1ms app.codeStats 0ms

/mybookbag/newmsg.php

https://bitbucket.org/s2223902/mybookbag
PHP | 189 lines | 187 code | 2 blank | 0 comment | 1 complexity | afca4cda0554f2b84e4c4a027047adf3 MD5 | raw file
  1. <?php
  2. session_start();
  3. include('db_connection.php');
  4. include('functions.php');
  5. ?>
  6. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  7. <html xmlns="http://www.w3.org/1999/xhtml">
  8. <head>
  9. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  10. <link rel="stylesheet" href="css/formstyles.css" type="text/css" />
  11. <link href='http://fonts.googleapis.com/css?family=Varela+Round' rel='stylesheet' type='text/css'>
  12. <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
  13. <script type="text/javascript" src="js/Placeholders.js"></script>
  14. <script type="text/javascript">
  15. Placeholders.init({
  16. live: true,
  17. hideOnFocus: true});
  18. </script>
  19. <link href="css/toolbar.css" rel="stylesheet" type="text/css" />
  20. <title><?php echo $_SESSION['username'];?>'s Messages</title>
  21. </head>
  22. <body>
  23. <?php include ("php/random-bg.php"); ?>
  24. <div id="mainContainer">
  25. <div id="carbonForm2">
  26. <div id="logo2">
  27. <img src="img/logo.png" />
  28. <p>Welcome <b><?php echo $_SESSION['username'];?></b></p>
  29. </div>
  30. <ul id="nav">
  31. <li><a href="page.php">Home</a></li>
  32. <li><a href="mybooks.php">MyBookBag</a>
  33. <ul>
  34. <li><a href="mybooks.php">My Books</a></li>
  35. <li><a href="myebooks.php">My eBooks</a></li>
  36. <li><a href="myjournals.php">My journals</a></li>
  37. <li><a href="adddoc.php">Add Books</a></li>
  38. </ul>
  39. </li>
  40. <li class="current"><a href="friends.php">My Friends</a>
  41. <ul>
  42. <li><a href="friends.php">My Friends</a></li>
  43. <li><a href="messages.php">Messages (<?php echo checkMessages();?>)</a></li>
  44. <li><a href="addfriend.php">Add friends</a></li>
  45. <li><a href="requests.php">Friend Requests</a></li>
  46. </ul>
  47. </li>
  48. <li><a href="settings.php">Settings</a>
  49. <ul>
  50. <li><a href="passreset.php">Change Password</a></li>
  51. </ul>
  52. </li>
  53. <li><a href="contact.php">Contact</a></li>
  54. <li><a href="logout.php">Log Out</a></li>
  55. </ul>
  56. <div class="fieldContainer">
  57. <?php
  58. //We check if the user is logged
  59. if(isset($_SESSION['username']))
  60. {
  61. $form = true;
  62. $otitle = '';
  63. $orecip = '';
  64. $omessage = '';
  65. if(isset($_POST['title'], $_POST['recip'], $_POST['message']))
  66. {
  67. $otitle = $_POST['title'];
  68. $orecip = $_POST['recip'];
  69. $omessage = $_POST['message'];
  70. //We remove slashes depending on the configuration
  71. if(get_magic_quotes_gpc())
  72. {
  73. $otitle = stripslashes($otitle);
  74. $orecip = stripslashes($orecip);
  75. $omessage = stripslashes($omessage);
  76. }
  77. //We check if all the fields are filled
  78. if($_POST['title']!='' and $_POST['recip']!='' and $_POST['message']!='')
  79. {
  80. //We protect the variables
  81. $title = mysql_real_escape_string($otitle);
  82. $recip = mysql_real_escape_string($orecip);
  83. $message = mysql_real_escape_string(nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));
  84. //We check if the recipient exists
  85. $query = mysql_query('select count(id) as recip, id as recipid, (select count(*) from pm) as npm from users where username="'.$recip.'"') or die ("fetch".mysql_error());
  86. $dn1 = mysql_fetch_array($query) or die("fetch".mysql_error());
  87. if($dn1['recip']==1)
  88. {
  89. //We check if the recipient is not the actual user
  90. if($dn1['recipid']!=$_SESSION['id'])
  91. {
  92. $id = $dn1['npm']+1;
  93. //We send the message
  94. if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$title.'", "'.$_SESSION['id'].'", "'.$dn1['recipid'].'", "'.$message.'", "'.time().'", "yes", "no")')or die ("insertdata".mysql_error()))
  95. {
  96. ?>
  97. <div class="message">The message has successfully been sent.<br />
  98. <a href="messages.php">List of my Personal messages</a></div>
  99. <?php
  100. $form = false;
  101. }
  102. else
  103. {
  104. //Otherwise, we say that an error occured
  105. $error = 'An error occurred while sending the message';
  106. }
  107. }
  108. else
  109. {
  110. //Otherwise, we say the user cannot send a message to himself
  111. $error = 'You cannot send a message to yourself.';
  112. }
  113. }
  114. else
  115. {
  116. //Otherwise, we say the recipient does not exists
  117. $error = 'The recipient does not exist.';
  118. }
  119. }
  120. else
  121. {
  122. //Otherwise, we say a field is empty
  123. $error = 'A field is empty. Please fill of the fields.';
  124. }
  125. }
  126. elseif(isset($_GET['recip']))
  127. {
  128. //We get the username for the recipient if available
  129. $orecip = $_GET['recip'];
  130. }
  131. if($form)
  132. {
  133. //We display a message if necessary
  134. if(isset($error))
  135. {
  136. echo '<div class="message">'.$error.'</div>';
  137. }
  138. //We display the form
  139. ?>
  140. <div class="content">
  141. <h1>New Personal Message</h1>
  142. <form action="newmsg.php" method="post">
  143. Please fill the following form to send a Personal message.<br />
  144. <div class="formRow">
  145. <div class="field">
  146. <input type="text" value="<?php echo htmlentities($otitle, ENT_QUOTES, 'UTF-8'); ?>" id="title" name="title" placeholder="Title" /><br />
  147. </div>
  148. </div>
  149. <div class="formRow">
  150. <div class="field">
  151. <input type="text" value="<?php echo htmlentities($orecip, ENT_QUOTES, 'UTF-8'); ?>" id="recip" name="recip" placeholder="Recipient (Username)"/><br />
  152. </div>
  153. </div>
  154. <div class="formRow">
  155. <div class="field">
  156. <textarea cols="40" rows="5" id="message" name="message" placeholder="Message"><?php echo htmlentities($omessage, ENT_QUOTES, 'UTF-8'); ?></textarea><br />
  157. </div>
  158. </div>
  159. <div class="formRow">
  160. <div class="field">
  161. <br/><input type="submit" id="submit" value="Send" />
  162. </div>
  163. </div>
  164. </form>
  165. </div>
  166. </div>
  167. </div>
  168. <?php
  169. }
  170. }
  171. else
  172. {
  173. echo '<div class="message">You must be logged to access this page.</div>';
  174. }
  175. ?>
  176. </div> </body>
  177. </html>