-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathread_pm.php
169 lines (162 loc) · 5.58 KB
/
read_pm.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
<html>
<head>
<title>Admin Page</title>
<meta charset= 'utf-8'>
<title> Welcome to schoolHunter</title>
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<link href="user.css" rel="stylesheet">
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
</head>
<body>
<nav class="navbar navbar-inverse navbar-fixed-top">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="main.php">School Hunter</a>
<a class="navbar-brand"><?php echo $_COOKIE['username'];?></a>
</div>
<div id="navbar" class="collapse navbar-collapse">
<ul class="nav navbar-nav">
<li class="active"><a href="list_pm.php">Message Home</a></li>
<li class="active"><a ><?php echo "Message Details";?></a></li>
</ul>
</div><!--/.nav-collapse -->
</nav>
<?php
include('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>Read a PM</title>
</head>
<body>
<!--
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a>
</div>
-->
<?php
//We check if the user is logged
if(isset($_COOKIE['username']))
{
//We check if the ID of the discussion is defined
if(isset($_GET['id']))
{
$id = intval($_GET['id']);
//We get the title and the narators of the discussion
$con = mysql_connect("","schoolhunter_admin","admin123");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db('schoolhunter_DataBase', $con);
if (!$db_selected) {
die ('Can\'t use schoolhunter_DataBase : ' . mysql_error());
}
$req1 = mysql_query('select title, user1, user2, message from pm where id="'.$id.'"');
$dn1 = mysql_fetch_array($req1);
//We check if the discussion exists
if(mysql_num_rows($req1)==1)
{
//We check if the user have the right to read this discussion
if($dn1['user1']==$_COOKIE['username'] or $dn1['user2']==$_COOKIE['username'])
{
//The discussion will be placed in read messages
if($dn1['user1']==$_COOKIE['username'])
{
mysql_query('update pm set user1read="yes" where id="'.$id.'" and id2="1"');
$user_partic = 2;
}
else
{
mysql_query('update pm set user2read="yes" where id="'.$id.'" and id2="1"');
$user_partic = 1;
}
//We get the list of the messages
$req2 = mysql_query('select timestamp, message,userid ,user1, title from pm where id ="'.$id.'" and user2= "'.$_COOKIE['username'].'"');
//We check if the form has been sent
if(isset($_POST['message']) and $_POST['message']!='')
{
$message = $_POST['message'];
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$message = stripslashes($message);
}
//We protect the variables
$message = mysql_real_escape_string(nl2br(htmlentities($message, ENT_QUOTES, 'UTF-8')));
//We send the message and we change the status of the discussion to unread for the recipient
if(mysql_query('insert into pm (id, id2, title, user1, user2, message, user1read, user2read)values("'.$id.'", "'.(intval(mysql_num_rows($req2))+1).'", "", "'.$_COOKIE['username'].'", "", "'.$message.'", "", "")') and mysql_query('update pm set user'.$user_partic.'read="yes" where id="'.$id.'" and id2="1"'))
{
?>
<div class="message">Your message has successfully been sent.<br />
<a href="read_pm.php?id=<?php echo $id; ?>">Go to the discussion</a></div>
<?php
}
else
{
?>
<div class="message">An error occurred while sending the message.<br />
<a href="read_pm.php?id=<?php echo $id; ?>">Go to the discussion</a></div>
<?php
}
}
else
{
//We display the messages
?>
<div class="content">
<h1><?php echo "Title: "; ?><?php echo $dn1['title']; ?></h1>
<h2><?php echo "From: "; ?><?php echo $dn1['user1']; ?></h2>
<h2><?php echo "Message: "; ?><?php echo $dn1['message']; ?></h2>
<?php
while($dn2 = mysql_fetch_array($req2))
{
?>
<tr>
<td class="author center"><?php
if($dn2['avatar']!='')
{
echo '<img src="'.htmlentities($dn2['avatar']).'" alt="Image Perso" style="max-width:100px;max-height:100px;" />';
}
?><br /><a href="profile.php?id=<?php echo $dn2['userid']; ?>"><?php echo $dn2['user1']; ?></a></td>
<td><?php echo $dn2['user1']; ?></td>
<td><?php echo $dn2['timestamp']; ?></td>
<?php echo $dn2['message']; ?></td>
</tr>
<?php
}
//We display the reply form
?>
</div>
<?php
}
}
else
{
echo '<div class="message">You dont have the rights to access this page.</div>';
}
}
else
{
echo '<div class="message">This discussion does not exists.</div>';
}
}
else
{
echo '<div class="message">The discussion ID is not defined.</div>';
}
}
else
{
echo '<div class="message">You must be logged to access this page.</div>';
}
?>
</body>
</html>