forked from renlok/WeBid
-
Notifications
You must be signed in to change notification settings - Fork 0
/
yourmessages.php
90 lines (79 loc) · 2.96 KB
/
yourmessages.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php
/***************************************************************************
* copyright : (C) 2008 - 2013 WeBid
* site : http://www.webidsupport.com/
***************************************************************************/
/***************************************************************************
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. Although none of the code may be
* sold. If you have been sold this script, get a refund.
***************************************************************************/
include 'common.php';
// If user is not logged in redirect to login page
if (!$user->is_logged_in())
{
$_SESSION['REDIRECT_AFTER_LOGIN'] = 'yourmessages.php';
header('location: user_login.php');
exit;
}
$messageid = intval($_GET['id']);
// check message is to user
$query = "SELECT m.*, u.nick FROM " . $DBPrefix . "messages m
LEFT JOIN " . $DBPrefix . "users u ON (u.id = m.sentfrom)
WHERE m.sentto = " . $user->user_data['id'] . " AND m.id = " . $messageid;
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$check = mysql_num_rows($res);
if ($check == 0)
{
$_SESSION['message'] = $ERR_070;
header('location: mail.php');
}
$array = mysql_fetch_array($res);
$sent = gmdate('M d, Y H:ia', $array['sentat'] + $system->tdiff);
$subject = $array['subject'];
$message = $array['message'];
$hash = md5(rand(1, 9999));
$array['message'] = str_replace('<br>', '', $array['message']);
if ($array['sentfrom'] == 0 && !empty($array['fromemail']))
{
$sendusername = $array['fromemail'];
$senderlink = $sendusername;
}
elseif ($array['sentfrom'] == 0 && empty($array['fromemail']))
{
$sendusername = $MSG['110'];
$senderlink = $sendusername;
}
else
{
$sendusername = $array['nick'];
$senderlink = '<a href="profile.php?user_id=1&auction_id=' . $array['sentfrom'] . '">' . $sendusername . '</a>';
}
// Update message
$query = "UPDATE " . $DBPrefix . "messages SET isread = 1 WHERE id = " . $messageid;
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
// set session for reply
$_SESSION['subject' . $hash] = (substr($subject, 0, 3) == 'Re:') ? $subject : 'Re: ' . $subject;
$_SESSION['sendto' . $hash] = $sendusername;
$_SESSION['reply' . $hash] = $messageid;
$_SESSION['reply_of' . $hash] = ($array['reply_of'] == 0) ? $messageid : $array['reply_of'];
$_SESSION['question' . $hash] = $array['question'];
$template->assign_vars(array(
'SUBJECT' => $subject,
'SENDERNAME' => (isset($senderlink)) ? $senderlink : $sendusername,
'SENT' => $sent,
'MESSAGE' => $message,
'ID' => $messageid,
'HASH' => $hash
));
include 'header.php';
include $include_path . 'user_cp.php';
$template->set_filenames(array(
'body' => 'yourmessages.tpl'
));
$template->display('body');
include 'footer.php';
?>